diff options
author | Topi Miettinen <toiwoton@gmail.com> | 2019-03-02 19:24:02 +0200 |
---|---|---|
committer | Topi Miettinen <toiwoton@gmail.com> | 2019-03-05 10:14:07 +0200 |
commit | 59e30614ad1cd7a8d6f3c685472fada37d1ed2d7 (patch) | |
tree | 4aa49cb9c9df3398c78010a015d443576f3dc993 /test/filters/memwrexe.c | |
parent | Refactor Transmission profiles (#2516) (diff) | |
download | firejail-59e30614ad1cd7a8d6f3c685472fada37d1ed2d7.tar.gz firejail-59e30614ad1cd7a8d6f3c685472fada37d1ed2d7.tar.zst firejail-59e30614ad1cd7a8d6f3c685472fada37d1ed2d7.zip |
mdwx: block memfd_create
Some profiles may need adjusting if app uses memfd_create(2) and
memory-deny-write-execute was enabled.
Diffstat (limited to 'test/filters/memwrexe.c')
-rw-r--r-- | test/filters/memwrexe.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/test/filters/memwrexe.c b/test/filters/memwrexe.c index b43b232d1..12787f3a5 100644 --- a/test/filters/memwrexe.c +++ b/test/filters/memwrexe.c | |||
@@ -6,12 +6,14 @@ | |||
6 | #include <sys/stat.h> | 6 | #include <sys/stat.h> |
7 | #include <fcntl.h> | 7 | #include <fcntl.h> |
8 | #include <sys/mman.h> | 8 | #include <sys/mman.h> |
9 | #include <sys/syscall.h> | ||
9 | 10 | ||
10 | static void usage(void) { | 11 | static void usage(void) { |
11 | printf("memwrexe options\n"); | 12 | printf("memwrexe options\n"); |
12 | printf("where options is:\n"); | 13 | printf("where options is:\n"); |
13 | printf("\tmmap - mmap test\n"); | 14 | printf("\tmmap - mmap test\n"); |
14 | printf("\tmprotect - mprotect test\n"); | 15 | printf("\tmprotect - mprotect test\n"); |
16 | printf("\tmemfd_create - memfd_create test\n"); | ||
15 | } | 17 | } |
16 | 18 | ||
17 | int main(int argc, char **argv) { | 19 | int main(int argc, char **argv) { |
@@ -72,4 +74,18 @@ int main(int argc, char **argv) { | |||
72 | 74 | ||
73 | return 0; | 75 | return 0; |
74 | } | 76 | } |
77 | |||
78 | else if (strcmp(argv[1], "memfd_create") == 0) { | ||
79 | int fd = syscall(SYS_memfd_create, "memfd_create", 0); | ||
80 | if (fd == -1) { | ||
81 | fprintf(stderr, "TESTING ERROR: cannot run memfd_create test\n"); | ||
82 | return 1; | ||
83 | } | ||
84 | printf("memfd_create successful\n"); | ||
85 | |||
86 | // wait for expect to timeout | ||
87 | sleep(100); | ||
88 | |||
89 | return 0; | ||
90 | } | ||
75 | } | 91 | } |