Quoting Subrata Modak ([email protected]): > On Wed, 2009-04-22 at 18:11 -0500, Serge E. Hallyn wrote: > > Add capability bounding set testcases, to verify the following: > > > > 1. prctl(CAP_BSET_READ, 0..NCAPS) returns 1 > > 2. prctl(CAP_BSET_READ, -1|NCAPS+1) return -1 > > > > 3. prctl(CAP_BSET_DROP, -1|NCAPS+1) returns -1 > > 4. prctl(CAP_BSET_DROP, 0..NCAPS) returns 1 > > 4b. prctl(CAP_BSET_READ, N) returns 0 after each unset, 1 for > > those not yet removed > > > > 5. fI=empty; N \notin pP; prctl(CAPBSET_DROP, N); setting pI=N fails > > > > 6. pI=N; fI=fE=N; prctl(CAPBSET_DROP, N); exec(f) - N \in pE > > (or make f setuid-root) > > 7. pI=0; fI=fE=N; prctl(CAPBSET_DROP, N); exec(f) - N \notin pE > > (or make f setuid-root) > > > > A set of securebits and keepcaps tests have yet to be written (as > > per an email I sent a few months ago). > > > > Signed-off-by: Serge Hallyn <[email protected]> > > Thanks Serge. Here are the results run on the following machine: > > # uname -a > Linux 2.6.29-5-default #1 SMP Tue Apr 21 20:04:44 IST 2009 x86_64 x86_64 > x86_64 GNU/Linux > > <<<test_output>>> > testing bounding set reading > cap_bounds_r 1 FAIL : prctl(CAP_BSET_READ, 0) returned 0 > testing bounding set dropping > cap_bounds_rw 1 FAIL : Bit 1 wasn't yet dropped, but isn't in > bounding set > cap_bounds_rw 2 FAIL : after dropping bits 0..0, 1 was not in > bounding set
Good. > checking bounding set constraint in pI > cap_bounds_r 1 BROK : Not starting with CAP_SYS_ADMIN > check_pe 1 PASS : cap is in pE > check_pe 1 PASS : cap is not in pE > <<<execution_status>>> > > Are these failures expected for 2.6.29 ? Also please find attached the > kernel config file on which i tested this. yeah, fix your kernel :) That's why I started with this set of tests... Unfortunately. thanks, -serge ------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf _______________________________________________ Ltp-list mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ltp-list
