[LTP] [PATCH v2] security: add missing PR_CAPBSET_READ/PR_CAPBSET_DROP check

Yang Xu xuyang2018.jy@cn.fujitsu.com
Thu May 16 08:52:59 CEST 2019


PR_CAPBSET_READ/PR_CAPNSET_DROP was added since linux2.6.25,
current ltp detected them in ltp-prctl.m4, but three places
missed this check. So add it, fix possible compiler error
on some old dirtros without PR_CAPBSET_READ/PR_CAPNSET_DROP flag.

Signed-off-by: Yang Xu <xuyang2018.jy@cn.fujitsu.com>
---
 testcases/kernel/security/cap_bound/exec_with_inh.c    | 4 ++++
 testcases/kernel/security/cap_bound/exec_without_inh.c | 4 ++++
 testcases/kernel/security/filecaps/verify_caps_exec.c  | 5 +++++
 3 files changed, 13 insertions(+)

diff --git a/testcases/kernel/security/cap_bound/exec_with_inh.c b/testcases/kernel/security/cap_bound/exec_with_inh.c
index dd9ddb574..13814798e 100644
--- a/testcases/kernel/security/cap_bound/exec_with_inh.c
+++ b/testcases/kernel/security/cap_bound/exec_with_inh.c
@@ -41,6 +41,7 @@ int TST_TOTAL = 1;
 int main(int argc, char *argv[])
 {
 #if HAVE_SYS_CAPABILITY_H
+#if HAVE_DECL_PR_CAPBSET_DROP
 #ifdef HAVE_LIBCAP
 	int ret = 1;
 	cap_flag_value_t f;
@@ -84,6 +85,9 @@ int main(int argc, char *argv[])
 #else /* HAVE_LIBCAP */
 	tst_resm(TCONF, "System doesn't have POSIX capabilities.");
 #endif
+#else /* HAVE_DECL_PR_CAPBSET_DROP*/
+	tst_resm(TCONF, "System doesn't have CAPBSET prctls");
+#endif
 #else /* HAVE_SYS_CAPABILITY_H */
 	tst_resm(TCONF, "System doesn't have sys/capability.h.");
 #endif
diff --git a/testcases/kernel/security/cap_bound/exec_without_inh.c b/testcases/kernel/security/cap_bound/exec_without_inh.c
index 29b31238a..0d13d48c3 100644
--- a/testcases/kernel/security/cap_bound/exec_without_inh.c
+++ b/testcases/kernel/security/cap_bound/exec_without_inh.c
@@ -41,6 +41,7 @@ int TST_TOTAL = 1;
 int main(int argc, char *argv[])
 {
 #if HAVE_SYS_CAPABILITY_H
+#if HAVE_DECL_PR_CAPBSET_DROP
 #ifdef HAVE_LIBCAP
 	int ret = 1;
 	cap_flag_value_t f;
@@ -81,6 +82,9 @@ int main(int argc, char *argv[])
 #else /* libcap */
 	tst_resm(TCONF, "System doesn't have POSIX capabilities.");
 #endif
+#else /* HAVE_DECL_PR_CAPBSET_DROP */
+	tst_resm(TCONF, "System doesn't have CAPBSET prctls");
+#endif
 #else /* capability_h */
 	tst_resm(TCONF, "System doesn't have sys/capability.h.");
 #endif
diff --git a/testcases/kernel/security/filecaps/verify_caps_exec.c b/testcases/kernel/security/filecaps/verify_caps_exec.c
index 090ac5c90..3e6794102 100644
--- a/testcases/kernel/security/filecaps/verify_caps_exec.c
+++ b/testcases/kernel/security/filecaps/verify_caps_exec.c
@@ -226,7 +226,12 @@ static int caps_actually_set_test(void)
 	int num_caps;
 
 	for (num_caps = 0;; num_caps++) {
+#if HAVE_DECL_PR_CAPBSET_READ
 		ret = prctl(PR_CAPBSET_READ, num_caps);
+#else
+		tst_resm(TCONF, "System doesn't have CAPBSET prctls");
+		ret = -1;
+#endif
 		/*
 		 * Break from the loop in this manner to avoid incrementing,
 		 * then having to decrement value.
-- 
2.18.1





More information about the ltp mailing list