On Tue, 2009-04-28 at 08:37 -0500, Serge E. Hallyn wrote: > Quoting Subrata Modak ([email protected]): > > On Wed, 2009-04-22 at 18:11 -0500, Serge E. Hallyn wrote: > > > Add capability bounding set testcases, to verify the following: > > > > > > 1. prctl(CAP_BSET_READ, 0..NCAPS) returns 1 > > > 2. prctl(CAP_BSET_READ, -1|NCAPS+1) return -1 > > > > > > 3. prctl(CAP_BSET_DROP, -1|NCAPS+1) returns -1 > > > 4. prctl(CAP_BSET_DROP, 0..NCAPS) returns 1 > > > 4b. prctl(CAP_BSET_READ, N) returns 0 after each unset, 1 for > > > those not yet removed > > > > > > 5. fI=empty; N \notin pP; prctl(CAPBSET_DROP, N); setting pI=N > > > fails > > > > > > 6. pI=N; fI=fE=N; prctl(CAPBSET_DROP, N); exec(f) - N \in pE > > > (or make f setuid-root) > > > 7. pI=0; fI=fE=N; prctl(CAPBSET_DROP, N); exec(f) - N \notin pE > > > (or make f setuid-root) > > > > > > A set of securebits and keepcaps tests have yet to be written (as > > > per an email I sent a few months ago). > > > > > > Signed-off-by: Serge Hallyn <[email protected]> > > > > Thanks Serge. Here are the results run on the following machine: > > > > # uname -a > > Linux 2.6.29-5-default #1 SMP Tue Apr 21 20:04:44 IST 2009 x86_64 x86_64 > > x86_64 GNU/Linux > > > > <<<test_output>>> > > testing bounding set reading > > cap_bounds_r 1 FAIL : prctl(CAP_BSET_READ, 0) returned 0 > > testing bounding set dropping > > cap_bounds_rw 1 FAIL : Bit 1 wasn't yet dropped, but isn't in > > bounding set > > cap_bounds_rw 2 FAIL : after dropping bits 0..0, 1 was not in > > bounding set > > Good.
Thanks > > checking bounding set constraint in pI > > cap_bounds_r 1 BROK : Not starting with CAP_SYS_ADMIN > > check_pe 1 PASS : cap is in pE > > check_pe 1 PASS : cap is not in pE > > <<<execution_status>>> > > > > Are these failures expected for 2.6.29 ? Also please find attached the > > kernel config file on which i tested this. > > yeah, fix your kernel :) > Great. Since 29 is already out, i am hoping that it should be fixed by the time 30 is out. If time permits, i will give a try in any of the intermediate RC-s to see if the problem still persists. Regards-- Subrata > That's why I started with this set of tests... Unfortunately. > > thanks, > -serge ------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf _______________________________________________ Ltp-list mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ltp-list
