Here is a patch to add some file capability tests to ltp.
Andrew, the inh_capped test should detect the bug you just found
and fixed. Note that it finds it when it tries to raise
cap_sys_admin to pI while still having setpcap in pE, but that's
of course expected given the bug.
Subject, the myoutput file shows example output on a s390 with
a good kernel. If libcap is not installed the filecaps tests
won't compile, and capabilities or file capabilities are not
compiled into the kernel, they will compile but not run.
thanks,
-serge
diff -Nrup ltp-full-20071231/runltp ltp-full-20071231-filecaps/runltp
--- ltp-full-20071231/runltp 2008-01-01 06:44:38.000000000 -0500
+++ ltp-full-20071231-filecaps/runltp 2008-01-21 08:34:20.000000000 -0500
@@ -487,7 +487,8 @@ main()
${LTPROOT}/runtest/mm ${LTPROOT}/runtest/ipc \
${LTPROOT}/runtest/sched ${LTPROOT}/runtest/math \
${LTPROOT}/runtest/nptl ${LTPROOT}/runtest/pty \
- ${LTPROOT}/runtest/containers
+ ${LTPROOT}/runtest/containers \
+ ${LTPROOT}/runtest/filecaps
do
[ -a "$SCENFILES" ] || \
{
diff -Nrup ltp-full-20071231/runtest/filecaps
ltp-full-20071231-filecaps/runtest/filecaps
--- ltp-full-20071231/runtest/filecaps 1969-12-31 19:00:00.000000000 -0500
+++ ltp-full-20071231-filecaps/runtest/filecaps 2008-01-21 08:34:20.000000000
-0500
@@ -0,0 +1,2 @@
+#DESCRIPTION:file capabilities
+Filecaps filecapstest.sh
diff -Nrup
ltp-full-20071231/testcases/kernel/security/filecaps/checkforfilecaps.sh
ltp-full-20071231-filecaps/testcases/kernel/security/filecaps/checkforfilecaps.sh
--- ltp-full-20071231/testcases/kernel/security/filecaps/checkforfilecaps.sh
1969-12-31 19:00:00.000000000 -0500
+++
ltp-full-20071231-filecaps/testcases/kernel/security/filecaps/checkforfilecaps.sh
2008-01-21 12:35:51.000000000 -0500
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+./check_simple_capset
+ret=$?
+if [ $ret -ne 0 ]; then
+ echo Posix capabilities not compiled into the kernel. Please
+ echo modprobe capability or recompile your kernel with
+ echo CONFIG_SECURITY_CAPABILITIES=y.
+fi
+
+touch testme
+setcap cap_sys_admin=ip testme
+ret=$?
+rm -f testme
+if [ $ret -ne 0 ]; then
+ echo File capabilities not compiled into kernel. Please
+ echo make sure your kernel is compiled with
+ echo CONFIG_SECURITY_FILE_CAPABILITIES=y.
+ exit 1
+fi
+
+exit 0
diff -Nrup
ltp-full-20071231/testcases/kernel/security/filecaps/checkforlibcap.sh
ltp-full-20071231-filecaps/testcases/kernel/security/filecaps/checkforlibcap.sh
--- ltp-full-20071231/testcases/kernel/security/filecaps/checkforlibcap.sh
1969-12-31 19:00:00.000000000 -0500
+++
ltp-full-20071231-filecaps/testcases/kernel/security/filecaps/checkforlibcap.sh
2008-01-21 12:31:32.000000000 -0500
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+SETCAP=`which setcap`
+ret=$?
+if [ $ret -eq 0 ]; then
+ #also test for -lcap
+ gcc -o check_simple_capset check_simple_capset.c -lcap
+ ret=$?
+fi
+
+if [ $ret -ne 0 ]; then
+ echo no
+ #echo setcap not installed. Please install libcap from
+ #echo ftp://ftp.kernel.org/pub/linux/libs/security/linux-privs/libcap2
+ #exit 1
+else
+ echo yes
+fi
diff -Nrup
ltp-full-20071231/testcases/kernel/security/filecaps/check_simple_capset.c
ltp-full-20071231-filecaps/testcases/kernel/security/filecaps/check_simple_capset.c
--- ltp-full-20071231/testcases/kernel/security/filecaps/check_simple_capset.c
1969-12-31 19:00:00.000000000 -0500
+++
ltp-full-20071231-filecaps/testcases/kernel/security/filecaps/check_simple_capset.c
2008-01-21 10:57:40.000000000 -0500
@@ -0,0 +1,14 @@
+#include <stdio.h>
+#include <sys/capability.h>
+
+int main()
+{
+ cap_t caps;
+ int ret;
+
+ caps = cap_from_text("cap_setpcap+ep");
+ ret = cap_set_proc(caps);
+
+ cap_free(caps);
+ return ret;
+}
diff -Nrup ltp-full-20071231/testcases/kernel/security/filecaps/filecapstest.sh
ltp-full-20071231-filecaps/testcases/kernel/security/filecaps/filecapstest.sh
--- ltp-full-20071231/testcases/kernel/security/filecaps/filecapstest.sh
1969-12-31 19:00:00.000000000 -0500
+++
ltp-full-20071231-filecaps/testcases/kernel/security/filecaps/filecapstest.sh
2008-01-21 11:41:11.000000000 -0500
@@ -0,0 +1,29 @@
+#!/bin/sh
+
+echo "Running in:"
+cp $LTPROOT/testcases/bin/print_caps .
+mkfifo caps_fifo
+chmod 777 caps_fifo
+exit_code=0
+echo "cap_sys_admin tests"
+verify_caps_exec 0
+tmp=$?
+if [ $tmp -ne 0 ]; then
+ exit_code=$tmp
+fi
+
+echo "testing for correct caps"
+verify_caps_exec 1
+tmp=$?
+if [ $tmp -ne 0 ]; then
+ exit_code=$tmp
+fi
+
+echo "testing for correct pI checks"
+inh_capped
+tmp=$?
+if [ $tmp -ne 0 ]; then
+ exit_code=$tmp
+fi
+
+exit $exit_code
diff -Nrup ltp-full-20071231/testcases/kernel/security/filecaps/inh_capped.c
ltp-full-20071231-filecaps/testcases/kernel/security/filecaps/inh_capped.c
--- ltp-full-20071231/testcases/kernel/security/filecaps/inh_capped.c
1969-12-31 19:00:00.000000000 -0500
+++ ltp-full-20071231-filecaps/testcases/kernel/security/filecaps/inh_capped.c
2008-01-21 12:21:10.000000000 -0500
@@ -0,0 +1,94 @@
+/*
+ * File: inh_capped
+ * Author: Serge Hallyn
+ * Copyright 2008 IBM Corp
+ * Purpose: test that CAP_SETPCAP is needed to add bits to pI
+ * Uses no command line arguments.
