1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
6 #include <sys/eventfd.h>
8 #include <sys/personality.h>
10 #include <sys/syscall.h>
11 #include <sys/types.h>
13 #if HAVE_VALGRIND_VALGRIND_H
14 #include <valgrind/valgrind.h>
17 #include "alloc-util.h"
18 #include "capability-util.h"
22 #include "memory-util.h"
23 #include "missing_sched.h"
25 #include "nulstr-util.h"
26 #include "process-util.h"
27 #include "raw-clone.h"
29 #include "seccomp-util.h"
31 #include "string-util.h"
33 #include "tmpfile-util.h"
36 /* __NR_socket may be invalid due to libseccomp */
37 #if !defined(__NR_socket) || __NR_socket < 0 || defined(__i386__) || defined(__s390x__) || defined(__s390__) || defined(__powerpc64__) || defined(__powerpc__)
38 /* On these archs, socket() is implemented via the socketcall() syscall multiplexer,
39 * and we can't restrict it hence via seccomp. */
40 # define SECCOMP_RESTRICT_ADDRESS_FAMILIES_BROKEN 1
42 # define SECCOMP_RESTRICT_ADDRESS_FAMILIES_BROKEN 0
45 static bool have_seccomp_privs(void) {
46 return geteuid() == 0 && have_effective_cap(CAP_SYS_ADMIN
) > 0; /* If we are root but CAP_SYS_ADMIN we can't do caps (unless we also do NNP) */
49 TEST(parse_syscall_and_errno
) {
50 _cleanup_free_
char *n
= NULL
;
53 assert_se(parse_syscall_and_errno("uname:EILSEQ", &n
, &e
) >= 0);
54 assert_se(streq(n
, "uname"));
55 assert_se(e
== errno_from_name("EILSEQ") && e
>= 0);
58 assert_se(parse_syscall_and_errno("uname:EINVAL", &n
, &e
) >= 0);
59 assert_se(streq(n
, "uname"));
60 assert_se(e
== errno_from_name("EINVAL") && e
>= 0);
63 assert_se(parse_syscall_and_errno("@sync:4095", &n
, &e
) >= 0);
64 assert_se(streq(n
, "@sync"));
68 /* If errno is omitted, then e is set to -1 */
69 assert_se(parse_syscall_and_errno("mount", &n
, &e
) >= 0);
70 assert_se(streq(n
, "mount"));
74 /* parse_syscall_and_errno() does not check the syscall name is valid or not. */
75 assert_se(parse_syscall_and_errno("hoge:255", &n
, &e
) >= 0);
76 assert_se(streq(n
, "hoge"));
80 /* 0 is also a valid errno. */
81 assert_se(parse_syscall_and_errno("hoge:0", &n
, &e
) >= 0);
82 assert_se(streq(n
, "hoge"));
86 assert_se(parse_syscall_and_errno("hoge:kill", &n
, &e
) >= 0);
87 assert_se(streq(n
, "hoge"));
88 assert_se(e
== SECCOMP_ERROR_NUMBER_KILL
);
91 /* The function checks the syscall name is empty or not. */
92 assert_se(parse_syscall_and_errno("", &n
, &e
) == -EINVAL
);
93 assert_se(parse_syscall_and_errno(":255", &n
, &e
) == -EINVAL
);
95 /* errno must be a valid errno name or number between 0 and ERRNO_MAX == 4095, or "kill" */
96 assert_se(parse_syscall_and_errno("hoge:4096", &n
, &e
) == -ERANGE
);
97 assert_se(parse_syscall_and_errno("hoge:-3", &n
, &e
) == -ERANGE
);
98 assert_se(parse_syscall_and_errno("hoge:12.3", &n
, &e
) == -EINVAL
);
99 assert_se(parse_syscall_and_errno("hoge:123junk", &n
, &e
) == -EINVAL
);
100 assert_se(parse_syscall_and_errno("hoge:junk123", &n
, &e
) == -EINVAL
);
101 assert_se(parse_syscall_and_errno("hoge:255:EILSEQ", &n
, &e
) == -EINVAL
);
102 assert_se(parse_syscall_and_errno("hoge:-EINVAL", &n
, &e
) == -EINVAL
);
103 assert_se(parse_syscall_and_errno("hoge:EINVALaaa", &n
, &e
) == -EINVAL
);
104 assert_se(parse_syscall_and_errno("hoge:", &n
, &e
) == -EINVAL
);
107 TEST(seccomp_arch_to_string
) {
111 a
= seccomp_arch_native();
113 name
= seccomp_arch_to_string(a
);
115 assert_se(seccomp_arch_from_string(name
, &b
) >= 0);
119 TEST(architecture_table
) {
140 #ifdef SCMP_ARCH_RISCV64
147 assert_se(seccomp_arch_from_string(n
, &c
) >= 0);
148 n2
= seccomp_arch_to_string(c
);
149 log_info("seccomp-arch: %s → 0x%"PRIx32
" → %s", n
, c
, n2
);
150 assert_se(streq_ptr(n
, n2
));
154 TEST(syscall_filter_set_find
) {
155 assert_se(!syscall_filter_set_find(NULL
));
156 assert_se(!syscall_filter_set_find(""));
157 assert_se(!syscall_filter_set_find("quux"));
158 assert_se(!syscall_filter_set_find("@quux"));
160 assert_se(syscall_filter_set_find("@clock") == syscall_filter_sets
+ SYSCALL_FILTER_SET_CLOCK
);
161 assert_se(syscall_filter_set_find("@default") == syscall_filter_sets
+ SYSCALL_FILTER_SET_DEFAULT
);
162 assert_se(syscall_filter_set_find("@raw-io") == syscall_filter_sets
+ SYSCALL_FILTER_SET_RAW_IO
);
166 if (!is_seccomp_available()) {
167 log_notice("Seccomp not available, skipping %s", __func__
);
170 if (!have_seccomp_privs()) {
171 log_notice("Not privileged, skipping %s", __func__
