git.baikalelectronics.ru Git - kernel.git/commit

author	KP Singh <kpsingh@google.com>
	Tue, 17 Nov 2020 23:29:29 +0000 (23:29 +0000)
committer	Daniel Borkmann <daniel@iogearbox.net>
	Wed, 18 Nov 2020 00:36:27 +0000 (01:36 +0100)
commit	848fee637c11ae84e60be7084f90c24f1774d891
tree	c24c955af692e647e500359f902c3188ecbaef6e	tree \| snapshot
parent	89b17db856bf36468939394df237d18b8165a7f9	commit \| diff

bpf: Add tests for bpf_bprm_opts_set helper

The test forks a child process, updates the local storage to set/unset
the securexec bit.

The BPF program in the test attaches to bprm_creds_for_exec which checks
the local storage of the current task to set the secureexec bit on the
binary parameters (bprm).

The child then execs a bash command with the environment variable
TMPDIR set in the envp. The bash command returns a different exit code
based on its observed value of the TMPDIR variable.

Since TMPDIR is one of the variables that is ignored by the dynamic
loader when the secureexec bit is set, one should expect the
child execution to not see this value when the secureexec bit is set.

Signed-off-by: KP Singh <kpsingh@google.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Link: https://lore.kernel.org/bpf/20201117232929.2156341-2-kpsingh@chromium.org

tools/testing/selftests/bpf/prog_tests/test_bprm_opts.c	[new file with mode: 0644]	blob
tools/testing/selftests/bpf/progs/bprm_opts.c	[new file with mode: 0644]	blob