On Fri, Jan 8, 2021 at 3:38 AM Lokesh Gidra <lokeshgidra@xxxxxxxxxx> wrote: > > Confirm SELinux policies are enforced on userfaultfd operations > via secure anon-inode interface. > > Signed-off-by: Lokesh Gidra <lokeshgidra@xxxxxxxxxx> > --- > policy/Makefile | 4 +- > policy/test_userfaultfd.cil | 52 ++++++++++ > policy/test_userfaultfd.te | 52 ++++++++++ > tests/Makefile | 2 +- > tests/userfaultfd/Makefile | 5 + > tests/userfaultfd/test | 44 ++++++++ > tests/userfaultfd/userfaultfd.c | 177 ++++++++++++++++++++++++++++++++ > 7 files changed, 333 insertions(+), 3 deletions(-) > create mode 100644 policy/test_userfaultfd.cil > create mode 100644 policy/test_userfaultfd.te > create mode 100644 tests/userfaultfd/Makefile > create mode 100755 tests/userfaultfd/test > create mode 100644 tests/userfaultfd/userfaultfd.c Sorry for the long delay... This version is already almost there, I just had to fix some style issues and added checks so that the test is skipped on old systems (when <linux/usefaultfd.h> doesn't exist or userfaultfd(2) returns -ENOSYS). You can review the changes at https://github.com/WOnder93/selinux-testsuite/commits/uffd3 and if you (or others) have no objections, I'll fold them into the patch and merge it with a note that it was edited by me. If you prefer, you can also fetch the branch via the command-line: git fetch https://github.com/WOnder93/selinux-testsuite uffd3:uffd3 Thank you for being patient with us :) -- Ondrej Mosnacek Software Engineer, Platform Security - SELinux kernel Red Hat, Inc.
