From patchwork Thu Jun 16 17:18:09 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Micah Morton X-Patchwork-Id: 12884628 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id BE58BC433EF for ; Thu, 16 Jun 2022 17:18:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1378222AbiFPRSZ (ORCPT ); Thu, 16 Jun 2022 13:18:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59204 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1377915AbiFPRSY (ORCPT ); Thu, 16 Jun 2022 13:18:24 -0400 Received: from mail-pj1-x102b.google.com (mail-pj1-x102b.google.com [IPv6:2607:f8b0:4864:20::102b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 666FB39162 for ; Thu, 16 Jun 2022 10:18:23 -0700 (PDT) Received: by mail-pj1-x102b.google.com with SMTP id t3-20020a17090a510300b001ea87ef9a3dso2051999pjh.4 for ; Thu, 16 Jun 2022 10:18:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=/F8W4X0OG/zaI5SNdaWcoXd2ZhB+Vu7miSvJF8gcVgY=; b=TJjkupzaO1XanVa1a8MhVf2wS5mS4CLkAxnyU2AT4h6QR0Gb0ZyoWoYLUkUW0B3mQv tGBExJHMLN4zEOfuldWF+pLYgkGGqzLFFoHP6xYZI3TOStk8OSdr1sl9iudd+OntIKwh AIEX0Mq/0LBxOdTp//Pu1JhSe2QZgtF9YCuoU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=/F8W4X0OG/zaI5SNdaWcoXd2ZhB+Vu7miSvJF8gcVgY=; b=zPnmrJcJKhHa+HuDU1HrG50FJQQ6cUTkdIjzbqI1mn1PJLPrEjw3n80RTu0yCUTUks gK7ddL87P6EFkzv3XpOmA3svuMOXV+DJP60kncOR13VKftVMNIdaeIulCnl1nBiIDd7g EZ7LnKz7iVJw+mZPMIZZiCetIqwZgyfWVx/uj5l/hjQUbWxXEeLwoYYFYAL76MuIuTQZ x0bgLL/bbVpUEB0DvwwynLuXDPKErcecRW4wvk+6zpl6e/f/rbJKABy3sXCo2oXE6AHn JXP5RiBTPzVrp3W39Xa6kXvHT+G/J417RJwSG6YB/kSCTocGYGGptjSfILAgmFw9Vusg R1dw== X-Gm-Message-State: AJIora/9+o8YVDEa0zY5sOqFuS9AAoecZYVfyt5e+TMujHHW9hhclbgr pNRm4BVRqmxV03x1hCjFG8w7F/n6EFfM1A== X-Google-Smtp-Source: AGRyM1vPSDMIElCPrx4yIRc2lam3wMaH0PbSNRhHXnY4BG5I9I07mOaikaL+u5z4b3MRGxlRwHa6FA== X-Received: by 2002:a17:90a:cc0d:b0:1e3:1256:faa3 with SMTP id b13-20020a17090acc0d00b001e31256faa3mr17228215pju.107.1655399902597; Thu, 16 Jun 2022 10:18:22 -0700 (PDT) Received: from localhost ([2620:15c:202:200:46bc:126f:64c1:579a]) by smtp.gmail.com with UTF8SMTPSA id s12-20020a63924c000000b003fe4da67980sm2002300pgn.68.2022.06.16.10.18.15 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 16 Jun 2022 10:18:17 -0700 (PDT) From: Micah Morton To: linux-security-module@vger.kernel.org Cc: keescook@chromium.org, jmorris@namei.org, serge@hallyn.com, linux-kernel@vger.kernel.org, Micah Morton Subject: [PATCH 1/3] security: Add LSM hook to setgroups() syscall Date: Thu, 16 Jun 2022 10:18:09 -0700 Message-Id: <20220616171809.783277-1-mortonm@chromium.org> X-Mailer: git-send-email 2.36.1.476.g0c4daa206d-goog MIME-Version: 1.0 Precedence: bulk List-ID: Give the LSM framework the ability to filter setgroups() syscalls. There are already analagous hooks for the set*uid() and set*gid() syscalls. The SafeSetID LSM will use this new hook to ensure setgroups() calls are allowed by the installed security policy. Tested by putting print statement in security_task_fix_setgroups() hook and confirming that it gets hit when userspace does a setgroups() syscall. Signed-off-by: Micah Morton Acked-by: Casey Schaufler Reviewed-by: Serge Hallyn --- include/linux/lsm_hook_defs.h | 1 + include/linux/lsm_hooks.h | 7 +++++++ include/linux/security.h | 7 +++++++ kernel/groups.c | 13 +++++++++++++ security/security.c | 5 +++++ 5 files changed, 33 insertions(+) diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index