Lines Matching refs:_metadata
125 static void mkdir_parents(struct __test_metadata *const _metadata, in mkdir_parents() argument
151 static void create_directory(struct __test_metadata *const _metadata, in create_directory() argument
154 mkdir_parents(_metadata, path); in create_directory()
162 static void create_file(struct __test_metadata *const _metadata, in create_file() argument
165 mkdir_parents(_metadata, path); in create_file()
207 static void prepare_layout(struct __test_metadata *const _metadata) in prepare_layout() argument
209 disable_caps(_metadata); in prepare_layout()
211 create_directory(_metadata, TMP_DIR); in prepare_layout()
217 set_cap(_metadata, CAP_SYS_ADMIN); in prepare_layout()
221 clear_cap(_metadata, CAP_SYS_ADMIN); in prepare_layout()
224 static void cleanup_layout(struct __test_metadata *const _metadata) in cleanup_layout() argument
226 set_cap(_metadata, CAP_SYS_ADMIN); in cleanup_layout()
228 clear_cap(_metadata, CAP_SYS_ADMIN); in cleanup_layout()
232 static void create_layout1(struct __test_metadata *const _metadata) in create_layout1() argument
234 create_file(_metadata, file1_s1d1); in create_layout1()
235 create_file(_metadata, file1_s1d2); in create_layout1()
236 create_file(_metadata, file1_s1d3); in create_layout1()
237 create_file(_metadata, file2_s1d1); in create_layout1()
238 create_file(_metadata, file2_s1d2); in create_layout1()
239 create_file(_metadata, file2_s1d3); in create_layout1()
241 create_file(_metadata, file1_s2d1); in create_layout1()
242 create_file(_metadata, file1_s2d2); in create_layout1()
243 create_file(_metadata, file1_s2d3); in create_layout1()
244 create_file(_metadata, file2_s2d3); in create_layout1()
246 create_directory(_metadata, dir_s3d2); in create_layout1()
247 set_cap(_metadata, CAP_SYS_ADMIN); in create_layout1()
249 clear_cap(_metadata, CAP_SYS_ADMIN); in create_layout1()
254 static void remove_layout1(struct __test_metadata *const _metadata) in remove_layout1() argument
269 set_cap(_metadata, CAP_SYS_ADMIN); in remove_layout1()
271 clear_cap(_metadata, CAP_SYS_ADMIN); in remove_layout1()
281 prepare_layout(_metadata); in FIXTURE_SETUP()
283 create_layout1(_metadata); in FIXTURE_SETUP()
288 remove_layout1(_metadata); in FIXTURE_TEARDOWN()
290 cleanup_layout(_metadata); in FIXTURE_TEARDOWN()
516 static void add_path_beneath(struct __test_metadata *const _metadata, in add_path_beneath() argument
556 static int create_ruleset(struct __test_metadata *const _metadata, in create_ruleset() argument
582 add_path_beneath(_metadata, ruleset_fd, rules[i].access, in create_ruleset()
588 static void enforce_ruleset(struct __test_metadata *const _metadata, in enforce_ruleset() argument
610 _metadata, rules[0].access | LANDLOCK_ACCESS_FS_READ_DIR, in TEST_F_FORK()
616 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
658 drop_caps(_metadata); in TEST_F_FORK()
660 ruleset_fd = create_ruleset(_metadata, ACCESS_RO, rules); in TEST_F_FORK()
666 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
684 const int ruleset_fd = create_ruleset(_metadata, ACCESS_RW, rules); in TEST_F_FORK()
689 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
738 const int ruleset_fd = create_ruleset(_metadata, ACCESS_RO, rules); in TEST_F_FORK()
741 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
771 const int ruleset_fd = create_ruleset(_metadata, ACCESS_RW, rules); in TEST_F_FORK()
774 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
827 int ruleset_fd = create_ruleset(_metadata, ACCESS_RW, layer1); in TEST_F_FORK()
830 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
853 ruleset_fd = create_ruleset(_metadata, ACCESS_RW, layer2); in TEST_F_FORK()
855 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
878 ruleset_fd = create_ruleset(_metadata, ACCESS_RW, layer3); in TEST_F_FORK()
880 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
925 create_ruleset(_metadata, LANDLOCK_ACCESS_FS_MAKE_REG, layer1); in TEST_F_FORK()
927 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