);
175 for (unsigned i
= 0; i
< _SYSCALL_FILTER_SET_MAX
; i
++) {
178 #if HAVE_VALGRIND_VALGRIND_H
179 if (RUNNING_ON_VALGRIND
&& IN_SET(i
, SYSCALL_FILTER_SET_DEFAULT
, SYSCALL_FILTER_SET_BASIC_IO
, SYSCALL_FILTER_SET_SIGNAL
)) {
180 /* valgrind at least requires rt_sigprocmask(), read(), write(). */
181 log_info("Running on valgrind, skipping %s", syscall_filter_sets
[i
].name
);
185 #if HAS_FEATURE_ADDRESS_SANITIZER
186 if (IN_SET(i
, SYSCALL_FILTER_SET_DEFAULT
, SYSCALL_FILTER_SET_BASIC_IO
, SYSCALL_FILTER_SET_SIGNAL
)) {
187 /* ASAN at least requires sigaltstack(), read(), write(). */
188 log_info("Running on address sanitizer, skipping %s", syscall_filter_sets
[i
].name
);
193 log_info("Testing %s", syscall_filter_sets
[i
].name
);
198 if (pid
== 0) { /* Child? */
201 /* If we look at the default set (or one that includes it), allow-list instead of deny-list */
202 if (IN_SET(i
, SYSCALL_FILTER_SET_DEFAULT
,
203 SYSCALL_FILTER_SET_SYSTEM_SERVICE
,
204 SYSCALL_FILTER_SET_KNOWN
))
205 r
= seccomp_load_syscall_filter_set(SCMP_ACT_ERRNO(EUCLEAN
), syscall_filter_sets
+ i
, SCMP_ACT_ALLOW
, true);
207 r
= seccomp_load_syscall_filter_set(SCMP_ACT_ALLOW
, syscall_filter_sets
+ i
, SCMP_ACT_ERRNO(EUCLEAN
), true);
211 /* Test the sycall filter with one random system call */
212 fd
= eventfd(0, EFD_NONBLOCK
|EFD_CLOEXEC
);
213 if (IN_SET(i
, SYSCALL_FILTER_SET_IO_EVENT
, SYSCALL_FILTER_SET_DEFAULT
))
214 assert_se(fd
< 0 && errno
== EUCLEAN
);
223 assert_se(wait_for_terminate_and_check(syscall_filter_sets
[i
].name
, pid
, WAIT_LOG
) == EXIT_SUCCESS
);
227 TEST(filter_sets_ordered
) {
228 /* Ensure "@default" always remains at the beginning of the list */
229 assert_se(SYSCALL_FILTER_SET_DEFAULT
== 0);
230 assert_se(streq(syscall_filter_sets
[0].name
, "@default"));
232 /* Ensure "@known" always remains at the end of the list */
233 assert_se(SYSCALL_FILTER_SET_KNOWN
== _SYSCALL_FILTER_SET_MAX
- 1);
234 assert_se(streq(syscall_filter_sets
[SYSCALL_FILTER_SET_KNOWN
].name
, "@known"));
236 for (size_t i
= 0; i
< _SYSCALL_FILTER_SET_MAX
; i
++) {
237 const char *p
= NULL
;
239 /* Make sure each group has a description */
240 assert_se(!isempty(syscall_filter_sets
[0].help
));
242 /* Make sure the groups are ordered alphabetically, except for the first and last entries */
243 assert_se(i
< 2 || i
== _SYSCALL_FILTER_SET_MAX
- 1 ||
244 strcmp(syscall_filter_sets
[i
-1].name
, syscall_filter_sets
[i
].name
) < 0);
246 NULSTR_FOREACH(k
, syscall_filter_sets
[i
].value
) {
248 /* Ensure each syscall list is in itself ordered, but groups before names */
250 (*p
== '@' && *k
!= '@') ||
251 (((*p
== '@' && *k
== '@') ||
252 (*p
!= '@' && *k
!= '@')) &&
260 TEST(restrict_namespace
) {
265 if (!have_namespaces()) {
266 log_notice("Testing without namespaces, skipping %s", __func__
);
270 assert_se(namespace_flags_to_string(0, &s
) == 0 && isempty(s
));
272 assert_se(namespace_flags_to_string(CLONE_NEWNS
, &s
) == 0 && streq(s
, "mnt"));
274 assert_se(namespace_flags_to_string(CLONE_NEWNS
|CLONE_NEWIPC
, &s
) == 0 && streq(s
, "ipc mnt"));
276 assert_se(namespace_flags_to_string(CLONE_NEWCGROUP
, &s
) == 0 && streq(s
, "cgroup"));
279 assert_se(namespace_flags_from_string("mnt", &ul
) == 0 && ul
== CLONE_NEWNS
);
280 assert_se(namespace_flags_from_string(NULL
, &ul
) == 0 && ul
== 0);
281 assert_se(namespace_flags_from_string("", &ul
) == 0 && ul
== 0);
282 assert_se(namespace_flags_from_string("uts", &ul
) == 0 && ul
== CLONE_NEWUTS
);
283 assert_se(namespace_flags_from_string("mnt uts ipc", &ul
) == 0 && ul
== (CLONE_NEWNS
|CLONE_NEWUTS
|CLONE_NEWIPC
));
285 assert_se(namespace_flags_to_string(CLONE_NEWUTS
, &s
) == 0 && streq(s
, "uts"));
286 assert_se(namespace_flags_from_string(s
, &ul
) == 0 && ul
== CLONE_NEWUTS
);
288 assert_se(namespace_flags_from_string("ipc", &ul
) == 0 && ul
== CLONE_NEWIPC
);
289 assert_se(namespace_flags_to_string(ul
, &s
) == 0 && streq(s
, "ipc"));
292 assert_se(namespace_flags_to_string(NAMESPACE_FLAGS_ALL
, &s
) == 0);
293 assert_se(streq(s
, "cgroup ipc net mnt pid user uts"));
294 assert_se(namespace_flags_from_string(s
, &ul
) == 0 && ul
== NAMESPACE_FLAGS_ALL
);
297 if (!is_seccomp_available()) {
298 log_notice("Seccomp not available, skipping remaining tests in %s", __func__
);
301 if (!have_seccomp_privs()) {
302 log_notice("Not privileged, skipping remaining tests in %s", __func__
);