eafa1d2489fd..806448173033 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -201,6 +201,7 @@ LSM_HOOK(int, 0, task_fix_setuid, struct cred *new, const struct cred *old, int flags) LSM_HOOK(int, 0, task_fix_setgid, struct cred *new, const struct cred * old, int flags) +LSM_HOOK(int, 0, task_fix_setgroups, struct cred *new, const struct cred * old) LSM_HOOK(int, 0, task_setpgid, struct task_struct *p, pid_t pgid) LSM_HOOK(int, 0, task_getpgid, struct task_struct *p) LSM_HOOK(int, 0, task_getsid, struct task_struct *p) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 91c8146649f5..84a0d7e02176 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -702,6 +702,13 @@ * @old is the set of credentials that are being replaced. * @flags contains one of the LSM_SETID_* values. * Return 0 on success. + * @task_fix_setgroups: + * Update the module's state after setting the supplementary group + * identity attributes of the current process. + * @new is the set of credentials that will be installed. Modifications + * should be made to this rather than to @current->cred. + * @old is the set of credentials that are being replaced. + * Return 0 on success. * @task_setpgid: * Check permission before setting the process group identifier of the * process @p to @pgid. diff --git a/include/linux/security.h b/include/linux/security.h index 7fc4e9f49f54..1dfd32c49fa3 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -415,6 +415,7 @@ int security_task_fix_setuid(struct cred *new, const struct cred *old, int flags); int security_task_fix_setgid(struct cred *new, const struct cred *old, int flags); +int security_task_fix_setgroups(struct cred *new, const struct cred *old); int security_task_setpgid(struct task_struct *p, pid_t pgid); int security_task_getpgid(struct task_struct *p); int security_task_getsid(struct task_struct *p); @@ -1098,6 +1099,12 @@ static inline int security_task_fix_setgid(struct cred *new, return 0; } +static inline int security_task_fix_setgroups(struct cred *new, + const struct cred *old) +{ + return 0; +} + static inline int security_task_setpgid(struct task_struct *p, pid_t pgid) { return 0; diff --git a/kernel/groups.c b/kernel/groups.c index 787b381c7c00..9aaed2a31073 100644 --- a/kernel/groups.c +++ b/kernel/groups.c @@ -134,13 +134,26 @@ EXPORT_SYMBOL(set_groups); int set_current_groups(struct group_info *group_info) { struct cred *new; + const struct cred *old; + int retval; new = prepare_creds(); if (!new) return -ENOMEM; + old = current_cred(); + set_groups(new, group_info); + + retval = security_task_fix_setgroups(new, old); + if (retval < 0) + goto error; + return commit_creds(new); + +error: + abort_creds(new); + return retval; } EXPORT_SYMBOL(set_current_groups); diff --git a/security/security.c b/security/security.c index 188b8f782220..15c686145ad6 100644 --- a/security/security.c +++ b/security/security.c @@ -1803,6 +1803,11 @@ int security_task_fix_setgid(struct cred *new, const struct cred *old, return call_int_hook(task_fix_setgid, 0, new, old, flags); } +int security_task_fix_setgroups(struct cred *new, const struct cred *old) +{ + return call_int_hook(task_fix_setgroups, 0, new, old); +} + int security_task_setpgid(struct task_struct *p, pid_t pgid) { return call_int_hook(task_setpgid, 0, p, pgid); From patchwork Thu Jun 16 17:18:35 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Micah Morton