projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fadf549) | patch
selftests/bpf: Incorporate LSM policy to token-based tests
authorAndrii Nakryiko <andrii@kernel.org>
Wed, 24 Jan 2024 02:21:27 +0000 (18:21 -0800)
committerAlexei Starovoitov <ast@kernel.org>
Thu, 25 Jan 2024 00:21:03 +0000 (16:21 -0800)
commit906ee42cb1be1152ef24465704cc89edc3f571c1
treed9b85c5c1cc0518b3c7d98fbd814a4aa51b636d5tree | snapshot
parentfadf54935e859c4d512aed6ad54f639b87a3b4d3commit | diff
selftests/bpf: Incorporate LSM policy to token-based tests

Add tests for LSM interactions (both bpf_token_capable and bpf_token_cmd
LSM hooks) with BPF token in bpf() subsystem. Now child process passes
back token FD for parent to be able to do tests with token originating
in "wrong" userns. But we also create token in initns and check that
token LSMs don't accidentally reject BPF operations when capable()
checks pass without BPF token.

Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20240124022127.2379740-31-andrii@kernel.org
tools/testing/selftests/bpf/prog_tests/token.c diff | blob | history
tools/testing/selftests/bpf/progs/token_lsm.c [new file with mode: 0644] blob
ep93xx device tree rework repo: git://git.maquefel.me/linux.git