Re: [PATCH net-next v3 5/5] selftest: Add tests for useful handling of LSM denials on SCM_RIGHTS
From: Jori Koolstra
Date: Tue Jun 30 2026 - 10:35:22 EST
> Op 30-06-2026 16:17 CEST schreef Jakub Kicinski <kuba@xxxxxxxxxx>:
>
>
> On Mon, 29 Jun 2026 21:43:27 +0200 Jori Koolstra wrote:
> > The test uses the following Smack labels:
> >
> > "Sender" - label for the sending process
> > "Receiver" - label for the receiving process
> > "SecretX" - labels for the files being passed
>
> Not sure this test belongs in net/
> 99.9% of people running this test do not use Smack.
> At the very least you need to use XFAIL instead of SKIP
> we use skip for problems with the env which are fixable,
> like a command missing.
Ah, right, because you can only use one of these LSMs at a time?
I mean one of AppArmour, SELinux, Smack, TOMOYO.
I just need some LSM to trigger the reject of security_file_receive()
and Smack was the easiest to get going. The series is totally agnostic
to the used LSM. I am fine with moving the tests elsewhere or porting
them to SELinux if that is really necessary. We could also drop them
altogether.
What do you propose?
Thanks,
Jori.