Repository : http://git.fedorahosted.org/cgit/kernel-tests.git On branch : master >--------------------------------------------------------------- commit d632c335751ee265cf83492f240f2413aad1a9cc Author: Justin M. Forbes <jforbes@xxxxxxxxxx> Date: Thu Aug 7 16:49:17 2014 +0200 selinux-dac-controls test came from rhbz 1013466 >--------------------------------------------------------------- default/selinux-dac-controls/mmap_test.c | 26 +++++++++++++++++++++ default/selinux-dac-controls/runtest.sh | 37 ++++++++++++++++++++++++++++++ 2 files changed, 63 insertions(+), 0 deletions(-) diff --git a/default/selinux-dac-controls/mmap_test.c b/default/selinux-dac-controls/mmap_test.c new file mode 100644 index 0000000..a63e8cd --- /dev/null +++ b/default/selinux-dac-controls/mmap_test.c @@ -0,0 +1,26 @@ +#include <stdlib.h> +#include <stdio.h> +#include <errno.h> +#include <sys/mman.h> +#include <sys/types.h> +#include <unistd.h> + + +int main(int argc, char *argv[]) +{ + int rc; + void *mem; + /* Run as nobody, we don't want CAP_SYS_RAWIO */ + setuid(99); + setgid(99); + + mem = mmap(0x0, 4096, + PROT_READ | PROT_WRITE, + MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED, -1, 0); + if (mem == MAP_FAILED) + return errno; + printf("mem = %p\n", mem); + munmap(mem, 4096); + + return 0; +} diff --git a/default/selinux-dac-controls/runtest.sh b/default/selinux-dac-controls/runtest.sh new file mode 100755 index 0000000..736ac97 --- /dev/null +++ b/default/selinux-dac-controls/runtest.sh @@ -0,0 +1,37 @@ +#!/bin/bash +# +# Licensed under the terms of the GNU GPL License version 2 + +# This test came from rhbz 1013466 + +# Make sure we can run this test successfully +source ../../utils/root-check.sh +check_root +is_root=$? +if [ "$is_root" -ne "0" ]; then + exit 3 +fi + +selinux=`getenforce` +if [ "$selinux" == "Permissive" ]; then + echo "SELinux must be enabled for this test" + exit 3 +fi + +#Build +gcc -g -O0 -o mmap_test mmap_test.c +if [ ! -f ./mmap_test ]; then + echo "Something went wrong during mmap_test build." + exit -1 +fi + +./mmap_test + +avcdenial=`ausearch -m AVC -ts recent | grep -c mmap_zero` +if [ "$avcdenial" -ne "0" ]; then + echo "AVC Denail found for mmap_zero" + exit -1 +fi + + +exit 0 _______________________________________________ kernel mailing list kernel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/kernel