From patchwork Mon May 30 19:29:37 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Andreas Gruenbacher <agruenba@redhat.com>
X-Patchwork-Id: 9142101
Return-Path: <linux-security-module-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	D38F760801
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Mon, 30 May 2016 19:29:46 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C8C5528183
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Mon, 30 May 2016 19:29:46 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id BD8182819C; Mon, 30 May 2016 19:29:46 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_HI,
	T_TVD_MIME_EPI autolearn=unavailable version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 63BAD28188
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Mon, 30 May 2016 19:29:46 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1161961AbcE3T3k (ORCPT
	<rfc822;patchwork-linux-security-module@patchwork.kernel.org>);
	Mon, 30 May 2016 15:29:40 -0400
Received: from mail-vk0-f50.google.com ([209.85.213.50]:33707 "EHLO
	mail-vk0-f50.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1161710AbcE3T3i (ORCPT
	<rfc822;linux-security-module@vger.kernel.org>);
	Mon, 30 May 2016 15:29:38 -0400
Received: by mail-vk0-f50.google.com with SMTP id r140so232774185vkf.0
	for <linux-security-module@vger.kernel.org>;
	Mon, 30 May 2016 12:29:38 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:mime-version:in-reply-to:references:date
	:message-id:subject:from:to:cc;
	bh=/sbnEvqZ3PJPt2Oyz6+Yq/GmtfZEKynGkTUGVc4umls=;
	b=YkBVjO4Fsw/rTBI6Zh3NjWdKBOq/51EerzJ9VCA/nVyhSumyj6DwvyTdRwvfaTm4We
	3mMgyExSo/ST199XkUghtlkrzl9v1SuWxmOKIm8o2NNmCI/KlAD5QKYcWuNbRhCNblPx
	XSyt172tLntEY7Y1dg8k1MW9jOPNJ7U7RXRQLBoGXedcO384B1aKxpzmlVHCnZ4ESlKU
	FWOXRimW3hGLADcerGiI339mn1NbqJHM3boxGjyQvSZr1EKYsbcy1rKyShx8piIbbwS6
	pWha3NjMdWX+6HgGvs7ju8tOCJPkojepMmyOXyGv9aVo8E4BRz9O+sNX/JlUhvTzajsC
	efxA==
X-Gm-Message-State: 
 ALyK8tJaqzaW14kSusz57NcOR02nx6mFsZy+E3x+Qj6m29lfzwgLzg5yLza+WffXGzYAH0gWfqST2gYC2GeH998V
MIME-Version: 1.0
X-Received: by 10.176.64.100 with SMTP id h91mr15110835uad.92.1464636577698;
	Mon, 30 May 2016 12:29:37 -0700 (PDT)
Received: by 10.159.36.211 with HTTP; Mon, 30 May 2016 12:29:37 -0700 (PDT)
In-Reply-To: 
 <CA+icZUWUkY7Rj6+K26tAffUtCbySLiCvyD+ZYvoPrJPQO1cO+w@mail.gmail.com>
References: <1464598653-3656-1-git-send-email-agruenba@redhat.com>
	<CA+icZUXGxsw-g1W8QzwuFx=8UTnxzQD9UsNEH2PHCGrqW=0xdA@mail.gmail.com>
	<CAHc6FU6gZHEcrqvyKdKJbFVrd0L8=M2ynm2GD6tQx32fzTjD=g@mail.gmail.com>
	<CA+icZUVmB1pSuG1_3-nkiKjoDH9UrvUEsZjy8hS6_+Y2yDyruA@mail.gmail.com>
	<CA+icZUWVdtqK4OcXhjVDbrqfXBO5-DpbB5nVpX+iTN_RBDH5Xw@mail.gmail.com>
	<CAHc6FU40o3VpzV-oL81NqrYB3Ryt-nCOeEZCfnQSPFZ==cWvDA@mail.gmail.com>
	<CA+icZUWUkY7Rj6+K26tAffUtCbySLiCvyD+ZYvoPrJPQO1cO+w@mail.gmail.com>
Date: Mon, 30 May 2016 21:29:37 +0200
Message-ID: 
 <CAHc6FU5_ptUJG15k+c=5xcBa1CtNXzVk3pC7jT5iW_CU56tnFA@mail.gmail.com>
Subject: Re: [PATCH v3 00/17] Xattr inode operation removal
From: Andreas Gruenbacher <agruenba@redhat.com>
To: sedat.dilek@gmail.com
Cc: Alexander Viro <viro@zeniv.linux.org.uk>,
	linux-fsdevel <linux-fsdevel@vger.kernel.org>,
	Tyler Hicks <tyhicks@canonical.com>, ecryptfs@vger.kernel.org,
	Miklos Szeredi <miklos@szeredi.hu>, linux-unionfs@vger.kernel.org,
	Mimi Zohar <zohar@linux.vnet.ibm.com>,
	linux-ima-devel@lists.sourceforge.net,
	LSM <linux-security-module@vger.kernel.org>,
	David Howells <dhowells@redhat.com>,
	Serge Hallyn <serge.hallyn@canonical.com>,
	Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
	Paul Moore <paul@paul-moore.com>, Stephen Smalley <sds@tycho.nsa.gov>,
	Eric Paris <eparis@parisplace.org>,
	Casey Schaufler <casey@schaufler-ca.com>,
	Oleg Drokin <oleg.drokin@intel.com>,
	Andreas Dilger <andreas.dilger@intel.com>
Sender: owner-linux-security-module@vger.kernel.org
Precedence: bulk
List-ID: <linux-security-module.vger.kernel.org>
X-Virus-Scanned: ClamAV using ClamSMTP