311 assert_se(seccomp_restrict_namespaces(CLONE_NEWNS
|CLONE_NEWNET
) >= 0);
313 assert_se(unshare(CLONE_NEWNS
) == 0);
314 assert_se(unshare(CLONE_NEWNET
) == 0);
315 assert_se(unshare(CLONE_NEWUTS
) == -1);
316 assert_se(errno
== EPERM
);
317 assert_se(unshare(CLONE_NEWIPC
) == -1);
318 assert_se(errno
== EPERM
);
319 assert_se(unshare(CLONE_NEWNET
|CLONE_NEWUTS
) == -1);
320 assert_se(errno
== EPERM
);
322 /* We use fd 0 (stdin) here, which of course will fail with EINVAL on setns(). Except of course our
323 * seccomp filter worked, and hits first and makes it return EPERM */
324 assert_se(setns(0, CLONE_NEWNS
) == -1);
325 assert_se(errno
== EINVAL
);
326 assert_se(setns(0, CLONE_NEWNET
) == -1);
327 assert_se(errno
== EINVAL
);
328 assert_se(setns(0, CLONE_NEWUTS
) == -1);
329 assert_se(errno
== EPERM
);
330 assert_se(setns(0, CLONE_NEWIPC
) == -1);
331 assert_se(errno
== EPERM
);
332 assert_se(setns(0, CLONE_NEWNET
|CLONE_NEWUTS
) == -1);
333 assert_se(errno
== EPERM
);
334 assert_se(setns(0, 0) == -1);
335 assert_se(errno
== EPERM
);
337 pid
= raw_clone(CLONE_NEWNS
);
341 pid
= raw_clone(CLONE_NEWNET
);
345 pid
= raw_clone(CLONE_NEWUTS
);
347 assert_se(errno
== EPERM
);
348 pid
= raw_clone(CLONE_NEWIPC
);
350 assert_se(errno
== EPERM
);
351 pid
= raw_clone(CLONE_NEWNET
|CLONE_NEWUTS
);
353 assert_se(errno
== EPERM
);
358 assert_se(wait_for_terminate_and_check("nsseccomp", pid
, WAIT_LOG
) == EXIT_SUCCESS
);
361 TEST(protect_sysctl
) {
363 _cleanup_free_
char *seccomp
= NULL
;
365 if (!is_seccomp_available()) {
366 log_notice("Seccomp not available, skipping %s", __func__
);
369 if (!have_seccomp_privs()) {
370 log_notice("Not privileged, skipping %s", __func__
);
374 /* in containers _sysctl() is likely missing anyway */
375 if (detect_container() > 0) {
376 log_notice("Testing in container, skipping %s", __func__
);
380 assert_se(get_proc_field("/proc/self/status", "Seccomp", WHITESPACE
, &seccomp
) == 0);
381 if (!streq(seccomp
, "0"))
382 log_warning("Warning: seccomp filter detected, results may be unreliable for %s", __func__
);
388 #if defined __NR__sysctl && __NR__sysctl >= 0
389 assert_se(syscall(__NR__sysctl
, NULL
) < 0);
390 assert_se(IN_SET(errno
, EFAULT
, ENOSYS
));
393 assert_se(seccomp_protect_sysctl() >= 0);
395 #if HAVE_VALGRIND_VALGRIND_H
396 if (RUNNING_ON_VALGRIND
) {
397 log_info("Running on valgrind, skipping syscall/EPERM test");
402 #if defined __NR__sysctl && __NR__sysctl >= 0
403 assert_se(syscall(__NR__sysctl
, 0, 0, 0) < 0);
404 assert_se(errno
== EPERM
);
410 assert_se(wait_for_terminate_and_check("sysctlseccomp", pid
, WAIT_LOG
) == EXIT_SUCCESS
);
413 TEST(protect_syslog
) {
416 if (!is_seccomp_available()) {
417 log_notice("Seccomp not available, skipping %s", __func__
);
420 if (!have_seccomp_privs()) {
421 log_notice("Not privileged, skipping %s", __func__
);
425 /* in containers syslog() is likely missing anyway */
426 if (detect_container() > 0) {
427 log_notice("Testing in container, skipping %s", __func__
);
435 #if defined __NR_syslog && __NR_syslog >= 0
436 assert_se(syscall(__NR_syslog
, -1, NULL
, 0) < 0);
437 assert_se(errno
== EINVAL
);
440 assert_se(seccomp_protect_syslog() >= 0);
442 #if defined __NR_syslog && __NR_syslog >= 0
443 assert_se(syscall(__NR_syslog
, 0, 0, 0) < 0);
444 assert_se(errno
== EPERM
);
450 assert_se(wait_for_terminate_and_check("syslogseccomp", pid
, WAIT_LOG
) == EXIT_SUCCESS
);
453 TEST(restrict_address_families
) {
456 if (!is_seccomp_available()) {
457 log_notice("Seccomp not available, skipping %s", __func__
);
460 if (!have_seccomp_privs()) {
461 log_notice("Not privileged, skipping %s", __func__
);
472 fd
= socket(AF_INET
, SOCK_DGRAM
, 0);
476 fd
= socket(AF_UNIX
, SOCK_DGRAM
, 0);
480 fd
= socket(AF_NETLINK
, SOCK_DGRAM
, 0);
484 assert_se(s
= set_new(NULL
));
485 assert_se(set_put(s
, INT_TO_PTR(AF_UNIX
)) >= 0);
487 assert_se(seccomp_restrict_address_families(s
, false) >= 0);
489 fd
= socket(AF_INET
, SOCK_DGRAM
, 0);
493 fd
= socket(AF_UNIX
, SOCK_DGRAM
, 0);
494 #if SECCOMP_RESTRICT_ADDRESS_FAMILIES_BROKEN
499 assert_se(errno
== EAFNOSUPPORT
);
502 fd
= socket(AF_NETLINK
, SOCK_DGRAM
, 0);
508 assert_se(set_put(s
, INT_TO_PTR(AF_INET
)) >= 0);
510 assert_se(seccomp_restrict_address_families(s
, true) >= 0);
512 fd
= socket(AF_INET
, SOCK_DGRAM
, 0);
516 fd
= socket(AF_UNIX
, SOCK_DGRAM
, 0);
517 #if SECCOMP_RESTRICT_ADDRESS_FAMILIES_BROKEN
