Implement dumpability tracking and checks

We don't actually support core dumps, but some applications want to get/set dumpability, which still has an effect in procfs. Lack of support for set-uid binaries or fs creds simplifies things a bit. As-is, processes started via CreateProcess (i.e., init and sentryctl exec) have normal dumpability. I'm a bit torn on whether sentryctl exec tasks should be dumpable, but at least since they have no parent normal UID/GID checks should protect them. PiperOrigin-RevId: 251712714
author: Michael Pratt <mpratt@google.com> 2019-06-05 13:59:01 -0700
committer: Shentubot <shentubot@google.com> 2019-06-05 14:00:13 -0700
commit: d3ed9baac0dc967eaf6d3e3f986cafe60604121a (patch)
tree: 47121539775297207ba205b60b136c9093d5d393 /test/syscalls/linux/BUILD
parent: cecb71dc37a77d8e4e88cdfada92a37a72c67602 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/test/syscalls/linux/BUILD b/test/syscalls/linux/BUILD
index ba9fd6d1f..7633ab162 100644
--- a/test/syscalls/linux/BUILD
+++ b/test/syscalls/linux/BUILD
@@ -1317,6 +1317,7 @@ cc_binary(
     linkstatic = 1,
     deps = [
         "//test/util:capability_util",
+        "//test/util:cleanup",
         "//test/util:multiprocess_util",
         "//test/util:posix_error",
         "//test/util:test_util",
author	Michael Pratt <mpratt@google.com>	2019-06-05 13:59:01 -0700
committer	Shentubot <shentubot@google.com>	2019-06-05 14:00:13 -0700
commit	d3ed9baac0dc967eaf6d3e3f986cafe60604121a (patch)
tree	47121539775297207ba205b60b136c9093d5d393 /test/syscalls/linux/BUILD
parent	cecb71dc37a77d8e4e88cdfada92a37a72c67602 (diff)