On 25-Mär 19:01, Andrii Nakryiko wrote:
> On Wed, Mar 25, 2020 at 8:27 AM KP Singh <kpsingh@xxxxxxxxxxxx> wrote:
> >
> > From: KP Singh <kpsingh@xxxxxxxxxx>
> >
> > * Load/attach a BPF program that hooks to file_mprotect (int)
> > and bprm_committed_creds (void).
> > * Perform an action that triggers the hook.
> > * Verify if the audit event was received using the shared global
> > variables for the process executed.
> > * Verify if the mprotect returns a -EPERM.
> >
> > Signed-off-by: KP Singh <kpsingh@xxxxxxxxxx>
> > Reviewed-by: Brendan Jackman <jackmanb@xxxxxxxxxx>
> > Reviewed-by: Florent Revest <revest@xxxxxxxxxx>
> > Reviewed-by: Thomas Garnier <thgarnie@xxxxxxxxxx>
> > ---
> > tools/testing/selftests/bpf/config | 2 +
> > .../selftests/bpf/prog_tests/test_lsm.c | 84 +++++++++++++++++++
> > tools/testing/selftests/bpf/progs/lsm.c | 48 +++++++++++
> > 3 files changed, 134 insertions(+)
> > create mode 100644 tools/testing/selftests/bpf/prog_tests/test_lsm.c
> > create mode 100644 tools/testing/selftests/bpf/progs/lsm.c
> >
>
> [...]
>
> > +
> > +int exec_cmd(int *monitored_pid)
> > +{
> > + int child_pid;
> > +
> > + child_pid = fork();
> > + if (child_pid == 0) {
> > + *monitored_pid = getpid();
> > + execvp(CMD_ARGS[0], CMD_ARGS);
> > + return -EINVAL;
> > + } else if (child_pid > 0)
>
> This test is part of test_progs, so let's be a good citizen and wait
> for your specific child. I'd rather not hunt for elusive bugs later,
> so please use waitpid() instead.
Good idea. Done.
- KP
>
> Otherwise looks good and clean, thanks!
>
> > + return wait(NULL);
> > +
> > + return -EINVAL;
> > +}
> > +
>
> [...]
