On Mon, Oct 4, 2010 at 7:06 AM, Serge E. Hallyn
<[email protected]> wrote:
> Quoting Garrett Cooper ([email protected]):
>> Hi Serge,
>> Some comments about your provided code.
>
> Thanks.
>
>> > +AC_DEFUN([LTP_CHECK_SECUREBITS],
>> > +AC_CHECK_HEADERS(linux/securebits.h,[
>> > + LTP_SECUREBITS=yes
>> > +])
>> > +)
>>
>> Some checks should probably be added for versioning as well as symbols
>> that get passed to prctl(2) (I'm not sure if checking for the symbols
>> that get passed to prctl(2) here is the correct way to go about things
>> though).
>
> Not sure how we would check the versioning, bc there is no versioning
> info in the interface.
Just checking for the symbols used with an autoconf test would be ok,
because according to the kernel.org manpage [1] some of these symbols
have only existed for the past year or two (and thus someone like
Mitani-san will come on the list and say that RHEL 4.x or 5.x compiles
are broken by the new test :)).
> ...
>
>> > + case 3:
>> > + ret = prctl(PR_GET_SECUREBITS);
>>
>> What if this call fails?
>
> It doesn't pass or fail. The return value is simply the current
> securebits.
According to the manpage [1], this syscall can fail.
>> > + ret = prctl(PR_SET_SECUREBITS, ret | SECBIT_KEEP_CAPS);
>> > + if (ret == -1) {
>> > + tst_resm(TFAIL|TERRNO, "PR_SET_SECUREBITS
>> > failed\n");
>> > + tst_exit();
>> > + }
>
>> > +#!/bin/sh
>> > +
>> > +echo "testing keepcaps"
>> > +check_keepcaps 1
>> > +tmp=$?
>> > +if [ $tmp -ne 0 ]; then
>> > + exit_code=$tmp
>> > +fi
>> > +check_keepcaps 2
>> > +tmp=$?
>> > +if [ $tmp -ne 0 ]; then
>> > + exit_code=$tmp
>> > +fi
>> > +check_keepcaps 3
>> > +tmp=$?
>> > +if [ $tmp -ne 0 ]; then
>> > + exit_code=$tmp
>> > +fi
>> > +
>> > +exit $exit_code
>>
>> What if (for instance) test 1 fails, and tests 2 or 3 pass?
>
> Yeah, I didn't do that right, and maybe it would be best
> to just shortcut on the first failure anyway.
That's what I thought. The only thing you lose is coverage potentially
if one of the tests is broken :/.
Thanks!
-Garrett
[1] http://www.kernel.org/doc/man-pages/online/pages/man2/prctl.2.html
------------------------------------------------------------------------------
Virtualization is moving to the mainstream and overtaking non-virtualized
environment for deploying applications. Does it make network security
easier or more difficult to achieve? Read this whitepaper to separate the
two and get a better understanding.
http://p.sf.net/sfu/hp-phase2-d2d
_______________________________________________
Ltp-list mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ltp-list
