public inbox for ltp@lists.linux.it
 help / color / mirror / Atom feed
* [LTP] [PATCH ltp] fix up filecaps and cap_bound testcases
@ 2010-03-20 15:48 Serge E. Hallyn
  2010-03-22  6:45 ` Rishikesh K Rajak
  0 siblings, 1 reply; 2+ messages in thread
From: Serge E. Hallyn @ 2010-03-20 15:48 UTC (permalink / raw)
  To: LTP list

Here's an attempt at fixing up and simplifying the autoconf for
detecting libcap and prctl support.  After this, make autotools
etc work fine on my f12 system, and runltp -f cap_bounds passes.
the filecaps tests refuse to run claiming to be unable to find
setcap, which I'll worry about next week.

(I'm sure there is an AC_ macro for finding a command)

Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
---
 configure.ac                                       |    1 +
 m4/ltp-cap.m4                                      |   16 +----
 m4/ltp-prctl.m4                                    |   31 ++++++++++
 testcases/kernel/security/cap_bound/cap_bounds_r.c |   44 +++++++-------
 .../kernel/security/cap_bound/cap_bounds_rw.c      |   58 +++++++++++--------
 .../security/cap_bound/cap_bset_inh_bounds.c       |   61 ++++----------------
 testcases/kernel/security/cap_bound/check_pe.c     |   20 ++-----
 testcases/kernel/security/cap_bound/dummy.c        |   26 +++------
 .../kernel/security/cap_bound/exec_with_inh.c      |   34 ++---------
 .../kernel/security/cap_bound/exec_without_inh.c   |   35 ++---------
 testcases/kernel/security/filecaps/c.c             |   44 ++++++++++++++
 .../kernel/security/filecaps/check_simple_capset.c |   11 +---
 testcases/kernel/security/filecaps/inh_capped.c    |   12 +---
 testcases/kernel/security/filecaps/print_caps.c    |    2 +-
 .../kernel/security/filecaps/verify_caps_exec.c    |   21 +------
 15 files changed, 182 insertions(+), 234 deletions(-)
 create mode 100644 m4/ltp-prctl.m4
 create mode 100644 testcases/kernel/security/filecaps/c.c

diff --git a/configure.ac b/configure.ac
index 8a2ebe2..3dd9829 100644
--- a/configure.ac
+++ b/configure.ac
@@ -61,6 +61,7 @@ AC_CONFIG_SUBDIRS([ \
 ])
 
 LTP_CHECK_CAPABILITY_SUPPORT
+LTP_CHECK_PRCTL_SUPPORT
 LTP_CHECK_CRYPTO
 LTP_CHECK_LINUX_PTRACE
 LTP_CHECK_SELINUX
diff --git a/m4/ltp-cap.m4 b/m4/ltp-cap.m4
index 5f8d969..28d998d 100644
--- a/m4/ltp-cap.m4
+++ b/m4/ltp-cap.m4
@@ -23,21 +23,11 @@ dnl LTP_CHECK_CAPABILITY_SUPPORT
 dnl ----------------------------
 dnl
 AC_DEFUN([LTP_CHECK_CAPABILITY_SUPPORT],[
+AH_TEMPLATE(HAVE_LIBCAP,
+[Define to 1 if you have libcap-2 installed.])
 AC_CHECK_HEADERS(sys/capability.h,[
-	AC_CHECK_HEADERS(attr/xattr.h)
 	LTP_CAPABILITY_SUPPORT=yes
-	AC_CHECK_LIB(cap,cap_free,[
-		AC_CHECK_LIB(cap,cap_from_text,[
-			AC_CHECK_LIB(cap,cap_set_proc,[
-				AC_CHECK_LIB(cap,cap_compare,[
-					CAP_LIBS="-lcap"
-				])
-			])
-		])
-	])
-	AC_CHECK_DECLS([CAP_BSET_DROP, CAP_BSET_READ, PR_CAPBSET_READ, cap_compare, cap_free, cap_from_text, cap_get_proc, cap_set_file, cap_set_flag, cap_set_proc, cap_to_text],[],[],[dnl
-#include <sys/capability.h>
-]) dnl AC_CHECK_DECLS
+	AC_CHECK_LIB(cap,cap_compare,[AC_DEFINE(HAVE_LIBCAP) CAP_LIBS="-lcap"], [CAP_LIBS=""])
 ])]
 AC_SUBST(CAP_LIBS)
 )
diff --git a/m4/ltp-prctl.m4 b/m4/ltp-prctl.m4
new file mode 100644
index 0000000..51edb08
--- /dev/null
+++ b/m4/ltp-prctl.m4
@@ -0,0 +1,31 @@
+dnl
+dnl Copyright (c) Cisco Systems Inc., 2009
+dnl
+dnl This program is free software;  you can redistribute it and/or modify
+dnl it under the terms of the GNU General Public License as published by
+dnl the Free Software Foundation; either version 2 of the License, or
+dnl (at your option) any later version.
+dnl
+dnl This program is distributed in the hope that it will be useful,
+dnl but WITHOUT ANY WARRANTY;  without even the implied warranty of
+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
+dnl the GNU General Public License for more details.
+dnl
+dnl You should have received a copy of the GNU General Public License
+dnl along with this program;  if not, write to the Free Software
+dnl Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+dnl
+dnl Author: Garrett Cooper <yanegomi@gmail.com>
+dnl
+
+dnl
+dnl LTP_CHECK_PRCTL_SUPPORT
+dnl ----------------------------
+dnl
+AC_DEFUN([LTP_CHECK_PRCTL_SUPPORT],[
+AC_CHECK_HEADERS(sys/prctl.h,[
+	AC_CHECK_DECLS([PR_CAPBSET_DROP, PR_CAPBSET_READ], [],[],[dnl
+#include <sys/prctl.h>
+]) dnl AC_CHECK_DECLS
+])]
+)
diff --git a/testcases/kernel/security/cap_bound/cap_bounds_r.c b/testcases/kernel/security/cap_bound/cap_bounds_r.c
index 917d889..0b1c5b3 100644
--- a/testcases/kernel/security/cap_bound/cap_bounds_r.c
+++ b/testcases/kernel/security/cap_bound/cap_bounds_r.c
@@ -32,21 +32,6 @@
 #include <sys/prctl.h>
 #include <test.h>
 
