This is a note to let you know that I've just added the patch titled selftests/seccomp: Handle EINVAL on unshare(CLONE_NEWPID) to the 6.8-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: selftests-seccomp-handle-einval-on-unshare-clone_newpid.patch and it can be found in the queue-6.8 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From ecaaa55c9fa5e8058445a8b891070b12208cdb6d Mon Sep 17 00:00:00 2001 From: Terry Tritton <terry.tritton@xxxxxxxxxx> Date: Wed, 24 Jan 2024 14:13:55 +0000 Subject: selftests/seccomp: Handle EINVAL on unshare(CLONE_NEWPID) From: Terry Tritton <terry.tritton@xxxxxxxxxx> commit ecaaa55c9fa5e8058445a8b891070b12208cdb6d upstream. unshare(CLONE_NEWPID) can return EINVAL if the kernel does not have the CONFIG_PID_NS option enabled. Add a check on these calls to skip the test if we receive EINVAL. Signed-off-by: Terry Tritton <terry.tritton@xxxxxxxxxx> Link: https://lore.kernel.org/r/20240124141357.1243457-2-terry.tritton@xxxxxxxxxx Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- tools/testing/selftests/seccomp/seccomp_bpf.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) --- a/tools/testing/selftests/seccomp/seccomp_bpf.c +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c @@ -3709,7 +3709,12 @@ TEST(user_notification_sibling_pid_ns) ASSERT_GE(pid, 0); if (pid == 0) { - ASSERT_EQ(unshare(CLONE_NEWPID), 0); + ASSERT_EQ(unshare(CLONE_NEWPID), 0) { + if (errno == EPERM) + SKIP(return, "CLONE_NEWPID requires CAP_SYS_ADMIN"); + else if (errno == EINVAL) + SKIP(return, "CLONE_NEWPID is invalid (missing CONFIG_PID_NS?)"); + } pid2 = fork(); ASSERT_GE(pid2, 0); @@ -3727,6 +3732,8 @@ TEST(user_notification_sibling_pid_ns) ASSERT_EQ(unshare(CLONE_NEWPID), 0) { if (errno == EPERM) SKIP(return, "CLONE_NEWPID requires CAP_SYS_ADMIN"); + else if (errno == EINVAL) + SKIP(return, "CLONE_NEWPID is invalid (missing CONFIG_PID_NS?)"); } ASSERT_EQ(errno, 0); Patches currently in stable-queue which might be from terry.tritton@xxxxxxxxxx are queue-6.8/selftests-seccomp-change-the-syscall-used-in-kill_thread-test.patch queue-6.8/selftests-seccomp-user_notification_addfd-check-nextfd-is-available.patch queue-6.8/selftests-seccomp-handle-einval-on-unshare-clone_newpid.patch