| Message ID | 20250407-work-anon_inode-v1-8-53a44c20d44e@kernel.org (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | fs: harden anon inodes | expand |
On Mon 07-04-25 11:54:22, Christian Brauner wrote: > Test that anonymous inodes cannot be exec()ed. > > Signed-off-by: Christian Brauner <brauner@kernel.org> Looks good. Feel free to add: Reviewed-by: Jan Kara <jack@suse.cz> Honza > --- > tools/testing/selftests/filesystems/anon_inode_test.c | 13 +++++++++++++ > 1 file changed, 13 insertions(+) > > diff --git a/tools/testing/selftests/filesystems/anon_inode_test.c b/tools/testing/selftests/filesystems/anon_inode_test.c > index 7c4d0a225363..486496252ddd 100644 > --- a/tools/testing/selftests/filesystems/anon_inode_test.c > +++ b/tools/testing/selftests/filesystems/anon_inode_test.c > @@ -35,5 +35,18 @@ TEST(anon_inode_no_chmod) > EXPECT_EQ(close(fd_context), 0); > } > > +TEST(anon_inode_no_exec) > +{ > + int fd_context; > + > + fd_context = sys_fsopen("tmpfs", 0); > + ASSERT_GE(fd_context, 0); > + > + ASSERT_LT(execveat(fd_context, "", NULL, NULL, AT_EMPTY_PATH), 0); > + ASSERT_EQ(errno, EACCES); > + > + EXPECT_EQ(close(fd_context), 0); > +} > + > TEST_HARNESS_MAIN > > > -- > 2.47.2 >
diff --git a/tools/testing/selftests/filesystems/anon_inode_test.c b/tools/testing/selftests/filesystems/anon_inode_test.c index 7c4d0a225363..486496252ddd 100644 --- a/tools/testing/selftests/filesystems/anon_inode_test.c +++ b/tools/testing/selftests/filesystems/anon_inode_test.c @@ -35,5 +35,18 @@ TEST(anon_inode_no_chmod) EXPECT_EQ(close(fd_context), 0); } +TEST(anon_inode_no_exec) +{ + int fd_context; + + fd_context = sys_fsopen("tmpfs", 0); + ASSERT_GE(fd_context, 0); + + ASSERT_LT(execveat(fd_context, "", NULL, NULL, AT_EMPTY_PATH), 0); + ASSERT_EQ(errno, EACCES); + + EXPECT_EQ(close(fd_context), 0); +} + TEST_HARNESS_MAIN
Test that anonymous inodes cannot be exec()ed. Signed-off-by: Christian Brauner <brauner@kernel.org> --- tools/testing/selftests/filesystems/anon_inode_test.c | 13 +++++++++++++ 1 file changed, 13 insertions(+)