search

landlock-lsm / landlock-test-tools

Landlock test tools
https://landlock.io
GNU General Public License v2.0
0 stars 1 forks source link

Add support for initial kernel tests #2

Closed l0kod closed 5 months ago

l0kod commented 7 months ago

We need a way to build a kernel with Landlock, the related sample (sandboxer), the Kselftest, and run all the tests including KUnit ones.

The will be useful for any contributor and to run tests with the GitHub CI.

l0kod commented 7 months ago

Initial commit for UML: 72d5d2ab0f36ab7fa38ebbcd721f3833065a2dc9

l0kod commented 7 months ago

@gnoack could you please test the following command on top of my Linux's -next branch: check-linux.sh build kselftest kunit patch? I guess we have a pretty similar build system but that would validate at least on another machine. :smile:

That should work on all the supported stable branches too: 5.15, 6.1, and 6.6

l0kod commented 7 months ago

Related to landlock-lsm/linux#12

gnoack commented 7 months ago

@gnoack could you please test the following command on top of my Linux's -next branch: check-linux.sh build kselftest kunit patch? I guess we have a pretty similar build system but that would validate at least on another machine. 😄

Hi! It's really nice to see this working so well, it felt much faster to build and run than my usual Qemu-based scripts. 👍

Results are:

Output from net tests is: nettest.txt

All tests have output similar to this:

#  RUN           port_specific.sandbox_with_ipv6.bind_connect_1023 ...
RTNETLINK answers: Operation not permitted
# net_test.c:104:bind_connect_1023:Expected 0 (0) == system("ip link set dev lo up") (512)
# bind_connect_1023: Test terminated by assertion
#          FAIL  port_specific.sandbox_with_ipv6.bind_connect_1023
not ok 84 port_specific.sandbox_with_ipv6.bind_connect_1023
# FAILED: 0 / 84 tests passed.

I imagine that I am missing something in my set up? Is that a known issue?

l0kod commented 7 months ago

It is OK if you are running this with Linux v6.7 or the master branch. This should work fine on top of my next branch with this fix: https://github.com/landlock-lsm/linux/commit/bb6f4dbe2639d5b8a9fde4bfb6fefecfd3f18df3

l0kod commented 7 months ago

This fix will be merge this month and backported to Linux 6.7.

l0kod commented 5 months ago

@gnoack is it OK now?

gnoack commented 5 months ago

Yes, absolutely. I've been using your test scripts productively for a few weeks now and stopped using my Qemu-based stuff (which was pretty slow! o_O)

l0kod commented 5 months ago

4 will help too.