seccomp: test SECCOMP_USER_NOTIF_FLAG_CONTINUE (0eebfed2) · Commits · Mirrors / git.yoctoproject.org / linux-yocto

Commit 0eebfed2 authored Sep 20, 2019 by

Christian Brauner Committed by Kees Cook Oct 10, 2019

seccomp: test SECCOMP_USER_NOTIF_FLAG_CONTINUE



Test whether a syscall can be performed after having been intercepted by
the seccomp notifier. The test uses dup() and kcmp() since it allows us to
nicely test whether the dup() syscall actually succeeded by comparing whether
the fds refer to the same underlying struct file.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Will Drewry <wad@chromium.org>
Cc: Shuah Khan <shuah@kernel.org>
Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Martin KaFai Lau <kafai@fb.com>
Cc: Song Liu <songliubraving@fb.com>
Cc: Yonghong Song <yhs@fb.com>
Cc: Tycho Andersen <tycho@tycho.ws>
CC: Tyler Hicks <tyhicks@canonical.com>
Cc: stable@vger.kernel.org
Cc: linux-kselftest@vger.kernel.org
Cc: netdev@vger.kernel.org
Cc: bpf@vger.kernel.org
Link: https://lore.kernel.org/r/20190920083007.11475-4-christian.brauner@ubuntu.com


Signed-off-by: Kees Cook <keescook@chromium.org>

parent fb3c5386

Hide whitespace changes

Inline Side-by-side

Please register or to comment