+ */
+#define _GNU_SOURCE
+#include <stdio.h>
+#include <sys/capability.h>
+#include <test.h>
+
+char *TCID = "filecaps";
+int TST_TOTAL=1;
+
+#define DEBUG 1
+
+void debug_print_caps(char *when)
+{
+#ifdef DEBUG
+ char buf[2000];
+ tst_resm(TINFO, "%s", when);
+ snprintf(buf, 2000, "%s", cap_to_text(cap_get_proc(), NULL));
+ tst_resm(TINFO, "%s", buf);
+#endif
+}
+
+int set_caps_from_text(char *capstr)
+{
+ cap_t caps = cap_from_text(capstr);
+ int ret;
+
+ if (!caps) {
+ tst_resm(TFAIL, "Bad capability name: %s\n", capstr);
+ return 1;
+ }
+ ret = cap_set_proc(caps);
+ cap_free(caps);
+ return ret;
+}
+
+int main()
+{
+ int ret;
+
+ debug_print_caps("start");
+ ret = set_caps_from_text("all=eip");
+ debug_print_caps("after raising all caps");
+ if (ret) {
+ tst_resm(TFAIL, "failed to raise all caps");
+ tst_exit(ret);
+ }
+
+ ret = set_caps_from_text("all=iep cap_sys_admin-iep");
+ debug_print_caps("after first drop cap_sys_admin");
+ if (ret) {
+ tst_resm(TFAIL, "failed to drop capsysadmin from pI");
+ tst_exit(ret);
+ }
+
+ /* we can't regain cap_sys_admin in pE or pP, only pI */
+ ret = set_caps_from_text("all=eip cap_sys_admin-ep+i");
+ debug_print_caps("after first raise cap_sys_admin");
+ if (ret) {
+ tst_resm(TFAIL, "failed to raise capsysadmin in pI");
+ tst_exit(ret);
+ }
+
+ ret = set_caps_from_text("all=ip cap_setpcap-e+ip cap_sys_admin+i-ep");
+ debug_print_caps("after drop cappset");
+ if (ret) {
+ tst_resm(TFAIL, "failed to drop cappset from pE");
+ tst_exit(ret);
+ }
+
+ ret = set_caps_from_text("all=iep cap_sys_admin-iep cap_setpcap-e+ip");
+ debug_print_caps("after second drop cap_sys_admin");
+ if (ret) {
+ tst_resm(TFAIL, "failed to drop capsysadmin from pI"
+ "after dropping cappset from pE");
+ tst_exit(ret);
+ }
+
+ ret = set_caps_from_text("all=iep cap_sys_admin-ep+i cap_setpcap-e+ip");
+ debug_print_caps("final");
+ if (ret) {
+ tst_resm(TPASS, "pI is properly capped\n");
+ tst_exit(0);
+ }
+
+ tst_resm(TFAIL, "succeeded raising capsysadmin in pI"
+ "without having setpcap");
+ tst_exit(ret);
+}
diff -Nrup ltp-full-20071231/testcases/kernel/security/filecaps/Makefile
ltp-full-20071231-filecaps/testcases/kernel/security/filecaps/Makefile
--- ltp-full-20071231/testcases/kernel/security/filecaps/Makefile
1969-12-31 19:00:00.000000000 -0500
+++ ltp-full-20071231-filecaps/testcases/kernel/security/filecaps/Makefile
2008-01-21 12:27:36.000000000 -0500
@@ -0,0 +1,22 @@
+ifeq ($(shell sh checkforlibcap.sh),yes)
+CC=gcc
+
+CFLAGS += -I../../../../include -Wall
+LDLIBS += -L../../../../lib -lltp -lcap
+
+SRCS = $(wildcard *.c)
+TARGETS = $(patsubst %.c,%,$(SRCS))
+
+all: $(TARGETS)
+
+clean:
+ rm -f $(TARGETS) *.o caps_fifo
+
+INSTALLTARGETS = $(TARGETS) filecapstest.sh
+
+install: $(INSTALLTARGETS)
+ @set -e; for i in $(INSTALLTARGETS); do ln -f $$i ../../../bin/$$i ;
chmod +x ../../../bin/$$i; done
+else
+all:
+install:
+endif
diff -Nrup ltp-full-20071231/testcases/kernel/security/filecaps/print_caps.c
ltp-full-20071231-filecaps/testcases/kernel/security/filecaps/print_caps.c
--- ltp-full-20071231/testcases/kernel/security/filecaps/print_caps.c
1969-12-31 19:00:00.000000000 -0500
+++ ltp-full-20071231-filecaps/testcases/kernel/security/filecaps/print_caps.c
2008-01-21 11:04:32.000000000 -0500
@@ -0,0 +1,46 @@
+/*
+ * File: print_caps.c
+ * Author: Serge Hallyn
+ * Copyright 2007,2008 IBM Corp
+ * Purpose: print out the POSIX capabilities with which it runs
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/capability.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
+#define FIFOFILE "caps_fifo"
+
+int main(int argc, char *argv[])
+{
+ cap_t cap = cap_get_proc();
+ int fd;
+ int seqno = 0;
+ char buf[2000];
+
+ if (argc>1)
+ seqno = atoi(argv[1]);
+
+ if (!cap) {
+ perror("print_caps - cap_get_proc");
+ exit(1);
+ }
+
+ fd = open(FIFOFILE, O_WRONLY);
+ if (!fd) {
+ perror("print_caps: open fifo");
+ exit(2);
+ }
+
+ snprintf(buf, 2000, "%d.%s", seqno, cap_to_text(cap, NULL));
+ write(fd, buf, strlen(buf)+1);
+ close(fd);
+
+ cap_free(cap);
+
+ return 0;
+}
diff -Nrup ltp-full-20071231/testcases/kernel/security/filecaps/README
ltp-full-20071231-filecaps/testcases/kernel/security/filecaps/README
--- ltp-full-20071231/testcases/kernel/security/filecaps/README 1969-12-31
19:00:00.000000000 -0500
+++ ltp-full-20071231-filecaps/testcases/kernel/security/filecaps/README
2008-01-21 11:07:08.000000000 -0500
@@ -0,0 +1,36 @@
+POSIX capabilities are pieces of root privilege, for instance
+CAP_SYS_NICE to set priority on other tasks and CAP_SYS_TIME
+to set system time. See
+http://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.4/capfaq-0.2.txt
+for more information.
