[PATCH v1 2/2] selftests/memfd: sysctl: fix MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED
jeffxu at chromium.org
jeffxu at chromium.org
Fri Jun 30 03:17:20 UTC 2023
From: Jeff Xu <jeffxu at google.com>
Add selftest for sysctl vm.memfd_noexec is 2
(MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED)
memfd_create(.., MFD_EXEC) should fail in this case.
Signed-off-by: Jeff Xu <jeffxu at google.com>
---
tools/testing/selftests/memfd/memfd_test.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/tools/testing/selftests/memfd/memfd_test.c b/tools/testing/selftests/memfd/memfd_test.c
index dba0e8ba002f..dbdd9ec5e397 100644
--- a/tools/testing/selftests/memfd/memfd_test.c
+++ b/tools/testing/selftests/memfd/memfd_test.c
@@ -1147,6 +1147,11 @@ static void test_sysctl_child(void)
sysctl_assert_write("2");
mfd_fail_new("kern_memfd_sysctl_2",
MFD_CLOEXEC | MFD_ALLOW_SEALING);
+ mfd_fail_new("kern_memfd_sysctl_2_MFD_EXEC",
+ MFD_CLOEXEC | MFD_EXEC);
+ fd = mfd_assert_new("", 0, MFD_NOEXEC_SEAL);
+ close(fd);
+
sysctl_fail_write("0");
sysctl_fail_write("1");
}
--
2.41.0.255.g8b1d071c50-goog
More information about the Linux-security-module-archive
mailing list