Re: [LTP] [LTP PATCH] Create testcase for p9auth kernel module
On Wed, 2009-09-16 at 16:28 -0500, Serge E. Hallyn wrote: The p9auth module is a driver in the staging/ directory, which implements kernel functionality supporting plan 9-style setuid. Programs can be completely unprivileged, authorize themselves to a privileged server, and obtain a token which they can use to authorize a single setuid to a single specified new uid. This testcase runs three tests: 1. make sure we can't setuid without a hash (this is actually short-cut in the kernel code so it might be worthwhile having a separate test for having a hash, but an invalid one) 2. make sure we can setuid when there is a valid hash 3. make sure we cannot setuid if there is a valid hash, but our original uid isn't the one specified in the token. Run the testcase using ./runltp -f p9auth Signed-off-by: Serge E. Hallyn se...@us.ibm.com Thanks Serge. The patch seems to be fine except that the following script: runp9auth.sh make[4]: Entering directory `/root/subrata/ltp/ltp-full-20090831/testcases/kernel/security/p9auth' make[4]: *** No rule to make target `runp9auth.sh', needed by `install'. Stop. make[4]: Leaving directory `/root/subrata/ltp/ltp-full-20090831/testcases/kernel/security/p9auth' make[3]: *** [install] Error 2 make[3]: Leaving directory `/root/subrata/ltp/ltp-full-20090831/testcases/kernel/security' make[2]: *** [install] Error 2 make[2]: Leaving directory `/root/subrata/ltp/ltp-full-20090831/testcases/kernel' make[1]: *** [install] Error 2 make[1]: Leaving directory `/root/subrata/ltp/ltp-full-20090831/testcases' make: *** [install] Error 2 is missing from the patch. So, i was not able to test this. Can you please fix this and resend again. In your new patch, can you also include mentioning the following .config file options for enabling PLAN9AUTH in kernel, through ltp/README: CONFIG_CRYPTO=y CONFIG_STAGING=y # CONFIG_STAGING_EXCLUDE_BUILD is not set CONFIG_PLAN9AUTH=m Regards-- Subrata --- runtest/p9auth |2 + testcases/kernel/security/Makefile |2 +- testcases/kernel/security/p9auth/Makefile | 40 testcases/kernel/security/p9auth/checkp9auth.sh | 58 testcases/kernel/security/p9auth/p9priv.sh | 111 +++ testcases/kernel/security/p9auth/p9unpriv.sh| 51 +++ testcases/kernel/security/p9auth/unhex.c| 47 ++ 7 files changed, 310 insertions(+), 1 deletions(-) create mode 100644 runtest/p9auth create mode 100644 testcases/kernel/security/p9auth/Makefile create mode 100644 testcases/kernel/security/p9auth/checkp9auth.sh create mode 100644 testcases/kernel/security/p9auth/p9priv.sh create mode 100644 testcases/kernel/security/p9auth/p9unpriv.sh create mode 100644 testcases/kernel/security/p9auth/unhex.c diff --git a/runtest/p9auth b/runtest/p9auth new file mode 100644 index 000..17b1550 --- /dev/null +++ b/runtest/p9auth @@ -0,0 +1,2 @@ +#DESCRIPTION:p9auth /dev/caphash module +p9auth runp9auth.sh diff --git a/testcases/kernel/security/Makefile b/testcases/kernel/security/Makefile index 862691a..3a26b22 100644 --- a/testcases/kernel/security/Makefile +++ b/testcases/kernel/security/Makefile @@ -1,4 +1,4 @@ -SUBDIRS = mmc_security filecaps integrity cap_bound +SUBDIRS = mmc_security filecaps integrity cap_bound p9auth all: @set -e; for i in $(SUBDIRS); do $(MAKE) -C $$i ; done diff --git a/testcases/kernel/security/p9auth/Makefile b/testcases/kernel/security/p9auth/Makefile new file mode 100644 index 000..8bf7613 --- /dev/null +++ b/testcases/kernel/security/p9auth/Makefile @@ -0,0 +1,40 @@ + +## ## +## Copyright (c) International Business Machines Corp., 2008 ## +## ## +## This program is free software; you can redistribute it and#or modify ## +## it under the terms of the GNU General Public License as published by ## +## the Free Software Foundation; either version 2 of the License, or ## +## (at your option) any later version. ## +## ## +## This program is distributed in the hope that it will be useful, but ## +## WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY ## +## or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ## +## for more details. ## +##