X-Patchwork-Id: 12884629 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 052F2C43334 for ; Thu, 16 Jun 2022 17:18:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1378260AbiFPRSx (ORCPT ); Thu, 16 Jun 2022 13:18:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59864 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1378252AbiFPRSn (ORCPT ); Thu, 16 Jun 2022 13:18:43 -0400 Received: from mail-pj1-x102c.google.com (mail-pj1-x102c.google.com [IPv6:2607:f8b0:4864:20::102c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9A3C047AF8 for ; Thu, 16 Jun 2022 10:18:41 -0700 (PDT) Received: by mail-pj1-x102c.google.com with SMTP id k12-20020a17090a404c00b001eaabc1fe5dso2412876pjg.1 for ; Thu, 16 Jun 2022 10:18:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=PKGwV//MEXrwgZOiJp/qoVKZr49qK2b+iqbkchU5bh8=; b=gmF4Klitv5CulrXt7xBxijxRxfZ9Jp5eXLMoJMnjoyOKCJwue2joP1FSwImvel8a54 JOl/Nx661Nf4vsrg1D4Kx2aEW5NaWQUZDN68KqMeLeMzEcmiwoLKP0Z0GuwW9h7xJD0Q b+uJ/rfyyqA8FcFAK67f2kWy1joYYUUhL0hZU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=PKGwV//MEXrwgZOiJp/qoVKZr49qK2b+iqbkchU5bh8=; b=yCRaTD1GGHPiS9NEfUE6D5oCT7PTGkKcZFoXNarTJxZrBOrkLqmjyWSGuQqiH5Dc/T w1XnnqOG8b7yyoimwr/6A97gCEFSXPd3j8mJJcbt+Do5gRvnNqEdyZvWB2ywVP6843Q9 dkGyavs9MJ7gfreaPyylfmvKTZl6HFCISVLRFWuWqTqlRorro9vCaNU5zpVQkvajGYFb SEvGL1PInsSC9Dgx+kdjpUtZDAPdNjJ1K+7FhzwYEuJHdrCs1FrreQu5m1HE4pj6gwI0 Tkqc1rYgd+NN+e7b7zsDftUoknbdFORY2iVcgKd/LJY2+YDwa57ot9GP34rD9b38MsRc GB/w== X-Gm-Message-State: AJIora/cdBAKnk9+dpGMZYvEn5MeqknYjHL9BR6tJVN7bkgcafPVPfEU U6BsfL+xrmlTpheny6Lk57V/pGkQTMyLig== X-Google-Smtp-Source: AGRyM1tOcp7klVw0+BqUz5jJnXKHokgfqb9ph9LucWEdnmE9rya65hCQQup8atZHLsV67aJhNHAohA== X-Received: by 2002:a17:90b:1e44:b0:1e2:e772:5f08 with SMTP id pi4-20020a17090b1e4400b001e2e7725f08mr17314937pjb.129.1655399920846; Thu, 16 Jun 2022 10:18:40 -0700 (PDT) Received: from localhost ([2620:15c:202:200:46bc:126f:64c1:579a]) by smtp.gmail.com with UTF8SMTPSA id fs20-20020a17090af29400b001ea75a02805sm4077300pjb.52.2022.06.16.10.18.37 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 16 Jun 2022 10:18:38 -0700 (PDT) From: Micah Morton To: linux-security-module@vger.kernel.org Cc: keescook@chromium.org, jmorris@namei.org, serge@hallyn.com, linux-kernel@vger.kernel.org, Micah Morton Subject: [PATCH 2/3] LSM: SafeSetID: Add setgroups() security policy handling Date: Thu, 16 Jun 2022 10:18:35 -0700 Message-Id: <20220616171835.783310-1-mortonm@chromium.org> X-Mailer: git-send-email 2.36.1.476.g0c4daa206d-goog MIME-Version: 1.0 Precedence: bulk List-ID: The SafeSetID LSM has functionality for restricting setuid()/setgid() syscalls based on its configured security policies. This patch adds the analogous functionality for the setgroups() syscall. Security policy for the setgroups() syscall follows the same policies that are installed on the system for setgid() syscalls. Signed-off-by: Micah Morton --- security/safesetid/lsm.c | 39 ++++++++++++++++++++++++++++++--------- 1 file changed, 30 insertions(+), 9 deletions(-) diff --git a/security/safesetid/lsm.c b/security/safesetid/lsm.c index 963f4ad9cb66..e806739f7868 100644 --- a/security/safesetid/lsm.c +++ b/security/safesetid/lsm.c @@ -97,15 +97,9 @@ static int safesetid_security_capable(const struct cred *cred, return 0; /* - * If CAP_SET{U/G}ID is currently used for a setid() syscall, we want to - * let it go through here; the real security