kernel-tests master: selinux-dac-controls test came from rhbz 1013466 (d632c33)

jforbes at fedoraproject.org jforbes at fedoraproject.org
Thu Aug 7 14:49:26 UTC 2014 

Repository : http://git.fedorahosted.org/cgit/kernel-tests.git

On branch  : master

>---------------------------------------------------------------

commit d632c335751ee265cf83492f240f2413aad1a9cc
Author: Justin M. Forbes <jforbes at redhat.com>
Date:   Thu Aug 7 16:49:17 2014 +0200

    selinux-dac-controls test came from rhbz 1013466


>---------------------------------------------------------------

 default/selinux-dac-controls/mmap_test.c |   26 +++++++++++++++++++++
 default/selinux-dac-controls/runtest.sh  |   37 ++++++++++++++++++++++++++++++
 2 files changed, 63 insertions(+), 0 deletions(-)

diff --git a/default/selinux-dac-controls/mmap_test.c b/default/selinux-dac-controls/mmap_test.c
new file mode 100644
index 0000000..a63e8cd
--- /dev/null
+++ b/default/selinux-dac-controls/mmap_test.c
@@ -0,0 +1,26 @@
+#include <stdlib.h>
+#include <stdio.h>
+#include <errno.h>
+#include <sys/mman.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+
+int main(int argc, char *argv[])
+{
+	int rc;
+	void *mem;
+	/* Run as nobody, we don't want CAP_SYS_RAWIO */
+	setuid(99);
+	setgid(99);
+
+	mem = mmap(0x0, 4096,
+		   PROT_READ | PROT_WRITE,
+		   MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED, -1, 0);
+	if (mem == MAP_FAILED)
+		return errno;
+	printf("mem = %p\n", mem);
+	munmap(mem, 4096);
+
+	return 0;
+}
diff --git a/default/selinux-dac-controls/runtest.sh b/default/selinux-dac-controls/runtest.sh
new file mode 100755
index 0000000..736ac97
--- /dev/null
+++ b/default/selinux-dac-controls/runtest.sh
@@ -0,0 +1,37 @@
+#!/bin/bash
+#
+# Licensed under the terms of the GNU GPL License version 2
+
+# This test came from rhbz 1013466
+
+# Make sure we can run this test successfully
+source ../../utils/root-check.sh
+check_root
+is_root=$?
+if [ "$is_root" -ne "0" ]; then
+        exit 3
+fi
+
+selinux=`getenforce`
+if [ "$selinux" == "Permissive" ]; then
+	echo "SELinux must be enabled for this test"
+	exit 3
+fi
+
+#Build
+gcc -g -O0 -o mmap_test mmap_test.c
+if [ ! -f ./mmap_test ]; then
+  echo "Something went wrong during mmap_test build."
+  exit -1
+fi
+
+./mmap_test
+
+avcdenial=`ausearch -m AVC -ts recent | grep -c mmap_zero`
+if [ "$avcdenial" -ne "0" ]; then
+        echo "AVC Denail found for mmap_zero"
+	exit -1
+fi
+
+
+exit 0

More information about the kernel mailing list