diff options
| author | Mickaël Salaün <mic@digikod.net> | 2024-01-18 12:36:32 +0100 |
|---|---|---|
| committer | Mickaël Salaün <mic@digikod.net> | 2024-02-27 11:21:45 +0100 |
| commit | b4007fd27206c478a4b76e299bddf4a71787f520 (patch) | |
| tree | b4128761ac496506270830a23a2955ca0ff895e7 /security/landlock/Kconfig | |
| parent | a3f16298b38bcb17a0a01cc2f84dba46b59a860a (diff) | |
| download | linux-stable-b4007fd27206c478a4b76e299bddf4a71787f520.tar.gz linux-stable-b4007fd27206c478a4b76e299bddf4a71787f520.tar.bz2 linux-stable-b4007fd27206c478a4b76e299bddf4a71787f520.zip | |
landlock: Add support for KUnit tests
Add the SECURITY_LANDLOCK_KUNIT_TEST option to enable KUnit tests for
Landlock. The minimal required configuration is listed in the
security/landlock/.kunitconfig file.
Add an initial landlock_fs KUnit test suite with 7 test cases for
filesystem helpers. These are related to the LANDLOCK_ACCESS_FS_REFER
right.
There is one KUnit test case per:
* mutated state (e.g. test_scope_to_request_*) or,
* shared state between tests (e.g. test_is_eaccess_*).
Add macros to improve readability of tests (i.e. one per line). Test
cases are collocated with the tested functions to help maintenance and
improve documentation. This is why SECURITY_LANDLOCK_KUNIT_TEST cannot
be set as module.
This is a nice complement to Landlock's user space kselftests. We
expect new Landlock features to come with KUnit tests as well.
Thanks to UML support, we can run all KUnit tests for Landlock with:
./tools/testing/kunit/kunit.py run --kunitconfig security/landlock
[00:00:00] ======================= landlock_fs =======================
[00:00:00] [PASSED] test_no_more_access
[00:00:00] [PASSED] test_scope_to_request_with_exec_none
[00:00:00] [PASSED] test_scope_to_request_with_exec_some
[00:00:00] [PASSED] test_scope_to_request_without_access
[00:00:00] [PASSED] test_is_eacces_with_none
[00:00:00] [PASSED] test_is_eacces_with_refer
[00:00:00] [PASSED] test_is_eacces_with_write
[00:00:00] =================== [PASSED] landlock_fs ===================
[00:00:00] ============================================================
[00:00:00] Testing complete. Ran 7 tests: passed: 7
Cc: Konstantin Meskhidze <konstantin.meskhidze@huawei.com>
Reviewed-by: Günther Noack <gnoack@google.com>
Link: https://lore.kernel.org/r/20240118113632.1948478-1-mic@digikod.net
Signed-off-by: Mickaël Salaün <mic@digikod.net>
Diffstat (limited to 'security/landlock/Kconfig')
| -rw-r--r-- | security/landlock/Kconfig | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/security/landlock/Kconfig b/security/landlock/Kconfig index c4bf0d5eff39..3f1493402052 100644 --- a/security/landlock/Kconfig +++ b/security/landlock/Kconfig @@ -20,3 +20,18 @@ config SECURITY_LANDLOCK If you are unsure how to answer this question, answer N. Otherwise, you should also prepend "landlock," to the content of CONFIG_LSM to enable Landlock at boot time. + +config SECURITY_LANDLOCK_KUNIT_TEST + bool "KUnit tests for Landlock" if !KUNIT_ALL_TESTS + depends on KUNIT=y + depends on SECURITY_LANDLOCK + default KUNIT_ALL_TESTS + help + Build KUnit tests for Landlock. + + See the KUnit documentation in Documentation/dev-tools/kunit + + Run all KUnit tests for Landlock with: + ./tools/testing/kunit/kunit.py run --kunitconfig security/landlock + + If you are unsure how to answer this question, answer N. |