Hosts the 0x221E linux distro kernel. https://universe.0xinfinity.dev/distro/kernel/atom?h=linux-6.2.y 2022-07-15T18:24:42Z 2022-07-15T18:24:42Z Micah Morton mortonm@chromium.org 2022-06-16T17:09:55Z urn:sha1:64b634830c919979de4b18163e15d30df66e64a8 Selftest already has support for testing UID and GID transitions. Signed-off-by: Micah Morton <mortonm@chromium.org> 2022-07-15T17:35:34Z Micah Morton mortonm@chromium.org 2022-06-15T22:17:40Z urn:sha1:a1732d6898ced0523cb4073c7f02d236edf312b1 GID security policies were added back in v5.10, update the selftest to reflect this. Signed-off-by: Micah Morton <mortonm@chromium.org> 2022-07-15T17:35:34Z Micah Morton mortonm@chromium.org 2022-06-15T22:14:14Z urn:sha1:b2927170d4fbdf30545eb482133425477625a665 Add some notes on how to run the test, update the policy file paths to reflect recent upstream changes, prepare test for adding GID testing. Signed-off-by: Micah Morton <mortonm@chromium.org> 2022-07-15T17:35:34Z Micah Morton mortonm@chromium.org 2022-06-15T21:19:06Z urn:sha1:92c005a1176288c98a0dc49f37376da35bbea071 Not sure how this bug got in here but its been there since the original merge. I think I tested the code on a system that wouldn't let me clone() with CLONE_NEWUSER flag set so had to comment out these test_userns invocations. Trying to map UID 0 inside the userns to UID 0 outside will never work, even with CAP_SETUID. The code is supposed to test whether we can map UID 0 in the userns to the UID of the parent process (the one with CAP_SETUID that is writing the /proc/[pid]/uid_map file). Signed-off-by: Micah Morton <mortonm@chromium.org> 2021-08-26T21:15:24Z Colin Ian King colin.king@canonical.com 2021-08-26T12:14:45Z urn:sha1:7ce05074b93c7f130c48e04defa63d157adeb143 There is a spelling mistake in an error message. Fix it. Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Shuah Khan <skhan@linuxfoundation.org> 2020-03-25T10:50:48Z Masahiro Yamada masahiroy@kernel.org 2020-03-03T13:35:59Z urn:sha1:d198b34f3855eee2571dda03eea75a09c7c31480 Add SPDX License Identifier to all .gitignore files. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-12-09T17:53:04Z Masami Hiramatsu mhiramat@kernel.org 2019-12-05T12:21:16Z urn:sha1:8ef1ec0ca32c6f8a87f5b4c24b1db26da67c5609 Fix Makefile to set safesetid-test.sh to TEST_PROGS instead of non existing run_tests.sh. Without this fix, I got following error. ---- TAP version 13 1..1 # selftests: safesetid: run_tests.sh # Warning: file run_tests.sh is missing! not ok 1 selftests: safesetid: run_tests.sh ---- Fixes: c67e8ec03f3f ("LSM: SafeSetID: add selftest") Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org> Signed-off-by: Shuah Khan <skhan@linuxfoundation.org> 2019-12-09T17:53:04Z Masami Hiramatsu mhiramat@kernel.org 2019-12-05T12:21:07Z urn:sha1:295c4e21cf27ac9af542140e3e797df9e0cf7b5f Check the return value of setuid() and setgid(). This fixes the following warnings and improves test result. safesetid-test.c: In function ‘main’: safesetid-test.c:294:2: warning: ignoring return value of ‘setuid’, declared with attribute warn_unused_result [-Wunused-result] setuid(NO_POLICY_USER); ^~~~~~~~~~~~~~~~~~~~~~ safesetid-test.c:295:2: warning: ignoring return value of ‘setgid’, declared with attribute warn_unused_result [-Wunused-result] setgid(NO_POLICY_USER); ^~~~~~~~~~~~~~~~~~~~~~ safesetid-test.c:309:2: warning: ignoring return value of ‘setuid’, declared with attribute warn_unused_result [-Wunused-result] setuid(RESTRICTED_PARENT); ^~~~~~~~~~~~~~~~~~~~~~~~~ safesetid-test.c:310:2: warning: ignoring return value of ‘setgid’, declared with attribute warn_unused_result [-Wunused-result] setgid(RESTRICTED_PARENT); ^~~~~~~~~~~~~~~~~~~~~~~~~ safesetid-test.c: In function ‘test_setuid’: safesetid-test.c:216:3: warning: ignoring return value of ‘setuid’, declared with attribute warn_unused_result [-Wunused-result] setuid(child_uid); ^~~~~~~~~~~~~~~~~ Fixes: c67e8ec03f3f ("LSM: SafeSetID: add selftest") Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org> Signed-off-by: Shuah Khan <skhan@linuxfoundation.org> 2019-12-09T17:53:04Z Masami Hiramatsu mhiramat@kernel.org 2019-12-05T12:20:58Z urn:sha1:be12252212fa3dfed6e75112865095c484c0ce87 Move -lcap to LDLIBS from CFLAGS because it is a library to be linked. Without this, safesetid failed to build with link error as below. ---- /usr/bin/ld: /tmp/ccL8rZHT.o: in function `drop_caps': safesetid-test.c:(.text+0xe7): undefined reference to `cap_get_proc' /usr/bin/ld: safesetid-test.c:(.text+0x107): undefined reference to `cap_set_flag' /usr/bin/ld: safesetid-test.c:(.text+0x10f): undefined reference to `cap_set_proc' /usr/bin/ld: safesetid-test.c:(.text+0x117): undefined reference to `cap_free' /usr/bin/ld: safesetid-test.c:(.text+0x136): undefined reference to `cap_clear' collect2: error: ld returned 1 exit status ---- Fixes: c67e8ec03f3f ("LSM: SafeSetID: add selftest") Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org> Signed-off-by: Shuah Khan <skhan@linuxfoundation.org> 2019-07-15T15:07:51Z Jann Horn jannh@google.com 2019-04-11T20:12:43Z urn:sha1:4f72123da579655855301b591535a1415224f123 Someone might write a ruleset like the following, expecting that it securely constrains UID 1 to UIDs 1, 2 and 3: 1:2 1:3 However, because no constraints are applied to UIDs 2 and 3, an attacker with UID 1 can simply first switch to UID 2, then switch to any UID from there. The secure way to write this ruleset would be: 1:2 1:3 2:2 3:3 , which uses "transition to self" as a way to inhibit the default-allow policy without allowing anything specific. This is somewhat unintuitive. To make sure that policy authors don't accidentally write insecure policies because of this, let the kernel verify that a new ruleset does not contain any entries that are constrained, but transitively unconstrained. Signed-off-by: Jann Horn <jannh@google.com> Signed-off-by: Micah Morton <mortonm@chromium.org>