On Thu, Jan 21, 2021 at 12:03 AM Lokesh Gidra <lokeshgidra@xxxxxxxxxx> wrote: > > On Wed, Jan 20, 2021 at 2:39 PM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > > > > On Fri, Jan 8, 2021 at 3:38 AM Lokesh Gidra <lokeshgidra@xxxxxxxxxx> wrote: > > > > > > Confirm SELinux policies are enforced on userfaultfd operations > > > via secure anon-inode interface. > > > > > > Signed-off-by: Lokesh Gidra <lokeshgidra@xxxxxxxxxx> > > > --- > > > policy/Makefile | 4 +- > > > policy/test_userfaultfd.cil | 52 ++++++++++ > > > policy/test_userfaultfd.te | 52 ++++++++++ > > > tests/Makefile | 2 +- > > > tests/userfaultfd/Makefile | 5 + > > > tests/userfaultfd/test | 44 ++++++++ > > > tests/userfaultfd/userfaultfd.c | 177 ++++++++++++++++++++++++++++++++ > > > 7 files changed, 333 insertions(+), 3 deletions(-) > > > create mode 100644 policy/test_userfaultfd.cil > > > create mode 100644 policy/test_userfaultfd.te > > > create mode 100644 tests/userfaultfd/Makefile > > > create mode 100755 tests/userfaultfd/test > > > create mode 100644 tests/userfaultfd/userfaultfd.c > > > > Sorry for the long delay... This version is already almost there, I > > just had to fix some style issues and added checks so that the test is > > skipped on old systems (when <linux/usefaultfd.h> doesn't exist or > > userfaultfd(2) returns -ENOSYS). > > > Thanks so much for fixing these issues. And I apologize for missing them. > > > You can review the changes at > > https://github.com/WOnder93/selinux-testsuite/commits/uffd3 and if you > > (or others) have no objections, I'll fold them into the patch and > > merge it with a note that it was edited by me. > > LGTM Thanks, I have now merged the final patch: https://github.com/SELinuxProject/selinux-testsuite/commit/2ea0079243635d7e4232deab7af8b90106474cec > > > > If you prefer, you can also fetch the branch via the command-line: > > git fetch https://github.com/WOnder93/selinux-testsuite uffd3:uffd3 > > > > Thank you for being patient with us :) > > Thank you for the reviews. It was a very learning experience for me :) > > > > -- > > Ondrej Mosnacek > > Software Engineer, Platform Security - SELinux kernel > > Red Hat, Inc. > > > -- Ondrej Mosnacek Software Engineer, Platform Security - SELinux kernel Red Hat, Inc.
