@@ -40,7 +40,6 @@ FIXTURE(audit)
40
40
{
41
41
struct audit_filter audit_filter ;
42
42
int audit_fd ;
43
- __u64 (* domain_stack )[16 ];
44
43
};
45
44
46
45
FIXTURE_SETUP (audit )
@@ -60,18 +59,10 @@ FIXTURE_SETUP(audit)
60
59
TH_LOG ("Failed to initialize audit: %s" , error_msg );
61
60
}
62
61
clear_cap (_metadata , CAP_AUDIT_CONTROL );
63
-
64
- self -> domain_stack = mmap (NULL , sizeof (* self -> domain_stack ),
65
- PROT_READ | PROT_WRITE ,
66
- MAP_SHARED | MAP_ANONYMOUS , -1 , 0 );
67
- ASSERT_NE (MAP_FAILED , self -> domain_stack );
68
- memset (self -> domain_stack , 0 , sizeof (* self -> domain_stack ));
69
62
}
70
63
71
64
FIXTURE_TEARDOWN (audit )
72
65
{
73
- EXPECT_EQ (0 , munmap (self -> domain_stack , sizeof (* self -> domain_stack )));
74
-
75
66
set_cap (_metadata , CAP_AUDIT_CONTROL );
76
67
EXPECT_EQ (0 , audit_cleanup (self -> audit_fd , & self -> audit_filter ));
77
68
clear_cap (_metadata , CAP_AUDIT_CONTROL );
@@ -83,9 +74,15 @@ TEST_F(audit, layers)
83
74
.scoped = LANDLOCK_SCOPE_SIGNAL ,
84
75
};
85
76
int status , ruleset_fd , i ;
77
+ __u64 (* domain_stack )[16 ];
86
78
__u64 prev_dom = 3 ;
87
79
pid_t child ;
88
80
81
+ domain_stack = mmap (NULL , sizeof (* domain_stack ), PROT_READ | PROT_WRITE ,
82
+ MAP_SHARED | MAP_ANONYMOUS , -1 , 0 );
83
+ ASSERT_NE (MAP_FAILED , domain_stack );
84
+ memset (domain_stack , 0 , sizeof (* domain_stack ));
85
+
89
86
ruleset_fd =
90
87
landlock_create_ruleset (& ruleset_attr , sizeof (ruleset_attr ), 0 );
91
88
ASSERT_LE (0 , ruleset_fd );
@@ -94,7 +91,7 @@ TEST_F(audit, layers)
94
91
child = fork ();
95
92
ASSERT_LE (0 , child );
96
93
if (child == 0 ) {
97
- for (i = 0 ; i < ARRAY_SIZE (* self -> domain_stack ); i ++ ) {
94
+ for (i = 0 ; i < ARRAY_SIZE (* domain_stack ); i ++ ) {
98
95
__u64 denial_dom = 1 ;
99
96
__u64 allocated_dom = 2 ;
100
97
@@ -115,7 +112,7 @@ TEST_F(audit, layers)
115
112
/* Checks that the new domain is younger than the previous one. */
116
113
EXPECT_GT (allocated_dom , prev_dom );
117
114
prev_dom = allocated_dom ;
118
- (* self -> domain_stack )[i ] = allocated_dom ;
115
+ (* domain_stack )[i ] = allocated_dom ;
119
116
}
120
117
121
118
/* Checks that we reached the maximum number of layers. */
@@ -142,20 +139,20 @@ TEST_F(audit, layers)
142
139
/* Purges log from deallocated domains. */
143
140
EXPECT_EQ (0 , setsockopt (self -> audit_fd , SOL_SOCKET , SO_RCVTIMEO ,
144
141
& audit_tv_dom_drop , sizeof (audit_tv_dom_drop )));
145
- for (i = ARRAY_SIZE (* self -> domain_stack ) - 1 ; i >= 0 ; i -- ) {
142
+ for (i = ARRAY_SIZE (* domain_stack ) - 1 ; i >= 0 ; i -- ) {
146
143
__u64 deallocated_dom = 2 ;
147
144
148
145
EXPECT_EQ (0 , matches_log_domain_deallocated (self -> audit_fd , 1 ,
149
146
& deallocated_dom ));
150
- EXPECT_EQ ((* self -> domain_stack )[i ], deallocated_dom )
147
+ EXPECT_EQ ((* domain_stack )[i ], deallocated_dom )
151
148
{
152
149
TH_LOG ("Failed to match domain %llx (#%d)" ,
153
- (* self -> domain_stack )[i ], i );
150
+ (* domain_stack )[i ], i );
154
151
}
155
152
}
153
+ EXPECT_EQ (0 , munmap (domain_stack , sizeof (* domain_stack )));
156
154
EXPECT_EQ (0 , setsockopt (self -> audit_fd , SOL_SOCKET , SO_RCVTIMEO ,
157
155
& audit_tv_default , sizeof (audit_tv_default )));
158
-
159
156
EXPECT_EQ (0 , close (ruleset_fd ));
160
157
}
161
158
0 commit comments