Re: [LTP] [LTP PATCH] Create testcase for p9auth kernel module
On Wed, 2009-09-16 at 16:28 -0500, Serge E. Hallyn wrote: The p9auth module is a driver in the staging/ directory, which implements kernel functionality supporting plan 9-style setuid. Programs can be completely unprivileged, authorize themselves to a privileged server, and obtain a token which they can use to authorize a single setuid to a single specified new uid. This testcase runs three tests: 1. make sure we can't setuid without a hash (this is actually short-cut in the kernel code so it might be worthwhile having a separate test for having a hash, but an invalid one) 2. make sure we can setuid when there is a valid hash 3. make sure we cannot setuid if there is a valid hash, but our original uid isn't the one specified in the token. Run the testcase using ./runltp -f p9auth Signed-off-by: Serge E. Hallyn se...@us.ibm.com Thanks Serge. The patch seems to be fine except that the following script: runp9auth.sh make[4]: Entering directory `/root/subrata/ltp/ltp-full-20090831/testcases/kernel/security/p9auth' make[4]: *** No rule to make target `runp9auth.sh', needed by `install'. Stop. make[4]: Leaving directory `/root/subrata/ltp/ltp-full-20090831/testcases/kernel/security/p9auth' make[3]: *** [install] Error 2 make[3]: Leaving directory `/root/subrata/ltp/ltp-full-20090831/testcases/kernel/security' make[2]: *** [install] Error 2 make[2]: Leaving directory `/root/subrata/ltp/ltp-full-20090831/testcases/kernel' make[1]: *** [install] Error 2 make[1]: Leaving directory `/root/subrata/ltp/ltp-full-20090831/testcases' make: *** [install] Error 2 is missing from the patch. So, i was not able to test this. Can you please fix this and resend again. In your new patch, can you also include mentioning the following .config file options for enabling PLAN9AUTH in kernel, through ltp/README: CONFIG_CRYPTO=y CONFIG_STAGING=y # CONFIG_STAGING_EXCLUDE_BUILD is not set CONFIG_PLAN9AUTH=m Regards-- Subrata --- runtest/p9auth |2 + testcases/kernel/security/Makefile |2 +- testcases/kernel/security/p9auth/Makefile | 40 testcases/kernel/security/p9auth/checkp9auth.sh | 58 testcases/kernel/security/p9auth/p9priv.sh | 111 +++ testcases/kernel/security/p9auth/p9unpriv.sh| 51 +++ testcases/kernel/security/p9auth/unhex.c| 47 ++ 7 files changed, 310 insertions(+), 1 deletions(-) create mode 100644 runtest/p9auth create mode 100644 testcases/kernel/security/p9auth/Makefile create mode 100644 testcases/kernel/security/p9auth/checkp9auth.sh create mode 100644 testcases/kernel/security/p9auth/p9priv.sh create mode 100644 testcases/kernel/security/p9auth/p9unpriv.sh create mode 100644 testcases/kernel/security/p9auth/unhex.c diff --git a/runtest/p9auth b/runtest/p9auth new file mode 100644 index 000..17b1550 --- /dev/null +++ b/runtest/p9auth @@ -0,0 +1,2 @@ +#DESCRIPTION:p9auth /dev/caphash module +p9auth runp9auth.sh diff --git a/testcases/kernel/security/Makefile b/testcases/kernel/security/Makefile index 862691a..3a26b22 100644 --- a/testcases/kernel/security/Makefile +++ b/testcases/kernel/security/Makefile @@ -1,4 +1,4 @@ -SUBDIRS = mmc_security filecaps integrity cap_bound +SUBDIRS = mmc_security filecaps integrity cap_bound p9auth all: @set -e; for i in $(SUBDIRS); do $(MAKE) -C $$i ; done diff --git a/testcases/kernel/security/p9auth/Makefile b/testcases/kernel/security/p9auth/Makefile new file mode 100644 index 000..8bf7613 --- /dev/null +++ b/testcases/kernel/security/p9auth/Makefile @@ -0,0 +1,40 @@ + +## ## +## Copyright (c) International Business Machines Corp., 2008 ## +## ## +## This program is free software; you can redistribute it and#or modify ## +## it under the terms of the GNU General Public License as published by ## +## the Free Software Foundation; either version 2 of the License, or ## +## (at your option) any later version. ## +## ## +## This program is distributed in the hope that it will be useful, but ## +## WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY ## +## or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ## +## for more details. ## +##
