#include <stdlib.h>
#include <sys/eventfd.h>
#include <sys/mman.h>
+#include <sys/personality.h>
#include <sys/poll.h>
#include <sys/shm.h>
#include <sys/types.h>
assert_se(wait_for_terminate_and_warn("syscallrawseccomp", pid, true) == EXIT_SUCCESS);
}
+static void test_lock_personality(void) {
+ pid_t pid;
+
+ if (!is_seccomp_available())
+ return;
+ if (geteuid() != 0)
+ return;
+
+ pid = fork();
+ assert_se(pid >= 0);
+
+ if (pid == 0) {
+ assert_se(seccomp_lock_personality(PER_LINUX) >= 0);
+
+ assert_se(personality(PER_LINUX) == PER_LINUX);
+ assert_se(personality(PER_LINUX | ADDR_NO_RANDOMIZE) == -1 && errno == EPERM);
+ assert_se(personality(PER_LINUX | MMAP_PAGE_ZERO) == -1 && errno == EPERM);
+ assert_se(personality(PER_LINUX | ADDR_COMPAT_LAYOUT) == -1 && errno == EPERM);
+ assert_se(personality(PER_LINUX | READ_IMPLIES_EXEC) == -1 && errno == EPERM);
+ assert_se(personality(PER_LINUX_32BIT) == -1 && errno == EPERM);
+ assert_se(personality(PER_SVR4) == -1 && errno == EPERM);
+ assert_se(personality(PER_BSD) == -1 && errno == EPERM);
+ assert_se(personality(PER_LINUX32) == -1 && errno == EPERM);
+ assert_se(personality(PER_LINUX32_3GB) == -1 && errno == EPERM);
+ assert_se(personality(PER_UW7) == -1 && errno == EPERM);
+ assert_se(personality(0x42) == -1 && errno == EPERM);
+ assert_se(personality(PERSONALITY_INVALID) == -1 && errno == EPERM); /* maybe remove this later */
+ assert_se(personality(PER_LINUX) == PER_LINUX);
+ _exit(EXIT_SUCCESS);
+ }
+
+ assert_se(wait_for_terminate_and_warn("lockpersonalityseccomp", pid, true) == EXIT_SUCCESS);
+}
+
int main(int argc, char *argv[]) {
log_set_max_level(LOG_DEBUG);
test_memory_deny_write_execute_shmat();
test_restrict_archs();
test_load_syscall_filter_set_raw();
+ test_lock_personality();
return 0;
}
projects / thirdparty / systemd.git / blobdiff