prctl: test prctl(NO_NEW_PRIVS) setting

Signed-off-by: Michał Mirosław <[email protected]>
checkpoint-restore · Jul 19, 2023 · b6ab178 · b6ab178
1 parent 6472817
commit b6ab178
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 0 deletions.
diff --git a/test/zdtm/static/Makefile b/test/zdtm/static/Makefile
@@ -215,6 +215,7 @@ TST_NOFILE	:=				\
 		seccomp_filter_tsync			\
 		seccomp_filter_threads			\
 		seccomp_filter_inheritance		\
+		seccomp_no_new_privs		\
 		different_creds			\
 		vsx				\
 		bridge				\

diff --git a/test/zdtm/static/seccomp_no_new_privs.c b/test/zdtm/static/seccomp_no_new_privs.c
@@ -0,0 +1,42 @@
+#include <stdlib.h>
+#include <sys/prctl.h>
+
+#include "zdtmtst.h"
+
+const char *test_doc = "Check that NO_NEW_PRIVS attribute is restored";
+const char *test_author = "Michał Mirosław <[email protected]>";
+
+int main(int argc, char **argv)
+{
+	int ret;
+
+	test_init(argc, argv);
+
+	ret = prctl(PR_GET_NO_NEW_PRIVS, 0, 0, 0, 0);
+	if (ret < 0) {
+		pr_perror("Can't read NO_NEW_PRIVS attribute");
+		return 1;
+	}
+	if (ret != 0)
+		fail("initial NO_NEW_PRIVS = %d != 0", ret);
+
+	ret = prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
+	if (ret) {
+		pr_perror("Can't set NO_NEW_PRIVS attribute");
+		return 1;
+	}
+
+	test_daemon();
+	test_waitsig();
+
+	ret = prctl(PR_GET_NO_NEW_PRIVS, 0, 0, 0, 0);
+	if (ret < 0) {
+		pr_perror("Can't read NO_NEW_PRIVS attribute");
+		return 1;
+	}
+	if (ret != 1)
+		fail("restored NO_NEW_PRIVS = %d != 1", ret);
+
+	pass();
+	return 0;
+}