522 assert_se(errno
== EAFNOSUPPORT
);
525 fd
= socket(AF_NETLINK
, SOCK_DGRAM
, 0);
526 #if SECCOMP_RESTRICT_ADDRESS_FAMILIES_BROKEN
531 assert_se(errno
== EAFNOSUPPORT
);
537 assert_se(wait_for_terminate_and_check("socketseccomp", pid
, WAIT_LOG
) == EXIT_SUCCESS
);
540 TEST(restrict_realtime
) {
543 if (!is_seccomp_available()) {
544 log_notice("Seccomp not available, skipping %s", __func__
);
547 if (!have_seccomp_privs()) {
548 log_notice("Not privileged, skipping %s", __func__
);
552 /* in containers RT privs are likely missing anyway */
553 if (detect_container() > 0) {
554 log_notice("Testing in container, skipping %s", __func__
);
562 /* On some CI environments, the restriction may be already enabled. */
563 if (sched_setscheduler(0, SCHED_FIFO
, &(struct sched_param
) { .sched_priority
= 1 }) < 0) {
564 log_full_errno(errno
== EPERM
? LOG_DEBUG
: LOG_WARNING
, errno
,
565 "Failed to set scheduler parameter for FIFO: %m");
566 assert(errno
== EPERM
);
568 if (sched_setscheduler(0, SCHED_RR
, &(struct sched_param
) { .sched_priority
= 1 }) < 0) {
569 log_full_errno(errno
== EPERM
? LOG_DEBUG
: LOG_WARNING
, errno
,
570 "Failed to set scheduler parameter for RR: %m");
571 assert(errno
== EPERM
);
574 assert_se(sched_setscheduler(0, SCHED_IDLE
, &(struct sched_param
) { .sched_priority
= 0 }) >= 0);
575 assert_se(sched_setscheduler(0, SCHED_BATCH
, &(struct sched_param
) { .sched_priority
= 0 }) >= 0);
576 assert_se(sched_setscheduler(0, SCHED_OTHER
, &(struct sched_param
) {}) >= 0);
578 assert_se(seccomp_restrict_realtime_full(ENOANO
) >= 0);
580 assert_se(sched_setscheduler(0, SCHED_IDLE
, &(struct sched_param
) { .sched_priority
= 0 }) >= 0);
581 assert_se(sched_setscheduler(0, SCHED_BATCH
, &(struct sched_param
) { .sched_priority
= 0 }) >= 0);
582 assert_se(sched_setscheduler(0, SCHED_OTHER
, &(struct sched_param
) {}) >= 0);
584 assert_se(sched_setscheduler(0, SCHED_FIFO
, &(struct sched_param
) { .sched_priority
= 1 }) < 0);
585 assert_se(errno
== ENOANO
);
586 assert_se(sched_setscheduler(0, SCHED_RR
, &(struct sched_param
) { .sched_priority
= 1 }) < 0);
587 assert_se(errno
== ENOANO
);
592 assert_se(wait_for_terminate_and_check("realtimeseccomp", pid
, WAIT_LOG
) == EXIT_SUCCESS
);
595 TEST(memory_deny_write_execute_mmap
) {
598 if (!is_seccomp_available()) {
599 log_notice("Seccomp not available, skipping %s", __func__
);
602 if (!have_seccomp_privs()) {
603 log_notice("Not privileged, skipping %s", __func__
);
606 #if HAVE_VALGRIND_VALGRIND_H
607 if (RUNNING_ON_VALGRIND
) {
608 log_notice("Running on valgrind, skipping %s", __func__
);
612 #if HAS_FEATURE_ADDRESS_SANITIZER
613 log_notice("Running on address sanitizer, skipping %s", __func__
);
623 p
= mmap(NULL
, page_size(), PROT_WRITE
|PROT_EXEC
, MAP_PRIVATE
|MAP_ANONYMOUS
, -1,0);
624 assert_se(p
!= MAP_FAILED
);
625 assert_se(munmap(p
, page_size()) >= 0);
627 p
= mmap(NULL
, page_size(), PROT_WRITE
|PROT_READ
, MAP_PRIVATE
|MAP_ANONYMOUS
, -1,0);
628 assert_se(p
!= MAP_FAILED
);
629 assert_se(munmap(p
, page_size()) >= 0);
631 assert_se(seccomp_memory_deny_write_execute() >= 0);
633 p
= mmap(NULL
, page_size(), PROT_WRITE
|PROT_EXEC
, MAP_PRIVATE
|MAP_ANONYMOUS
, -1,0);
634 #if defined(__x86_64__) || defined(__i386__) || defined(__powerpc64__) || defined(__arm__) || defined(__aarch64__)
635 assert_se(p
== MAP_FAILED
);
636 assert_se(errno
== EPERM
);
638 /* Depending on kernel, libseccomp, and glibc versions, other architectures
639 * might fail or not. Let's not assert success. */
641 assert_se(munmap(p
, page_size()) == 0);
643 p
= mmap(NULL
, page_size(), PROT_WRITE
|PROT_READ
, MAP_PRIVATE
|MAP_ANONYMOUS
, -1,0);
644 assert_se(p
!= MAP_FAILED
);
645 assert_se(munmap(p
, page_size()) >= 0);
650 assert_se(wait_for_terminate_and_check("memoryseccomp-mmap", pid
, WAIT_LOG
) == EXIT_SUCCESS
);
653 TEST(memory_deny_write_execute_shmat
) {
658 SECCOMP_FOREACH_LOCAL_ARCH(arch
) {
659 log_debug("arch %s: SCMP_SYS(mmap) = %d", seccomp_arch_to_string(arch
), SCMP_SYS(mmap
));
660 log_debug("arch %s: SCMP_SYS(mmap2) = %d", seccomp_arch_to_string(arch
), SCMP_SYS(mmap2
));
661 log_debug("arch %s: SCMP_SYS(shmget) = %d", seccomp_arch_to_string(arch
), SCMP_SYS(shmget
));
662 log_debug("arch %s: SCMP_SYS(shmat) = %d", seccomp_arch_to_string(arch
), SCMP_SYS(shmat
));
663 log_debug("arch %s: SCMP_SYS(shmdt) = %d", seccomp_arch_to_string(arch
