On Fri, Jan 18, 2019 at 4:12 PM Tycho Andersen <tycho@xxxxxxxx> wrote: > > Hi all, > > Here are the fixes I previously mentioned I would send. I previously > assumed that the tests were mostly run as root, but it turns out > everything else besides the stuff I wrote in the seccomp tests either > sets NNP and doesn't require real root, so it all actually works. This > set of fixes should make most of the other tests work unprivileged, > while XFAIL-ing the one that requires real root. Awesome. This all looks good to me. :) Acked-by: Kees Cook <keescook@xxxxxxxxxxxx> Shuah, can you take this series? -Kees > > Cheers, > > Tycho > > Tycho Andersen (6): > selftests: don't kill child immediately in get_metadata() test > selftests: fix typo in seccomp_bpf.c > selftest: include stdio.h in kselftest.h > selftests: skip seccomp get_metadata test if not real root > selftests: set NO_NEW_PRIVS bit in seccomp user tests > selftests: unshare userns in seccomp pidns testcases > > tools/testing/selftests/kselftest.h | 1 + > tools/testing/selftests/seccomp/seccomp_bpf.c | 42 ++++++++++++++++--- > 2 files changed, 38 insertions(+), 5 deletions(-) > > -- > 2.19.1 > -- Kees Cook
