kernel-tests master: selinux-dac-controls test came from rhbz 1013466 (d632c33)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Repository : http://git.fedorahosted.org/cgit/kernel-tests.git

On branch  : master

>---------------------------------------------------------------

commit d632c335751ee265cf83492f240f2413aad1a9cc
Author: Justin M. Forbes <jforbes@xxxxxxxxxx>
Date:   Thu Aug 7 16:49:17 2014 +0200

    selinux-dac-controls test came from rhbz 1013466


>---------------------------------------------------------------

 default/selinux-dac-controls/mmap_test.c |   26 +++++++++++++++++++++
 default/selinux-dac-controls/runtest.sh  |   37 ++++++++++++++++++++++++++++++
 2 files changed, 63 insertions(+), 0 deletions(-)

diff --git a/default/selinux-dac-controls/mmap_test.c b/default/selinux-dac-controls/mmap_test.c
new file mode 100644
index 0000000..a63e8cd
--- /dev/null
+++ b/default/selinux-dac-controls/mmap_test.c
@@ -0,0 +1,26 @@
+#include <stdlib.h>
+#include <stdio.h>
+#include <errno.h>
+#include <sys/mman.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+
+int main(int argc, char *argv[])
+{
+	int rc;
+	void *mem;
+	/* Run as nobody, we don't want CAP_SYS_RAWIO */
+	setuid(99);
+	setgid(99);
+
+	mem = mmap(0x0, 4096,
+		   PROT_READ | PROT_WRITE,
+		   MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED, -1, 0);
+	if (mem == MAP_FAILED)
+		return errno;
+	printf("mem = %p\n", mem);
+	munmap(mem, 4096);
+
+	return 0;
+}
diff --git a/default/selinux-dac-controls/runtest.sh b/default/selinux-dac-controls/runtest.sh
new file mode 100755
index 0000000..736ac97
--- /dev/null
+++ b/default/selinux-dac-controls/runtest.sh
@@ -0,0 +1,37 @@
+#!/bin/bash
+#
+# Licensed under the terms of the GNU GPL License version 2
+
+# This test came from rhbz 1013466
+
+# Make sure we can run this test successfully
+source ../../utils/root-check.sh
+check_root
+is_root=$?
+if [ "$is_root" -ne "0" ]; then
+        exit 3
+fi
+
+selinux=`getenforce`
+if [ "$selinux" == "Permissive" ]; then
+	echo "SELinux must be enabled for this test"
+	exit 3
+fi
+
+#Build
+gcc -g -O0 -o mmap_test mmap_test.c
+if [ ! -f ./mmap_test ]; then
+  echo "Something went wrong during mmap_test build."
+  exit -1
+fi
+
+./mmap_test
+
+avcdenial=`ausearch -m AVC -ts recent | grep -c mmap_zero`
+if [ "$avcdenial" -ne "0" ]; then
+        echo "AVC Denail found for mmap_zero"
+	exit -1
+fi
+
+
+exit 0

_______________________________________________
kernel mailing list
kernel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/kernel





[Index of Archives]     [Fedora General Discussion]     [Older Fedora Users Archive]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Announce]     [Fedora Package Review]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Coolkey]     [Yum Users]     [Tux]     [Yosemite News]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [USB]     [Asterisk PBX]

  Powered by Linux