git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Slava Imameev <slava.imameev@crowdstrike.com>
	Fri, 20 Jun 2025 15:18:12 +0000 (01:18 +1000)
committer	Alexei Starovoitov <ast@kernel.org>
	Fri, 20 Jun 2025 18:13:03 +0000 (11:13 -0700)
commit	f8b19aeca1652fcadefce8529cd85e5fd475dd69
tree	23ec22ff984f45d6447d0cef97892fd501b419cf	tree
parent	d32179e8c2583f1613f7bc9710612091c3c038d8	commit \| diff

selftests/bpf: Add test for bpftool access to read-only protected maps

Add selftest cases that validate bpftool's expected behavior when
accessing maps protected from modification via security_bpf_map.

The test includes a BPF program attached to security_bpf_map with two maps:
- A protected map that only allows read-only access
- An unprotected map that allows full access

The test script attaches the BPF program to security_bpf_map and
verifies that for the bpftool map command:
- Read access works on both maps
- Write access fails on the protected map
- Write access succeeds on the unprotected map
- These behaviors remain consistent when the maps are pinned

Signed-off-by: Slava Imameev <slava.imameev@crowdstrike.com>
Reviewed-by: Quentin Monnet <qmo@kernel.org>
Link: https://lore.kernel.org/r/20250620151812.13952-2-slava.imameev@crowdstrike.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

tools/testing/selftests/bpf/Makefile		diff \| blob \| blame \| history
tools/testing/selftests/bpf/progs/bpf_iter_map_elem.c	[new file with mode: 0644]	blob
tools/testing/selftests/bpf/progs/security_bpf_map.c	[new file with mode: 0644]	blob
tools/testing/selftests/bpf/test_bpftool_map.sh	[new file with mode: 0755]	blob