Hi,
The regress/sys/kern/pledge/generic test is disabled and currently
failing mostly due to the fact that wlpaths is disabled in GENERIC
kernel.
So remove (or disable exactly) parts related to wlpaths in "generic"
test suite also.
It also remove test_mmap() function which tested prot_exec promise. Due
to kern.wxabort, it is a more complex thing to test now (requires a
wxallow partition).
I also have some additionnal tests outside "generic" that I will polish
a bit and propose to addition.
The "generic" test suite was testing lot of things, but it isn't very
practical for rerun only individual tests. Futher tests additions should
occurs as individual tests (as "regress/sys/kern/pledge/ioctl"). I will
also try to rewrite tests in generic as individual tests.
Thanks.
--
Sebastien Marie
Index: main.c
===================================================================
RCS file: /cvs/src/regress/sys/kern/pledge/generic/main.c,v
retrieving revision 1.8
diff -u -p -r1.8 main.c
--- main.c 30 Oct 2015 07:24:20 -0000 1.8
+++ main.c 19 Feb 2017 06:14:04 -0000
@@ -61,6 +61,7 @@ test_kill()
kill(0, SIGINT);
}
+#ifdef WLPATHS
static void
open_close(const char *filename)
{
@@ -96,16 +97,16 @@ test_wpaths()
printf("\n");
exit(EXIT_SUCCESS);
}
+#endif
static void
test_pledge()
{
- const char *wpaths[] = { "/sbin", NULL };
-
- if (pledge("stdio rpath", wpaths) != 0)
+ if (pledge("stdio rpath", NULL) != 0)
_exit(errno);
}
+#ifdef WLPATHS
static void
do_stat(const char *path)
{
@@ -150,25 +151,7 @@ test_stat()
printf("\n");
exit(EXIT_SUCCESS);
}
-
-static void
-test_mmap()
-{
- int fd;
- void * data;
-
- if ((fd = open("/dev/zero", O_RDONLY, 0)) == -1)
- _exit(errno);
-
- data = mmap(NULL, 4096, PROT_READ|PROT_WRITE|PROT_EXEC,
- MAP_FILE|MAP_SHARED, fd, 0);
-
- if (data == MAP_FAILED)
- _exit(errno);
-
- munmap(data, 4096);
- close(fd);
-}
+#endif
static void
test_rpath()
@@ -247,6 +230,7 @@ main(int argc, char *argv[])
start_test(&ret, "stdio wpath", NULL, test_wpath);
start_test(&ret, "cpath", NULL, test_cpath);
+#if WLPATHS
/*
* test whitelist path
*/
@@ -261,6 +245,7 @@ main(int argc, char *argv[])
start_test1(&ret, "stdio rpath", "generic", test_wpaths);
start_test1(&ret, "stdio rpath", "", test_wpaths);
start_test1(&ret, "stdio rpath", ".", test_wpaths);
+#endif
/*
* test pledge(2) arguments
@@ -269,20 +254,15 @@ main(int argc, char *argv[])
start_test(&ret, "stdio rpath", NULL, test_pledge);
/* reduce request */
start_test(&ret, "stdio rpath wpath", NULL, test_pledge);
- /* reduce request (with same/other wpaths) */
- start_test1(&ret, "stdio rpath wpath", "/sbin", test_pledge);
- start_test1(&ret, "stdio rpath wpath", "/", test_pledge);
/* add request */
start_test(&ret, "stdio", NULL, test_pledge);
/* change request */
start_test(&ret, "stdio unix", NULL, test_pledge);
/* test stat(2) */
+#if WLPATHS
start_test1(&ret, "stdio rpath", "/usr/share/man", test_stat);
-
- /* mmap */
- start_test1(&ret, "stdio rpath prot_exec", "/dev/zero", test_mmap);
- start_test1(&ret, "stdio rpath", "/dev/zero", test_mmap);
+#endif
/* stdio */
start_test(&ret, NULL, NULL, test_request_stdio);
Index: tests.out
===================================================================
RCS file: /cvs/src/regress/sys/kern/pledge/generic/tests.out,v
retrieving revision 1.12
diff -u -p -r1.12 tests.out
--- tests.out 9 Jan 2016 06:13:43 -0000 1.12
+++ tests.out 19 Feb 2017 06:14:04 -0000
@@ -10,82 +10,9 @@ test(test_kill): pledge=("stdio",NULL) s
test(test_rpath): pledge=("stdio rpath",NULL) status=0 exit=0
test(test_wpath): pledge=("stdio wpath",NULL) status=0 exit=0
test(test_cpath): pledge=("cpath",NULL) status=0 exit=0
-test(test_wpaths): pledge=("stdio rpath",NULL)
- open_close("/etc/passwd") fd=3 errno=0
- open_close("generic") fd=3 errno=0
- open_close("../../../../../../../../../../../../../../../etc/passwd") fd=3
errno=0
- open_close("/nonexistent") fd=-1 errno=2
- status=0 exit=0
-test(test_wpaths): pledge=("stdio rpath",{NULL})