-#ifndef CAP_LAST_CAP
-#warning out-of-date capability.h does not define CAP_LAST_CAP
-#define CAP_LAST_CAP 28  /* be ultra-conservative */
-#endif
-
-#ifndef CAP_BSET_READ
-#warning CAP_BSET_READ not defined
-#define CAP_BSET_READ 23
-#endif
-
-#ifndef CAP_BSET_DROP
-#warning CAP_BSET_DROP not defined
-#define CAP_BSET_DROP 24
-#endif
-
 char *TCID = "cap_bounds_r";
 int TST_TOTAL=1;
 
@@ -59,17 +44,27 @@ int main(int argc, char *argv[])
 	int i;
 
 	for (i=0; i<=CAP_LAST_CAP; i++) {
-		ret = prctl(CAP_BSET_READ, i);
+#if HAVE_DECL_PR_CAPBSET_READ
+		ret = prctl(PR_CAPBSET_READ, i);
+#else
+		errno = ENOSYS;
+		ret = -1;
+#endif
 		if (ret != 1) {
-			tst_resm(TFAIL, "prctl(CAP_BSET_READ, %d) returned %d\n", i, ret);
+			tst_resm(TFAIL, "prctl(PR_CAPBSET_READ, %d) returned %d\n", i, ret);
 			if (ret == -1)
 				tst_resm(TINFO, "errno was %d\n", errno);
 			tst_exit();
 		}
 	}
-	ret = prctl(CAP_BSET_READ, -1);
+#if HAVE_DECL_PR_CAPBSET_READ
+	ret = prctl(PR_CAPBSET_READ, -1);
+#else
+	errno = ENOSYS;
+	ret = -1;
+#endif
 	if (ret != -1) {
-		tst_resm(TFAIL, "prctl(CAP_BSET_READ, -1) returned %d\n", -1, ret);
+		tst_resm(TFAIL, "prctl(PR_CAPBSET_READ, -1) returned %d\n", ret);
 		tst_exit();
 	}
 
@@ -79,13 +74,18 @@ int main(int argc, char *argv[])
 	 * testing...  So let's take an insanely high value */
 #define INSANE 63
 #define max(x,y) (x > y ? x : y)
-	ret = prctl(CAP_BSET_READ, max(INSANE,CAP_LAST_CAP+1));
+#if HAVE_DECL_PR_CAPBSET_READ
+	ret = prctl(PR_CAPBSET_READ, max(INSANE,CAP_LAST_CAP+1));
+#else
+	errno = ENOSYS;
+	ret = -1;
+#endif
 	if (ret != -1) {
-		tst_resm(TFAIL, "prctl(CAP_BSET_READ, %d) returned %d\n", CAP_LAST_CAP+1, ret);
+		tst_resm(TFAIL, "prctl(PR_CAPBSET_READ, %d) returned %d\n", CAP_LAST_CAP+1, ret);
 		tst_resm(TINFO, " %d is CAP_LAST_CAP+1 and should not exist\n", CAP_LAST_CAP+1);
 		tst_exit();
 	}
-	tst_resm(TPASS, "CAP_BSET_READ tests passed\n");
+	tst_resm(TPASS, "PR_CAPBSET_READ tests passed\n");
 #else
 	tst_resm(TCONF, "System doesn't have POSIX capabilities.");
 #endif
diff --git a/testcases/kernel/security/cap_bound/cap_bounds_rw.c b/testcases/kernel/security/cap_bound/cap_bounds_rw.c
index 9129c4e..827a305 100644
--- a/testcases/kernel/security/cap_bound/cap_bounds_rw.c
+++ b/testcases/kernel/security/cap_bound/cap_bounds_rw.c
@@ -31,21 +31,6 @@
 #include <sys/prctl.h>
 #include <test.h>
 
