This is a note to let you know that I've just added the patch titled selftests/seccomp: Set NNP for TSYNC ESRCH flag test to the 5.8-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: selftests-seccomp-set-nnp-for-tsync-esrch-flag-test.patch and it can be found in the queue-5.8 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From e4d05028a07f505a08802a6d1b11674c149df2b3 Mon Sep 17 00:00:00 2001 From: Kees Cook <keescook@xxxxxxxxxxxx> Date: Fri, 10 Jul 2020 10:29:41 -0700 Subject: selftests/seccomp: Set NNP for TSYNC ESRCH flag test From: Kees Cook <keescook@xxxxxxxxxxxx> commit e4d05028a07f505a08802a6d1b11674c149df2b3 upstream. The TSYNC ESRCH flag test will fail for regular users because NNP was not set yet. Add NNP setting. Fixes: 51891498f2da ("seccomp: allow TSYNC and USER_NOTIF together") Cc: stable@xxxxxxxxxxxxxxx Reviewed-by: Tycho Andersen <tycho@xxxxxxxx> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- tools/testing/selftests/seccomp/seccomp_bpf.c | 5 +++++ 1 file changed, 5 insertions(+) --- a/tools/testing/selftests/seccomp/seccomp_bpf.c +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c @@ -3258,6 +3258,11 @@ TEST(user_notification_with_tsync) int ret; unsigned int flags; + ret = prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); + ASSERT_EQ(0, ret) { + TH_LOG("Kernel does not support PR_SET_NO_NEW_PRIVS!"); + } + /* these were exclusive */ flags = SECCOMP_FILTER_FLAG_NEW_LISTENER | SECCOMP_FILTER_FLAG_TSYNC; Patches currently in stable-queue which might be from keescook@xxxxxxxxxxxx are queue-5.8/net-compat-add-missing-sock-updates-for-scm_rights.patch queue-5.8/pidfd-add-missing-sock-updates-for-pidfd_getfd.patch queue-5.8/selftests-seccomp-set-nnp-for-tsync-esrch-flag-test.patch queue-5.8/mm-fix-kthread_use_mm-vs-tlb-invalidate.patch