On Tue, Jun 16, 2020 at 08:57:25AM -0600, Tycho Andersen wrote:
On Mon, Jun 15, 2020 at 08:25:21PM -0700, Kees Cook wrote:
The seccomp tests are a bit noisy without CONFIG_CHECKPOINT_RESTORE (due to missing the kcmp() syscall). The seccomp tests are more accurate with kcmp(), but it's not strictly required. Refactor the tests to use alternatives (comparing fd numbers), and provide a central test for kcmp() so there is a single XFAIL instead of many. Continue to produce warnings for the other tests, though.
Additionally adds some more bad flag EINVAL tests to the addfd selftest.
Signed-off-by: Kees Cook keescook@chromium.org
This looks fine, but I wonder if this is enough motivation for taking kcmp() out of CONFIG_CHECKPOINT_RESTORE guards?
Do you mean in the kernel? I'd rather not -- it's a relatively powerful primitive. Maybe if there were other users needing it, but there doesn't seem to have been much demand.