), SCMP_SYS(shmdt
));
666 if (!is_seccomp_available()) {
667 log_notice("Seccomp not available, skipping %s", __func__
);
670 if (!have_seccomp_privs() || have_effective_cap(CAP_IPC_OWNER
) <= 0) {
671 log_notice("Not privileged, skipping %s", __func__
);
674 #if HAVE_VALGRIND_VALGRIND_H
675 if (RUNNING_ON_VALGRIND
) {
676 log_notice("Running on valgrind, skipping %s", __func__
);
680 #if HAS_FEATURE_ADDRESS_SANITIZER
681 log_notice("Running on address sanitizer, skipping %s", __func__
);
685 shmid
= shmget(IPC_PRIVATE
, page_size(), 0);
686 assert_se(shmid
>= 0);
694 p
= shmat(shmid
, NULL
, 0);
695 assert_se(p
!= MAP_FAILED
);
696 assert_se(shmdt(p
) == 0);
698 p
= shmat(shmid
, NULL
, SHM_EXEC
);
699 assert_se(p
!= MAP_FAILED
);
700 assert_se(shmdt(p
) == 0);
702 assert_se(seccomp_memory_deny_write_execute() >= 0);
704 p
= shmat(shmid
, NULL
, SHM_EXEC
);
705 log_debug_errno(p
== MAP_FAILED
? errno
: 0, "shmat(SHM_EXEC): %m");
706 #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
707 assert_se(p
== MAP_FAILED
);
708 assert_se(errno
== EPERM
);
710 /* Depending on kernel, libseccomp, and glibc versions, other architectures
711 * might fail or not. Let's not assert success. */
713 assert_se(shmdt(p
) == 0);
715 p
= shmat(shmid
, NULL
, 0);
716 log_debug_errno(p
== MAP_FAILED
? errno
: 0, "shmat(0): %m");
717 assert_se(p
!= MAP_FAILED
);
718 assert_se(shmdt(p
) == 0);
723 assert_se(wait_for_terminate_and_check("memoryseccomp-shmat", pid
, WAIT_LOG
) == EXIT_SUCCESS
);
726 TEST(restrict_archs
) {
729 if (!is_seccomp_available()) {
730 log_notice("Seccomp not available, skipping %s", __func__
);
733 if (!have_seccomp_privs()) {
734 log_notice("Not privileged, skipping %s", __func__
);
742 _cleanup_set_free_ Set
*s
= NULL
;
744 assert_se(access("/", F_OK
) >= 0);
746 assert_se(s
= set_new(NULL
));
749 assert_se(set_put(s
, UINT32_TO_PTR(SCMP_ARCH_X86
+1)) >= 0);
751 assert_se(seccomp_restrict_archs(s
) >= 0);
753 assert_se(access("/", F_OK
) >= 0);
754 assert_se(seccomp_restrict_archs(NULL
) >= 0);
756 assert_se(access("/", F_OK
) >= 0);
761 assert_se(wait_for_terminate_and_check("archseccomp", pid
, WAIT_LOG
) == EXIT_SUCCESS
);
764 TEST(load_syscall_filter_set_raw
) {
767 if (!is_seccomp_available()) {
768 log_notice("Seccomp not available, skipping %s", __func__
);
771 if (!have_seccomp_privs()) {
772 log_notice("Not privileged, skipping %s", __func__
);
780 _cleanup_hashmap_free_ Hashmap
*s
= NULL
;
782 assert_se(access("/", F_OK
) >= 0);
783 assert_se(poll(NULL
, 0, 0) == 0);
785 assert_se(seccomp_load_syscall_filter_set_raw(SCMP_ACT_ALLOW
, NULL
, scmp_act_kill_process(), true) >= 0);
786 assert_se(access("/", F_OK
) >= 0);
787 assert_se(poll(NULL
, 0, 0) == 0);
789 assert_se(s
= hashmap_new(NULL
));
790 #if defined __NR_access && __NR_access >= 0
791 assert_se(hashmap_put(s
, UINT32_TO_PTR(__NR_access
+ 1), INT_TO_PTR(-1)) >= 0);
792 log_debug("has access()");
794 #if defined __NR_faccessat && __NR_faccessat >= 0
795 assert_se(hashmap_put(s
, UINT32_TO_PTR(__NR_faccessat
+ 1), INT_TO_PTR(-1)) >= 0);
796 log_debug("has faccessat()");
798 #if defined __NR_faccessat2 && __NR_faccessat2 >= 0
799 assert_se(hashmap_put(s
, UINT32_TO_PTR(__NR_faccessat2
+ 1), INT_TO_PTR(-1)) >= 0);
800 log_debug("has faccessat2()");
803 assert_se(!hashmap_isempty(s
));
804 assert_se(seccomp_load_syscall_filter_set_raw(SCMP_ACT_ALLOW
, s
, SCMP_ACT_ERRNO(EUCLEAN
), true) >= 0);
806 assert_se(access("/", F_OK
) < 0);
807 assert_se(errno
== EUCLEAN
);
809 assert_se(poll(NULL
, 0, 0) == 0);
812 #if defined __NR_access && __NR_access >= 0
813 assert_se(hashmap_put(s
, UINT32_TO_PTR(__NR_access
+ 1), INT_TO_PTR(EILSEQ
)) >= 0);
815 #if defined __NR_faccessat && __NR_faccessat >= 0
816 assert_se(hashmap_put(s
, UINT32_TO_PTR(__NR_faccessat
+ 1), INT_TO_PTR(EILSEQ
)) >= 0);
818 #if defined __NR_faccessat2 && __NR_faccessat2 >= 0
819 assert_se(hashmap_put(s
, UINT32_TO_PTR(__NR_faccessat2
+ 1), INT_TO_PTR(EILSEQ
)) >= 0);
822 assert_se(seccomp_load_syscall_filter_set_raw(SCMP_ACT_ALLOW
, s
, SCMP_ACT_ERRNO(EUCLEAN
), true) >= 0);
824 assert_se(access("/", F_OK
) < 0);
825 assert_se(errno
== EILSEQ
);
827 assert_se(poll(NULL
, 0, 0) == 0);
830 #if defined __NR_poll && __NR_poll >= 0
831 assert_se(hashmap_put(s
, UINT32_TO_PTR(__NR_poll
+ 1), INT_TO_PTR(-1)) >= 0);
832 log_debug("has poll()");
834 #if defined __NR_ppoll && __NR_ppoll >= 0
