Re: ptrace: seccomp: Return value when the call was already invalid

From: Kees Cook
Date: Fri Jul 10 2020 - 12:15:06 EST


On Fri, Jul 10, 2020 at 01:42:54PM +0100, Will Deacon wrote:
> On Sat, Jul 04, 2020 at 09:56:50PM -0700, Kees Cook wrote:
> > (What doesn't pass for you? I tried to go find kernelci.org test output,
> > but it doesn't appear to actually run selftests yet?)
>
> Sorry, realised I forgot to reply to this point. I was seeing assertion
> failures in 'global.user_notification_with_tsync' and
> 'user_notification_sibling_pid_ns'. I started looking into the first one,
> saw an -EACCESS kicking around, re-ran the tests as root and now they all
> pass.
>
> Are they expected to pass as a normal user?

Oh right, I still have that on my TODO list. Right now the tests are a
mix of root and normal, but since there are some root tests, it needs to
be run as root. I've been meaning to do the appropriate permission tests
and issue SKIPs for the ones needing root..

--
Kees Cook