+
+A task's capabilities are set when it executes a new file, and
+when it explicitly changes them (see capset(2)). After exec,
+the task's new capabilities are a function of its previous
+capabilities and the file's capabilities:
+
+ pI' = pI
+ pP' = fP | (fI & pI)
+ pE' = fE ? pP' : 0
+
+Where pX is capability set X for process p before exec, pX' is
+capability set X for process P after exec and fX is file
+capability set X. The capability sets are I for inheritable,
+P for permitted, and E for effective. Note that fE is a
+boolean rather than a set.
+
+File capabilities are stored in extended attributes named
+'security.capability.' Setting this xattr requires the
+CAP_SETFCAP capability when the capability security module is
+loaded, or CAP_SYS_ADMIN when it is not.
+
+The following tests are implemented here:
+
+inh_capped: check whether a process without CAP_SETPCAP
+ is properly prohibited from raising bits in its
+ inheritable set using setcap.
+
+verify_caps_exec:
+ 1. check that privilege is needed to set file capabilities
+ 2. check that pI', pP', and pE' are properly
+ calculated upon exec.
diff -Nrup
ltp-full-20071231/testcases/kernel/security/filecaps/verify_caps_exec.c
ltp-full-20071231-filecaps/testcases/kernel/security/filecaps/verify_caps_exec.c
--- ltp-full-20071231/testcases/kernel/security/filecaps/verify_caps_exec.c
1969-12-31 19:00:00.000000000 -0500
+++
ltp-full-20071231-filecaps/testcases/kernel/security/filecaps/verify_caps_exec.c
2008-01-21 11:36:57.000000000 -0500
@@ -0,0 +1,421 @@
+/*
+ * File: verify_caps_exec.c
+ * Author: Serge Hallyn
+ * Copyright 2007,2008 IBM Corp
+ * Purpose: perform several tests of file capabilities:
+ * 1. try setting caps without CAP_SYS_ADMIN
+ * 2. test proper calculation of pI', pE', and pP'.
+ * Try setting valid caps, drop rights, and run the executable,
+ * make sure we get the rights
+ */
+#define _GNU_SOURCE
+#include <stdio.h>
+#include <unistd.h>
+#include <endian.h>
+#include <byteswap.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/wait.h>
+#include <attr/xattr.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <sys/capability.h>
+#include <sys/prctl.h>
+#include <test.h>
+
+#define TSTPATH "./print_caps"
+char *TCID = "filecaps";
+int TST_TOTAL=1;
+
+int errno;
+
+void usage(char *me)
+{
+ tst_resm(TFAIL, "Usage: %s <0|1> [arg]\n", me);
+ tst_resm(TINFO, " 0: set file caps without CAP_SYS_ADMIN\n");
+ tst_resm(TINFO, " 1: test that file caps are set correctly on exec\n");
+ tst_exit(1);
+}
+
+#define DROP_PERMS 0
+#define KEEP_PERMS 1
+
+void print_my_caps()
+{
+ cap_t cap = cap_get_proc();
+ tst_resm(TINFO, "\ncaps are %s\n", cap_to_text(cap, NULL));
+}
+
+int drop_root(int keep_perms)
+{
+ int ret;
+
+ if (keep_perms)
+ prctl(PR_SET_KEEPCAPS, 1);
+ ret = setresuid(1000, 1000, 1000);
+ if (ret) {
+ perror("setresuid");
+ tst_resm(TFAIL, "Error dropping root privs\n");
+ tst_exit(4);
+ }
+ if (keep_perms) {
+ cap_t cap = cap_from_text("=eip cap_setpcap-eip");
+ cap_set_proc(cap);
+ }
+
+ return 1;
+}
+
+#if BYTE_ORDER == LITTLE_ENDIAN
+#define cpu_to_le32(x) x
+#else
+#define cpu_to_le32(x) bswap_32(x)
+#endif
+
+/*
+ * TODO: find a better way to do this. Emulate libcap's
+ * way, or just take it from linux/capability.h
+ */
+/*
+ * TODO: accomodate 64-bit capabilities
+ */
+#define CAPNAME "security.capability"
+#ifndef __CAP_BITS
+#define __CAP_BITS 31
+#endif
+
+#define XATTR_CAPS_SZ (3*sizeof(__le32))
+#define VFS_CAP_REVISION_MASK 0xFF000000
+#define VFS_CAP_REVISION 0x01000000
+
+#define VFS_CAP_FLAGS_MASK ~VFS_CAP_REVISION_MASK
+#define VFS_CAP_FLAGS_EFFECTIVE 0x000001
+
+int perms_test(void)
+{
+ int ret;
+ unsigned int value[3];
+ unsigned int v;
+
+ drop_root(DROP_PERMS);
+ v = VFS_CAP_REVISION | VFS_CAP_FLAGS_EFFECTIVE;
+ value[0] = cpu_to_le32(v);
+ value[1] = 1;
+ value[2] = 1;
+ ret = setxattr(TSTPATH, CAPNAME, value, 3*sizeof(unsigned int), 0);
+ if (ret) {
+ perror("setxattr");
+ tst_resm(TPASS, "could not set capabilities as non-root\n");
+ ret = 0;
+ } else {
+ tst_resm(TFAIL, "could set capabilities as non-root\n");
+ ret = 1;
+ }
+
+ return ret;
+}
+
+#define FIFOFILE "caps_fifo"
+void create_fifo(void)
+{
+ int ret;
+
+ ret = mkfifo(FIFOFILE, S_IRWXU | S_IRWXG | S_IRWXO);
