diff options
Diffstat (limited to '')
| -rwxr-xr-x | tests/ts/setpriv/landlock | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/tests/ts/setpriv/landlock b/tests/ts/setpriv/landlock new file mode 100755 index 0000000..d4ce5d1 --- /dev/null +++ b/tests/ts/setpriv/landlock @@ -0,0 +1,64 @@ +#!/bin/bash + +# Copyright (C) 2023 Thomas Weißschuh <thomas@t-8ch.de> +# +# This file is part of util-linux. +# +# This file is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This file is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +TS_TOPDIR="${0%/*}/../.." +TS_DESC="setpriv landlock" + +. "$TS_TOPDIR"/functions.sh +ts_init "$*" + +[[ "$COVERAGE" = yes ]] && ts_skip "does not work with coverage" + +ts_check_test_command "$TS_CMD_SETPRIV" + +"$TS_CMD_SETPRIV" --landlock-access fs \ + --landlock-rule path-beneath:execute:/ \ + --landlock-rule path-beneath:read-file:/ \ + true \ + || ts_skip "no landlock support in setpriv" + +ts_init_subtest "nothing-allowed" +"$TS_CMD_SETPRIV" --landlock-access fs true &> "$TS_OUTPUT" +ts_finalize_subtest + +ts_init_subtest "partial-access-fail" +"$TS_CMD_SETPRIV" --landlock-access \ + fs:write cp /dev/null /dev/zero \ + &> "$TS_OUTPUT" +ts_finalize_subtest + +ts_init_subtest "partial-access-success" +"$TS_CMD_SETPRIV" \ + --landlock-access fs:write --landlock-rule path-beneath:write:/dev/zero \ + cp /dev/null /dev/zero \ + &> "$TS_OUTPUT" +ts_finalize_subtest + +ts_init_subtest "combined-access" +"$TS_CMD_SETPRIV" --landlock-access fs:execute,read-file \ + --landlock-rule path-beneath:execute,read-file:/ \ + true \ + &> "$TS_OUTPUT" +ts_finalize_subtest + +ts_init_subtest "wildcard-access" +"$TS_CMD_SETPRIV" --landlock-access fs \ + --landlock-rule path-beneath::/ \ + true \ + &> "$TS_OUTPUT" +ts_finalize_subtest + +ts_finalize |