[LTP] [PATCH v1 3/4] syscalls/capset03: add new EPERM error test without CAP_SETPCAP

Yang Xu xuyang2018.jy@cn.fujitsu.com
Wed Jan 8 04:19:14 CET 2020


Hi
> Hi!
>> +static void setup(void)
>> +{
>> +	pid_t pid;
>> +
>> +	pid = getpid();
>> +	header.pid = pid;
>> +	if (geteuid() == 0) {
>> +		TEST(tst_syscall(__NR_capset, &header, data));
>> +		if (TST_RET == -1)
>> +			tst_brk(TBROK | TTERRNO, "capset data failed");
>> +	}
> 
> Please don't do that. If tests needs root (even for a subset of the
> test) just set the .needs_root flag.
> 
This test doesn't need root. These code is designed to create a 
envrionment for root user to generate this type EPERM 
error(new_Inheritable is not a subset of old_Inheritable and 
old_Permitted without CAP_SETPCAP).
root user:
old pI: CAP_KILL
old pP: CAP_KILL
new pI: CAP_KILL + CAP_NET_RAW

other user:
old pI: 0
old pP: 0
new pI: CAP_KILL + CAP_NET_RAW

other user also met condition and can generate this EPERM error.

ps: In capset03, getpid() is useless, we can use pid = 0 to replace.
Also, if we can use pid =0 in error test, maybe we don't need to test 
pid =0 in capget01/capset01.c . What do you think about it?
>> +}
>> +
>> +static struct tst_test test = {
>> +	.setup = setup,
>> +	.test_all = verify_capset,
>> +	.caps = (struct tst_cap []) {
>> +		TST_CAP(TST_CAP_DROP, CAP_SETPCAP),
>> +		{}
>> +	},
>> +};
>> -- 
>> 2.18.0
>>
>>
>>
>>
>> -- 
>> Mailing list info: https://lists.linux.it/listinfo/ltp
> 




More information about the ltp mailing list