+ if (ret == -1 && errno != EEXIST) {
+ perror("mkfifo");
+ tst_resm(TFAIL, "failed creating %s\n", FIFOFILE);
+ tst_exit(1);
+ }
+}
+
+void write_to_fifo(char *buf)
+{
+ int fd;
+
+ fd = open(FIFOFILE, O_WRONLY);
+ write(fd, buf, strlen(buf));
+ close(fd);
+}
+
+void read_from_fifo(char *buf)
+{
+ int fd;
+
+ memset(buf, 0, 200);
+ fd = open(FIFOFILE, O_RDONLY);
+ if (fd < 0) {
+ perror("open");
+ tst_resm(TFAIL, "Failed opening fifo\n");
+ tst_exit(1);
+ }
+ read(fd, buf, 199);
+ close(fd);
+}
+
+int compare_caps(char *buf1, char *buf2)
+{
+ int res;
+
+ res = strcmp(buf1, buf2) == 0;
+ return res;
+}
+
+int fork_drop_and_exec(int keepperms, char *capstxt)
+{
+ int pid;
+ int ret = 0;
+ char buf[200], *p;
+ static int seqno = 0;
+
+ pid = fork();
+ if (pid < 0) {
+ perror("fork");
+ tst_resm(TFAIL, "%s: failed fork\n", __FUNCTION__);
+ tst_exit(1);
+ }
+ if (pid == 0) {
+ drop_root(keepperms);
+ print_my_caps();
+ sprintf(buf, "%d", seqno);
+ ret = execlp(TSTPATH, TSTPATH, buf, NULL);
+ perror("execl");
+ tst_resm(TFAIL, "%s: exec failed\n", __FUNCTION__);
+ snprintf(buf, 200, "failed to run as %s\n", capstxt);
+ write_to_fifo(buf);
+ tst_exit(1);
+ } else {
+ p = buf;
+ while (1) {
+ int c, s;
+ read_from_fifo(buf);
+ c = sscanf(buf, "%d", &s);
+ if (c==1 && s==seqno)
+ break;
+ tst_resm(TINFO, "got a bad seqno (c=%d, s=%d,
seqno=%d)",
+ c, s, seqno);
+ }
+ p = index(buf, '.')+1;
+ if (p==(char *)1) {
+ tst_resm(TFAIL, "got a bad message from print_caps\n");
+ tst_exit(1);
+ }
+ tst_resm(TINFO, "Expected to run as .%s., ran as .%s..\n",
+ capstxt, p);
+ if (strcmp(p, capstxt) != 0) {
+ tst_resm(TINFO, "those are not the same\n");
+ ret = -1;
+ }
+ seqno++;
+ }
+ return ret;
+}
+
+int caps_actually_set_test(void)
+{
+ int i, whichset, whichcap, finalret = 0, ret;
+ cap_t cap;
+ char *capstxt;
+ unsigned int value[3];
+ cap_value_t capvalue[1];
+ unsigned int magic;
+
+ magic = VFS_CAP_REVISION;
+
+ cap = cap_init();
+ if (!cap) {
+ perror("cap_init");
+ exit(2);
+ }
+
+ create_fifo();
+
+ /* first, try each bit in fP (forced) with fE on and off. */
+ value[1] = value[2] = cpu_to_le32(0);
+ for (whichcap=0; whichcap < __CAP_BITS; whichcap++) {
+ if (whichcap == 8)
+ continue;
+ /* fE = 0, don't gain the perm */
+ capvalue[0] = whichcap;
+ value[0] = cpu_to_le32(magic);
+ value[1] = cpu_to_le32(1 << whichcap);
+ ret = setxattr(TSTPATH, CAPNAME, value, 3*sizeof(unsigned int),
0);
+ if (ret) {
+ tst_resm(TINFO, "%d %d\n", whichset, whichcap);
+ perror("setxattr");
+ continue;
+ }
+ /* do a sanity check */
+ cap_clear(cap);
+ cap_set_flag(cap, CAP_PERMITTED, 1, capvalue, CAP_SET);
+ capstxt = cap_to_text(cap, NULL);
+ ret = fork_drop_and_exec(DROP_PERMS, capstxt);
+ if (ret) {
+ tst_resm(TINFO, "Failed CAP_PERMITTED=%d
CAP_EFFECTIVE=0\n",
+ whichcap);
+ if (!finalret)
+ finalret = ret;
+ }
+
+ /* fE = 1, do gain the perm */
+ value[0] = cpu_to_le32(magic | VFS_CAP_FLAGS_EFFECTIVE);
+ value[1] = cpu_to_le32(1 << whichcap);
+ ret = setxattr(TSTPATH, CAPNAME, value, 3*sizeof(unsigned int),
0);
+ if (ret) {
+ tst_resm(TINFO, "%d %d\n", whichset, whichcap);
+ perror("setxattr");
+ continue;
+ }
+ /* do a sanity check */
+ cap_clear(cap);
+ cap_set_flag(cap, CAP_PERMITTED, 1, capvalue, CAP_SET);
+ cap_set_flag(cap, CAP_EFFECTIVE, 1, capvalue, CAP_SET);
+ capstxt = cap_to_text(cap, NULL);
+ if (strcmp(capstxt, "=")==0) {
+ tst_resm(TINFO, "%s: libcap doesn't know about cap %d,
not running\n",
+ __FUNCTION__, whichcap);
+ ret = 0;
+ } else
+ ret = fork_drop_and_exec(DROP_PERMS, capstxt);
+ if (ret) {
+ tst_resm(TINFO, "Failed CAP_PERMITTED=%d
CAP_EFFECTIVE=1\n",
+ whichcap);
+ if (!finalret)
+ finalret = ret;
+ }
+ }
+
+
+ /*
+ * next try each bit in fI
+ * The first two attemps have the bit which is in fI in pI.
+ * This should result in the bit being in pP'.
+ * If fE was set then it should also be in pE'.
+ * The last attempt starts with an empty pI.
+ * This should result in empty capability, as there were
+ * no bits to be inherited from the original process.
+ */
+ value[1] = value[2] = cpu_to_le32(0);
+ for (whichcap=0; whichcap < __CAP_BITS; whichcap++) {
+ if (whichcap == 8)
+ continue;
+ /*
+ * bit is in fI and pI, so should be in pI'.
+ * but fE=0, so cap is in pP' but not pE'.
