[LTP] [PATCH v1 3/4] syscalls/capset03: add new EPERM error test without CAP_SETPCAP
Yang Xu
xuyang2018.jy@cn.fujitsu.com
Wed Jan 8 04:19:14 CET 2020
Hi
> Hi!
>> +static void setup(void)
>> +{
>> + pid_t pid;
>> +
>> + pid = getpid();
>> + header.pid = pid;
>> + if (geteuid() == 0) {
>> + TEST(tst_syscall(__NR_capset, &header, data));
>> + if (TST_RET == -1)
>> + tst_brk(TBROK | TTERRNO, "capset data failed");
>> + }
>
> Please don't do that. If tests needs root (even for a subset of the
> test) just set the .needs_root flag.
>
This test doesn't need root. These code is designed to create a
envrionment for root user to generate this type EPERM
error(new_Inheritable is not a subset of old_Inheritable and
old_Permitted without CAP_SETPCAP).
root user:
old pI: CAP_KILL
old pP: CAP_KILL
new pI: CAP_KILL + CAP_NET_RAW
other user:
old pI: 0
old pP: 0
new pI: CAP_KILL + CAP_NET_RAW
other user also met condition and can generate this EPERM error.
ps: In capset03, getpid() is useless, we can use pid = 0 to replace.
Also, if we can use pid =0 in error test, maybe we don't need to test
pid =0 in capget01/capset01.c . What do you think about it?
>> +}
>> +
>> +static struct tst_test test = {
>> + .setup = setup,
>> + .test_all = verify_capset,
>> + .caps = (struct tst_cap []) {
>> + TST_CAP(TST_CAP_DROP, CAP_SETPCAP),
>> + {}
>> + },
>> +};
>> --
>> 2.18.0
>>
>>
>>
>>
>> --
>> Mailing list info: https://lists.linux.it/listinfo/ltp
>
More information about the ltp
mailing list