835 assert_se(hashmap_put(s
, UINT32_TO_PTR(__NR_ppoll
+ 1), INT_TO_PTR(-1)) >= 0);
836 log_debug("has ppoll()");
838 #if defined __NR_ppoll_time64 && __NR_ppoll_time64 >= 0
839 assert_se(hashmap_put(s
, UINT32_TO_PTR(__NR_ppoll_time64
+ 1), INT_TO_PTR(-1)) >= 0);
840 log_debug("has ppoll_time64()");
843 assert_se(!hashmap_isempty(s
));
844 assert_se(seccomp_load_syscall_filter_set_raw(SCMP_ACT_ALLOW
, s
, SCMP_ACT_ERRNO(EUNATCH
), true) >= 0);
846 assert_se(access("/", F_OK
) < 0);
847 assert_se(errno
== EILSEQ
);
849 assert_se(poll(NULL
, 0, 0) < 0);
850 assert_se(errno
== EUNATCH
);
853 #if defined __NR_poll && __NR_poll >= 0
854 assert_se(hashmap_put(s
, UINT32_TO_PTR(__NR_poll
+ 1), INT_TO_PTR(EILSEQ
)) >= 0);
856 #if defined __NR_ppoll && __NR_ppoll >= 0
857 assert_se(hashmap_put(s
, UINT32_TO_PTR(__NR_ppoll
+ 1), INT_TO_PTR(EILSEQ
)) >= 0);
859 #if defined __NR_ppoll_time64 && __NR_ppoll_time64 >= 0
860 assert_se(hashmap_put(s
, UINT32_TO_PTR(__NR_ppoll_time64
+ 1), INT_TO_PTR(EILSEQ
)) >= 0);
863 assert_se(seccomp_load_syscall_filter_set_raw(SCMP_ACT_ALLOW
, s
, SCMP_ACT_ERRNO(EUNATCH
), true) >= 0);
865 assert_se(access("/", F_OK
) < 0);
866 assert_se(errno
== EILSEQ
);
868 assert_se(poll(NULL
, 0, 0) < 0);
869 assert_se(errno
== EILSEQ
);
874 assert_se(wait_for_terminate_and_check("syscallrawseccomp", pid
, WAIT_LOG
) == EXIT_SUCCESS
);
877 TEST(native_syscalls_filtered
) {
880 if (!is_seccomp_available()) {
881 log_notice("Seccomp not available, skipping %s", __func__
);
884 if (!have_seccomp_privs()) {
885 log_notice("Not privileged, skipping %s", __func__
);
893 _cleanup_set_free_ Set
*arch_s
= NULL
;
894 _cleanup_hashmap_free_ Hashmap
*s
= NULL
;
896 /* Passing "native" or an empty set is equivalent, just do both here. */
897 assert_se(arch_s
= set_new(NULL
));
898 assert_se(seccomp_restrict_archs(arch_s
) >= 0);
899 assert_se(set_put(arch_s
, SCMP_ARCH_NATIVE
) >= 0);
900 assert_se(seccomp_restrict_archs(arch_s
) >= 0);
902 assert_se(access("/", F_OK
) >= 0);
903 assert_se(poll(NULL
, 0, 0) == 0);
905 assert_se(seccomp_load_syscall_filter_set_raw(SCMP_ACT_ALLOW
, NULL
, scmp_act_kill_process(), true) >= 0);
906 assert_se(access("/", F_OK
) >= 0);
907 assert_se(poll(NULL
, 0, 0) == 0);
909 assert_se(s
= hashmap_new(NULL
));
910 #if defined __NR_access && __NR_access >= 0
911 assert_se(hashmap_put(s
, UINT32_TO_PTR(__NR_access
+ 1), INT_TO_PTR(-1)) >= 0);
912 log_debug("has access()");
914 #if defined __NR_faccessat && __NR_faccessat >= 0
915 assert_se(hashmap_put(s
, UINT32_TO_PTR(__NR_faccessat
+ 1), INT_TO_PTR(-1)) >= 0);
916 log_debug("has faccessat()");
918 #if defined __NR_faccessat2 && __NR_faccessat2 >= 0
919 assert_se(hashmap_put(s
, UINT32_TO_PTR(__NR_faccessat2
+ 1), INT_TO_PTR(-1)) >= 0);
920 log_debug("has faccessat2()");
923 assert_se(!hashmap_isempty(s
));
924 assert_se(seccomp_load_syscall_filter_set_raw(SCMP_ACT_ALLOW
, s
, SCMP_ACT_ERRNO(EUCLEAN
), true) >= 0);
926 assert_se(access("/", F_OK
) < 0);
927 assert_se(errno
== EUCLEAN
);
932 assert_se(wait_for_terminate_and_check("nativeseccomp", pid
, WAIT_LOG
) == EXIT_SUCCESS
);
935 TEST(lock_personality
) {
936 unsigned long current
;
939 if (!is_seccomp_available()) {
940 log_notice("Seccomp not available, skipping %s", __func__
);
943 if (!have_seccomp_privs()) {
944 log_notice("Not privileged, skipping %s", __func__
);
948 assert_se(opinionated_personality(¤t
) >= 0);
949 /* On ppc64le sanitizers disable ASLR (i.e. by setting ADDR_NO_RANDOMIZE),
950 * which opinionated_personality() doesn't return. Let's tweak the current
951 * personality ourselves in such cases.
952 * See: https://github.com/llvm/llvm-project/commit/78f7a6eaa601bfdd6ae70ffd3da2254c21ff77f9
954 if (FLAGS_SET(safe_personality(PERSONALITY_INVALID
), ADDR_NO_RANDOMIZE
))
955 current
|= ADDR_NO_RANDOMIZE
;
957 log_info("current personality=0x%lX", current
);
963 assert_se(seccomp_lock_personality(current
) >= 0);
965 assert_se((unsigned long) safe_personality(current
) == current
);
967 /* Note, we also test that safe_personality() works correctly, by checking whether errno is properly
968 * set, in addition to the return value */
970 assert_se(safe_personality(PER_LINUX
| MMAP_PAGE_ZERO
) == -EPERM
);
971 assert_se(errno
== EPERM
);
973 if (!FLAGS_SET(current
, ADDR_NO_RANDOMIZE
))
974 assert_se(safe_personality(PER_LINUX
| ADDR_NO_RANDOMIZE
) == -EPERM
);
