selftests/exec: Add 32 tests for AT_EXECVE_CHECK and exec securebits

Test that checks performed by execveat(..., AT_EXECVE_CHECK) are consistent with noexec mount points and file execute permissions. Test that SECBIT_EXEC_RESTRICT_FILE and SECBIT_EXEC_DENY_INTERACTIVE are inherited by child processes and that they can be pinned with the appropriate SECBIT_EXEC_RESTRICT_FILE_LOCKED and SECBIT_EXEC_DENY_INTERACTIVE_LOCKED bits. Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Christian Brauner <brauner@kernel.org> Cc: Kees Cook <keescook@chromium.org> Cc: Paul Moore <paul@paul-moore.com> Cc: Serge Hallyn <serge@hallyn.com> Signed-off-by: Mickaël Salaün <mic@digikod.net> Link: https://lore.kernel.org/r/20241212174223.389435-4-mic@digikod.net Signed-off-by: Kees Cook <kees@kernel.org>
author: Mickaël Salaün <mic@digikod.net> 2024-12-12 18:42:18 +0100
committer: Kees Cook <kees@kernel.org> 2024-12-18 17:00:29 -0800
commit: b083cc815376a8ccfba6535b4d59a396b77601d4 (patch)
tree: cceac0e61b1b3cc1f6c6a03086172f15232c5b82 /tools/testing/selftests/exec/false.c
parent: a0623b2a1d595341971c189b90a6b06f42cd209d (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/tools/testing/selftests/exec/false.c b/tools/testing/selftests/exec/false.c
new file mode 100644
index 000000000000..104383ec3a79
--- /dev/null
+++ b/tools/testing/selftests/exec/false.c
@@ -0,0 +1,5 @@
+// SPDX-License-Identifier: GPL-2.0
+int main(void)
+{
+	return 1;
+}
author	Mickaël Salaün <mic@digikod.net>	2024-12-12 18:42:18 +0100
committer	Kees Cook <kees@kernel.org>	2024-12-18 17:00:29 -0800
commit	b083cc815376a8ccfba6535b4d59a396b77601d4 (patch)
tree	cceac0e61b1b3cc1f6c6a03086172f15232c5b82 /tools/testing/selftests/exec/false.c
parent	a0623b2a1d595341971c189b90a6b06f42cd209d (diff)