kernel/linux.git/tools/testing/selftests/seccomp, branch v5.1.16

selftests/seccomp: Handle namespace failures gracefully

2019-05-16T17:35:33+00:00

commit 9dd3fcb0ab73cb1e00b8562ef027a38521aaff87 upstream. When running without USERNS or PIDNS the seccomp test would hang since it was waiting forever for the child to trigger the user notification since it seems the glibc() abort handler makes a call to getpid(), which would trap again. This changes the getpid filter to getppid, and makes sure ASSERTs execute to stop from spawning the listener. Reported-by: Shuah Khan Fixes: 6a21cc50f0c7 ("seccomp: add a return code to trap to userspace") Cc: stable@vger.kernel.org # > 5.0 Signed-off-by: Kees Cook Reviewed-by: Tycho Andersen Signed-off-by: Shuah Khan Signed-off-by: Greg Kroah-Hartman

selftests/seccomp: Prepare for exclusive seccomp flags

2019-04-25T22:55:48+00:00

Some seccomp flags will become exclusive, so the selftest needs to be adjusted to mask those out and test them individually for the "all flags" tests. Cc: stable@vger.kernel.org # v5.0+ Signed-off-by: Kees Cook Reviewed-by: Tycho Andersen Acked-by: James Morris

selftests/seccomp: Actually sleep for 1/10th second

2019-02-13T15:52:42+00:00

Clang noticed that some none-zero sleep()s were actually using zero anyway. This switches to nanosleep() to gain sub-second granularity. seccomp_bpf.c:2625:9: warning: implicit conversion from 'double' to 'unsigned int' changes value from 0.1 to 0 [-Wliteral-conversion] sleep(0.1); ~~~~~ ^~~ Signed-off-by: Kees Cook Reviewed-by: Nick Desaulniers Signed-off-by: Shuah Khan

selftests: unshare userns in seccomp pidns testcases

2019-02-13T15:48:29+00:00

The pid ns cannot be unshare()d as an unprivileged user without owning the userns as well. Let's unshare the userns so that we can subsequently unshare the pidns. This also means that we don't need to set the no new privs bit as in the other test cases, since we're unsharing the userns. Signed-off-by: Tycho Andersen Acked-by: Kees Cook Signed-off-by: Shuah Khan

selftests: set NO_NEW_PRIVS bit in seccomp user tests

2019-02-13T15:48:12+00:00

seccomp() doesn't allow users who aren't root in their userns to attach filters unless they have the nnp bit set, so let's set it so that these tests can pass when run as an unprivileged user. This idea stolen from the other seccomp tests, which use this trick :) Signed-off-by: Tycho Andersen Acked-by: Kees Cook Signed-off-by: Shuah Khan

selftests: skip seccomp get_metadata test if not real root

2019-02-13T15:34:55+00:00

The get_metadata() test requires real root, so let's skip it if we're not real root. Note that I used XFAIL here because that's what the test does later if CONFIG_CHEKCKPOINT_RESTORE happens to not be enabled. After looking at the code, there doesn't seem to be a nice way to skip tests defined as TEST(), since there's no return code (I tried exit(KSFT_SKIP), but that didn't work either...). So let's do it this way to be consistent, and easier to fix when someone comes along and fixes it. Signed-off-by: Tycho Andersen Acked-by: Kees Cook Signed-off-by: Shuah Khan

selftests: fix typo in seccomp_bpf.c

2019-02-13T15:34:40+00:00

There used to be an explanation here because it could trigger lockdep previously, but now we're not doing recursive locking, so it really is just for grins. Signed-off-by: Tycho Andersen Acked-by: Kees Cook Signed-off-by: Shuah Khan

selftests: don't kill child immediately in get_metadata() test

2019-02-13T15:34:16+00:00

This this test forks a child, and then the parent waits for a write() to a pipe signalling the child is ready to be attached to. If something in the child ASSERTs before it does this write, the test will hang waiting for it. Instead, let's EXPECT, so that execution continues until we do the write. Any failure after that is fine and can ASSERT. Signed-off-by: Tycho Andersen Acked-by: Kees Cook Signed-off-by: Shuah Khan

selftests/seccomp: Enhance per-arch ptrace syscall skip tests

2019-01-25T22:13:35+00:00

Passing EPERM during syscall skipping was confusing since the test wasn't actually exercising the errno evaluation -- it was just passing a literal "1" (EPERM). Instead, expand the tests to check both direct value returns (positive, 45000 in this case), and errno values (negative, -ESRCH in this case) to check both fake success and fake failure during syscall skipping. Reported-by: Colin Ian King Fixes: a33b2d0359a0 ("selftests/seccomp: Add tests for basic ptrace actions") Cc: stable@vger.kernel.org Signed-off-by: Kees Cook Signed-off-by: Shuah Khan

selftests/seccomp: Abort without user notification support

2019-01-17T18:00:23+00:00

In the face of missing user notification support, the self test needs to stop executing a test (ASSERT_*) instead of just reporting and continuing (EXPECT_*). This adjusts the user notification tests to do that where needed. Reported-by: Shuah Khan Fixes: 6a21cc50f0c7 ("seccomp: add a return code to trap to userspace") Signed-off-by: Kees Cook Reviewed-by: Tycho Andersen Tested-by: Shuah Khan Signed-off-by: Shuah Khan