935 ruleset_fd = create_ruleset(_metadata, LANDLOCK_ACCESS_FS_REMOVE_FILE, in TEST_F_FORK()
938 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1045 ruleset_fd = create_ruleset(_metadata, LANDLOCK_ACCESS_FS_READ_FILE, in TEST_F_FORK()
1048 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1056 ruleset_fd = create_ruleset(_metadata, in TEST_F_FORK()
1061 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1069 ruleset_fd = create_ruleset(_metadata, LANDLOCK_ACCESS_FS_READ_FILE, in TEST_F_FORK()
1072 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1081 ruleset_fd = create_ruleset(_metadata, in TEST_F_FORK()
1086 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1098 ruleset_fd = create_ruleset(_metadata, LANDLOCK_ACCESS_FS_READ_FILE, in TEST_F_FORK()
1101 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1110 ruleset_fd = create_ruleset(_metadata, LANDLOCK_ACCESS_FS_EXECUTE, in TEST_F_FORK()
1113 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1122 ruleset_fd = create_ruleset(_metadata, in TEST_F_FORK()
1127 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1147 const int ruleset_fd = create_ruleset(_metadata, ACCESS_RW, rules); in TEST_F_FORK()
1150 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1170 add_path_beneath(_metadata, ruleset_fd, LANDLOCK_ACCESS_FS_WRITE_FILE, in TEST_F_FORK()
1183 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1203 add_path_beneath(_metadata, ruleset_fd, ACCESS_RW, dir_s1d1); in TEST_F_FORK()
1204 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1225 add_path_beneath(_metadata, ruleset_fd, LANDLOCK_ACCESS_FS_WRITE_FILE, in TEST_F_FORK()
1227 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1263 const int ruleset_fd = create_ruleset(_metadata, ACCESS_RW, rules); in TEST_F_FORK()
1266 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1276 add_path_beneath(_metadata, ruleset_fd, in TEST_F_FORK()
1280 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1301 const int ruleset_fd = create_ruleset(_metadata, ACCESS_RW, rules); in TEST_F_FORK()
1305 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1331 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1340 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1345 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1363 const int ruleset_fd = create_ruleset(_metadata, ACCESS_RW, rules); in TEST_F_FORK()
1366 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1392 const int ruleset_fd = create_ruleset(_metadata, ACCESS_RW, rules); in TEST_F_FORK()
1395 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1420 int ruleset_fd = create_ruleset(_metadata, ACCESS_RW, rules); in TEST_F_FORK()
1423 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1431 ruleset_fd = create_ruleset(_metadata, ACCESS_RW, rules); in TEST_F_FORK()
1433 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1450 const int ruleset_fd = create_ruleset(_metadata, ACCESS_RW, rules); in TEST_F_FORK()
1453 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1472 set_cap(_metadata, CAP_SYS_ADMIN); in TEST_F_FORK()
1478 clear_cap(_metadata, CAP_SYS_ADMIN); in TEST_F_FORK()
1480 ruleset_fd = create_ruleset(_metadata, ACCESS_RW, rules); in TEST_F_FORK()
1482 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1498 const int ruleset_fd = create_ruleset(_metadata, ACCESS_RW, rules); in TEST_F_FORK()
1501 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1504 set_cap(_metadata, CAP_SYS_ADMIN); in TEST_F_FORK()
1509 clear_cap(_metadata, CAP_SYS_ADMIN); in TEST_F_FORK()
1521 const int ruleset_fd = create_ruleset(_metadata, ACCESS_RW, rules); in TEST_F_FORK()
1525 set_cap(_metadata, CAP_SYS_ADMIN); in TEST_F_FORK()
1534 clear_cap(_metadata, CAP_SYS_ADMIN); in TEST_F_FORK()
1536 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1539 set_cap(_metadata, CAP_SYS_ADMIN); in TEST_F_FORK()
1543 clear_cap(_metadata, CAP_SYS_ADMIN); in TEST_F_FORK()
1563 const int ruleset_fd = create_ruleset(_metadata, ACCESS_RW, rules); in TEST_F_FORK()
