git.baikalelectronics.ru Git - kernel.git/commit

author	KP Singh <kpsingh@google.com>
	Tue, 17 Nov 2020 23:29:29 +0000 (23:29 +0000)
committer	Daniel Borkmann <daniel@iogearbox.net>
	Wed, 18 Nov 2020 00:36:27 +0000 (01:36 +0100)
commit	33c5d7e5f8cb4269861767137a01f43af19d2744
tree	c24c955af692e647e500359f902c3188ecbaef6e	tree \| snapshot
parent	61db6b0d6088eefa766ae15e1339355ecf710f75	commit \| diff

bpf: Add tests for bpf_bprm_opts_set helper

The test forks a child process, updates the local storage to set/unset
the securexec bit.

The BPF program in the test attaches to bprm_creds_for_exec which checks
the local storage of the current task to set the secureexec bit on the
binary parameters (bprm).

The child then execs a bash command with the environment variable
TMPDIR set in the envp. The bash command returns a different exit code
based on its observed value of the TMPDIR variable.

Since TMPDIR is one of the variables that is ignored by the dynamic
loader when the secureexec bit is set, one should expect the
child execution to not see this value when the secureexec bit is set.

Signed-off-by: KP Singh <kpsingh@google.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Link: https://lore.kernel.org/bpf/20201117232929.2156341-2-kpsingh@chromium.org

tools/testing/selftests/bpf/prog_tests/test_bprm_opts.c	[new file with mode: 0644]	blob
tools/testing/selftests/bpf/progs/bprm_opts.c	[new file with mode: 0644]	blob