-#ifndef CAP_LAST_CAP
-#warning out-of-date capability.h does not define CAP_LAST_CAP
-#define CAP_LAST_CAP 28  /* be ultra-conservative */
-#endif
-
-#ifndef CAP_BSET_READ
-#warning CAP_BSET_READ not defined
-#define CAP_BSET_READ 23
-#endif
-
-#ifndef CAP_BSET_DROP
-#warning CAP_BSET_DROP not defined
-#define CAP_BSET_DROP 24
-#endif
-
 char *TCID = "cap_bounds_rw";
 int TST_TOTAL=1;
 
@@ -57,7 +42,12 @@ int check_remaining_caps(int lastdropped)
 	int ret;
 
 	for (i=0; i <= lastdropped; i++) {
-		ret = prctl(CAP_BSET_READ, i);
+#if HAVE_DECL_PR_CAPBSET_READ
+		ret = prctl(PR_CAPBSET_READ, i);
+#else
+		errno = ENOSYS;
+		ret = -1;
+#endif
 		if (ret == -1) {
 			tst_resm(TBROK, "Failed to read bounding set during sanity check\n");
 			tst_exit();
@@ -68,7 +58,12 @@ int check_remaining_caps(int lastdropped)
 		}
 	}
 	for (; i<=CAP_LAST_CAP; i++) {
-		ret = prctl(CAP_BSET_READ, i);
+#if HAVE_DECL_PR_CAPBSET_READ
+		ret = prctl(PR_CAPBSET_READ, i);
+#else
+		errno = ENOSYS;
+		ret = -1;
+#endif
 		if (ret == -1) {
 			tst_resm(TBROK, "Failed to read bounding set during sanity check\n");
 			tst_exit();
@@ -86,9 +81,14 @@ int main(int argc, char *argv[])
 	int ret = 1;
 	int i;
 
-	ret = prctl(CAP_BSET_DROP, -1);
+#if HAVE_DECL_PR_CAPBSET_DROP
+	ret = prctl(PR_CAPBSET_READ, -1);
+#else
+	errno = ENOSYS;
+	ret = -1;
+#endif
 	if (ret != -1) {
-		tst_resm(TFAIL, "prctl(CAP_BSET_DROP, -1) returned %d\n", ret);
+		tst_resm(TFAIL, "prctl(PR_CAPBSET_DROP, -1) returned %d\n", ret);
 		tst_exit();
 	}
 	/* Ideally I'd check CAP_LAST_CAP+1, but userspace
@@ -97,16 +97,26 @@ int main(int argc, char *argv[])
 	 * testing...  So let's take an insanely high value */
 #define INSANE 63
 #define max(x,y) (x > y ? x : y)
-	ret = prctl(CAP_BSET_DROP, max(INSANE,CAP_LAST_CAP+1));
+#if HAVE_DECL_PR_CAPBSET_DROP
+	ret = prctl(PR_CAPBSET_DROP, max(INSANE,CAP_LAST_CAP+1));
+#else
+	errno = ENOSYS;
+	ret = -1;
+#endif
 	if (ret != -1) {
-		tst_resm(TFAIL, "prctl(CAP_BSET_DROP, %d) returned %d\n", max(INSANE, CAP_LAST_CAP+1), ret);
+		tst_resm(TFAIL, "prctl(PR_CAPBSET_DROP, %d) returned %d\n", max(INSANE, CAP_LAST_CAP+1), ret);
 		tst_resm(TINFO, " %d is should not exist\n", max(INSANE, CAP_LAST_CAP+1));
 		tst_exit();
 	}
 	for (i=0; i<=CAP_LAST_CAP; i++) {
-		ret = prctl(CAP_BSET_DROP, i);
+#if HAVE_DECL_PR_CAPBSET_DROP
+		ret = prctl(PR_CAPBSET_DROP, i);
+#else
+		errno = ENOSYS;
+		ret = -1;
+#endif
 		if (ret != 0) {
-			tst_resm(TFAIL, "prctl(CAP_BSET_DROP, %d) returned %d\n", i, ret);
+			tst_resm(TFAIL, "prctl(PR_CAPBSET_DROP, %d) returned %d\n", i, ret);
 			if (ret == -1)
 				tst_resm(TINFO, "errno was %d\n", errno);
 			tst_exit();
@@ -122,6 +132,6 @@ int main(int argc, char *argv[])
 			tst_exit();
 		}
 	}
-	tst_resm(TPASS, "CAP_BSET_DROP tests passed\n");
+	tst_resm(TPASS, "PR_CAPBSET_DROP tests passed\n");
 	tst_exit();
 }
diff --git a/testcases/kernel/security/cap_bound/cap_bset_inh_bounds.c b/testcases/kernel/security/cap_bound/cap_bset_inh_bounds.c
index 894e0a5..c6c34c0 100644
--- a/testcases/kernel/security/cap_bound/cap_bset_inh_bounds.c
+++ b/testcases/kernel/security/cap_bound/cap_bset_inh_bounds.c
@@ -39,9 +39,11 @@ int TST_TOTAL=2;
 
 int errno;
 
