| Message ID | 20200110143756.20101-1-omosnace@redhat.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [testsuite] tests/prlimit: avoid invalid limit combinations | expand |
On 1/10/20 9:37 AM, Ondrej Mosnacek wrote: > There is a bug in the prlimit test that causes invalid limit > combinations (soft > hard) to be created, leading to false failures. > > Consider for example an old setting of X for both soft and hard limit. > In such case the hard limit test tries to set the limits to X (soft) and > X/2 (hard), which always fails with -EINVAL. > > This patch fixes the logic to clamp the soft limit to keep it from > exceeding the hard limit. In such case the soft limit will also be > changed, but this can't be avoided. > > Fixes: 0782228ef06b ("selinux-testsuite: Add tests for prlimit(2) permission checks") > Reported-by: Paul Bunyan <pbunyan@redhat.com> > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> > --- > tests/prlimit/parent.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/tests/prlimit/parent.c b/tests/prlimit/parent.c > index be320f0..11c0c25 100644 > --- a/tests/prlimit/parent.c > +++ b/tests/prlimit/parent.c > @@ -147,6 +147,12 @@ int main(int argc, char **argv) > newrlim.rlim_max = 1024; > else > newrlim.rlim_max = oldrlim.rlim_max / 2; > + if (newrlim.rlim_cur > newrlim.rlim_max) > + /* > + * This will change also soft limit, but > + * what else can you do in such case... > + */ > + newrlim.rlim_cur = newrlim.rlim_max; > } > } > >
On 1/10/20 9:54 AM, Stephen Smalley wrote: > On 1/10/20 9:37 AM, Ondrej Mosnacek wrote: >> There is a bug in the prlimit test that causes invalid limit >> combinations (soft > hard) to be created, leading to false failures. >> >> Consider for example an old setting of X for both soft and hard limit. >> In such case the hard limit test tries to set the limits to X (soft) and >> X/2 (hard), which always fails with -EINVAL. >> >> This patch fixes the logic to clamp the soft limit to keep it from >> exceeding the hard limit. In such case the soft limit will also be >> changed, but this can't be avoided. >> >> Fixes: 0782228ef06b ("selinux-testsuite: Add tests for prlimit(2) >> permission checks") >> Reported-by: Paul Bunyan <pbunyan@redhat.com> >> Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> > > Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Applied. > >> --- >> tests/prlimit/parent.c | 6 ++++++ >> 1 file changed, 6 insertions(+) >> >> diff --git a/tests/prlimit/parent.c b/tests/prlimit/parent.c >> index be320f0..11c0c25 100644 >> --- a/tests/prlimit/parent.c >> +++ b/tests/prlimit/parent.c >> @@ -147,6 +147,12 @@ int main(int argc, char **argv) >> newrlim.rlim_max = 1024; >> else >> newrlim.rlim_max = oldrlim.rlim_max / 2; >> + if (newrlim.rlim_cur > newrlim.rlim_max) >> + /* >> + * This will change also soft limit, but >> + * what else can you do in such case... >> + */ >> + newrlim.rlim_cur = newrlim.rlim_max; >> } >> } >> >
diff --git a/tests/prlimit/parent.c b/tests/prlimit/parent.c index be320f0..11c0c25 100644 --- a/tests/prlimit/parent.c +++ b/tests/prlimit/parent.c @@ -147,6 +147,12 @@ int main(int argc, char **argv) newrlim.rlim_max = 1024; else newrlim.rlim_max = oldrlim.rlim_max / 2; + if (newrlim.rlim_cur > newrlim.rlim_max) + /* + * This will change also soft limit, but + * what else can you do in such case... + */ + newrlim.rlim_cur = newrlim.rlim_max; } }
There is a bug in the prlimit test that causes invalid limit combinations (soft > hard) to be created, leading to false failures. Consider for example an old setting of X for both soft and hard limit. In such case the hard limit test tries to set the limits to X (soft) and X/2 (hard), which always fails with -EINVAL. This patch fixes the logic to clamp the soft limit to keep it from exceeding the hard limit. In such case the soft limit will also be changed, but this can't be avoided. Fixes: 0782228ef06b ("selinux-testsuite: Add tests for prlimit(2) permission checks") Reported-by: Paul Bunyan <pbunyan@redhat.com> Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> --- tests/prlimit/parent.c | 6 ++++++ 1 file changed, 6 insertions(+)