On Wed, Jul 19, 2017 at 11:26 AM, Stephen Smalley <[email protected]> wrote: > Add tests for the AT_SECURE auxv flag to ensure that its value > is set correctly based on whether noatsecure permission is allowed > between the old domain and the new domain. > > Also test that the dynamic linker ignores LD_PRELOAD when AT_SECURE > is set to 1. > > AT_SECURE has been supported since Linux 2.6.0, so these tests should > work on all SELinux systems and do not need to be conditionally enabled. > > Signed-off-by: Stephen Smalley <[email protected]> > --- > policy/Makefile | 2 +- > policy/test_atsecure.te | 46 ++++++++++++++++++++++++++++++++++++++++++++++ > tests/Makefile | 3 ++- > tests/atsecure/Makefile | 9 +++++++++ > tests/atsecure/atsecure.c | 10 ++++++++++ > tests/atsecure/evil.c | 10 ++++++++++ > tests/atsecure/good.c | 10 ++++++++++ > tests/atsecure/test | 31 +++++++++++++++++++++++++++++++ > 8 files changed, 119 insertions(+), 2 deletions(-) > create mode 100644 policy/test_atsecure.te > create mode 100644 tests/atsecure/Makefile > create mode 100644 tests/atsecure/atsecure.c > create mode 100644 tests/atsecure/evil.c > create mode 100644 tests/atsecure/good.c > create mode 100755 tests/atsecure/test
Merged, thanks. I wanted to get this in soon so we have something to use to verify the changes in Kees' patchset. -- paul moore www.paul-moore.com