+ */
+ value[0] = cpu_to_le32(magic);
+ value[2] = cpu_to_le32(1 << whichcap);
+ ret = setxattr(TSTPATH, CAPNAME, value, 3*sizeof(unsigned int),
0);
+ if (ret) {
+ tst_resm(TINFO, "%d %d\n", whichset, whichcap);
+ perror("setxattr");
+ continue;
+ }
+ /* do a sanity check */
+ cap_clear(cap);
+ for (i=0; i<32; i++) {
+ if (i != 8) {
+ capvalue[0] = i;
+ cap_set_flag(cap, CAP_INHERITABLE, 1, capvalue,
CAP_SET);
+ }
+ }
+ capvalue[0] = whichcap;
+ cap_set_flag(cap, CAP_PERMITTED, 1, capvalue, CAP_SET);
+ capstxt = cap_to_text(cap, NULL);
+ ret = fork_drop_and_exec(KEEP_PERMS, capstxt);
+ if (ret) {
+ tst_resm(TINFO, "Failed with_perms CAP_INHERITABLE=%d "
+ "CAP_EFFECTIVE=0\n", whichcap);
+ if (!finalret)
+ finalret = ret;
+ }
+
+ /*
+ * bit is in fI and pI, so should be in pI'.
+ * and fE=1, so cap is in pP' and pE'.
+ */
+
+ value[0] = cpu_to_le32(magic | VFS_CAP_FLAGS_EFFECTIVE);
+ value[2] = cpu_to_le32(1 << whichcap);
+ ret = setxattr(TSTPATH, CAPNAME, value, 3*sizeof(unsigned int),
0);
+ if (ret) {
+ tst_resm(TINFO, "%d %d\n", whichset, whichcap);
+ perror("setxattr");
+ continue;
+ }
+ /* do a sanity check */
+ cap_clear(cap);
+ for (i=0; i<32; i++) {
+ if (i != 8) {
+ capvalue[0] = i;
+ cap_set_flag(cap, CAP_INHERITABLE, 1, capvalue,
CAP_SET);
+ }
+ }
+ capvalue[0] = whichcap;
+ cap_set_flag(cap, CAP_PERMITTED, 1, capvalue, CAP_SET);
+ cap_set_flag(cap, CAP_EFFECTIVE, 1, capvalue, CAP_SET);
+ capstxt = cap_to_text(cap, NULL);
+ if (strcmp(capstxt, "=")==0) {
+ tst_resm(TINFO, "%s: libcap doesn't know about cap %d,
not running\n",
+ __FUNCTION__, whichcap);
+ ret = 0;
+ } else
+ ret = fork_drop_and_exec(KEEP_PERMS, capstxt);
+ if (ret) {
+ tst_resm(TINFO, "Failed with_perms CAP_INHERITABLE=%d "
+ "CAP_EFFECTIVE=1\n", whichcap);
+ if (!finalret)
+ finalret = ret;
+ }
+
+ /*
+ * bit is in fI but not in pI
+ * So pP' is empty.
+ * pE' must be empty.
+ */
+ value[0] = cpu_to_le32(magic | VFS_CAP_FLAGS_EFFECTIVE);
+ value[2] = cpu_to_le32(1 << whichcap);
+ ret = setxattr(TSTPATH, CAPNAME, value, 3*sizeof(unsigned int),
0);
+ if (ret) {
+ tst_resm(TINFO, "%d %d\n", whichset, whichcap);
+ perror("setxattr");
+ continue;
+ }
+ /* do a sanity check */
+ cap_clear(cap);
+ capstxt = cap_to_text(cap, NULL);
+ ret = fork_drop_and_exec(DROP_PERMS, capstxt);
+ if (ret) {
+ tst_resm(TINFO, "Failed without_perms
CAP_INHERITABLE=%d",
+ whichcap);
+ if (!finalret)
+ finalret = ret;
+ }
+ }
+
+ cap_free(cap);
+ return finalret;
+}
+
+int main(int argc, char *argv[])
+{
+ int ret = 0;
+
+ if (argc < 2)
+ usage(argv[0]);
+
+ switch(atoi(argv[1])) {
+ case 0:
+ ret = perms_test();
+ break;
+ case 1:
+ ret = caps_actually_set_test();
+ if (ret)
+ tst_resm(TFAIL, "Some tests failed\n");
+ else
+ tst_resm(TPASS, "All tests passed\n");
+ break;
+ default: usage(argv[0]);
+ }
+
+ tst_exit(ret);
+}
diff -Nrup ltp-full-20071231/testscripts/test_filecaps.sh
ltp-full-20071231-filecaps/testscripts/test_filecaps.sh
--- ltp-full-20071231/testscripts/test_filecaps.sh 1969-12-31
19:00:00.000000000 -0500
+++ ltp-full-20071231-filecaps/testscripts/test_filecaps.sh 2008-01-21
08:34:20.000000000 -0500
@@ -0,0 +1,47 @@
+#!/bin/bash
+#
+# Copyright 2007 IBM
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the Free
+# Software Foundation; either version 2 of the License, or (at your option)
+# any later version.
+#
+# test_filecaps.sh - Run the file capabilities test suite.
+
+# Must be root to run the containers testsuite
+if [ $UID != 0 ]
+then
+ echo "FAILED: Must be root to execute this script"
+ exit 1
+fi
+
+# set the LTPROOT directory
+cd `dirname $0`
+LTPROOT=${PWD}
+echo $LTPROOT | grep testscripts > /dev/null 2>&1
+if [ $? -eq 0 ]
+then
+ cd ..
+ LTPROOT=${PWD}
+fi
+
+# set the PATH to include testcase/bin
+
+export PATH=$PATH:/usr/sbin:$LTPROOT/testcases/bin
+export LTPBIN=$LTPROOT/testcases/bin
+
+# We will store the logfiles in $LTPROOT/results, so make sure
+# it exists.
+if [ ! -d $LTPROOT/results ]
+then
+ mkdir $LTPROOT/results
+fi
+
+# Check the role and mode testsuite is being executed under.
+echo "Running the file capabilities testsuite..."
+
+$LTPROOT/pan/pan -S -a $LTPROOT/results/filecaps -n ltp-filecaps -l
$LTPROOT/results/filecaps.logfile -o $LTPROOT/results/filecaps.outfile -p -f
$LTPROOT/runtest/filecaps
+
+echo "Done."
+exit 0
INFO: creating /usr/src/ltp-full-20071231-filecaps/output directory
INFO: no command files were provided, using default,
system calls, memory management, IPC, scheduler
direct io, file system, math and pty tests will
now be executed
If some fields are empty or look unusual you may have an old version.
Compare to the current minimal requirements in Documentation/Changes.
