summaryrefslogtreecommitdiffstats
path: root/tools/testing/selftests/bpf/progs/test_deny_namespace.c
AgeCommit message (Collapse)AuthorFilesLines
2022-08-16selftests/bpf: Add tests verifying bpf lsm userns_create hookFrederick Lawler1-0/+33
The LSM hook userns_create was introduced to provide LSM's an opportunity to block or allow unprivileged user namespace creation. This test serves two purposes: it provides a test eBPF implementation, and tests the hook successfully blocks or allows user namespace creation. This tests 3 cases: 1. Unattached bpf program does not block unpriv user namespace creation. 2. Attached bpf program allows user namespace creation given CAP_SYS_ADMIN privileges. 3. Attached bpf program denies user namespace creation for a user without CAP_SYS_ADMIN. Acked-by: KP Singh <kpsingh@kernel.org> Signed-off-by: Frederick Lawler <fred@cloudflare.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-07 00:26:11 +0000