Quoting Garrett Cooper ([email protected]):
> Hi Serge,
> Some comments about your provided code.
Thanks.
> > +AC_DEFUN([LTP_CHECK_SECUREBITS],
> > +AC_CHECK_HEADERS(linux/securebits.h,[
> > + LTP_SECUREBITS=yes
> > +])
> > +)
>
> Some checks should probably be added for versioning as well as symbols
> that get passed to prctl(2) (I'm not sure if checking for the symbols
> that get passed to prctl(2) here is the correct way to go about things
> though).
Not sure how we would check the versioning, bc there is no versioning
info in the interface.
...
> > + case 3:
> > + ret = prctl(PR_GET_SECUREBITS);
>
> What if this call fails?
It doesn't pass or fail. The return value is simply the current
securebits.
> > + ret = prctl(PR_SET_SECUREBITS, ret | SECBIT_KEEP_CAPS);
> > + if (ret == -1) {
> > + tst_resm(TFAIL|TERRNO, "PR_SET_SECUREBITS
> > failed\n");
> > + tst_exit();
> > + }
> > +#!/bin/sh
> > +
> > +echo "testing keepcaps"
> > +check_keepcaps 1
> > +tmp=$?
> > +if [ $tmp -ne 0 ]; then
> > + exit_code=$tmp
> > +fi
> > +check_keepcaps 2
> > +tmp=$?
> > +if [ $tmp -ne 0 ]; then
> > + exit_code=$tmp
> > +fi
> > +check_keepcaps 3
> > +tmp=$?
> > +if [ $tmp -ne 0 ]; then
> > + exit_code=$tmp
> > +fi
> > +
> > +exit $exit_code
>
> What if (for instance) test 1 fails, and tests 2 or 3 pass?
Yeah, I didn't do that right, and maybe it would be best
to just shortcut on the first failure anyway.
thanks,
-serge
------------------------------------------------------------------------------
Virtualization is moving to the mainstream and overtaking non-virtualized
environment for deploying applications. Does it make network security
easier or more difficult to achieve? Read this whitepaper to separate the
two and get a better understanding.
http://p.sf.net/sfu/hp-phase2-d2d
_______________________________________________
Ltp-list mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ltp-list