+#if HAVE_SYS_CAPABILITY_H
+#if HAVE_DECL_PR_CAPBSET_READ && HAVE_DECL_PR_CAPBSET_DROP
+#ifdef HAVE_LIBCAP
 int main(int argc, char *argv[])
 {
-#if HAVE_SYS_CAPABILITY_H
 	int ret = 1;
 	cap_value_t v[1];
 	cap_flag_value_t f;
@@ -49,12 +51,7 @@ int main(int argc, char *argv[])
 
 	/* We pick a random capability... let's use CAP_SYS_ADMIN */
 	/* make sure we have the capability now */
-#if HAVE_DECL_CAP_BSET_READ
-	ret = prctl(CAP_BSET_READ, CAP_SYS_ADMIN);
-#else
-	errno = ENOSYS;
-	ret = -1;
-#endif
+	ret = prctl(PR_CAPBSET_READ, CAP_SYS_ADMIN);
 	if (ret != 1) {
 		tst_resm(TBROK, "Not starting with CAP_SYS_ADMIN\n");
 		tst_exit();
@@ -66,47 +63,23 @@ int main(int argc, char *argv[])
 		tst_resm(TBROK, "Failed to create cap_sys_admin+i cap_t (errno %d)\n", errno);
 		tst_exit();
 	}
-#if HAVE_DECL_CAP_SET_PROC
 	ret = cap_set_proc(cur);
-#else
-	errno = ENOSYS;
-	ret = -1;
-#endif
 	if (ret) {
 		tst_resm(TBROK, "Failed to cap_set_proc with cap_sys_admin+i (ret %d errno %d)\n",
 			ret, errno);
 		tst_exit();
 	}
-#if HAVE_DECL_CAP_FREE
 	cap_free(cur);
-#endif
-#if HAVE_DECL_CAP_GET_FLAG
-#if HAVE_DECL_CAP_GET_PROC
 	cur = cap_get_proc();
 	ret = cap_get_flag(cur, CAP_SYS_ADMIN, CAP_INHERITABLE, &f);
-#else
-	errno = ENOSYS;
-	ret = -1;
-#endif
-#else
-	errno = ENOSYS;
-	ret = -1;
-#endif
 	if (ret || f != CAP_SET) {
 		tst_resm(TBROK, "Failed to add CAP_SYS_ADMIN to pI\n");
 		tst_exit();
 	}
-#if HAVE_DECL_CAP_FREE
 	cap_free(cur);
-#endif
 
 	/* drop the capability from bounding set */
-#if HAVE_DECL_CAP_BSET_DROP
-	ret = prctl(CAP_BSET_DROP, CAP_SYS_ADMIN);
-#else
-	errno = ENOSYS;
-	ret = -1;
-#endif
+	ret = prctl(PR_CAPBSET_DROP, CAP_SYS_ADMIN);
 	if (ret) {
 		tst_resm(TFAIL, "Failed to drop CAP_SYS_ADMIN from bounding set.\n");
 		tst_resm(TINFO, "(ret=%d, errno %d)\n", ret, errno);
@@ -114,18 +87,8 @@ int main(int argc, char *argv[])
 	}
 
 	/* test 1: is CAP_SYS_ADMIN still in pI? */
-#if HAVE_DECL_CAP_GET_FLAG
-#if HAVE_DECL_CAP_GET_PROC
 	cur = cap_get_proc();
 	ret = cap_get_flag(cur, CAP_SYS_ADMIN, CAP_INHERITABLE, &f);
-#else
-	errno = ENOSYS;
-	ret = -1;
-#endif
-#else
-	errno = ENOSYS;
-	ret = -1;
-#endif
 	if (ret || f != CAP_SET) {
 		tst_resm(TFAIL, "CAP_SYS_ADMIN not in pI after dropping from bounding set\n");
 		tst_exit();
@@ -144,24 +107,24 @@ int main(int argc, char *argv[])
 		tst_resm(TFAIL, "Failed to drop CAP_SYS_ADMIN from pI\n");
 		tst_exit();
 	}
-#if HAVE_DECL_CAP_FREE
 	cap_free(tmpcap);
-#endif
 	/* test 2: can we put it back in pI? */
-#if HAVE_DECL_CAP_SET_PROC
 	ret = cap_set_proc(cur);
-#endif
 	if (ret == 0) { /* success means pI was not bounded by X */
 		tst_resm(TFAIL, "Managed to put CAP_SYS_ADMIN back into pI though not in X\n");
 		tst_exit();
 	}
-#if HAVE_DECL_CAP_FREE
 	cap_free(cur);
-#endif
 
