linux_dsm_epyc7002/tools/testing/selftests/seccomp
Kees Cook 58d0a862f5 seccomp: add tests for ptrace hole
One problem with seccomp was that ptrace could be used to change a
syscall after seccomp filtering had completed. This was a well documented
limitation, and it was recommended to block ptrace when defining a filter
to avoid this problem. This can be quite a limitation for containers or
other places where ptrace is desired even under seccomp filters.

This adds tests for both SECCOMP_RET_TRACE and PTRACE_SYSCALL manipulations.

Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andy Lutomirski <luto@kernel.org>
2016-06-14 10:54:38 -07:00
..
.gitignore selftests: add seccomp suite 2015-06-17 17:12:32 -06:00
config selftests: create test-specific kconfig fragments 2016-02-25 09:47:52 -07:00
Makefile selftests: add seccomp suite 2015-06-17 17:12:32 -06:00
seccomp_bpf.c seccomp: add tests for ptrace hole 2016-06-14 10:54:38 -07:00
test_harness.h selftests/seccomp: fix 32-bit build warnings 2016-01-07 13:40:20 -07:00