check happens later, in the - * task_fix_set{u/g}id hook. - * - * NOTE: - * Until we add support for restricting setgroups() calls, GID security - * policies offer no meaningful security since we always return 0 here - * when called from within the setgroups() syscall and there is no - * additional hook later on to enforce security policies for setgroups(). + * If CAP_SET{U/G}ID is currently used for a setid or setgroups syscall, we + * want to let it go through here; the real security check happens later, in + * the task_fix_set{u/g}id or task_fix_setgroups hooks. */ if ((opts & CAP_OPT_INSETID) != 0) return 0; @@ -241,9 +235,36 @@ static int safesetid_task_fix_setgid(struct cred *new, return -EACCES; } +static int safesetid_task_fix_setgroups(struct cred *new, const struct cred *old) +{ + int i; + + /* Do nothing if there are no setgid restrictions for our old RGID. */ + if (setid_policy_lookup((kid_t){.gid = old->gid}, INVALID_ID, GID) == SIDPOL_DEFAULT) + return 0; + + get_group_info(new->group_info); + for (i = 0; i < new->group_info->ngroups; i++) { + if (!id_permitted_for_cred(old, (kid_t){.gid = new->group_info->gid[i]}, GID)) { + put_group_info(new->group_info); + /* + * Kill this process to avoid potential security vulnerabilities + * that could arise from a missing allowlist entry preventing a + * privileged process from dropping to a lesser-privileged one. + */ + force_sig(SIGKILL); + return -EACCES; + } + } + + put_group_info(new->group_info); + return 0; +} + static struct security_hook_list safesetid_security_hooks[] = { LSM_HOOK_INIT(task_fix_setuid, safesetid_task_fix_setuid), LSM_HOOK_INIT(task_fix_setgid, safesetid_task_fix_setgid), + LSM_HOOK_INIT(task_fix_setgroups, safesetid_task_fix_setgroups), LSM_HOOK_INIT(capable, safesetid_security_capable) }; From patchwork Thu Jun 16 17:18:43 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Micah Morton X-Patchwork-Id: 12884630 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 49956C433EF for ; Thu, 16 Jun 2022 17:19:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1378265AbiFPRTE (ORCPT ); Thu, 16 Jun 2022 13:19:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60106 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1378276AbiFPRSu (ORCPT ); Thu, 16 Jun 2022 13:18:50 -0400 Received: from mail-pf1-x42a.google.com (mail-pf1-x42a.google.com [IPv6:2607:f8b0:4864:20::42a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D0FF81C108 for ; Thu, 16 Jun 2022 10:18:47 -0700 (PDT) Received: by mail-pf1-x42a.google.com with SMTP id x4so2045527pfj.10 for ; Thu, 16 Jun 2022 10:18:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=tx3qhTHSwY8LHXDagQrNOOhwtj4vpldafKf967ywksA=; b=BQgdl2AtVbmbqGhETU/fDbUSCB3QQqWvAxl5b7UCZYhymn8uaP2rVq7BiavS876oZ1 KVuTCgA6ZFDJeRqMwkFMUbptQ6NmaAPwPyFYB5Cl3Lev6gzVfEIZ15VX6VfC728395Yb cqwPWlCwRdPhj1d5kHF6EfExZYkitf93iIENY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=tx3qhTHSwY8LHXDagQrNOOhwtj4vpldafKf967ywksA=; b=Xk5jWCrKMEtOKzYd0OD5g9pa/CyihHjElex/APGnmqE3ngJpmqJt40rKyW7AtuaauE 1cOWOEhElG91ty3V2KQoNgWUFVUIlvBylS+ndXDvUiT6MgjBUID5tqAuClhCl6bj+gx9 cQ0jTdNmjUOCDUQjTfBBmsPBtxkJH0c2kbuwKr1kID/G9JpoT1+BrZHSeKT6IdDxrY5C CTS1+p26S7KXFoc48CZt+15LT158mosDuHneNrS2TqNIkuDJej9FcFM+zXm4t9XkI4bD bm4BkxhSVrZglwA03DF3I0X2CvJaSiFAmlEB4PIKk5zalxwwaMZk8nbhZVfOuBawhvwz vx5w== X-Gm-Message-State: AJIora+0320CaDqvcurlnpM1mpA04lsS6cSNth6rABRzylIyogp+Gshq