Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp4730353iob;
        Sun, 8 May 2022 23:32:40 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzki6a1rD46AqiDpv5hgDcr3sniOxaZjfj14sYcA3OyhZoF5qrl+HS+P5+1cgrpI02erEdM
X-Received: by 2002:a63:5a09:0:b0:3c2:5dfa:285c with SMTP id o9-20020a635a09000000b003c25dfa285cmr12382649pgb.381.1652077960029;
        Sun, 08 May 2022 23:32:40 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1652077960; cv=none;
        d=google.com; s=arc-20160816;
        b=rvXa/X1U1pcUnvn1KCQYvAcHdhY4OnVM7oSdXeewZ+5GfLZ+sfopl551kI1GD6j1wm
         cLV3SU5z7OYGsmR7dxvzAHwpZRwcHRfAlBm3ZXyc2/g6wc4mtFoL2ges2tBUJj7/UvgS
         aU6PjIE3sWtH4t1GR1kYvt6KhcKGshZ+umvNELFXitsEzFhAwIG6vySABnGXexyu2Si5
         Qyw27SD1JcSOb556ANj1ubHKMDaz6sP0Uh8DMopLGB4fCJ35DS1Jm8YmYKNehUQpkBU0
         e9Um7xQgOh4tdEAwBg0Im43OH/bwYbum4K11oxTN0lSy+f8CoJJEkyDnibMD+HKkI+4q
         iaHQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature;
        bh=FtQVP/SimOxgC2ij9ayow4TyxPa9ozIcv+e4on8PHzA=;
        b=cb3/Z+Ixfj+NH2wVkPeTd9laJHktCA2EdWI2mIY5hW55ol2QRjGWQqim5ybLKS2Jw4
         0Y1ouGzWksL0XeCArDcrWmzFFnXPguY3+OCjYTyLkMZJqt84ZOE/1ipwLWxVfPLCz/4e
         OxQjGsbEV5sJDPdTP5laX6PG1Q8jJsykoLFq46iz34WE3eMPrzPrg2sfrE3kM5KxnkNB
         p6425pN58+O5aHXqVCsEBWMR9MDlu+txWWt4nFmUjmyQaPK/+ov7Kdy7HTJJaNOCTvOM
         OUhsv4LuK8a/On8EpTrBaNEZIlKIydN5uZGcjm0vaZ44VUgRb/cc1jdUy/8s9HeuEx09
         h7YQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@digikod.net header.s=20191114 header.b=Z2fF1yW2;
       spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19])
        by mx.google.com with ESMTPS id d2-20020a170903230200b0015881788556si12713493plh.530.2022.05.08.23.32.39
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 08 May 2022 23:32:40 -0700 (PDT)
Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@digikod.net header.s=20191114 header.b=Z2fF1yW2;
       spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by lindbergh.monkeyblade.net (Postfix) with ESMTP id 121AF18543A;
	Sun,  8 May 2022 23:28:27 -0700 (PDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S237525AbiEFQKt (ORCPT <rfc822;anthony.2lannoy@gmail.com>
        + 99 others); Fri, 6 May 2022 12:10:49 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43122 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1443434AbiEFQKr (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 6 May 2022 12:10:47 -0400
Received: from smtp-42af.mail.infomaniak.ch (smtp-42af.mail.infomaniak.ch [IPv6:2001:1600:3:17::42af])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7197C3B026
        for <linux-kernel@vger.kernel.org>; Fri,  6 May 2022 09:06:59 -0700 (PDT)
Received: from smtp-3-0001.mail.infomaniak.ch (unknown [10.4.36.108])
        by smtp-2-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4KvwS14sS9zMqpmv;
        Fri,  6 May 2022 18:06:57 +0200 (CEST)
Received: from localhost (unknown [23.97.221.149])
        by smtp-3-0001.mail.infomaniak.ch (Postfix) with ESMTPA id 4KvwS05F2nzlhMBg;
        Fri,  6 May 2022 18:06:56 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=digikod.net;
        s=20191114; t=1651853217;
        bh=+g6nltvqYNf1CZKZic5eqqeCIzlw7XGV0BEiW9ZEQ80=;
        h=From:To:Cc:Subject:Date:From;
        b=Z2fF1yW2U0IXfjgHxAffPLaWEtBpl7E9tuO99BpdDQsBtPy3tYzbF7JvW1ckSMkwT
         S158RLiD1+HeLu/ewGy2lH2+VoVjfCK4Kc9B3HUT3LIq4fbLKT+PrS8cLL+IhNZssy
         3D+ddN+4+RpU+hMlGtCKQFrdvfh0069sREXUGhKg=
From:   =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= <mic@digikod.net>
To:     James Morris <jmorris@namei.org>,
        "Serge E . Hallyn" <serge@hallyn.com>
Cc:     =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= <mic@digikod.net>,
        Jann Horn <jannh@google.com>,
        Kees Cook <keescook@chromium.org>,
        Konstantin Meskhidze <konstantin.meskhidze@huawei.com>,
        Nathan Chancellor <nathan@kernel.org>,
        Nick Desaulniers <ndesaulniers@google.com>,
        Paul Moore <paul@paul-moore.com>,
        Shuah Khan <shuah@kernel.org>, linux-api@vger.kernel.org,
        linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org
Subject: [PATCH v2 00/10] Minor Landlock fixes and new tests
Date:   Fri,  6 May 2022 18:08:10 +0200
Message-Id: <20220506160820.524344-1-mic@digikod.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE
	autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi,

This series contains some minor code and documentation fixes.  There is
also some miscellaneous new tests to improve coverage and that may help
for future access types (e.g. networking).

The important new patches are the last three ones.  They change the
landlock_add_rule(2) and landlock_restrict_self(2) check orderings to
make them more consistent according to future Landlock rule types (e.g.
networking).

As suggested by Alejandro Colomar [1], I removed the
landlock_add_rule(2) signature fix.  I added a new patch to test O_PATH
behavior.

Test coverage for security/landlock was 94.4% of 500 lines, and it is
now 94.4% of 504 lines according to gcc/gcov-11.

I also fixed some typos and formatted the code with clang-format.  This
series can be applied on top of
https://lore.kernel.org/r/20220506160513.523257-1-mic@digikod.net

[1] https://lore.kernel.org/r/ae52c028-05c7-c22e-fc47-d97ee4a2f6c7@gmail.com

Previous version:
https://lore.kernel.org/r/20220221155311.166278-1-mic@digikod.net

Regards,

Mickaël Salaün (10):
  landlock: Fix landlock_add_rule(2) documentation
  selftests/landlock: Make tests build with old libc
  selftests/landlock: Extend tests for minimal valid attribute size
  selftests/landlock: Add tests for unknown access rights
  selftests/landlock: Extend access right tests to directories
  selftests/landlock: Fully test file rename with "remove" access
  selftests/landlock: Add tests for O_PATH
  landlock: Change landlock_add_rule(2) argument check ordering
  landlock: Change landlock_restrict_self(2) check ordering
  selftests/landlock: Test landlock_create_ruleset(2) argument check
    ordering

 include/uapi/linux/landlock.h                |   5 +-
 security/landlock/syscalls.c                 |  37 +++---
 tools/testing/selftests/landlock/base_test.c | 107 +++++++++++++++--
 tools/testing/selftests/landlock/fs_test.c   | 120 ++++++++++++++++---
 4 files changed, 218 insertions(+), 51 deletions(-)


base-commit: 763c5dc0e990fbd803c3c2b1ae832366ab7d207f
-- 
2.35.1