This is a note to let you know that I've just added the patch titled
selftests/seccomp: Set NNP for TSYNC ESRCH flag test
to the 5.7-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
selftests-seccomp-set-nnp-for-tsync-esrch-flag-test.patch
and it can be found in the queue-5.7 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From e4d05028a07f505a08802a6d1b11674c149df2b3 Mon Sep 17 00:00:00 2001
From: Kees Cook <keescook@xxxxxxxxxxxx>
Date: Fri, 10 Jul 2020 10:29:41 -0700
Subject: selftests/seccomp: Set NNP for TSYNC ESRCH flag test
From: Kees Cook <keescook@xxxxxxxxxxxx>
commit e4d05028a07f505a08802a6d1b11674c149df2b3 upstream.
The TSYNC ESRCH flag test will fail for regular users because NNP was
not set yet. Add NNP setting.
Fixes: 51891498f2da ("seccomp: allow TSYNC and USER_NOTIF together")
Cc: stable@xxxxxxxxxxxxxxx
Reviewed-by: Tycho Andersen <tycho@xxxxxxxx>
Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
tools/testing/selftests/seccomp/seccomp_bpf.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/tools/testing/selftests/seccomp/seccomp_bpf.c
+++ b/tools/testing/selftests/seccomp/seccomp_bpf.c
@@ -3257,6 +3257,11 @@ TEST(user_notification_with_tsync)
int ret;
unsigned int flags;
+ ret = prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
+ ASSERT_EQ(0, ret) {
+ TH_LOG("Kernel does not support PR_SET_NO_NEW_PRIVS!");
+ }
+
/* these were exclusive */
flags = SECCOMP_FILTER_FLAG_NEW_LISTENER |
SECCOMP_FILTER_FLAG_TSYNC;
Patches currently in stable-queue which might be from keescook@xxxxxxxxxxxx are
queue-5.7/net-compat-add-missing-sock-updates-for-scm_rights.patch
queue-5.7/pidfd-add-missing-sock-updates-for-pidfd_getfd.patch
queue-5.7/selftests-seccomp-set-nnp-for-tsync-esrch-flag-test.patch
