On Wed, Mar 25, 2020 at 8:27 AM KP Singh <kpsingh@xxxxxxxxxxxx> wrote:
>
> From: KP Singh <kpsingh@xxxxxxxxxx>
>
> * Load/attach a BPF program that hooks to file_mprotect (int)
> and bprm_committed_creds (void).
> * Perform an action that triggers the hook.
> * Verify if the audit event was received using the shared global
> variables for the process executed.
> * Verify if the mprotect returns a -EPERM.
>
> Signed-off-by: KP Singh <kpsingh@xxxxxxxxxx>
> Reviewed-by: Brendan Jackman <jackmanb@xxxxxxxxxx>
> Reviewed-by: Florent Revest <revest@xxxxxxxxxx>
> Reviewed-by: Thomas Garnier <thgarnie@xxxxxxxxxx>
> ---
> tools/testing/selftests/bpf/config | 2 +
> .../selftests/bpf/prog_tests/test_lsm.c | 84 +++++++++++++++++++
> tools/testing/selftests/bpf/progs/lsm.c | 48 +++++++++++
> 3 files changed, 134 insertions(+)
> create mode 100644 tools/testing/selftests/bpf/prog_tests/test_lsm.c
> create mode 100644 tools/testing/selftests/bpf/progs/lsm.c
>
[...]
> +
> +int exec_cmd(int *monitored_pid)
> +{
> + int child_pid;
> +
> + child_pid = fork();
> + if (child_pid == 0) {
> + *monitored_pid = getpid();
> + execvp(CMD_ARGS[0], CMD_ARGS);
> + return -EINVAL;
> + } else if (child_pid > 0)
This test is part of test_progs, so let's be a good citizen and wait
for your specific child. I'd rather not hunt for elusive bugs later,
so please use waitpid() instead.
Otherwise looks good and clean, thanks!
> + return wait(NULL);
> +
> + return -EINVAL;
> +}
> +
[...]