LINUX for zSeries and S/390
********************************************************************
*** *** IBM Internal Use Only *** ***
*** Do not distribute this driver outside of IBM neither in ***
*** total nor in parts neithet in object code nor in source ***
*** code. Any distribution could severely jeopardize IBM's ***
*** intellectual property assets. This driver contains ***
*** material not yet released to the Open Source community. ***
*** Please refer to: ***
*** http://laplace.boeblingen.de.ibm.com/l390/ ***
*** section "Licenses" for detailed guidelines. ***
********************************************************************
LINUX for zSeries and S/390
********************************************************************
*** *** IBM Internal Use Only *** ***
*** Do not distribute this driver outside of IBM neither in ***
*** total nor in parts neithet in object code nor in source ***
*** code. Any distribution could severely jeopardize IBM's ***
*** intellectual property assets. This driver contains ***
*** material not yet released to the Open Source community. ***
*** Please refer to: ***
*** http://laplace.boeblingen.de.ibm.com/l390/ ***
*** section "Licenses" for detailed guidelines. ***
********************************************************************
Linux linuz11 2.6.24-rc8-ga7da60f4-dirty #6 SMP Mon Jan 21 12:53:45 EST 2008
s390x s390x s390x GNU/Linux
Gnu C gcc (GCC) 3.4.2 20040907 (Red Hat 3.4.2-2bb5)
Gnu make 3.80
util-linux filecaps/ver_linux: line 29: fdformat: command not found
mount 2.12
modutils 3.1-pre5
e2fsprogs 1.35
Linux C Library 2.3.3
Dynamic linker (ldd) 2.3.3
Procps 3.2.0
Net-tools 1.60
Kbd 66:
Sh-utils 5.2.1
free reports:
total used free shared buffers cached
Mem: 253112 43072 210040 0 2940 19144
-/+ buffers/cache: 20988 232124
Swap: 262120 0 262120
/proc/cpuinfo
vendor_id : IBM/S390
# processors : 2
bogomips per cpu: 5081.00
features : esan3 zarch msa ldisp
processor 0: version = FF, identification = 0210BC, machine = 2084
processor 1: version = FF, identification = 0210BC, machine = 2084
Running in:
<<<test_start>>>
tag=Filecaps stime=1200938171
cmdline="filecapstest.sh"
contacts=""
analysis=exit
initiation_status="ok"
<<<test_output>>>
cap_sys_admin tests
setxattr: Operation not permitted
filecaps 1 PASS : could not set capabilities as non-root
testing for correct caps
filecaps 0 INFO : Expected to run as .= cap_chown+p., ran as .=
cap_chown+p..
filecaps 0 INFO : Expected to run as .= cap_chown+ep., ran as .=
cap_chown+ep..
filecaps 0 INFO : Expected to run as .= cap_dac_override+p., ran as .=
cap_dac_override+p..
filecaps 0 INFO : Expected to run as .= cap_dac_override+ep., ran as .=
cap_dac_override+ep..
filecaps 0 INFO : Expected to run as .= cap_dac_read_search+p., ran as .=
cap_dac_read_search+p..
filecaps 0 INFO : Expected to run as .= cap_dac_read_search+ep., ran as
.= cap_dac_read_search+ep..
filecaps 0 INFO : Expected to run as .= cap_fowner+p., ran as .=
cap_fowner+p..
filecaps 0 INFO : Expected to run as .= cap_fowner+ep., ran as .=
cap_fowner+ep..
filecaps 0 INFO : Expected to run as .= cap_fsetid+p., ran as .=
cap_fsetid+p..
filecaps 0 INFO : Expected to run as .= cap_fsetid+ep., ran as .=
cap_fsetid+ep..
filecaps 0 INFO : Expected to run as .= cap_kill+p., ran as .=
cap_kill+p..
filecaps 0 INFO : Expected to run as .= cap_kill+ep., ran as .=
cap_kill+ep..
filecaps 0 INFO : Expected to run as .= cap_setgid+p., ran as .=
cap_setgid+p..
filecaps 0 INFO : Expected to run as .= cap_setgid+ep., ran as .=
cap_setgid+ep..
filecaps 0 INFO : Expected to run as .= cap_setuid+p., ran as .=
cap_setuid+p..
filecaps 0 INFO : Expected to run as .= cap_setuid+ep., ran as .=
cap_setuid+ep..
filecaps 0 INFO : Expected to run as .= cap_linux_immutable+p., ran as .=
cap_linux_immutable+p..
filecaps 0 INFO : Expected to run as .= cap_linux_immutable+ep., ran as
.= cap_linux_immutable+ep..
filecaps 0 INFO : Expected to run as .= cap_net_bind_service+p., ran as
.= cap_net_bind_service+p..
filecaps 0 INFO : Expected to run as .= cap_net_bind_service+ep., ran as
.= cap_net_bind_service+ep..
filecaps 0 INFO : Expected to run as .= cap_net_broadcast+p., ran as .=
cap_net_broadcast+p..
filecaps 0 INFO : Expected to run as .= cap_net_broadcast+ep., ran as .=
cap_net_broadcast+ep..
filecaps 0 INFO : Expected to run as .= cap_net_admin+p., ran as .=
cap_net_admin+p..
filecaps 0 INFO : Expected to run as .= cap_net_admin+ep., ran as .=
cap_net_admin+ep..
filecaps 0 INFO : Expected to run as .= cap_net_raw+p., ran as .=
cap_net_raw+p..
filecaps 0 INFO : Expected to run as .= cap_net_raw+ep., ran as .=
cap_net_raw+ep..
filecaps 0 INFO : Expected to run as .= cap_ipc_lock+p., ran as .=
cap_ipc_lock+p..
filecaps 0 INFO : Expected to run as .= cap_ipc_lock+ep., ran as .=
cap_ipc_lock+ep..
filecaps 0 INFO : Expected to run as .= cap_ipc_owner+p., ran as .=
cap_ipc_owner+p..
filecaps 0 INFO : Expected to run as .= cap_ipc_owner+ep., ran as .=
cap_ipc_owner+ep..
filecaps 0 INFO : Expected to run as .= cap_sys_module+p., ran as .=
cap_sys_module+p..
filecaps 0 INFO : Expected to run as .= cap_sys_module+ep., ran as .=
cap_sys_module+ep..
filecaps 0 INFO : Expected to run as .= cap_sys_rawio+p., ran as .=
cap_sys_rawio+p..
filecaps 0 INFO : Expected to run as .= cap_sys_rawio+ep., ran as .=
cap_sys_rawio+ep..
filecaps 0 INFO : Expected to run as .= cap_sys_chroot+p., ran as .=
cap_sys_chroot+p..