1567 set_cap(_metadata, CAP_SYS_ADMIN); in TEST_F_FORK()
1569 clear_cap(_metadata, CAP_SYS_ADMIN); in TEST_F_FORK()
1571 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1587 static void test_relative_path(struct __test_metadata *const _metadata, in test_relative_path() argument
1614 ruleset_fd = create_ruleset(_metadata, ACCESS_RW, layer1_base); in test_relative_path()
1616 enforce_ruleset(_metadata, ruleset_fd); in test_relative_path()
1619 ruleset_fd = create_ruleset(_metadata, ACCESS_RW, layer2_subs); in test_relative_path()
1637 set_cap(_metadata, CAP_SYS_CHROOT); in test_relative_path()
1638 enforce_ruleset(_metadata, ruleset_fd); in test_relative_path()
1706 test_relative_path(_metadata, REL_OPEN); in TEST_F_FORK()
1711 test_relative_path(_metadata, REL_CHDIR); in TEST_F_FORK()
1716 test_relative_path(_metadata, REL_CHROOT_ONLY); in TEST_F_FORK()
1721 test_relative_path(_metadata, REL_CHROOT_CHDIR); in TEST_F_FORK()
1724 static void copy_binary(struct __test_metadata *const _metadata, in copy_binary() argument
1748 static void test_execute(struct __test_metadata *const _metadata, const int err, in test_execute() argument
1763 _exit(_metadata->passed ? 2 : 1); in test_execute()
1785 create_ruleset(_metadata, rules[0].access, rules); in TEST_F_FORK()
1788 copy_binary(_metadata, file1_s1d1); in TEST_F_FORK()
1789 copy_binary(_metadata, file1_s1d2); in TEST_F_FORK()
1790 copy_binary(_metadata, file1_s1d3); in TEST_F_FORK()
1792 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1797 test_execute(_metadata, EACCES, file1_s1d1); in TEST_F_FORK()
1801 test_execute(_metadata, 0, file1_s1d2); in TEST_F_FORK()
1805 test_execute(_metadata, 0, file1_s1d3); in TEST_F_FORK()
1824 int ruleset_fd = create_ruleset(_metadata, layer1[0].access, layer1); in TEST_F_FORK()
1832 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1853 ruleset_fd = create_ruleset(_metadata, layer2[0].access, layer2); in TEST_F_FORK()
1855 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1877 create_ruleset(_metadata, rules[0].access, rules); in TEST_F_FORK()
1883 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1959 create_ruleset(_metadata, rules[0].access, rules); in TEST_F_FORK()
1967 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
2019 create_ruleset(_metadata, rules[0].access, rules); in TEST_F_FORK()
2028 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
2056 create_ruleset(_metadata, rules[0].access, rules); in TEST_F_FORK()
2059 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
2070 static void test_make_file(struct __test_metadata *const _metadata, in test_make_file() argument
2081 const int ruleset_fd = create_ruleset(_metadata, access, rules); in test_make_file()
2099 enforce_ruleset(_metadata, ruleset_fd); in test_make_file()
2127 set_cap(_metadata, CAP_MKNOD); in TEST_F_FORK()
2128 test_make_file(_metadata, LANDLOCK_ACCESS_FS_MAKE_CHAR, S_IFCHR, in TEST_F_FORK()
2135 set_cap(_metadata, CAP_MKNOD); in TEST_F_FORK()
2136 test_make_file(_metadata, LANDLOCK_ACCESS_FS_MAKE_BLOCK, S_IFBLK, in TEST_F_FORK()
2142 test_make_file(_metadata, LANDLOCK_ACCESS_FS_MAKE_REG, S_IFREG, 0); in TEST_F_FORK()
2147 test_make_file(_metadata, LANDLOCK_ACCESS_FS_MAKE_REG, 0, 0); in TEST_F_FORK()
2152 test_make_file(_metadata, LANDLOCK_ACCESS_FS_MAKE_SOCK, S_IFSOCK, 0); in TEST_F_FORK()
2157 test_make_file(_metadata, LANDLOCK_ACCESS_FS_MAKE_FIFO, S_IFIFO, 0); in TEST_F_FORK()
2170 create_ruleset(_metadata, rules[0].access, rules); in TEST_F_FORK()
2184 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
2215 create_ruleset(_metadata, rules[0].access, rules); in TEST_F_FORK()
2223 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
2233 static int open_proc_fd(struct __test_metadata *const _metadata, const int fd, in open_proc_fd() argument
2256 _metadata, in TEST_F_FORK()
2261 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
2270 proc_fd = open_proc_fd(_metadata, reg_fd, O_RDONLY | O_CLOEXEC); in TEST_F_FORK()
