From: "Serge E. Hallyn" <serge.hallyn@canonical.com>
To: Garrett Cooper <yanegomi@gmail.com>
Cc: ltp-list@lists.sf.net, Subrata Modak1 <subrata.modak@in.ibm.com>
Subject: Re: [LTP] [PATCH] securebits: add secure_keepcaps testcases
Date: Mon, 4 Oct 2010 09:06:51 -0500 [thread overview]
Message-ID: <20101004140650.GG19814@hallyn.com> (raw)
In-Reply-To: <AANLkTikGmyHTu8ncUROKraoSffkbHqeNOAe7U3nAkU65@mail.gmail.com>
Quoting Garrett Cooper (yanegomi@gmail.com):
> Hi Serge,
> Some comments about your provided code.
Thanks.
> > +AC_DEFUN([LTP_CHECK_SECUREBITS],
> > +AC_CHECK_HEADERS(linux/securebits.h,[
> > + LTP_SECUREBITS=yes
> > +])
> > +)
>
> Some checks should probably be added for versioning as well as symbols
> that get passed to prctl(2) (I'm not sure if checking for the symbols
> that get passed to prctl(2) here is the correct way to go about things
> though).
Not sure how we would check the versioning, bc there is no versioning
info in the interface.
...
> > + case 3:
> > + ret = prctl(PR_GET_SECUREBITS);
>
> What if this call fails?
It doesn't pass or fail. The return value is simply the current
securebits.
> > + ret = prctl(PR_SET_SECUREBITS, ret | SECBIT_KEEP_CAPS);
> > + if (ret == -1) {
> > + tst_resm(TFAIL|TERRNO, "PR_SET_SECUREBITS failed\n");
> > + tst_exit();
> > + }
> > +#!/bin/sh
> > +
> > +echo "testing keepcaps"
> > +check_keepcaps 1
> > +tmp=$?
> > +if [ $tmp -ne 0 ]; then
> > + exit_code=$tmp
> > +fi
> > +check_keepcaps 2
> > +tmp=$?
> > +if [ $tmp -ne 0 ]; then
> > + exit_code=$tmp
> > +fi
> > +check_keepcaps 3
> > +tmp=$?
> > +if [ $tmp -ne 0 ]; then
> > + exit_code=$tmp
> > +fi
> > +
> > +exit $exit_code
>
> What if (for instance) test 1 fails, and tests 2 or 3 pass?
Yeah, I didn't do that right, and maybe it would be best
to just shortcut on the first failure anyway.
thanks,
-serge
------------------------------------------------------------------------------
Virtualization is moving to the mainstream and overtaking non-virtualized
environment for deploying applications. Does it make network security
easier or more difficult to achieve? Read this whitepaper to separate the
two and get a better understanding.
http://p.sf.net/sfu/hp-phase2-d2d
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
next prev parent reply other threads:[~2010-10-04 14:06 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-09-29 13:56 [LTP] [PATCH] securebits: add secure_keepcaps testcases Serge E. Hallyn
2010-09-29 15:02 ` Subrata Modak
2010-10-04 7:13 ` Subrata Modak
2010-10-04 13:04 ` Serge E. Hallyn
2010-10-13 7:19 ` Subrata Modak
2010-10-04 13:43 ` Garrett Cooper
2010-10-04 14:06 ` Serge E. Hallyn [this message]
2010-10-04 14:24 ` Garrett Cooper
2010-10-04 14:43 ` Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20101004140650.GG19814@hallyn.com \
--to=serge.hallyn@canonical.com \
--cc=ltp-list@lists.sf.net \
--cc=subrata.modak@in.ibm.com \
--cc=yanegomi@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.