On Mon, May 30, 2016 at 8:51 PM, Sedat Dilek <sedat.dilek@gmail.com> wrote:
> Which "trusted." line or lines shall I remove?

You can try something like the attached patch. Ovetall, the test case
doesn't seem very useful.

Thanks,
Andreas

diff --git a/testcases/kernel/controllers/cgroup_xattr/cgroup_xattr.c b/testcases/kernel/controllers/cgroup_xattr/cgroup_xattr.c
index 492ddc7..a7c131f 100644
--- a/testcases/kernel/controllers/cgroup_xattr/cgroup_xattr.c
+++ b/testcases/kernel/controllers/cgroup_xattr/cgroup_xattr.c
@@ -64,9 +64,9 @@ struct tst_key {
 
 /* only security.* & trusted.* are valid key names */
 static struct tst_key tkeys[] = {
-	{ .name = "security.",		.good = 1,	},
+	{ .name = "security.",		.good = 0,	},  /* see setup() */
 	{ .name = "trusted.test",	.good = 1,	},
-	{ .name = "trusted.",		.good = 1,	},
+	{ .name = "trusted.",		.good = 0,	},  /* see setup() */
 	{ .name = "user.",		.good = 0,	},
 	{ .name = "system.",		.good = 0,	},
 };
@@ -141,6 +141,8 @@ static void help(void)
 
 void setup(int argc, char *argv[])
 {
+	unsigned int i;
+
 	tst_parse_opts(argc, argv, options, help);
 
 	tst_require_root();
@@ -153,17 +155,11 @@ void setup(int argc, char *argv[])
 			"Test must be run with kernel 3.7 or newer");
 	}
 
-	if (tst_kvercmp(3, 15, 0) >= 0) {
-		/* In kernel v3.15 cgroup was converted to kernfs
-		 * that doesn't provide simple security namespace handlers.
-		 * Setting just 'security.' should return EOPNOTSUPP.
-		 */
-		unsigned int i;
-		for (i = 0; i < ARRAY_SIZE(tkeys); ++i) {
-			if (!strcmp(tkeys[i].name, "security.")) {
-				tkeys[i].good = 0;
-				break;
-			}
+	for (i = 0; i < ARRAY_SIZE(tkeys); ++i) {
+		if (!strcmp(tkeys[i].name, "security.")) {
+			tkeys[i].good = tst_kvercmp(3, 15, 0) < 0;
+		} else if (!strcmp(tkeys[i].name, "trusted.")) {
+			tkeys[i].good = tst_kvercmp(4, 5, 0) < 0;
 		}
 	}