tools/testing/selftests/exec/check-exec.c
Source file repositories/reference/linux-study-clean/tools/testing/selftests/exec/check-exec.c
File Facts
- System
- Linux kernel
- Corpus path
tools/testing/selftests/exec/check-exec.c- Extension
.c- Size
- 12091 bytes
- Lines
- 464
- Domain
- Support Tooling And Documentation
- Bucket
- tools
- Inferred role
- Support Tooling And Documentation: implementation source
- Status
- source implementation candidate
Why This File Exists
Repository support layer: documentation, build tooling, samples, user-space helper tools, generated initramfs support, licenses, and validation utilities.
- Repository support layer: documentation, build tooling, samples, user-space helper tools, generated initramfs support, licenses, and validation utilities.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
asm-generic/unistd.herrno.hfcntl.hlinux/prctl.hlinux/securebits.hstdio.hstdlib.hsys/capability.hsys/mount.hsys/prctl.hsys/socket.hsys/stat.hsys/syscall.hsys/sysmacros.hunistd.hlinux/fcntl.hkselftest_harness.h
Detected Declarations
function execveatfunction drop_privilegesfunction test_secbits_setfunction fill_exec_fdfunction EXPECT_EQfunction fill_exec_pathfunction test_exec_fdfunction EXPECT_EQfunction EXPECT_EQfunction test_exec_path
Annotated Snippet
if (child == 0) { \
__VA_ARGS__; \
_exit(0); \
} \
} while (0)
TEST_F(secbits, exec)
{
unsigned int secbits = prctl(PR_GET_SECUREBITS);
secbits |= SECBIT_EXEC_RESTRICT_FILE;
EXPECT_EQ(0, test_secbits_set(secbits));
EXPECT_EQ(secbits, prctl(PR_GET_SECUREBITS));
CHILD(EXPECT_EQ(secbits, prctl(PR_GET_SECUREBITS)));
secbits |= SECBIT_EXEC_DENY_INTERACTIVE;
EXPECT_EQ(0, test_secbits_set(secbits));
EXPECT_EQ(secbits, prctl(PR_GET_SECUREBITS));
CHILD(EXPECT_EQ(secbits, prctl(PR_GET_SECUREBITS)));
secbits &= ~(SECBIT_EXEC_RESTRICT_FILE | SECBIT_EXEC_DENY_INTERACTIVE);
EXPECT_EQ(0, test_secbits_set(secbits));
EXPECT_EQ(secbits, prctl(PR_GET_SECUREBITS));
CHILD(EXPECT_EQ(secbits, prctl(PR_GET_SECUREBITS)));
}
TEST_F(secbits, check_locked_set)
{
unsigned int secbits = prctl(PR_GET_SECUREBITS);
secbits |= SECBIT_EXEC_RESTRICT_FILE;
EXPECT_EQ(0, test_secbits_set(secbits));
secbits |= SECBIT_EXEC_RESTRICT_FILE_LOCKED;
EXPECT_EQ(0, test_secbits_set(secbits));
/* Checks lock set but unchanged. */
EXPECT_EQ(variant->error, test_secbits_set(secbits));
CHILD(EXPECT_EQ(variant->error, test_secbits_set(secbits)));
secbits &= ~SECBIT_EXEC_RESTRICT_FILE;
EXPECT_EQ(EPERM, test_secbits_set(0));
CHILD(EXPECT_EQ(EPERM, test_secbits_set(0)));
}
TEST_F(secbits, check_locked_unset)
{
unsigned int secbits = prctl(PR_GET_SECUREBITS);
secbits |= SECBIT_EXEC_RESTRICT_FILE_LOCKED;
EXPECT_EQ(0, test_secbits_set(secbits));
/* Checks lock unset but unchanged. */
EXPECT_EQ(variant->error, test_secbits_set(secbits));
CHILD(EXPECT_EQ(variant->error, test_secbits_set(secbits)));
secbits &= ~SECBIT_EXEC_RESTRICT_FILE;
EXPECT_EQ(EPERM, test_secbits_set(0));
CHILD(EXPECT_EQ(EPERM, test_secbits_set(0)));
}
TEST_F(secbits, restrict_locked_set)
{
unsigned int secbits = prctl(PR_GET_SECUREBITS);
secbits |= SECBIT_EXEC_DENY_INTERACTIVE;
EXPECT_EQ(0, test_secbits_set(secbits));
secbits |= SECBIT_EXEC_DENY_INTERACTIVE_LOCKED;
EXPECT_EQ(0, test_secbits_set(secbits));
/* Checks lock set but unchanged. */
EXPECT_EQ(variant->error, test_secbits_set(secbits));
CHILD(EXPECT_EQ(variant->error, test_secbits_set(secbits)));
secbits &= ~SECBIT_EXEC_DENY_INTERACTIVE;
EXPECT_EQ(EPERM, test_secbits_set(0));
CHILD(EXPECT_EQ(EPERM, test_secbits_set(0)));
}
TEST_F(secbits, restrict_locked_unset)
{
unsigned int secbits = prctl(PR_GET_SECUREBITS);
secbits |= SECBIT_EXEC_DENY_INTERACTIVE_LOCKED;
EXPECT_EQ(0, test_secbits_set(secbits));
/* Checks lock unset but unchanged. */
EXPECT_EQ(variant->error, test_secbits_set(secbits));
CHILD(EXPECT_EQ(variant->error, test_secbits_set(secbits)));
secbits &= ~SECBIT_EXEC_DENY_INTERACTIVE;
Annotation
- Immediate include surface: `asm-generic/unistd.h`, `errno.h`, `fcntl.h`, `linux/prctl.h`, `linux/securebits.h`, `stdio.h`, `stdlib.h`, `sys/capability.h`.
- Detected declarations: `function execveat`, `function drop_privileges`, `function test_secbits_set`, `function fill_exec_fd`, `function EXPECT_EQ`, `function fill_exec_path`, `function test_exec_fd`, `function EXPECT_EQ`, `function EXPECT_EQ`, `function test_exec_path`.
- Atlas domain: Support Tooling And Documentation / tools.
- Implementation status: source implementation candidate.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.