Hi Mickaël, On Fri, Jun 19, 2026 at 10:32:45AM +0200, Mickaël Salaün wrote: > I extended your patch and merged it: > https://git.kernel.org/mic/c/next&id=0302cd72fe196aee933e3fb76f6d175d1ab0e843 > > Thanks!
Thank you! Sorry for the late response. Only yesterday I tried the patches you pointed me at and they also helped in my setup. I was also about to sent a patch regarding filtering out the domain deallocation records but that was also covered by you already. > > On Tue, Jun 09, 2026 at 12:51:03AM +0200, Mickaël Salaün wrote: > > Thanks for this patch. I merged a few fixes and I'd be interested to > > know if this one fix the issue you spotted: > > https://git.kernel.org/pub/scm/linux/kernel/git/mic/linux.git/commit/?h=next&id=d8dfb4c7faa87c3e41a8678f38f136c2c7c036fa > > > > > > On Fri, May 29, 2026 at 08:03:41PM +0000, Maximilian Heyne wrote: > > > I'm seeing sporadic selftest failures, such as > > > > > > # RUN scoped_audit.connect_to_child ... > > > # scoped_abstract_unix_test.c:314:connect_to_child:Expected 0 (0) == > > > records.access (8) > > > # connect_to_child: Test failed > > > # FAIL scoped_audit.connect_to_child > > > not ok 19 scoped_audit.connect_to_child > > > > > > This seems similar to what commit 3647a4977fb73d ("selftests/landlock: > > > Drain stale audit records on init") tried to fix. However, the added > > > drain loop is not effective. When setting the AUDIT_STATUS_PID, the > > > kauditd_thread is woken up starting to send messages from the hold queue > > > to the netlink. Depending on scheduling of this kthread not all messages > > > might be send via the netlink in the 1 us interval. > > > > > > Therefore, instead of trying to drain the queue, let's just disable > > > audit when running non-audit tests or more precisely disable it after > > > audit-tests. This way we won't generate any new audit message that could > > > interfere with the other tests. > > > > > > The comment saying that on process exit audit will be disabled is wrong. > > > The closed file descriptor just causes an auditd_reset(), not a > > > disablement. So future messages will be queued in the hold queue. > > > > > > Cc: [email protected] > > > Fixes: 6a500b22971c ("selftests/landlock: Add tests for audit flags and > > > domain IDs") > > > Signed-off-by: Maximilian Heyne <[email protected]> > > > --- > > > > > > I've seen the failures on the 6.18 kernels but haven't tested on latest > > > upstream. However, I still think this is an issue. > > > > > > --- > > > tools/testing/selftests/landlock/audit.h | 13 +++++-------- > > > 1 file changed, 5 insertions(+), 8 deletions(-) > > > > > > diff --git a/tools/testing/selftests/landlock/audit.h > > > b/tools/testing/selftests/landlock/audit.h > > > index 834005b2b0f09..7842330875f53 100644 > > > --- a/tools/testing/selftests/landlock/audit.h > > > +++ b/tools/testing/selftests/landlock/audit.h > > > @@ -494,10 +494,9 @@ static int audit_init_filter_exe(struct audit_filter > > > *filter, const char *path) > > > static int audit_cleanup(int audit_fd, struct audit_filter *filter) > > > > audit_cleanup() should be called for audit_exec tests too. > > > > > { > > > struct audit_filter new_filter; > > > + int err; > > > > > > if (audit_fd < 0 || !filter) { > > > - int err; > > > - > > > /* > > > * Simulates audit_init_with_exe_filter() when called from > > > * FIXTURE_TEARDOWN_PARENT(). > > > @@ -518,12 +517,10 @@ static int audit_cleanup(int audit_fd, struct > > > audit_filter *filter) > > > audit_filter_exe(audit_fd, filter, AUDIT_DEL_RULE); > > > audit_filter_drop(audit_fd, AUDIT_DEL_RULE); > > > > > > - /* > > > - * Because audit_cleanup() might not be called by the test auditd > > > - * process, it might not be possible to explicitly set it. Anyway, > > > - * AUDIT_STATUS_ENABLED will implicitly be set to 0 when the auditd > > > - * process will exit. > > > - */ > > > > Please add a comment that explains that the audit state is not restored > > but just disabled. > > > > > + err = audit_set_status(audit_fd, AUDIT_STATUS_ENABLED, 0); > > > + if (err) > > > + return err; > > > + > > > return close(audit_fd); > > > > FDs should always be closed. > > > > > } > > > > > > -- > > > 2.50.1 > > > > > > > > > > > > > > > Amazon Web Services Development Center Germany GmbH > > > Tamara-Danz-Str. 13 > > > 10243 Berlin > > > Geschaeftsfuehrung: Christof Hellmis, Andreas Stieger > > > Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B > > > Sitz: Berlin > > > Ust-ID: DE 365 538 597 > > > > > > Amazon Web Services Development Center Germany GmbH Tamara-Danz-Str. 13 10243 Berlin Geschaeftsfuehrung: Christof Hellmis, Andreas Stieger Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B Sitz: Berlin Ust-ID: DE 365 538 597