- open_close("/etc/passwd") fd=-1 errno=2
- open_close("generic") fd=-1 errno=2
- open_close("../../../../../../../../../../../../../../../etc/passwd") fd=-1
errno=2
- open_close("/nonexistent") fd=-1 errno=2
- status=0 exit=0
-test(test_wpaths): pledge=("stdio rpath",{"/",NULL})
- open_close("/etc/passwd") fd=3 errno=0
- open_close("generic") fd=3 errno=0
- open_close("../../../../../../../../../../../../../../../etc/passwd") fd=3
errno=0
- open_close("/nonexistent") fd=-1 errno=2
- status=0 exit=0
-test(test_wpaths): pledge=("stdio rpath",{"/etc",NULL})
- open_close("/etc/passwd") fd=3 errno=0
- open_close("generic") fd=-1 errno=2
- open_close("../../../../../../../../../../../../../../../etc/passwd") fd=3
errno=0
- open_close("/nonexistent") fd=-1 errno=2
- status=0 exit=0
-test(test_wpaths): pledge=("stdio rpath",{"/etc/",NULL})
- open_close("/etc/passwd") fd=3 errno=0
- open_close("generic") fd=-1 errno=2
- open_close("../../../../../../../../../../../../../../../etc/passwd") fd=3
errno=0
- open_close("/nonexistent") fd=-1 errno=2
- status=0 exit=0
-test(test_wpaths): pledge=("stdio rpath",{"/etc/passwd",NULL})
- open_close("/etc/passwd") fd=3 errno=0
- open_close("generic") fd=-1 errno=2
- open_close("../../../../../../../../../../../../../../../etc/passwd") fd=3
errno=0
- open_close("/nonexistent") fd=-1 errno=2
- status=0 exit=0
-test(test_wpaths): pledge=("stdio rpath",{"/bin",NULL})
- open_close("/etc/passwd") fd=-1 errno=2
- open_close("generic") fd=-1 errno=2
- open_close("../../../../../../../../../../../../../../../etc/passwd") fd=-1
errno=2
- open_close("/nonexistent") fd=-1 errno=2
- status=0 exit=0
-test(test_wpaths): pledge=("stdio rpath",{"generic",NULL})
- open_close("/etc/passwd") fd=-1 errno=2
- open_close("generic") fd=3 errno=0
- open_close("../../../../../../../../../../../../../../../etc/passwd") fd=-1
errno=2
- open_close("/nonexistent") fd=-1 errno=2
- status=0 exit=0
-test(test_wpaths): pledge=("stdio rpath",{"",NULL})
- open_close("/etc/passwd") fd=-1 errno=2
- open_close("generic") fd=3 errno=0
- open_close("../../../../../../../../../../../../../../../etc/passwd") fd=-1
errno=2
- open_close("/nonexistent") fd=-1 errno=2
- status=0 exit=0
-test(test_wpaths): pledge=("stdio rpath",{".",NULL})
- open_close("/etc/passwd") fd=-1 errno=2
- open_close("generic") fd=3 errno=0
- open_close("../../../../../../../../../../../../../../../etc/passwd") fd=-1
errno=2
- open_close("/nonexistent") fd=-1 errno=2
- status=0 exit=0
test(test_pledge): pledge=("stdio rpath",NULL) status=0 exit=0
test(test_pledge): pledge=("stdio rpath wpath",NULL) status=0 exit=0
-test(test_pledge): pledge=("stdio rpath wpath",{"/sbin",NULL}) status=256
exit=1 (errno: "Operation not permitted")
-test(test_pledge): pledge=("stdio rpath wpath",{"/",NULL}) status=256 exit=1
(errno: "Operation not permitted")
test(test_pledge): pledge=("stdio",NULL) status=256 exit=1 (errno: "Operation
not permitted")
test(test_pledge): pledge=("stdio unix",NULL) status=256 exit=1 (errno:
"Operation not permitted")
-test(test_stat): pledge=("stdio rpath",{"/usr/share/man",NULL})
- stat("/usr/share/man/man8/afterboot.8"):
realpath="/usr/share/man/man8/afterboot.8" uid=0 gid=7 mode=100444
- stat("/usr/share/man/man8/"): realpath="/usr/share/man/man8" uid=0 gid=0
mode=40755
- stat("/usr/share/man"): realpath="/usr/share/man" uid=0 gid=0 mode=40755
- stat("/usr/share"): realpath="/usr/share" uid=0 gid=0 mode=40111
- stat("/usr"): realpath="/usr" uid=0 gid=0 mode=40111
- stat("/"): realpath="/" uid=0 gid=0 mode=40111
- stat("/usr/bin/gzip"): realpath=failed(2) errno=2
- status=0 exit=0
-test(test_mmap): pledge=("stdio rpath prot_exec",{"/dev/zero",NULL}) status=0
exit=0
-test(test_mmap): pledge=("stdio rpath",{"/dev/zero",NULL}) status=134 signal=6
coredump=present pledged_syscall=197
test(test_request_stdio): pledge=skip status=0 exit=0
test(test_request_tty): pledge=skip status=0 exit=0
