selinux.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH testsuite] tests/prlimit: avoid invalid limit combinations
@ 2020-01-10 14:37 Ondrej Mosnacek
  2020-01-10 14:54 ` Stephen Smalley
  0 siblings, 1 reply; 3+ messages in thread
From: Ondrej Mosnacek @ 2020-01-10 14:37 UTC (permalink / raw)
  To: selinux; +Cc: Paul Bunyan

There is a bug in the prlimit test that causes invalid limit
combinations (soft > hard) to be created, leading to false failures.

Consider for example an old setting of X for both soft and hard limit.
In such case the hard limit test tries to set the limits to X (soft) and
X/2 (hard), which always fails with -EINVAL.

This patch fixes the logic to clamp the soft limit to keep it from
exceeding the hard limit. In such case the soft limit will also be
changed, but this can't be avoided.

Fixes: 0782228ef06b ("selinux-testsuite: Add tests for prlimit(2) permission checks")
Reported-by: Paul Bunyan <pbunyan@redhat.com>
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
---
 tests/prlimit/parent.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tests/prlimit/parent.c b/tests/prlimit/parent.c
index be320f0..11c0c25 100644
--- a/tests/prlimit/parent.c
+++ b/tests/prlimit/parent.c
@@ -147,6 +147,12 @@ int main(int argc, char **argv)
 				newrlim.rlim_max = 1024;
 			else
 				newrlim.rlim_max = oldrlim.rlim_max / 2;
+			if (newrlim.rlim_cur > newrlim.rlim_max)
+				/*
+				 * This will change also soft limit, but
+				 * what else can you do in such case...
+				 */
+				newrlim.rlim_cur = newrlim.rlim_max;
 		}
 	}
 
-- 
2.24.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH testsuite] tests/prlimit: avoid invalid limit combinations
  2020-01-10 14:37 [PATCH testsuite] tests/prlimit: avoid invalid limit combinations Ondrej Mosnacek
@ 2020-01-10 14:54 ` Stephen Smalley
  2020-01-13 14:21   ` Stephen Smalley
  0 siblings, 1 reply; 3+ messages in thread
From: Stephen Smalley @ 2020-01-10 14:54 UTC (permalink / raw)
  To: Ondrej Mosnacek, selinux; +Cc: Paul Bunyan

On 1/10/20 9:37 AM, Ondrej Mosnacek wrote:
> There is a bug in the prlimit test that causes invalid limit
> combinations (soft > hard) to be created, leading to false failures.
> 
> Consider for example an old setting of X for both soft and hard limit.
> In such case the hard limit test tries to set the limits to X (soft) and
> X/2 (hard), which always fails with -EINVAL.
> 
> This patch fixes the logic to clamp the soft limit to keep it from
> exceeding the hard limit. In such case the soft limit will also be
> changed, but this can't be avoided.
> 
> Fixes: 0782228ef06b ("selinux-testsuite: Add tests for prlimit(2) permission checks")
> Reported-by: Paul Bunyan <pbunyan@redhat.com>
> Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>

Acked-by: Stephen Smalley <sds@tycho.nsa.gov>

> ---
>   tests/prlimit/parent.c | 6 ++++++
>   1 file changed, 6 insertions(+)
> 
> diff --git a/tests/prlimit/parent.c b/tests/prlimit/parent.c
> index be320f0..11c0c25 100644
> --- a/tests/prlimit/parent.c
> +++ b/tests/prlimit/parent.c
> @@ -147,6 +147,12 @@ int main(int argc, char **argv)
>   				newrlim.rlim_max = 1024;
>   			else
>   				newrlim.rlim_max = oldrlim.rlim_max / 2;
> +			if (newrlim.rlim_cur > newrlim.rlim_max)
> +				/*
> +				 * This will change also soft limit, but
> +				 * what else can you do in such case...
> +				 */
> +				newrlim.rlim_cur = newrlim.rlim_max;
>   		}
>   	}
>   
> 


^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH testsuite] tests/prlimit: avoid invalid limit combinations
  2020-01-10 14:54 ` Stephen Smalley
@ 2020-01-13 14:21   ` Stephen Smalley
  0 siblings, 0 replies; 3+ messages in thread
From: Stephen Smalley @ 2020-01-13 14:21 UTC (permalink / raw)
  To: Ondrej Mosnacek, selinux; +Cc: Paul Bunyan

On 1/10/20 9:54 AM, Stephen Smalley wrote:
> On 1/10/20 9:37 AM, Ondrej Mosnacek wrote:
>> There is a bug in the prlimit test that causes invalid limit
>> combinations (soft > hard) to be created, leading to false failures.
>>
>> Consider for example an old setting of X for both soft and hard limit.
>> In such case the hard limit test tries to set the limits to X (soft) and
>> X/2 (hard), which always fails with -EINVAL.
>>
>> This patch fixes the logic to clamp the soft limit to keep it from
>> exceeding the hard limit. In such case the soft limit will also be
>> changed, but this can't be avoided.
>>
>> Fixes: 0782228ef06b ("selinux-testsuite: Add tests for prlimit(2) 
>> permission checks")
>> Reported-by: Paul Bunyan <pbunyan@redhat.com>
>> Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
> 
> Acked-by: Stephen Smalley <sds@tycho.nsa.gov>

Applied.

> 
>> ---
>>   tests/prlimit/parent.c | 6 ++++++
>>   1 file changed, 6 insertions(+)
>>
>> diff --git a/tests/prlimit/parent.c b/tests/prlimit/parent.c
>> index be320f0..11c0c25 100644
>> --- a/tests/prlimit/parent.c
>> +++ b/tests/prlimit/parent.c
>> @@ -147,6 +147,12 @@ int main(int argc, char **argv)
>>                   newrlim.rlim_max = 1024;
>>               else
>>                   newrlim.rlim_max = oldrlim.rlim_max / 2;
>> +            if (newrlim.rlim_cur > newrlim.rlim_max)
>> +                /*
>> +                 * This will change also soft limit, but
>> +                 * what else can you do in such case...
>> +                 */
>> +                newrlim.rlim_cur = newrlim.rlim_max;
>>           }
>>       }
>>
> 


^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-01-13 14:20 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-01-10 14:37 [PATCH testsuite] tests/prlimit: avoid invalid limit combinations Ondrej Mosnacek
2020-01-10 14:54 ` Stephen Smalley
2020-01-13 14:21   ` Stephen Smalley

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).