/******************************************************************************/ /* */ /* Copyright (c) International Business Machines Corp., 2007, 2008 */ /* */ /* This program is free software; you can redistribute it and/or modify */ /* it under the terms of the GNU General Public License as published by */ /* the Free Software Foundation; either version 2 of the License, or */ /* (at your option) any later version. */ /* */ /* This program is distributed in the hope that it will be useful, */ /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See */ /* the GNU General Public License for more details. */ /* */ /* You should have received a copy of the GNU General Public License */ /* along with this program; if not, write to the Free Software */ /* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ /* */ /******************************************************************************/ /* * File: cap_bset_inh_bounds.c * Author: Serge Hallyn * Purpose: test bounding set constraint on pI * (X = the capability bounding set) * 1. if N \in pI, then dropping N from X does not drop it from pI * 2. if N \notin X and N \notin pI, then adding N to pI fails */ #include #include "config.h" #if HAVE_SYS_CAPABILITY_H #include #include #endif #include #include "test.h" char *TCID = "cap_bounds_r"; int TST_TOTAL = 2; int main(void) { #if HAVE_SYS_CAPABILITY_H #if HAVE_DECL_PR_CAPBSET_READ && HAVE_DECL_PR_CAPBSET_DROP #ifdef HAVE_LIBCAP int ret = 1; cap_value_t v[1]; cap_flag_value_t f; cap_t cur, tmpcap; /* We pick a random capability... let's use CAP_SYS_ADMIN */ /* make sure we have the capability now */ ret = prctl(PR_CAPBSET_READ, CAP_SYS_ADMIN); if (ret != 1) { tst_brkm(TBROK, NULL, "Not starting with CAP_SYS_ADMIN"); } /* Make sure it's in pI */ cur = cap_from_text("all=eip"); if (!cur) { tst_brkm(TBROK, NULL, "Failed to create cap_sys_admin+i cap_t (errno %d)", errno); } ret = cap_set_proc(cur); if (ret) { tst_brkm(TBROK, NULL, "Failed to cap_set_proc with cap_sys_admin+i (ret %d errno %d)", ret, errno); } cap_free(cur); cur = cap_get_proc(); ret = cap_get_flag(cur, CAP_SYS_ADMIN, CAP_INHERITABLE, &f); if (ret || f != CAP_SET) { tst_brkm(TBROK, NULL, "Failed to add CAP_SYS_ADMIN to pI"); } cap_free(cur); /* drop the capability from bounding set */ ret = prctl(PR_CAPBSET_DROP, CAP_SYS_ADMIN); if (ret) { tst_resm(TFAIL, "Failed to drop CAP_SYS_ADMIN from bounding set."); tst_resm(TINFO, "(ret=%d, errno %d)", ret, errno); tst_exit(); } /* test 1: is CAP_SYS_ADMIN still in pI? */ cur = cap_get_proc(); ret = cap_get_flag(cur, CAP_SYS_ADMIN, CAP_INHERITABLE, &f); if (ret || f != CAP_SET) { tst_brkm(TFAIL, NULL, "CAP_SYS_ADMIN not in pI after dropping from bounding set"); } tst_resm(TPASS, "CAP_SYS_ADMIN remains in pI after removing from bounding set"); tmpcap = cap_dup(cur); v[0] = CAP_SYS_ADMIN; ret = cap_set_flag(tmpcap, CAP_INHERITABLE, 1, v, CAP_CLEAR); if (ret) { tst_brkm(TFAIL, NULL, "Failed to drop CAP_SYS_ADMIN from cap_t"); } ret = cap_set_proc(tmpcap); if (ret) { tst_brkm(TFAIL, NULL, "Failed to drop CAP_SYS_ADMIN from pI"); } cap_free(tmpcap); /* test 2: can we put it back in pI? */ ret = cap_set_proc(cur); if (ret == 0) { /* success means pI was not bounded by X */ tst_brkm(TFAIL, NULL, "Managed to put CAP_SYS_ADMIN back into pI though not in X"); } cap_free(cur); tst_resm(TPASS, "Couldn't put CAP_SYS_ADMIN back into pI when not in bounding set"); #else /* HAVE_LIBCAP */ tst_resm(TCONF, "System doesn't have POSIX capabilities."); #endif #else /* HAVE_DECL_PR_CAPBSET_READ && HAVE_DECL_PR_CAPBSET_DROP */ tst_resm(TCONF, "System doesn't have CAPBSET prctls."); #endif #else /* HAVE_SYS_CAPABILITY_H */ tst_resm(TCONF, "System doesn't have sys/capability.h."); #endif tst_exit(); }