975 assert_se(safe_personality(PER_LINUX
| ADDR_COMPAT_LAYOUT
) == -EPERM
);
976 assert_se(safe_personality(PER_LINUX
| READ_IMPLIES_EXEC
) == -EPERM
);
977 assert_se(safe_personality(PER_LINUX_32BIT
) == -EPERM
);
978 assert_se(safe_personality(PER_SVR4
) == -EPERM
);
979 assert_se(safe_personality(PER_BSD
) == -EPERM
);
980 assert_se(safe_personality(current
== PER_LINUX
? PER_LINUX32
: PER_LINUX
) == -EPERM
);
981 assert_se(safe_personality(PER_LINUX32_3GB
) == -EPERM
);
982 assert_se(safe_personality(PER_UW7
) == -EPERM
);
983 assert_se(safe_personality(0x42) == -EPERM
);
985 assert_se(safe_personality(PERSONALITY_INVALID
) == -EPERM
); /* maybe remove this later */
987 assert_se((unsigned long) personality(current
) == current
);
991 assert_se(wait_for_terminate_and_check("lockpersonalityseccomp", pid
, WAIT_LOG
) == EXIT_SUCCESS
);
994 static int real_open(const char *path
, int flags
, mode_t mode
) {
995 /* glibc internally calls openat() when open() is requested. Let's hence define our own wrapper for
996 * testing purposes that calls the real syscall, on architectures where SYS_open is defined. On
997 * other architectures, let's just fall back to the glibc call. */
999 #if defined __NR_open && __NR_open >= 0
1000 return (int) syscall(__NR_open
, path
, flags
, mode
);
1002 return open(path
, flags
, mode
);
1006 TEST(restrict_suid_sgid
) {
1009 if (!is_seccomp_available()) {
1010 log_notice("Seccomp not available, skipping %s", __func__
);
1013 if (!have_seccomp_privs()) {
1014 log_notice("Not privileged, skipping %s", __func__
);
1019 assert_se(pid
>= 0);
1022 char path
[] = "/tmp/suidsgidXXXXXX", dir
[] = "/tmp/suidsgiddirXXXXXX";
1023 int fd
= -1, k
= -1;
1026 fd
= mkostemp_safe(path
);
1029 assert_se(mkdtemp(dir
));
1030 z
= strjoina(dir
, "/test");
1032 assert_se(chmod(path
, 0755 | S_ISUID
) >= 0);
1033 assert_se(chmod(path
, 0755 | S_ISGID
) >= 0);
1034 assert_se(chmod(path
, 0755 | S_ISGID
| S_ISUID
) >= 0);
1035 assert_se(chmod(path
, 0755) >= 0);
1037 assert_se(fchmod(fd
, 0755 | S_ISUID
) >= 0);
1038 assert_se(fchmod(fd
, 0755 | S_ISGID
) >= 0);
1039 assert_se(fchmod(fd
, 0755 | S_ISGID
| S_ISUID
) >= 0);
1040 assert_se(fchmod(fd
, 0755) >= 0);
1042 assert_se(fchmodat(AT_FDCWD
, path
, 0755 | S_ISUID
, 0) >= 0);
1043 assert_se(fchmodat(AT_FDCWD
, path
, 0755 | S_ISGID
, 0) >= 0);
1044 assert_se(fchmodat(AT_FDCWD
, path
, 0755 | S_ISGID
| S_ISUID
, 0) >= 0);
1045 assert_se(fchmodat(AT_FDCWD
, path
, 0755, 0) >= 0);
1047 k
= real_open(z
, O_CREAT
|O_RDWR
|O_CLOEXEC
|O_EXCL
, 0644 | S_ISUID
);
1049 assert_se(unlink(z
) >= 0);
1051 k
= real_open(z
, O_CREAT
|O_RDWR
|O_CLOEXEC
|O_EXCL
, 0644 | S_ISGID
);
1053 assert_se(unlink(z
) >= 0);
1055 k
= real_open(z
, O_CREAT
|O_RDWR
|O_CLOEXEC
|O_EXCL
, 0644 | S_ISUID
| S_ISGID
);
1057 assert_se(unlink(z
) >= 0);
1059 k
= real_open(z
, O_CREAT
|O_RDWR
|O_CLOEXEC
|O_EXCL
, 0644);
1061 assert_se(unlink(z
) >= 0);
1063 k
= creat(z
, 0644 | S_ISUID
);
1065 assert_se(unlink(z
) >= 0);
1067 k
= creat(z
, 0644 | S_ISGID
);
1069 assert_se(unlink(z
) >= 0);
1071 k
= creat(z
, 0644 | S_ISUID
| S_ISGID
);
1073 assert_se(unlink(z
) >= 0);
1077 assert_se(unlink(z
) >= 0);
1079 k
= openat(AT_FDCWD
, z
, O_CREAT
|O_RDWR
|O_CLOEXEC
|O_EXCL
, 0644 | S_ISUID
);
1081 assert_se(unlink(z
) >= 0);
1083 k
= openat(AT_FDCWD
, z
, O_CREAT
|O_RDWR
|O_CLOEXEC
|O_EXCL
, 0644 | S_ISGID
);
1085 assert_se(unlink(z
) >= 0);
1087 k
= openat(AT_FDCWD
, z
, O_CREAT
|O_RDWR
|O_CLOEXEC
|O_EXCL
, 0644 | S_ISUID
| S_ISGID
);
1089 assert_se(unlink(z
) >= 0);
1091 k
= openat(AT_FDCWD
, z
, O_CREAT
|O_RDWR
|O_CLOEXEC
|O_EXCL
, 0644);
1093 assert_se(unlink(z
) >= 0);
1095 assert_se(mkdir(z
, 0755 | S_ISUID
) >= 0);
1096 assert_se(rmdir(z
) >= 0);
1097 assert_se(mkdir(z
, 0755 | S_ISGID
) >= 0);
1098 assert_se(rmdir(z
) >= 0);
1099 assert_se(mkdir(z
, 0755 | S_ISUID
| S_ISGID
) >= 0);
1100 assert_se(rmdir(z
) >= 0);
1101 assert_se(mkdir(z
, 0755) >= 0);
1102 assert_se(rmdir(z
) >= 0);
1104 assert_se(mkdirat(AT_FDCWD
, z
, 0755 | S_ISUID
) >= 0);
1105 assert_se(rmdir(z
) >= 0);
1106 assert_se(mkdirat(AT_FDCWD
, z
, 0755 | S_ISGID
) >= 0);
1107 assert_se(rmdir(z
) >= 0);
1108 assert_se(mkdirat(AT_FDCWD
, z
, 0755 | S_ISUID
| S_ISGID
) >= 0);
1109 assert_se(rmdir(z
) >= 0);
1110 assert_se(mkdirat(AT_FDCWD
, z
, 0755) >= 0);
1111 assert_se(rmdir(z
) >= 0);
1113 assert_se(mknod(z
, S_IFREG
| 0755 | S_ISUID