filecaps 0 INFO : Expected to run as .= cap_sys_chroot+ep., ran as .=
cap_sys_chroot+ep..
filecaps 0 INFO : Expected to run as .= cap_sys_ptrace+p., ran as .=
cap_sys_ptrace+p..
filecaps 0 INFO : Expected to run as .= cap_sys_ptrace+ep., ran as .=
cap_sys_ptrace+ep..
filecaps 0 INFO : Expected to run as .= cap_sys_pacct+p., ran as .=
cap_sys_pacct+p..
filecaps 0 INFO : Expected to run as .= cap_sys_pacct+ep., ran as .=
cap_sys_pacct+ep..
filecaps 0 INFO : Expected to run as .= cap_sys_admin+p., ran as .=
cap_sys_admin+p..
filecaps 0 INFO : Expected to run as .= cap_sys_admin+ep., ran as .=
cap_sys_admin+ep..
filecaps 0 INFO : Expected to run as .= cap_sys_boot+p., ran as .=
cap_sys_boot+p..
filecaps 0 INFO : Expected to run as .= cap_sys_boot+ep., ran as .=
cap_sys_boot+ep..
filecaps 0 INFO : Expected to run as .= cap_sys_nice+p., ran as .=
cap_sys_nice+p..
filecaps 0 INFO : Expected to run as .= cap_sys_nice+ep., ran as .=
cap_sys_nice+ep..
filecaps 0 INFO : Expected to run as .= cap_sys_resource+p., ran as .=
cap_sys_resource+p..
filecaps 0 INFO : Expected to run as .= cap_sys_resource+ep., ran as .=
cap_sys_resource+ep..
filecaps 0 INFO : Expected to run as .= cap_sys_time+p., ran as .=
cap_sys_time+p..
filecaps 0 INFO : Expected to run as .= cap_sys_time+ep., ran as .=
cap_sys_time+ep..
filecaps 0 INFO : Expected to run as .= cap_sys_tty_config+p., ran as .=
cap_sys_tty_config+p..
filecaps 0 INFO : Expected to run as .= cap_sys_tty_config+ep., ran as .=
cap_sys_tty_config+ep..
filecaps 0 INFO : Expected to run as .= cap_mknod+p., ran as .=
cap_mknod+p..
filecaps 0 INFO : Expected to run as .= cap_mknod+ep., ran as .=
cap_mknod+ep..
filecaps 0 INFO : Expected to run as .= cap_lease+p., ran as .=
cap_lease+p..
filecaps 0 INFO : Expected to run as .= cap_lease+ep., ran as .=
cap_lease+ep..
filecaps 0 INFO : Expected to run as .= cap_audit_write+p., ran as .=
cap_audit_write+p..
filecaps 0 INFO : Expected to run as .= cap_audit_write+ep., ran as .=
cap_audit_write+ep..
filecaps 0 INFO : Expected to run as .= cap_audit_control+p., ran as .=
cap_audit_control+p..
filecaps 0 INFO : Expected to run as .= cap_audit_control+ep., ran as .=
cap_audit_control+ep..
filecaps 0 INFO : Expected to run as .=i cap_chown+p cap_setpcap-i., ran
as .=i cap_chown+p cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=i cap_chown+ep cap_setpcap-i., ran
as .=i cap_chown+ep cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=., ran as .=..
filecaps 0 INFO : Expected to run as .=i cap_dac_override+p
cap_setpcap-i., ran as .=i cap_dac_override+p cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=i cap_dac_override+ep
cap_setpcap-i., ran as .=i cap_dac_override+ep cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=., ran as .=..
filecaps 0 INFO : Expected to run as .=i cap_dac_read_search+p
cap_setpcap-i., ran as .=i cap_dac_read_search+p cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=i cap_dac_read_search+ep
cap_setpcap-i., ran as .=i cap_dac_read_search+ep cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=., ran as .=..
filecaps 0 INFO : Expected to run as .=i cap_fowner+p cap_setpcap-i., ran
as .=i cap_fowner+p cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=i cap_fowner+ep cap_setpcap-i.,
ran as .=i cap_fowner+ep cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=., ran as .=..
filecaps 0 INFO : Expected to run as .=i cap_fsetid+p cap_setpcap-i., ran
as .=i cap_fsetid+p cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=i cap_fsetid+ep cap_setpcap-i.,
ran as .=i cap_fsetid+ep cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=., ran as .=..
filecaps 0 INFO : Expected to run as .=i cap_kill+p cap_setpcap-i., ran
as .=i cap_kill+p cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=i cap_kill+ep cap_setpcap-i., ran
as .=i cap_kill+ep cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=., ran as .=..
filecaps 0 INFO : Expected to run as .=i cap_setgid+p cap_setpcap-i., ran
as .=i cap_setgid+p cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=i cap_setgid+ep cap_setpcap-i.,
ran as .=i cap_setgid+ep cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=., ran as .=..
filecaps 0 INFO : Expected to run as .=i cap_setuid+p cap_setpcap-i., ran
as .=i cap_setuid+p cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=i cap_setuid+ep cap_setpcap-i.,
ran as .=i cap_setuid+ep cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=., ran as .=..
filecaps 0 INFO : Expected to run as .=i cap_linux_immutable+p
cap_setpcap-i., ran as .=i cap_linux_immutable+p cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=i cap_linux_immutable+ep
cap_setpcap-i., ran as .=i cap_linux_immutable+ep cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=., ran as .=..
filecaps 0 INFO : Expected to run as .=i cap_net_bind_service+p
cap_setpcap-i., ran as .=i cap_net_bind_service+p cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=i cap_net_bind_service+ep
cap_setpcap-i., ran as .=i cap_net_bind_service+ep cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=., ran as .=..
filecaps 0 INFO : Expected to run as .=i cap_net_broadcast+p
cap_setpcap-i., ran as .=i cap_net_broadcast+p cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=i cap_net_broadcast+ep
cap_setpcap-i., ran as .=i cap_net_broadcast+ep cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=., ran as .=..
filecaps 0 INFO : Expected to run as .=i cap_net_admin+p cap_setpcap-i.,
ran as .=i cap_net_admin+p cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=i cap_net_admin+ep cap_setpcap-i.,
ran as .=i cap_net_admin+ep cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=., ran as .=..
