On Thu, Mar 26, 2020 at 7:30 AM KP Singh <kpsingh@xxxxxxxxxxxx> wrote:
>
> From: KP Singh <kpsingh@xxxxxxxxxx>
>
> * Load/attach a BPF program that hooks to file_mprotect (int)
> and bprm_committed_creds (void).
> * Perform an action that triggers the hook.
> * Verify if the audit event was received using the shared global
> variables for the process executed.
> * Verify if the mprotect returns a -EPERM.
>
> Signed-off-by: KP Singh <kpsingh@xxxxxxxxxx>
> Reviewed-by: Brendan Jackman <jackmanb@xxxxxxxxxx>
> Reviewed-by: Florent Revest <revest@xxxxxxxxxx>
> Reviewed-by: Thomas Garnier <thgarnie@xxxxxxxxxx>
> ---
Please fix endlines below. With that:
Acked-by: Andrii Nakryiko <andriin@xxxxxx>
> tools/testing/selftests/bpf/config | 2 +
> .../selftests/bpf/prog_tests/test_lsm.c | 86 +++++++++++++++++++
> tools/testing/selftests/bpf/progs/lsm.c | 48 +++++++++++
> 3 files changed, 136 insertions(+)
> create mode 100644 tools/testing/selftests/bpf/prog_tests/test_lsm.c
> create mode 100644 tools/testing/selftests/bpf/progs/lsm.c
>
[...]
> +void test_test_lsm(void)
> +{
> + struct lsm *skel = NULL;
> + int err, duration = 0;
> +
> + skel = lsm__open_and_load();
> + if (CHECK(!skel, "skel_load", "lsm skeleton failed\n"))
> + goto close_prog;
> +
> + err = lsm__attach(skel);
> + if (CHECK(err, "attach", "lsm attach failed: %d\n", err))
> + goto close_prog;
> +
> + err = exec_cmd(&skel->bss->monitored_pid);
> + if (CHECK(err < 0, "exec_cmd", "err %d errno %d\n", err, errno))
> + goto close_prog;
> +
> + CHECK(skel->bss->bprm_count != 1, "bprm_count", "bprm_count = %d",
\n is missing
> + skel->bss->bprm_count);
> +
> + skel->bss->monitored_pid = getpid();
> +
> + err = heap_mprotect();
> + if (CHECK(errno != EPERM, "heap_mprotect", "want errno=EPERM, got %d\n",
> + errno))
> + goto close_prog;
> +
> + CHECK(skel->bss->mprotect_count != 1, "mprotect_count",
> + "mprotect_count = %d", skel->bss->mprotect_count);
\n is missing
> +
> +close_prog:
> + lsm__destroy(skel);
> +}
[...]