 	tst_resm(TPASS, "Couldn't put CAP_SYS_ADMIN back into pI when not in bounding set\n");
-#else
+#else /* HAVE_LIBCAP */
 	tst_resm(TCONF, "System doesn't have POSIX capabilities.");
 #endif
+#else /* HAVE_DECL_PR_CAPBSET_READ && HAVE_DECL_PR_CAPBSET_DROP */
+	tst_resm(TCONF, "System doesn't have CAPBSET prctls.");
+#endif
+#else /* HAVE_SYS_CAPABILITY_H */
+	tst_resm(TCONF, "System doesn't have sys/capability.h.");
+#endif
 	tst_exit();
 }
diff --git a/testcases/kernel/security/cap_bound/check_pe.c b/testcases/kernel/security/cap_bound/check_pe.c
index 2e0451a..f621e70 100644
--- a/testcases/kernel/security/cap_bound/check_pe.c
+++ b/testcases/kernel/security/cap_bound/check_pe.c
@@ -40,9 +40,10 @@ int TST_TOTAL=1;
 
 int errno;
 
+#if HAVE_SYS_CAPABILITY_H
+#ifdef HAVE_LIBCAP
 int main(int argc, char *argv[])
 {
-#if HAVE_SYS_CAPABILITY_H
 	int ret = 1;
 	cap_flag_value_t f;
 	cap_t cur;
@@ -58,26 +59,14 @@ int main(int argc, char *argv[])
 		tst_exit();
 	}
 
-#if HAVE_DECL_CAP_GET_FLAG
-#if HAVE_DECL_CAP_GET_PROC
 	cur = cap_get_proc();
 	ret = cap_get_flag(cur, CAP_SYS_ADMIN, CAP_EFFECTIVE, &f);
-#else
-	ret = -1;
-	errno = ENOSYS;
-#endif
-#else
-	ret = -1;
-	errno = ENOSYS;
-#endif
 	if (ret) {
 		tst_resm(TBROK, "cap_get_flag failed (errno %d)\n", errno);
 		tst_exit();
 	}
 
-#if HAVE_DECL_CAP_FREE
 	cap_free(cur);
-#endif
 	if (n == 1) {
 		if (f == CAP_SET) {
 			tst_resm(TPASS, "cap is in pE\n");
@@ -91,8 +80,11 @@ int main(int argc, char *argv[])
 		tst_exit();
 	}
 	tst_resm(TFAIL, "Cap is in pE\n");
-#else
+#else /* libcap */
 	tst_resm(TCONF, "System doesn't have POSIX capabilities.");
 #endif
+#else /* capability_h */
+	tst_resm(TCONF, "System doesn't have sys/capability.h");
+#endif
 	tst_exit();
 }
diff --git a/testcases/kernel/security/cap_bound/dummy.c b/testcases/kernel/security/cap_bound/dummy.c
index ad65007..e882940 100644
--- a/testcases/kernel/security/cap_bound/dummy.c
+++ b/testcases/kernel/security/cap_bound/dummy.c
@@ -5,31 +5,21 @@
 #include <sys/capability.h>
 #endif
 
-#define END \
-	printf("System doesn't support POSIX capabilities.\n"); \
-	return 1
-
 int main()
 {
 #if HAVE_SYS_CAPABILITY_H
+#ifdef HAVE_LIBCAP
 	cap_t cur;
-#if HAVE_DECL_CAP_SET_PROC
-#if HAVE_DECL_CAP_FROM_TEXT
 	cur = cap_from_text("all=eip");
 	cap_set_proc(cur);
-#else
-	END;
-#endif
-#else
-	END;
-#endif
-#if HAVE_DECL_CAP_FREE
 	cap_free(cur);
-#else
-	END;
+	return 0;
+#else /* libcap */
+	printf("System doesn't support POSIX capabilities.\n");
+	return 1;
 #endif
-#else
-	END;
+#else /* capability_h */
+	printf("System doesn't support sys/capability.h\n");
+	return 1;
 #endif
-	return 0;
 }
diff --git a/testcases/kernel/security/cap_bound/exec_with_inh.c b/testcases/kernel/security/cap_bound/exec_with_inh.c
index 21c60fd..123f665 100644
--- a/testcases/kernel/security/cap_bound/exec_with_inh.c
+++ b/testcases/kernel/security/cap_bound/exec_with_inh.c
@@ -42,59 +42,34 @@ int errno;
 int main(int argc, char *argv[])
 {
 #if HAVE_SYS_CAPABILITY_H
+#ifdef HAVE_LIBCAP
 	int ret = 1;
 	cap_flag_value_t f;
 	cap_t cur = 0;
 
 	/* Make sure CAP_SYS_ADMIN is in pI */
-#if HAVE_DECL_CAP_FROM_TEXT
 	cur = cap_from_text("all=eip");
-#endif
 	if (!cur) {
 		tst_resm(TBROK, "Failed to create cap_sys_admin+i cap_t (errno %d)\n", errno);
 		tst_exit();
 	}
-#if HAVE_DECL_CAP_SET_PROC
 	ret = cap_set_proc(cur);
-#else
-	ret = -1;
-	errno = ENOSYS;
-#endif
 	if (ret) {
 		tst_resm(TBROK, "Failed to cap_set_proc with cap_sys_admin+i (ret %d errno %d)\n",
 			ret, errno);
 		tst_exit();
 	}
-#if HAVE_DECL_CAP_FREE
 	cap_free(cur);
-#endif
-#if HAVE_DECL_CAP_GET_FLAG
-#if HAVE_DECL_CAP_GET_PROC
 	cur = cap_get_proc();
 	ret = cap_get_flag(cur, CAP_SYS_ADMIN, CAP_INHERITABLE, &f);
-#else
-	ret = -1;
-	errno = ENOSYS;
-#endif
-#else
-	ret = -1;
-	errno = ENOSYS;
-#endif
 	if (ret || f != CAP_SET) {
 		tst_resm(TBROK, "Failed to add CAP_SYS_ADMIN to pI\n");
 		tst_exit();
 	}
-#if HAVE_DECL_CAP_FREE
 	cap_free(cur);
-#endif
 
 	/* drop the capability from bounding set */
-#if HAVE_DECL_CAP_BSET_DROP
-	ret = prctl(CAP_BSET_DROP, CAP_SYS_ADMIN);
-#else
-	errno = ENOSYS;
-	ret = -1;
-#endif
+	ret = prctl(PR_CAPBSET_DROP, CAP_SYS_ADMIN);
 	if (ret) {
 		tst_resm(TFAIL, "Failed to drop CAP_SYS_ADMIN from bounding set.\n");
 		tst_resm(TINFO, "(ret=%d, errno %d)\n", ret, errno);
@@ -104,8 +79,11 @@ int main(int argc, char *argv[])
 	/* execute "check_pe 1" */
 	execl("check_pe", "check_pe", "1", NULL);
 	tst_resm(TBROK, "Failed to execute check_pe (errno %d)\n", errno);
-#else
+#else /* HAVE_LIBCAP */
 	tst_resm(TCONF, "System doesn't have POSIX capabilities.");
 #endif
+#else /* HAVE_SYS_CAPABILITY_H */
+	tst_resm(TCONF, "System doesn't have sys/capability.h.");
+#endif
 	tst_exit();
 }
diff --git a/testcases/kernel/security/cap_bound/exec_without_inh.c b/testcases/kernel/security/cap_bound/exec_without_inh.c
index 81216f3..df3c4d9 100644
--- a/testcases/kernel/security/cap_bound/exec_without_inh.c
+++ b/testcases/kernel/security/cap_bound/exec_without_inh.c
@@ -42,39 +42,20 @@ int errno;
 int main(int argc, char *argv[])
 {
 #if HAVE_SYS_CAPABILITY_H
+#ifdef HAVE_LIBCAP
 	int ret = 1;
 	cap_flag_value_t f;
 	cap_value_t v[1];
 	cap_t cur;
 
 	/* Make sure CAP_SYS_ADMIN is not in pI */
-#if HAVE_DECL_CAP_GET_FLAG
-#if HAVE_DECL_CAP_GET_PROC
 	cur = cap_get_proc();
 	ret = cap_get_flag(cur, CAP_SYS_ADMIN, CAP_INHERITABLE, &f);
-#else
-	ret = -1;
-	errno = ENOSYS;
-#endif
-#else
-	ret = -1;
-	errno = ENOSYS;
-#endif
 	if (f == CAP_SET) {
 		v[0] = CAP_SYS_ADMIN;
-#if HAVE_DECL_CAP_SET_FLAG
 		ret = cap_set_flag(cur, CAP_INHERITABLE, 1, v, CAP_CLEAR);
-#else
-		ret = -1;
-		errno = ENOSYS;
-#endif
-#if HAVE_DECL_CAP_SET_PROC
 		if (!ret)
 			ret = cap_set_proc(cur);
-#else
-		ret = -1;
-		errno = ENOSYS;
-#endif
 		if (ret) {
 			tst_resm(TBROK, "Failed to drop cap_sys_admin from pI\n");
 			tst_exit();
@@ -83,17 +64,10 @@ int main(int argc, char *argv[])
 		tst_brkm(TBROK | TERRNO, tst_exit, "Failed to add \
 			CAP_SYS_ADMIN to pI");
 	}
-#if HAVE_DECL_CAP_FREE
 	cap_free(cur);
-#endif
 
 	/* drop the capability from bounding set */
-#if HAVE_DECL_CAP_BSET_DROP
-	ret = prctl(CAP_BSET_DROP, CAP_SYS_ADMIN);
-#else
-	errno = ENOSYS;
-	ret = -1;
-#endif
+	ret = prctl(PR_CAPBSET_DROP, CAP_SYS_ADMIN);
 	if (ret) {
 		tst_resm(TFAIL, "Failed to drop CAP_SYS_ADMIN from bounding set.\n");
 		tst_resm(TINFO, "(ret=%d, errno %d)\n", ret, errno);
@@ -103,8 +77,11 @@ int main(int argc, char *argv[])
 	/* execute "check_pe 0" */
 	execl("check_pe", "check_pe", "0", NULL);
 	tst_resm(TBROK, "Failed to execute check_pe (errno %d)\n", errno);
-#else
+#else /* libcap */
 	tst_resm(TCONF, "System doesn't have POSIX capabilities.");
 #endif
+#else /* capability_h */
+	tst_resm(TCONF, "System doesn't have sys/capability.h.");
+#endif
 	tst_exit();
 }
diff --git a/testcases/kernel/security/filecaps/c.c b/testcases/kernel/security/filecaps/c.c
new file mode 100644
index 0000000..ee6cf05
--- /dev/null
+++ b/testcases/kernel/security/filecaps/c.c
@@ -0,0 +1,44 @@
+/******************************************************************************/
+/*                                                                            */
+/* Copyright (c) International Business Machines  Corp., 2008                 */
+/*                                                                            */
+/* This program is free software;  you can redistribute it and/or modify      */
+/* it under the terms of the GNU General Public License as published by       */
+/* the Free Software Foundation; either version 2 of the License, or          */
+/* (at your option) any later version.                                        */
+/*                                                                            */
+/* This program is distributed in the hope that it will be useful,            */
+/* but WITHOUT ANY WARRANTY;  without even the implied warranty of            */
+/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See                  */
+/* the GNU General Public License for more details.                           */
+/*                                                                            */
+/* You should have received a copy of the GNU General Public License          */
+/* along with this program;  if not, write to the Free Software               */
+/* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA    */
+/*                                                                            */
+/******************************************************************************/
+
+
+#include <stdio.h>
+#include <sys/capability.h>
+
+int main()
+{
+	cap_t caps, caps2;
+	int ret;
+
+#ifdef HAVE_LIBCAP
+	caps = cap_from_text("cap_setpcap+ep");
+	caps2 = cap_from_text("cap_setpcap+ep");
+	ret = cap_set_proc(caps);
+	ret = cap_compare(caps, caps2);
+	printf("Caps were %sthe same\n", ret ? "not " : "");
+
+	cap_free(caps);
+	cap_free(caps2);
+	return ret;
+#else
+	printf("System doesn't support full POSIX capabilities.\n");
+	return 1;
+#endif
+}
diff --git a/testcases/kernel/security/filecaps/check_simple_capset.c b/testcases/kernel/security/filecaps/check_simple_capset.c
index 7851e01..6c7790d 100644
--- a/testcases/kernel/security/filecaps/check_simple_capset.c
+++ b/testcases/kernel/security/filecaps/check_simple_capset.c
@@ -27,28 +27,21 @@
 
 int main()
 {
-#if HAVE_SYS_CAPABILITY_H
+#ifdef HAVE_LIBCAP
 	cap_t caps, caps2;
 	int ret;
 
-#if HAVE_DECL_CAP_FROM_TEXT && HAVE_DECL_CAP_SET_PROC && HAVE_DECL_CAP_COMPARE
 	caps = cap_from_text("cap_setpcap+ep");
 	caps2 = cap_from_text("cap_setpcap+ep");
 	ret = cap_set_proc(caps);
 	ret = cap_compare(caps, caps2);
-#else
-	printf("System doesn't support full POSIX capabilities.\n");
-	return 1;
-#endif
 	printf("Caps were %sthe same\n", ret ? "not " : "");
 
-#if HAVE_DECL_CAP_FREE
 	cap_free(caps);
 	cap_free(caps2);
-#endif
 	return ret;
 #else
-	printf("System doesn't support POSIX capabilities.\n");
+	printf("System doesn't support full POSIX capabilities.\n");
 	return 1;
 #endif
 }
diff --git a/testcases/kernel/security/filecaps/inh_capped.c b/testcases/kernel/security/filecaps/inh_capped.c
index 513fcb9..794e8b1 100644
--- a/testcases/kernel/security/filecaps/inh_capped.c
+++ b/testcases/kernel/security/filecaps/inh_capped.c
@@ -34,21 +34,17 @@
 char *TCID = "filecaps";
 int TST_TOTAL=1;
 
+#ifdef HAVE_LIBCAP
 void debug_print_caps(char *when)
 {
-#ifdef DEBUG
 	char buf[2000];
 	tst_resm(TINFO, "%s", when);
-#if HAVE_DECL_SET_CAP_TO_TEXT
 	snprintf(buf, 2000, "%s", cap_to_text(cap_get_proc(), NULL));
-#endif
 	tst_resm(TINFO, "%s", buf);
-#endif
 }
 
 int set_caps_from_text(char *capstr)
 {
-#if HAVE_SYS_CAPABILITY_H && HAVE_DECL_SET_CAP_SET_PROC && HAVE_DECL_SET_CAP_FREE
 	cap_t caps = cap_from_text(capstr);
 	int ret;
 