filecaps 0 INFO : Expected to run as .=i cap_net_raw+p cap_setpcap-i.,
ran as .=i cap_net_raw+p cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=i cap_net_raw+ep cap_setpcap-i.,
ran as .=i cap_net_raw+ep cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=., ran as .=..
filecaps 0 INFO : Expected to run as .=i cap_ipc_lock+p cap_setpcap-i.,
ran as .=i cap_ipc_lock+p cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=i cap_ipc_lock+ep cap_setpcap-i.,
ran as .=i cap_ipc_lock+ep cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=., ran as .=..
filecaps 0 INFO : Expected to run as .=i cap_ipc_owner+p cap_setpcap-i.,
ran as .=i cap_ipc_owner+p cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=i cap_ipc_owner+ep cap_setpcap-i.,
ran as .=i cap_ipc_owner+ep cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=., ran as .=..
filecaps 0 INFO : Expected to run as .=i cap_sys_module+p cap_setpcap-i.,
ran as .=i cap_sys_module+p cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=i cap_sys_module+ep
cap_setpcap-i., ran as .=i cap_sys_module+ep cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=., ran as .=..
filecaps 0 INFO : Expected to run as .=i cap_sys_rawio+p cap_setpcap-i.,
ran as .=i cap_sys_rawio+p cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=i cap_sys_rawio+ep cap_setpcap-i.,
ran as .=i cap_sys_rawio+ep cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=., ran as .=..
filecaps 0 INFO : Expected to run as .=i cap_sys_chroot+p cap_setpcap-i.,
ran as .=i cap_sys_chroot+p cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=i cap_sys_chroot+ep
cap_setpcap-i., ran as .=i cap_sys_chroot+ep cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=., ran as .=..
filecaps 0 INFO : Expected to run as .=i cap_sys_ptrace+p cap_setpcap-i.,
ran as .=i cap_sys_ptrace+p cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=i cap_sys_ptrace+ep
cap_setpcap-i., ran as .=i cap_sys_ptrace+ep cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=., ran as .=..
filecaps 0 INFO : Expected to run as .=i cap_sys_pacct+p cap_setpcap-i.,
ran as .=i cap_sys_pacct+p cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=i cap_sys_pacct+ep cap_setpcap-i.,
ran as .=i cap_sys_pacct+ep cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=., ran as .=..
filecaps 0 INFO : Expected to run as .=i cap_sys_admin+p cap_setpcap-i.,
ran as .=i cap_sys_admin+p cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=i cap_sys_admin+ep cap_setpcap-i.,
ran as .=i cap_sys_admin+ep cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=., ran as .=..
filecaps 0 INFO : Expected to run as .=i cap_sys_boot+p cap_setpcap-i.,
ran as .=i cap_sys_boot+p cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=i cap_sys_boot+ep cap_setpcap-i.,
ran as .=i cap_sys_boot+ep cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=., ran as .=..
filecaps 0 INFO : Expected to run as .=i cap_sys_nice+p cap_setpcap-i.,
ran as .=i cap_sys_nice+p cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=i cap_sys_nice+ep cap_setpcap-i.,
ran as .=i cap_sys_nice+ep cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=., ran as .=..
filecaps 0 INFO : Expected to run as .=i cap_sys_resource+p
cap_setpcap-i., ran as .=i cap_sys_resource+p cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=i cap_sys_resource+ep
cap_setpcap-i., ran as .=i cap_sys_resource+ep cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=., ran as .=..
filecaps 0 INFO : Expected to run as .=i cap_sys_time+p cap_setpcap-i.,
ran as .=i cap_sys_time+p cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=i cap_sys_time+ep cap_setpcap-i.,
ran as .=i cap_sys_time+ep cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=., ran as .=..
filecaps 0 INFO : Expected to run as .=i cap_sys_tty_config+p
cap_setpcap-i., ran as .=i cap_sys_tty_config+p cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=i cap_sys_tty_config+ep
cap_setpcap-i., ran as .=i cap_sys_tty_config+ep cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=., ran as .=..
filecaps 0 INFO : Expected to run as .=i cap_mknod+p cap_setpcap-i., ran
as .=i cap_mknod+p cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=i cap_mknod+ep cap_setpcap-i., ran
as .=i cap_mknod+ep cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=., ran as .=..
filecaps 0 INFO : Expected to run as .=i cap_lease+p cap_setpcap-i., ran
as .=i cap_lease+p cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=i cap_lease+ep cap_setpcap-i., ran
as .=i cap_lease+ep cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=., ran as .=..
filecaps 0 INFO : Expected to run as .=i cap_audit_write+p
cap_setpcap-i., ran as .=i cap_audit_write+p cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=i cap_audit_write+ep
cap_setpcap-i., ran as .=i cap_audit_write+ep cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=., ran as .=..
filecaps 0 INFO : Expected to run as .=i cap_audit_control+p
cap_setpcap-i., ran as .=i cap_audit_control+p cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=i cap_audit_control+ep
cap_setpcap-i., ran as .=i cap_audit_control+ep cap_setpcap-i..
filecaps 0 INFO : Expected to run as .=., ran as .=..
filecaps 1 PASS : All tests passed
testing for correct pI checks
filecaps 0 INFO : start
filecaps 0 INFO : =ep
filecaps 0 INFO : after raising all caps
filecaps 0 INFO : =eip
filecaps 0 INFO : after first drop cap_sys_admin
filecaps 0 INFO : =eip cap_sys_admin-eip
filecaps 0 INFO : after first raise cap_sys_admin
filecaps 0 INFO : =eip cap_sys_admin-ep
filecaps 0 INFO : after drop cappset
filecaps 0 INFO : =ip cap_sys_admin-p
filecaps 0 INFO : after second drop cap_sys_admin
filecaps 0 INFO : =eip cap_setpcap-e cap_sys_admin-eip
filecaps 0 INFO : final
filecaps 0 INFO : =eip cap_setpcap-e cap_sys_admin-eip
filecaps 1 PASS : pI is properly capped
incrementing stop
<<<execution_status>>>
duration=0 termination_type=exited termination_id=0 corefile=no
cutime=1 cstime=2
<<<test_end>>>
INFO: pan reported all tests PASS
LTP Version: LTP-20071231
###############################################################"
Done executing testcases."
log result(s) is in /usr/src/ltp-full-20071231-filecaps/results
directory"
output/failed result(s) in
/usr/src/ltp-full-20071231-filecaps/output directory [If you did not provide
Absolute Path]
LTP Version: LTP-20071231
###############################################################"
