[PATCH] LSM: SafeSetID: add selftest

Edwin Zimmerman edwin at 211mainstreet.net
Wed Feb 6 19:26:16 UTC 2019


> On Wednesday, February 06, 2019 2:03 PM Micah Morton wrote:
> > This patch adds a selftest for the SafeSetID LSM. The test requires
> > mounting securityfs if it isn't mounted, creating test users in
> > /etc/passwd, and configuring policies for the SafeSetID LSM through
> > writes to securityfs.
> >
> > Signed-off-by: Micah Morton <mortonm at chromium.org>
> > ---
> > This test is reasonably robust for demonstrating the functionality of
> > the LSM, but is no masterpiece by any means. I'm not totally sure how
> > these tests are used. Are they incorporated into testing frameworks for
> > the Linux kernel that are run regularly or just PoC binaries that sit in
> > this directory more or less as documentation? If its the former, this
> > code probably needs some more cleanup and better organization. Beyond
> > coding style, the test doesn't bother to clean up users that were added
> > in /etc/passwd for testing purposes nor flushes policies that were
> > configured for the LSM relating to those users. Should it?
> 
> No good reason to leave the users, so I would suggest cleaning them up.
> All it would take would be several deluser commands
> in safesetid-test.sh.  Very simple.



More information about the Linux-security-module-archive mailing list