From: Rishikesh <risrajak@linux.vnet.ibm.com>
To: Shi Weihua <shiwh@cn.fujitsu.com>
Cc: ltp-list <ltp-list@lists.sourceforge.net>
Subject: Re: [LTP] [PATCH] cap_bound: should to TBROK if f != CAP_SET in exec_without_inh.c
Date: Mon, 08 Feb 2010 11:38:54 +0530 [thread overview]
Message-ID: <4B6FAA76.6000505@linux.vnet.ibm.com> (raw)
In-Reply-To: <4B6FA8F0.6050504@cn.fujitsu.com>
On 02/08/2010 11:32 AM, Shi Weihua wrote:
> An error occured on my i386 box.
> (OS: Fedora8, Kernel: 2.6.33-rc6, libcap: libcap-2.16)
> -------------
> exec_without_inh 1 TFAIL : Failed to drop CAP_SYS_ADMIN from bounding set.
> exec_without_inh 0 TINFO : (ret=-1, errno 38)
> -------------
> If the macro HAVE_DECL_CAP_BSET_DROP is 0, this error will occurs.
> But the program should to be broken when f != CAP_SET, like the similar code
> "if (ret || f != CAP_SET) {" in exec_with_inh.c.
>
> The TBROK message will be outputted if my patch merged.
> -------------
> exec_without_inh 1 TBROK : Failed to add CAP_SYS_ADMIN to pI
>
Looks good. I will include if others are not having any comment.
Acked-by: Rishikesh K Rajak <risrajak@linux.vnet.ibm.com>
Thanks
Rishi
> -------------
>
> Signed-off-by: Shi Weihua<shiwh@cn.fujitsu.com>
> ---
> --- testcases/kernel/security/cap_bound/exec_without_inh.c.orig 2010-02-08 11:54:22.000000000 -0500
> +++ testcases/kernel/security/cap_bound/exec_without_inh.c 2010-02-08 11:55:00.000000000 -0500
> @@ -80,6 +80,11 @@ int main(int argc, char *argv[])
> tst_exit();
> }
> }
> + else if (ret) {
> + tst_resm(TBROK, "Failed to add CAP_SYS_ADMIN to pI\n");
> + tst_exit();
> + }
> +
> #if HAVE_DECL_CAP_FREE
> cap_free(cur);
> #endif
>
> ------------------------------------------------------------------------------
> The Planet: dedicated and managed hosting, cloud storage, colocation
> Stay online with enterprise data centers and the best network in the business
> Choose flexible plans and management services without long-term contracts
> Personal 24x7 support from experience hosting pros just a phone call away.
> http://p.sf.net/sfu/theplanet-com
> _______________________________________________
> Ltp-list mailing list
> Ltp-list@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/ltp-list
>
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
next prev parent reply other threads:[~2010-02-08 6:09 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-08 6:02 [LTP] [PATCH] cap_bound: should to TBROK if f != CAP_SET in exec_without_inh.c Shi Weihua
2010-02-08 6:08 ` Rishikesh [this message]
2010-02-08 10:10 ` Garrett Cooper
2010-02-09 2:19 ` Shi Weihua
2010-02-09 14:49 ` Garrett Cooper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B6FAA76.6000505@linux.vnet.ibm.com \
--to=risrajak@linux.vnet.ibm.com \
--cc=ltp-list@lists.sourceforge.net \
--cc=shiwh@cn.fujitsu.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.