@@ -59,14 +55,12 @@ int set_caps_from_text(char *capstr)
 	ret = cap_set_proc(caps);
 	cap_free(caps);
 	return ret;
-#else
-	return -1;
-#endif
 }
+#endif
 
 int main()
 {
-#if HAVE_SYS_CAPABILITY_H && HAVE_DECL_SET_CAPS_FROM_TEXT
+#ifdef HAVE_LIBCAP
 	int ret;
 
 	debug_print_caps("start");
diff --git a/testcases/kernel/security/filecaps/print_caps.c b/testcases/kernel/security/filecaps/print_caps.c
index 188856e..f0e9bce 100644
--- a/testcases/kernel/security/filecaps/print_caps.c
+++ b/testcases/kernel/security/filecaps/print_caps.c
@@ -40,7 +40,7 @@
 
 int main(int argc, char *argv[])
 {
-#if HAVE_SYS_CAPABILITY_H && HAVE_DECL_CAP_FREE && HAVE_DECL_CAP_GET_PROC && HAVE_DECL_CAP_TO_TEXT
+#ifdef HAVE_LIBCAP
 	cap_t cap = cap_get_proc();
 	int fd;
 	int seqno = 0;
diff --git a/testcases/kernel/security/filecaps/verify_caps_exec.c b/testcases/kernel/security/filecaps/verify_caps_exec.c
index 16fcc0f..5250007 100644
--- a/testcases/kernel/security/filecaps/verify_caps_exec.c
+++ b/testcases/kernel/security/filecaps/verify_caps_exec.c
@@ -60,20 +60,18 @@ void usage(char *me)
 #define DROP_PERMS 0
 #define KEEP_PERMS 1
 
+#ifdef HAVE_LIBCAP
 void print_my_caps()
 {
-#if HAVE_SYS_CAPABILITY_H && HAVE_DECL_CAP_FREE && HAVE_DECL_CAP_GET_PROC && HAVE_DECL_CAP_TO_TEXT
 	cap_t cap = cap_get_proc();
 	char *txt = cap_to_text(cap, NULL);
 	tst_resm(TINFO, "\ncaps are %s\n", txt);
 	cap_free(cap);
 	cap_free(txt);
-#endif
 }
 
 int drop_root(int keep_perms)
 {
-#if HAVE_SYS_CAPABILITY_H && HAVE_DECL_CAP_FREE && HAVE_DECL_CAP_FROM_TEXT && HAVE_DECL_CAP_SET_PROC
 	int ret;
 
 	if (keep_perms)
@@ -89,15 +87,11 @@ int drop_root(int keep_perms)
 		cap_set_proc(cap);
 		cap_free(cap);
 	}
-#else
-	tst_resm(TCONF, "System doesn't have full POSIX capabilities support.\n");
-#endif
 	tst_exit();
 }
 
 int perms_test(void)
 {
-#if HAVE_SYS_CAPABILITY_H && HAVE_DECL_CAP_FREE && HAVE_DECL_CAP_SET_FILE
 	int ret;
 	cap_t cap;
 
@@ -118,9 +112,6 @@ int perms_test(void)
 
 	cap_free(cap);
 	return ret;
-#else
-	return -1;
-#endif
 }
 
 #define FIFOFILE "caps_fifo"
@@ -160,7 +151,6 @@ void read_from_fifo(char *buf)
 	close(fd);
 }
 
-#if HAVE_SYS_CAPABILITY_H && HAVE_DECL_CAP_COMPARE && HAVE_DECL_CAP_FREE && HAVE_DECL_CAP_TO_TEXT
 int fork_drop_and_exec(int keepperms, cap_t expected_caps)
 {
 
@@ -219,12 +209,9 @@ int fork_drop_and_exec(int keepperms, cap_t expected_caps)
 	}
 	return ret;
 }
-#endif
 
 int caps_actually_set_test(void)
 {
-
-#if HAVE_SYS_CAPABILITY_H && HAVE_DECL_PR_CAPBSET_READ
 	int  whichcap, finalret = 0, ret;
 	cap_t fcap, pcap, cap_fullpi;
 	cap_value_t capvalue[1];
@@ -399,17 +386,15 @@ int caps_actually_set_test(void)
 	cap_free(cap_fullpi);
 
 	return finalret;
-#else
-	return -1;
-#endif
 }
+#endif
 
 int main(int argc, char *argv[])
 {
+#ifdef HAVE_LIBCAP
 	if (argc < 2)
 		usage(argv[0]);
 
-#if HAVE_SYS_CAPABILITY_H
 	int ret = 0;
 
 	switch(atoi(argv[1])) {
-- 
1.6.0.6


------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

^ permalink raw reply related	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2010-03-22  6:45 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-03-20 15:48 [LTP] [PATCH ltp] fix up filecaps and cap_bound testcases Serge E. Hallyn
2010-03-22  6:45 ` Rishikesh K Rajak

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox