selftests/bpf: Add tests verifying bpf lsm userns_create hook - linux-dev - Linux kernel development work

diff options

author	Frederick Lawler <fred@cloudflare.com>	2022-08-15 11:20:27 -0500
committer	Paul Moore <paul@paul-moore.com>	2022-08-16 17:39:59 -0400
commit	d5810139cca39cf2854728b465f8bada4a445302 (patch)
tree	7a547866afe04a7158f1a5bbc600f928143bfac9 /security/selinux/hooks.c
parent	bpf-lsm: Make bpf_lsm_userns_create() sleepable (diff)
download	linux-dev-d5810139cca39cf2854728b465f8bada4a445302.tar.xz linux-dev-d5810139cca39cf2854728b465f8bada4a445302.zip

selftests/bpf: Add tests verifying bpf lsm userns_create hook

The LSM hook userns_create was introduced to provide LSM's an opportunity to block or allow unprivileged user namespace creation. This test serves two purposes: it provides a test eBPF implementation, and tests the hook successfully blocks or allows user namespace creation. This tests 3 cases: 1. Unattached bpf program does not block unpriv user namespace creation. 2. Attached bpf program allows user namespace creation given CAP_SYS_ADMIN privileges. 3. Attached bpf program denies user namespace creation for a user without CAP_SYS_ADMIN. Acked-by: KP Singh <kpsingh@kernel.org> Signed-off-by: Frederick Lawler <fred@cloudflare.com> Signed-off-by: Paul Moore <paul@paul-moore.com>

Diffstat (limited to 'security/selinux/hooks.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: