On Fri, Jan 18, 2019 at 4:12 PM Tycho Andersen tycho@tycho.ws wrote:
Hi all,
Here are the fixes I previously mentioned I would send. I previously assumed that the tests were mostly run as root, but it turns out everything else besides the stuff I wrote in the seccomp tests either sets NNP and doesn't require real root, so it all actually works. This set of fixes should make most of the other tests work unprivileged, while XFAIL-ing the one that requires real root.
Awesome. This all looks good to me. :)
Acked-by: Kees Cook keescook@chromium.org
Shuah, can you take this series?
-Kees
Cheers,
Tycho
Tycho Andersen (6): selftests: don't kill child immediately in get_metadata() test selftests: fix typo in seccomp_bpf.c selftest: include stdio.h in kselftest.h selftests: skip seccomp get_metadata test if not real root selftests: set NO_NEW_PRIVS bit in seccomp user tests selftests: unshare userns in seccomp pidns testcases
tools/testing/selftests/kselftest.h | 1 + tools/testing/selftests/seccomp/seccomp_bpf.c | 42 ++++++++++++++++--- 2 files changed, 38 insertions(+), 5 deletions(-)
-- 2.19.1