* [PATCH for-next/seccomp 0/2] selftests/seccomp: SKIP tests requiring root
@ 2020-07-10 18:51 Kees Cook
2020-07-10 18:51 ` [PATCH for-next/seccomp 1/2] selftests/seccomp: Add SKIPs for failed unshare() Kees Cook
2020-07-10 18:51 ` [PATCH for-next/seccomp 2/2] selftests/seccomp: Set NNP for TSYNC ESRCH flag test Kees Cook
0 siblings, 2 replies; 6+ messages in thread
From: Kees Cook @ 2020-07-10 18:51 UTC (permalink / raw)
To: Will Deacon; +Cc: Kees Cook, Tycho Andersen, linux-kernel
Hi,
This fixes the seccomp selftests to pass (with SKIPs) for regular users.
I intend to put this in for-next/seccomp (to avoid further conflicts
with the kselftest tree).
(and for those following along, this is effectively based on the -next tree)
-Kees
Kees Cook (2):
selftests/seccomp: Add SKIPs for failed unshare()
selftests/seccomp: Set NNP for TSYNC ESRCH flag test
tools/testing/selftests/seccomp/seccomp_bpf.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
--
2.25.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH for-next/seccomp 1/2] selftests/seccomp: Add SKIPs for failed unshare()
2020-07-10 18:51 [PATCH for-next/seccomp 0/2] selftests/seccomp: SKIP tests requiring root Kees Cook
@ 2020-07-10 18:51 ` Kees Cook
2020-07-10 19:10 ` Tycho Andersen
2020-07-10 18:51 ` [PATCH for-next/seccomp 2/2] selftests/seccomp: Set NNP for TSYNC ESRCH flag test Kees Cook
1 sibling, 1 reply; 6+ messages in thread
From: Kees Cook @ 2020-07-10 18:51 UTC (permalink / raw)
To: Will Deacon; +Cc: Kees Cook, Tycho Andersen, linux-kernel
Running the seccomp tests as a regular user shouldn't just fail tests
that require CAP_SYS_ADMIN (for getting a PID namespace). Instead,
detect those cases and SKIP them.
Signed-off-by: Kees Cook <keescook@chromium.org>
---
tools/testing/selftests/seccomp/seccomp_bpf.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c
index bd97a985c9e6..08bfbb7fc1c2 100644
--- a/tools/testing/selftests/seccomp/seccomp_bpf.c
+++ b/tools/testing/selftests/seccomp/seccomp_bpf.c
@@ -3420,7 +3420,10 @@ TEST(user_notification_child_pid_ns)
struct seccomp_notif req = {};
struct seccomp_notif_resp resp = {};
- ASSERT_EQ(unshare(CLONE_NEWUSER | CLONE_NEWPID), 0);
+ ASSERT_EQ(unshare(CLONE_NEWUSER | CLONE_NEWPID), 0) {
+ if (errno == EPERM)
+ SKIP(return, "CLONE_NEWPID requires CAP_SYS_ADMIN");
+ };
listener = user_notif_syscall(__NR_getppid,
SECCOMP_FILTER_FLAG_NEW_LISTENER);
@@ -3485,7 +3488,10 @@ TEST(user_notification_sibling_pid_ns)
}
/* Create the sibling ns, and sibling in it. */
- ASSERT_EQ(unshare(CLONE_NEWPID), 0);
+ ASSERT_EQ(unshare(CLONE_NEWPID), 0) {
+ if (errno == EPERM)
+ SKIP(return, "CLONE_NEWPID requires CAP_SYS_ADMIN");
+ }
ASSERT_EQ(errno, 0);
pid2 = fork();
--
2.25.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH for-next/seccomp 2/2] selftests/seccomp: Set NNP for TSYNC ESRCH flag test
2020-07-10 18:51 [PATCH for-next/seccomp 0/2] selftests/seccomp: SKIP tests requiring root Kees Cook
2020-07-10 18:51 ` [PATCH for-next/seccomp 1/2] selftests/seccomp: Add SKIPs for failed unshare() Kees Cook
@ 2020-07-10 18:51 ` Kees Cook
2020-07-10 19:10 ` Tycho Andersen
1 sibling, 1 reply; 6+ messages in thread
From: Kees Cook @ 2020-07-10 18:51 UTC (permalink / raw)
To: Will Deacon; +Cc: Kees Cook, stable, Tycho Andersen, linux-kernel
The TSYNC ESRCH flag test will fail for regular users because NNP was
not set yet. Add NNP setting.
