www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Mickaël Salaün <mic@digikod.net>
	Thu, 12 Dec 2024 17:42:18 +0000 (18:42 +0100)
committer	Kees Cook <kees@kernel.org>
	Thu, 19 Dec 2024 01:00:29 +0000 (17:00 -0800)
commit	b083cc815376a8ccfba6535b4d59a396b77601d4
tree	cceac0e61b1b3cc1f6c6a03086172f15232c5b82	tree
parent	a0623b2a1d595341971c189b90a6b06f42cd209d	commit \| diff

selftests/exec: Add 32 tests for AT_EXECVE_CHECK and exec securebits

Test that checks performed by execveat(..., AT_EXECVE_CHECK) are
consistent with noexec mount points and file execute permissions.

Test that SECBIT_EXEC_RESTRICT_FILE and SECBIT_EXEC_DENY_INTERACTIVE are
inherited by child processes and that they can be pinned with the
appropriate SECBIT_EXEC_RESTRICT_FILE_LOCKED and
SECBIT_EXEC_DENY_INTERACTIVE_LOCKED bits.

Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Christian Brauner <brauner@kernel.org>
Cc: Kees Cook <keescook@chromium.org>
Cc: Paul Moore <paul@paul-moore.com>
Cc: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Mickaël Salaün <mic@digikod.net>
Link: https://lore.kernel.org/r/20241212174223.389435-4-mic@digikod.net
Signed-off-by: Kees Cook <kees@kernel.org>

tools/testing/selftests/exec/.gitignore		diff \| blob \| history
tools/testing/selftests/exec/Makefile		diff \| blob \| history
tools/testing/selftests/exec/check-exec.c	[new file with mode: 0644]	blob
tools/testing/selftests/exec/config	[new file with mode: 0644]	blob
tools/testing/selftests/exec/false.c	[new file with mode: 0644]	blob