@@ -1,5 +1,7 @@
TARGETS=$(patsubst %.c,%,$(wildcard *.c))
+LDLIBS += -lpthread
+
all: $(TARGETS)
clean:
new file mode 100644
@@ -0,0 +1,33 @@
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <sys/mman.h>
+#include <pthread.h>
+
+static void *test_thread(void *p)
+{
+ char buf[4096];
+ int rc;
+ void *ptr;
+ long pagesize = sysconf(_SC_PAGESIZE);
+
+ ptr = (void *) (((unsigned long) buf) & ~(pagesize - 1));
+
+ rc = mprotect(ptr, pagesize, PROT_READ | PROT_WRITE | PROT_EXEC);
+ if (rc < 0) {
+ perror("mprotect");
+ exit(1);
+ }
+ return NULL;
+}
+
+int main(void)
+{
+ pthread_t thread;
+
+ pthread_create(&thread, NULL, test_thread, NULL);
+ pthread_join(thread, NULL);
+ exit(0);
+}
+
@@ -1,7 +1,7 @@
#!/usr/bin/perl
use Test;
-BEGIN { plan tests => 30}
+BEGIN { plan tests => 32}
$basedir = $0; $basedir =~ s|(.*)/[^/]*|$1|;
@@ -68,6 +68,12 @@ ok($result, 0);
$result = system "runcon -t test_execmem_t $basedir/mprotect_stack 2>&1";
ok($result);
+# Test success and failure for thread execstack, independent of execmem.
+$result = system "runcon -t test_execstack_t $basedir/mprotect_stack_thread";
+ok($result, 0);
+$result = system "runcon -t test_execmem_t $basedir/mprotect_stack_thread 2>&1";
+ok($result);
+
# Test success and failure for file execute on mmap w/ file shared mapping.
$result = system "runcon -t test_file_rwx_t $basedir/mmap_file_shared $basedir/temp_file";
ok($result, 0);
Test execstack permission checking for thread stacks. This depends on the corresponding kernel patch to apply the check for thread stacks in addition to the main process stack. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> --- tests/mmap/Makefile | 2 ++ tests/mmap/mprotect_stack_thread.c | 33 +++++++++++++++++++++++++++++++++ tests/mmap/test | 8 +++++++- 3 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 tests/mmap/mprotect_stack_thread.c -- 2.8.0