[PATCH] selftests/memfd: fix test_sysctl
jeffxu at chromium.org
jeffxu at chromium.org
Fri Apr 14 02:28:01 UTC 2023
From: Jeff Xu <jeffxu at google.com>
sysctl memfd_noexec is pid-namespaced, non-reservable,
and inherent to the child process.
Moving the inherence test from init ns to child ns, so
init ns can keep the default value.
Signed-off-by: Jeff Xu <jeffxu at google.com>
Reported-by: kernel test robot <yujie.liu at intel.com>
Link: https://lore.kernel.org/oe-lkp/202303312259.441e35db-yujie.liu@intel.com
---
tools/testing/selftests/memfd/memfd_test.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/tools/testing/selftests/memfd/memfd_test.c b/tools/testing/selftests/memfd/memfd_test.c
index ae71f15f790d..dba0e8ba002f 100644
--- a/tools/testing/selftests/memfd/memfd_test.c
+++ b/tools/testing/selftests/memfd/memfd_test.c
@@ -43,6 +43,9 @@
*/
static size_t mfd_def_size = MFD_DEF_SIZE;
static const char *memfd_str = MEMFD_STR;
+static pid_t spawn_newpid_thread(unsigned int flags, int (*fn)(void *));
+static int newpid_thread_fn2(void *arg);
+static void join_newpid_thread(pid_t pid);
static ssize_t fd2name(int fd, char *buf, size_t bufsize)
{
@@ -1111,6 +1114,7 @@ static void test_noexec_seal(void)
static void test_sysctl_child(void)
{
int fd;
+ int pid;
printf("%s sysctl 0\n", memfd_str);
sysctl_assert_write("0");
@@ -1129,6 +1133,10 @@ static void test_sysctl_child(void)
mfd_def_size,
MFD_CLOEXEC | MFD_ALLOW_SEALING);
+ printf("%s child ns\n", memfd_str);
+ pid = spawn_newpid_thread(CLONE_NEWPID, newpid_thread_fn2);
+ join_newpid_thread(pid);
+
mfd_assert_mode(fd, 0666);
mfd_assert_has_seals(fd, F_SEAL_EXEC);
mfd_fail_chmod(fd, 0777);
@@ -1206,12 +1214,6 @@ static void test_sysctl(void)
int pid = spawn_newpid_thread(CLONE_NEWPID, newpid_thread_fn);
join_newpid_thread(pid);
-
- printf("%s child ns\n", memfd_str);
- sysctl_assert_write("1");
-
- pid = spawn_newpid_thread(CLONE_NEWPID, newpid_thread_fn2);
- join_newpid_thread(pid);
}
/*
--
2.40.0.577.gac1e443424-goog
More information about the Linux-security-module-archive
mailing list