, 0) >= 0);
1114 assert_se(unlink(z
) >= 0);
1115 assert_se(mknod(z
, S_IFREG
| 0755 | S_ISGID
, 0) >= 0);
1116 assert_se(unlink(z
) >= 0);
1117 assert_se(mknod(z
, S_IFREG
| 0755 | S_ISUID
| S_ISGID
, 0) >= 0);
1118 assert_se(unlink(z
) >= 0);
1119 assert_se(mknod(z
, S_IFREG
| 0755, 0) >= 0);
1120 assert_se(unlink(z
) >= 0);
1122 assert_se(mknodat(AT_FDCWD
, z
, S_IFREG
| 0755 | S_ISUID
, 0) >= 0);
1123 assert_se(unlink(z
) >= 0);
1124 assert_se(mknodat(AT_FDCWD
, z
, S_IFREG
| 0755 | S_ISGID
, 0) >= 0);
1125 assert_se(unlink(z
) >= 0);
1126 assert_se(mknodat(AT_FDCWD
, z
, S_IFREG
| 0755 | S_ISUID
| S_ISGID
, 0) >= 0);
1127 assert_se(unlink(z
) >= 0);
1128 assert_se(mknodat(AT_FDCWD
, z
, S_IFREG
| 0755, 0) >= 0);
1129 assert_se(unlink(z
) >= 0);
1131 assert_se(seccomp_restrict_suid_sgid() >= 0);
1133 assert_se(chmod(path
, 0775 | S_ISUID
) < 0 && errno
== EPERM
);
1134 assert_se(chmod(path
, 0775 | S_ISGID
) < 0 && errno
== EPERM
);
1135 assert_se(chmod(path
, 0775 | S_ISGID
| S_ISUID
) < 0 && errno
== EPERM
);
1136 assert_se(chmod(path
, 0775) >= 0);
1138 assert_se(fchmod(fd
, 0775 | S_ISUID
) < 0 && errno
== EPERM
);
1139 assert_se(fchmod(fd
, 0775 | S_ISGID
) < 0 && errno
== EPERM
);
1140 assert_se(fchmod(fd
, 0775 | S_ISGID
| S_ISUID
) < 0 && errno
== EPERM
);
1141 assert_se(fchmod(fd
, 0775) >= 0);
1143 assert_se(fchmodat(AT_FDCWD
, path
, 0755 | S_ISUID
, 0) < 0 && errno
== EPERM
);
1144 assert_se(fchmodat(AT_FDCWD
, path
, 0755 | S_ISGID
, 0) < 0 && errno
== EPERM
);
1145 assert_se(fchmodat(AT_FDCWD
, path
, 0755 | S_ISGID
| S_ISUID
, 0) < 0 && errno
== EPERM
);
1146 assert_se(fchmodat(AT_FDCWD
, path
, 0755, 0) >= 0);
1148 assert_se(real_open(z
, O_CREAT
|O_RDWR
|O_CLOEXEC
|O_EXCL
, 0644 | S_ISUID
) < 0 && errno
== EPERM
);
1149 assert_se(real_open(z
, O_CREAT
|O_RDWR
|O_CLOEXEC
|O_EXCL
, 0644 | S_ISGID
) < 0 && errno
== EPERM
);
1150 assert_se(real_open(z
, O_CREAT
|O_RDWR
|O_CLOEXEC
|O_EXCL
, 0644 | S_ISUID
| S_ISGID
) < 0 && errno
== EPERM
);
1151 k
= real_open(z
, O_CREAT
|O_RDWR
|O_CLOEXEC
|O_EXCL
, 0644);
1153 assert_se(unlink(z
) >= 0);
1155 assert_se(creat(z
, 0644 | S_ISUID
) < 0 && errno
== EPERM
);
1156 assert_se(creat(z
, 0644 | S_ISGID
) < 0 && errno
== EPERM
);
1157 assert_se(creat(z
, 0644 | S_ISUID
| S_ISGID
) < 0 && errno
== EPERM
);
1160 assert_se(unlink(z
) >= 0);
1162 assert_se(openat(AT_FDCWD
, z
, O_CREAT
|O_RDWR
|O_CLOEXEC
|O_EXCL
, 0644 | S_ISUID
) < 0 && errno
== EPERM
);
1163 assert_se(openat(AT_FDCWD
, z
, O_CREAT
|O_RDWR
|O_CLOEXEC
|O_EXCL
, 0644 | S_ISGID
) < 0 && errno
== EPERM
);
1164 assert_se(openat(AT_FDCWD
, z
, O_CREAT
|O_RDWR
|O_CLOEXEC
|O_EXCL
, 0644 | S_ISUID
| S_ISGID
) < 0 && errno
== EPERM
);
1165 k
= openat(AT_FDCWD
, z
, O_CREAT
|O_RDWR
|O_CLOEXEC
|O_EXCL
, 0644);
1167 assert_se(unlink(z
) >= 0);
1169 assert_se(mkdir(z
, 0755 | S_ISUID
) < 0 && errno
== EPERM
);
1170 assert_se(mkdir(z
, 0755 | S_ISGID
) < 0 && errno
== EPERM
);
1171 assert_se(mkdir(z
, 0755 | S_ISUID
| S_ISGID
) < 0 && errno
== EPERM
);
1172 assert_se(mkdir(z
, 0755) >= 0);
1173 assert_se(rmdir(z
) >= 0);
1175 assert_se(mkdirat(AT_FDCWD
, z
, 0755 | S_ISUID
) < 0 && errno
== EPERM
);
1176 assert_se(mkdirat(AT_FDCWD
, z
, 0755 | S_ISGID
) < 0 && errno
== EPERM
);
1177 assert_se(mkdirat(AT_FDCWD
, z
, 0755 | S_ISUID
| S_ISGID
) < 0 && errno
== EPERM
);
1178 assert_se(mkdirat(AT_FDCWD
, z
, 0755) >= 0);
1179 assert_se(rmdir(z
) >= 0);
1181 assert_se(mknod(z
, S_IFREG
| 0755 | S_ISUID
, 0) < 0 && errno
== EPERM
);
1182 assert_se(mknod(z
, S_IFREG
| 0755 | S_ISGID
, 0) < 0 && errno
== EPERM
);
1183 assert_se(mknod(z
, S_IFREG
| 0755 | S_ISUID
| S_ISGID
, 0) < 0 && errno
== EPERM
);
1184 assert_se(mknod(z
, S_IFREG
| 0755, 0) >= 0);
1185 assert_se(unlink(z
) >= 0);
1187 assert_se(mknodat(AT_FDCWD
, z
, S_IFREG
| 0755 | S_ISUID
, 0) < 0 && errno
== EPERM
);
1188 assert_se(mknodat(AT_FDCWD
, z
, S_IFREG
| 0755 | S_ISGID
, 0) < 0 && errno
== EPERM
);
1189 assert_se(mknodat(AT_FDCWD
, z
, S_IFREG
| 0755 | S_ISUID
| S_ISGID
, 0) < 0 && errno
== EPERM
);
1190 assert_se(mknodat(AT_FDCWD
, z
, S_IFREG
| 0755, 0) >= 0);
1191 assert_se(unlink(z
) >= 0);
1193 assert_se(unlink(path
) >= 0);
1194 assert_se(rm_rf(dir
, REMOVE_ROOT
|REMOVE_PHYSICAL
) >= 0);
1196 _exit(EXIT_SUCCESS
);
1199 assert_se(wait_for_terminate_and_check("suidsgidseccomp", pid
, WAIT_LOG
) == EXIT_SUCCESS
);
1202 DEFINE_TEST_MAIN(LOG_DEBUG
);