selftests/landlock: Test ftruncate on FDs created by memfd_create(2)

All file descriptors that are truncatable need to have the Landlock
access rights set correctly on the file's Landlock security blob. This
is also the case for files that are opened by other means than
open(2).

Test coverage for security/landlock is 94.7% of 838 lines according to
gcc/gcov-11.

Signed-off-by: Günther Noack <gnoack3000@gmail.com>
Link: https://lore.kernel.org/r/20221018182216.301684-10-gnoack3000@gmail.com
[mic: Add test coverage in commit message]
Signed-off-by: Mickaël Salaün <mic@digikod.net>

diff --git a/tools/testing/selftests/landlock/fs_test.c b/tools/testing/selftests/landlock/fs_test.c
index f8aae01..d5dab98 100644 (file)
--- a/tools/testing/selftests/landlock/fs_test.c
+++ b/tools/testing/selftests/landlock/fs_test.c
@@ -3603,6 +3603,22 @@ TEST_F_FORK(ftruncate, open_and_ftruncate_in_different_processes)
        ASSERT_EQ(0, close(socket_fds[1]));
 }
 
+TEST(memfd_ftruncate)
+{
+       int fd;
+
+       fd = memfd_create("name", MFD_CLOEXEC);
+       ASSERT_LE(0, fd);
+
+       /*
+        * Checks that ftruncate is permitted on file descriptors that are
+        * created in ways other than open(2).
+        */
+       EXPECT_EQ(0, test_ftruncate(fd));
+
+       ASSERT_EQ(0, close(fd));
+}
+
 /* clang-format off */
 FIXTURE(layout1_bind) {};
 /* clang-format on */