Re: [PATCH v2 2/2] selftests/filesystems: allow security.selinux xattr in listxattr kernfs test

[Ojaswin Mujoo]

On Thu, May 21, 2026 at 03:47:57PM +0530, Disha Goel wrote:
> kernfs_test assumes that flistxattr() on /sys/kernel/warn_count always
> returns an empty list. However, systems with SELinux enabled may expose
> security.selinux xattr via listxattr() during policy load, which makes
> the test fail even though kernfs is behaving correctly.
> 
> Allow security.selinux xattr in kernfs_listxattr while continuing to
> reject other unexpected xattrs. Keep the existing user.foo getxattr
> check unchanged.
> 
> This avoids false failures on SELinux-enabled systems while preserving
> the original purpose of the test.
> 
> Signed-off-by: Disha Goel <disgoel@xxxxxxxxxxxxx>
> ---
>  .../selftests/filesystems/kernfs_test.c       | 27 +++++++++++++++++--
>  1 file changed, 25 insertions(+), 2 deletions(-)
> 
> diff --git a/tools/testing/selftests/filesystems/kernfs_test.c b/tools/testing/selftests/filesystems/kernfs_test.c
> index 84c2b910a60d..a5e480d662e0 100644
> --- a/tools/testing/selftests/filesystems/kernfs_test.c
> +++ b/tools/testing/selftests/filesystems/kernfs_test.c
> @@ -4,6 +4,8 @@
>  
>  #include <fcntl.h>
>  #include <stdio.h>
> +#include <stdlib.h>
> +#include <string.h>
>  #include <sys/stat.h>
>  #include <sys/xattr.h>
>  
> @@ -12,12 +14,33 @@
>  
>  TEST(kernfs_listxattr)
>  {
> +	char *buf, *xattr;
> +	ssize_t len, ret;
>  	int fd;
>  
> -	/* Read-only file that can never have any extended attributes set. */
> +	/* Read-only file that can never have any extended attributes set.
> +	 * However, SELinux may set security.selinux xattr on kernfs files
> +	 * during policy load, so we explicitly ignore it.
> +	 */
>  	fd = open("/sys/kernel/warn_count", O_RDONLY | O_CLOEXEC);
>  	ASSERT_GE(fd, 0);
> -	ASSERT_EQ(flistxattr(fd, NULL, 0), 0);
> +
> +	len = flistxattr(fd, NULL, 0);
> +	ASSERT_GE(len, 0);
> +
> +	if (len > 0) {
> +		buf = malloc(len);
> +		ASSERT_NE(buf, NULL);
> +
> +		ret = flistxattr(fd, buf, len);
> +		ASSERT_EQ(ret, len);
> +
> +		for (xattr = buf; xattr < buf + len; xattr += strlen(xattr) + 1)
> +			ASSERT_EQ(strcmp(xattr, "security.selinux"), 0);

Hi Disha,

Yes we did check that this particular file was showing selinux xattrs,
so I guess the test's assumption is wrong. 

However, looking a bit more closely this test is designed to check that
when no xattrs are set then listxattr() always returns 0 and getxattr()
returns ENODATA. So having SELinux attributes defeats the purpose of the
test.

Maybe a better approach would be to just skip the test if any SELinux
attribute (or any attribute) is present on this file. Idk if with
SELinux its possible to have a file with no attr, if there is then maybe
we should use that file instead.

Regards,
Ojaswin

> +
> +		free(buf);
> +	}
> +
>  	EXPECT_EQ(close(fd), 0);
>  }
>  
> -- 
> 2.45.1
>