On Wed, Dec 07, 2022 at 03:49:35PM +0000, jeffxu@xxxxxxxxxxxx wrote: > From: Daniel Verkamp <dverkamp@xxxxxxxxxxxx> > > Basic tests to ensure that user/group/other execute bits cannot be > changed after applying F_SEAL_EXEC to a memfd. > > Signed-off-by: Daniel Verkamp <dverkamp@xxxxxxxxxxxx> > Co-developed-by: Jeff Xu <jeffxu@xxxxxxxxxx> > Signed-off-by: Jeff Xu <jeffxu@xxxxxxxxxx> > --- > tools/testing/selftests/memfd/memfd_test.c | 129 ++++++++++++++++++++- > 1 file changed, 128 insertions(+), 1 deletion(-) > > diff --git a/tools/testing/selftests/memfd/memfd_test.c b/tools/testing/selftests/memfd/memfd_test.c > index 94df2692e6e4..1d7e7b36bbdd 100644 > --- a/tools/testing/selftests/memfd/memfd_test.c > +++ b/tools/testing/selftests/memfd/memfd_test.c > @@ -28,12 +28,44 @@ > #define MFD_DEF_SIZE 8192 > #define STACK_SIZE 65536 > > +#ifndef F_SEAL_EXEC > +#define F_SEAL_EXEC 0x0020 > +#endif > + > +#ifndef MAX_PATH > +#define MAX_PATH 256 > +#endif I'd expect this to be named PATH_MAX, and it shouldn't need to have an #ifdef? That's a regular POSIX define. Otherwise, looks good. Though it'd be nice if this test use kselftest_harness.h, but that's not your problem. :) Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> -- Kees Cook
