From c42f29fb7d319c08ea66a8b4e26d6125361cff41 Mon Sep 17 00:00:00 2001
From: Mickaël Salaün <mic@linux.microsoft.com>
Date: Thu, 3 Jul 2025 16:37:04 +0200
Subject: sys/linux/test: fix sandbox restrictions for Landlock tests
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The setuid sandboxes are not correct because some tests require mount.
Let's make it simple and remove them.  After all, Landlock is available
to any user.

Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
---
 sys/linux/test/landlock_fs_accesses  | 3 ---
 sys/linux/test/landlock_fs_forbidden | 3 ---
 sys/linux/test/landlock_sb_delete    | 3 ---
 3 files changed, 9 deletions(-)

(limited to 'sys/linux')

diff --git a/sys/linux/test/landlock_fs_accesses b/sys/linux/test/landlock_fs_accesses
index 933ba5667..2d137703e 100644
--- a/sys/linux/test/landlock_fs_accesses
+++ b/sys/linux/test/landlock_fs_accesses
@@ -1,7 +1,4 @@
 # Create and access multiple type of files
-#
-# Device creation requires some privileges:
-# requires: -sandbox=namespace -sandbox=setuid
 
 # Makes a character device /dev/null
 
diff --git a/sys/linux/test/landlock_fs_forbidden b/sys/linux/test/landlock_fs_forbidden
index 26c272ab9..1a1100548 100644
--- a/sys/linux/test/landlock_fs_forbidden
+++ b/sys/linux/test/landlock_fs_forbidden
@@ -1,7 +1,4 @@
 # Access denied to whole syscalls, which return EPERM.
-#
-# Manipuling namespaces requires some privileges:
-# requires: -sandbox=setuid
 
 # Makes a private mount point for MS_MOVE.
 
diff --git a/sys/linux/test/landlock_sb_delete b/sys/linux/test/landlock_sb_delete
index a45042b8a..07490505a 100644
--- a/sys/linux/test/landlock_sb_delete
+++ b/sys/linux/test/landlock_sb_delete
@@ -1,7 +1,4 @@
 # Creates a new mount point.
-#
-# Mounting requires some privileges:
-# requires: -sandbox=setuid
 
 mkdirat(0xffffffffffffff9c, &AUTO='./file0\x00', 0x1c0)
 mount$tmpfs(0x0, &AUTO='./file0\x00', &AUTO='tmpfs\x00', 0x0, 0x0)
-- 
cgit mrf-deployment