[LTP] [LTP PATCH] Create testcase for p9auth kernel module
The p9auth module is a driver in the staging/ directory, which implements kernel functionality supporting plan 9-style setuid. Programs can be completely unprivileged, authorize themselves to a privileged server, and obtain a token which they can use to authorize a single setuid to a single specified new uid. This testcase runs three tests: 1. make sure we can't setuid without a hash (this is actually short-cut in the kernel code so it might be worthwhile having a separate test for having a hash, but an invalid one) 2. make sure we can setuid when there is a valid hash 3. make sure we cannot setuid if there is a valid hash, but our original uid isn't the one specified in the token. Run the testcase using ./runltp -f p9auth Signed-off-by: Serge E. Hallyn se...@us.ibm.com --- runtest/p9auth |2 + testcases/kernel/security/Makefile |2 +- testcases/kernel/security/p9auth/Makefile | 40 testcases/kernel/security/p9auth/checkp9auth.sh | 58 testcases/kernel/security/p9auth/p9priv.sh | 111 +++ testcases/kernel/security/p9auth/p9unpriv.sh| 51 +++ testcases/kernel/security/p9auth/unhex.c| 47 ++ 7 files changed, 310 insertions(+), 1 deletions(-) create mode 100644 runtest/p9auth create mode 100644 testcases/kernel/security/p9auth/Makefile create mode 100644 testcases/kernel/security/p9auth/checkp9auth.sh create mode 100644 testcases/kernel/security/p9auth/p9priv.sh create mode 100644 testcases/kernel/security/p9auth/p9unpriv.sh create mode 100644 testcases/kernel/security/p9auth/unhex.c diff --git a/runtest/p9auth b/runtest/p9auth new file mode 100644 index 000..17b1550 --- /dev/null +++ b/runtest/p9auth @@ -0,0 +1,2 @@ +#DESCRIPTION:p9auth /dev/caphash module +p9auth runp9auth.sh diff --git a/testcases/kernel/security/Makefile b/testcases/kernel/security/Makefile index 862691a..3a26b22 100644 --- a/testcases/kernel/security/Makefile +++ b/testcases/kernel/security/Makefile @@ -1,4 +1,4 @@ -SUBDIRS = mmc_security filecaps integrity cap_bound +SUBDIRS = mmc_security filecaps integrity cap_bound p9auth all: @set -e; for i in $(SUBDIRS); do $(MAKE) -C $$i ; done diff --git a/testcases/kernel/security/p9auth/Makefile b/testcases/kernel/security/p9auth/Makefile new file mode 100644 index 000..8bf7613 --- /dev/null +++ b/testcases/kernel/security/p9auth/Makefile @@ -0,0 +1,40 @@ + +## ## +## Copyright (c) International Business Machines Corp., 2008 ## +## ## +## This program is free software; you can redistribute it and#or modify ## +## it under the terms of the GNU General Public License as published by ## +## the Free Software Foundation; either version 2 of the License, or ## +## (at your option) any later version. ## +## ## +## This program is distributed in the hope that it will be useful, but ## +## WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY ## +## or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ## +## for more details. ## +## ## +## You should have received a copy of the GNU General Public License ## +## along with this program; if not, write to the Free Software ## +## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA ## +## ## + + +HAVE_P9AUTH := $(shell sh checkp9auth.sh yesno) + +SCRIPTS = runp9auth.sh checkp9auth.sh p9priv.sh p9unpriv.sh + +CFLAGS += -I../../../../include -Wall +LDLIBS += -L../../../../lib -lltp -lcap + +ifeq ($(HAVE_P9AUTH),yes) +SRCS= $(wildcard *.c) +TARGETS+= $(patsubst %.c,%,$(SRCS)) +endif + +all: $(TARGETS) + +INSTALLTARGETS = $(TARGETS) $(SCRIPTS) +install: $(INSTALLTARGETS) + @set -e; for i in $(INSTALLTARGETS); do ln -f $$i ../../../bin/$$i ; chmod +x ../../../bin/$$i; done + +clean: + rm -f $(TARGETS) *.o diff --git a/testcases/kernel/security/p9auth/checkp9auth.sh b/testcases/kernel/security/p9auth/checkp9auth.sh new file mode 100644 index 000..25c5518 --- /dev/null +++ b/testcases/kernel/security/p9auth/checkp9auth.sh @@ -0,0 +1,58 @@ +#!/bin/sh