wi/EibGTu3+2fdmj7vlo5CJK7prK24tqaw== X-Google-Smtp-Source: AGRyM1vzJR68Jz346hm9ECnS+CsIJwfDvxNyYjLwwb8AFTyXPUw2rkQYlOFWN1yAlApJuXR9ToYqSQ== X-Received: by 2002:a65:6c08:0:b0:3f2:6a6a:98d with SMTP id y8-20020a656c08000000b003f26a6a098dmr5326283pgu.30.1655399927063; Thu, 16 Jun 2022 10:18:47 -0700 (PDT) Received: from localhost ([2620:15c:202:200:46bc:126f:64c1:579a]) by smtp.gmail.com with UTF8SMTPSA id f5-20020aa79685000000b0050dc7628196sm2010927pfk.112.2022.06.16.10.18.45 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 16 Jun 2022 10:18:46 -0700 (PDT) From: Micah Morton To: linux-security-module@vger.kernel.org Cc: keescook@chromium.org, jmorris@namei.org, serge@hallyn.com, linux-kernel@vger.kernel.org, Micah Morton Subject: [PATCH 3/3] LSM: SafeSetID: add setgroups() testing to selftest Date: Thu, 16 Jun 2022 10:18:43 -0700 Message-Id: <20220616171843.783340-1-mortonm@chromium.org> X-Mailer: git-send-email 2.36.1.476.g0c4daa206d-goog MIME-Version: 1.0 Precedence: bulk List-ID: Selftest already has support for testing UID and GID transitions. Signed-off-by: Micah Morton --- .../selftests/safesetid/safesetid-test.c | 69 +++++++++++++++++++ 1 file changed, 69 insertions(+) diff --git a/tools/testing/selftests/safesetid/safesetid-test.c b/tools/testing/selftests/safesetid/safesetid-test.c index a653c47a4ab5..eb9bf0aee951 100644 --- a/tools/testing/selftests/safesetid/safesetid-test.c +++ b/tools/testing/selftests/safesetid/safesetid-test.c @@ -375,6 +375,71 @@ static void test_setgid(gid_t child_gid, bool expect_success) die("should not reach here\n"); } +static void test_setgroups(gid_t* child_groups, size_t len, bool expect_success) +{ + pid_t cpid, w; + int wstatus; + gid_t groupset[len]; + int i, j; + + cpid = fork(); + if (cpid == -1) { + die("fork\n"); + } + + if (cpid == 0) { /* Code executed by child */ + if (setgroups(len, child_groups) != 0) + exit(EXIT_FAILURE); + if (getgroups(len, groupset) != len) + exit(EXIT_FAILURE); + for (i = 0; i < len; i++) { + for (j = 0; j < len; j++) { + if (child_groups[i] == groupset[j]) + break; + if (j == len - 1) + exit(EXIT_FAILURE); + } + } + exit(EXIT_SUCCESS); + } else { /* Code executed by parent */ + do { + w = waitpid(cpid, &wstatus, WUNTRACED | WCONTINUED); + if (w == -1) { + die("waitpid\n"); + } + + if (WIFEXITED(wstatus)) { + if (WEXITSTATUS(wstatus) == EXIT_SUCCESS) { + if (expect_success) { + return; + } else { + die("unexpected success\n"); + } + } else { + if (expect_success) { + die("unexpected failure\n"); + } else { + return; + } + } + } else if (WIFSIGNALED(wstatus)) { + if (WTERMSIG(wstatus) == 9) { + if (expect_success) + die("killed unexpectedly\n"); + else + return; + } else { + die("unexpected signal: %d\n", wstatus); + } + } else { + die("unexpected status: %d\n", wstatus); + } + } while (!WIFEXITED(wstatus) && !WIFSIGNALED(wstatus)); + } + + die("should not reach here\n"); +} + static void ensure_users_exist(void) { @@ -452,6 +517,10 @@ int main(int argc, char **argv) test_setgid(ALLOWED_CHILD2_UGID, true); test_setgid(NO_POLICY_UGID, false); + gid_t allowed_supp_groups[2] = {ALLOWED_CHILD1_UGID, ALLOWED_CHILD2_UGID}; + gid_t disallowed_supp_groups[2] = {ROOT_UGID, NO_POLICY_UGID}; + test_setgroups(allowed_supp_groups, 2, true); + test_setgroups(disallowed_supp_groups, 2, false); if (!test_userns(false)) { die("test_userns worked when it should fail\n");