2274 proc_fd = open_proc_fd(_metadata, reg_fd, O_RDWR | O_CLOEXEC); in TEST_F_FORK()
2300 create_ruleset(_metadata, rules[0].access, rules); in TEST_F_FORK()
2303 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
2320 proc_fd = open_proc_fd(_metadata, pipe_fds[1], O_WRONLY | O_CLOEXEC); in TEST_F_FORK()
2330 proc_fd = open_proc_fd(_metadata, pipe_fds[0], O_RDONLY | O_CLOEXEC); in TEST_F_FORK()
2350 prepare_layout(_metadata); in FIXTURE_SETUP()
2352 create_layout1(_metadata); in FIXTURE_SETUP()
2354 set_cap(_metadata, CAP_SYS_ADMIN); in FIXTURE_SETUP()
2356 clear_cap(_metadata, CAP_SYS_ADMIN); in FIXTURE_SETUP()
2361 set_cap(_metadata, CAP_SYS_ADMIN); in FIXTURE_TEARDOWN()
2363 clear_cap(_metadata, CAP_SYS_ADMIN); in FIXTURE_TEARDOWN()
2365 remove_layout1(_metadata); in FIXTURE_TEARDOWN()
2367 cleanup_layout(_metadata); in FIXTURE_TEARDOWN()
2473 ruleset_fd = create_ruleset(_metadata, ACCESS_RW, layer1_parent); in TEST_F_FORK()
2475 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
2495 ruleset_fd = create_ruleset(_metadata, ACCESS_RW, layer2_mount_point); in TEST_F_FORK()
2497 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
2519 ruleset_fd = create_ruleset(_metadata, ACCESS_RW, layer3_source); in TEST_F_FORK()
2521 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
2543 ruleset_fd = create_ruleset(_metadata, ACCESS_RW, layer4_destination); in TEST_F_FORK()
2545 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
2691 prepare_layout(_metadata); in FIXTURE_SETUP()
2693 create_directory(_metadata, LOWER_BASE); in FIXTURE_SETUP()
2694 set_cap(_metadata, CAP_SYS_ADMIN); in FIXTURE_SETUP()
2697 clear_cap(_metadata, CAP_SYS_ADMIN); in FIXTURE_SETUP()
2698 create_file(_metadata, lower_fl1); in FIXTURE_SETUP()
2699 create_file(_metadata, lower_dl1_fl2); in FIXTURE_SETUP()
2700 create_file(_metadata, lower_fo1); in FIXTURE_SETUP()
2701 create_file(_metadata, lower_do1_fo2); in FIXTURE_SETUP()
2702 create_file(_metadata, lower_do1_fl3); in FIXTURE_SETUP()
2704 create_directory(_metadata, UPPER_BASE); in FIXTURE_SETUP()
2705 set_cap(_metadata, CAP_SYS_ADMIN); in FIXTURE_SETUP()
2707 clear_cap(_metadata, CAP_SYS_ADMIN); in FIXTURE_SETUP()
2708 create_file(_metadata, upper_fu1); in FIXTURE_SETUP()
2709 create_file(_metadata, upper_du1_fu2); in FIXTURE_SETUP()
2710 create_file(_metadata, upper_fo1); in FIXTURE_SETUP()
2711 create_file(_metadata, upper_do1_fo2); in FIXTURE_SETUP()
2712 create_file(_metadata, upper_do1_fu3); in FIXTURE_SETUP()
2715 create_directory(_metadata, MERGE_DATA); in FIXTURE_SETUP()
2716 set_cap(_metadata, CAP_SYS_ADMIN); in FIXTURE_SETUP()
2717 set_cap(_metadata, CAP_DAC_OVERRIDE); in FIXTURE_SETUP()
2721 clear_cap(_metadata, CAP_DAC_OVERRIDE); in FIXTURE_SETUP()
2722 clear_cap(_metadata, CAP_SYS_ADMIN); in FIXTURE_SETUP()
2735 set_cap(_metadata, CAP_SYS_ADMIN); in FIXTURE_TEARDOWN()
2737 clear_cap(_metadata, CAP_SYS_ADMIN); in FIXTURE_TEARDOWN()
2746 set_cap(_metadata, CAP_SYS_ADMIN); in FIXTURE_TEARDOWN()
2748 clear_cap(_metadata, CAP_SYS_ADMIN); in FIXTURE_TEARDOWN()
2751 set_cap(_metadata, CAP_SYS_ADMIN); in FIXTURE_TEARDOWN()
2753 clear_cap(_metadata, CAP_SYS_ADMIN); in FIXTURE_TEARDOWN()
2756 cleanup_layout(_metadata); in FIXTURE_TEARDOWN()
2931 ruleset_fd = create_ruleset(_metadata, ACCESS_RW, layer1_base); in TEST_F_FORK()
2933 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
2979 ruleset_fd = create_ruleset(_metadata, ACCESS_RW, layer2_data); in TEST_F_FORK()
2981 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
2996 ruleset_fd = create_ruleset(_metadata, ACCESS_RW, layer3_subdirs); in TEST_F_FORK()
2998 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
3021 ruleset_fd = create_ruleset(_metadata, ACCESS_RW, layer4_files); in TEST_F_FORK()
3023 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
3049 ruleset_fd = create_ruleset(_metadata, ACCESS_RW, layer5_merge_only); in TEST_F_FORK()
3051 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()