Fixes: 51891498f2da ("seccomp: allow TSYNC and USER_NOTIF together")
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
---
tools/testing/selftests/seccomp/seccomp_bpf.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c
index 08bfbb7fc1c2..93de2f1e3a99 100644
--- a/tools/testing/selftests/seccomp/seccomp_bpf.c
+++ b/tools/testing/selftests/seccomp/seccomp_bpf.c
@@ -3238,6 +3238,11 @@ TEST(user_notification_with_tsync)
int ret;
unsigned int flags;
+ ret = prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
+ ASSERT_EQ(0, ret) {
+ TH_LOG("Kernel does not support PR_SET_NO_NEW_PRIVS!");
+ }
+
/* these were exclusive */
flags = SECCOMP_FILTER_FLAG_NEW_LISTENER |
SECCOMP_FILTER_FLAG_TSYNC;
--
2.25.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH for-next/seccomp 1/2] selftests/seccomp: Add SKIPs for failed unshare()
2020-07-10 18:51 ` [PATCH for-next/seccomp 1/2] selftests/seccomp: Add SKIPs for failed unshare() Kees Cook
@ 2020-07-10 19:10 ` Tycho Andersen
2020-07-10 22:52 ` Kees Cook
0 siblings, 1 reply; 6+ messages in thread
From: Tycho Andersen @ 2020-07-10 19:10 UTC (permalink / raw)
To: Kees Cook; +Cc: Will Deacon, linux-kernel
On Fri, Jul 10, 2020 at 11:51:55AM -0700, Kees Cook wrote:
> Running the seccomp tests as a regular user shouldn't just fail tests
> that require CAP_SYS_ADMIN (for getting a PID namespace). Instead,
> detect those cases and SKIP them.
But if we unshare NEWUSER at the same time as NEWPID, shouldn't we
always be ns_capable(CAP_SYS_ADMIN)?
Tycho
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH for-next/seccomp 2/2] selftests/seccomp: Set NNP for TSYNC ESRCH flag test
2020-07-10 18:51 ` [PATCH for-next/seccomp 2/2] selftests/seccomp: Set NNP for TSYNC ESRCH flag test Kees Cook
@ 2020-07-10 19:10 ` Tycho Andersen
0 siblings, 0 replies; 6+ messages in thread
From: Tycho Andersen @ 2020-07-10 19:10 UTC (permalink / raw)
To: Kees Cook; +Cc: Will Deacon, stable, linux-kernel
On Fri, Jul 10, 2020 at 11:51:56AM -0700, Kees Cook wrote:
> The TSYNC ESRCH flag test will fail for regular users because NNP was
> not set yet. Add NNP setting.
>
> Fixes: 51891498f2da ("seccomp: allow TSYNC and USER_NOTIF together")
> Cc: stable@vger.kernel.org
> Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Tycho Andersen <tycho@tycho.ws>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH for-next/seccomp 1/2] selftests/seccomp: Add SKIPs for failed unshare()
2020-07-10 19:10 ` Tycho Andersen
@ 2020-07-10 22:52 ` Kees Cook
0 siblings, 0 replies; 6+ messages in thread
From: Kees Cook @ 2020-07-10 22:52 UTC (permalink / raw)
To: Tycho Andersen; +Cc: Will Deacon, linux-kernel
On Fri, Jul 10, 2020 at 01:10:23PM -0600, Tycho Andersen wrote:
> On Fri, Jul 10, 2020 at 11:51:55AM -0700, Kees Cook wrote:
> > Running the seccomp tests as a regular user shouldn't just fail tests
> > that require CAP_SYS_ADMIN (for getting a PID namespace). Instead,
> > detect those cases and SKIP them.
>
> But if we unshare NEWUSER at the same time as NEWPID, shouldn't we
> always be ns_capable(CAP_SYS_ADMIN)?
Oh! Yes, you're quite right. :)
Instead I guess I should actually check for EINVAL if CONFIG_USER_NS is
missing.
--
Kees Cook
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-07-10 22:52 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-10 18:51 [PATCH for-next/seccomp 0/2] selftests/seccomp: SKIP tests requiring root Kees Cook
2020-07-10 18:51 ` [PATCH for-next/seccomp 1/2] selftests/seccomp: Add SKIPs for failed unshare() Kees Cook
2020-07-10 19:10 ` Tycho Andersen
2020-07-10 22:52 ` Kees Cook
2020-07-10 18:51 ` [PATCH for-next/seccomp 2/2] selftests/seccomp: Set NNP for TSYNC ESRCH flag test Kees Cook
2020-07-10 19:10 ` Tycho Andersen
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.