From: "Serge E. Hallyn" <serge.hallyn@canonical.com>
To: Garrett Cooper <yanegomi@gmail.com>
Cc: ltp-list@lists.sf.net, Subrata Modak1 <subrata.modak@in.ibm.com>
Subject: Re: [LTP] [PATCH] securebits: add secure_keepcaps testcases
Date: Mon, 4 Oct 2010 09:06:51 -0500 [thread overview]
Message-ID: <20101004140650.GG19814@hallyn.com> (raw)
In-Reply-To: <AANLkTikGmyHTu8ncUROKraoSffkbHqeNOAe7U3nAkU65@mail.gmail.com>
Quoting Garrett Cooper (yanegomi@gmail.com):
> Hi Serge,
> Some comments about your provided code.
Thanks.
> > +AC_DEFUN([LTP_CHECK_SECUREBITS],
> > +AC_CHECK_HEADERS(linux/securebits.h,[
> > + LTP_SECUREBITS=yes
> > +])
> > +)
>
> Some checks should probably be added for versioning as well as symbols
> that get passed to prctl(2) (I'm not sure if checking for the symbols
> that get passed to prctl(2) here is the correct way to go about things
> though).
Not sure how we would check the versioning, bc there is no versioning
info in the interface.
...
> > + case 3:
> > + ret = prctl(PR_GET_SECUREBITS);
>
> What if this call fails?
It doesn't pass or fail. The return value is simply the current
securebits.
> > + ret = prctl(PR_SET_SECUREBITS, ret | SECBIT_KEEP_CAPS);
> > + if (ret == -1) {
> > + tst_resm(TFAIL|TERRNO, "PR_SET_SECUREBITS failed\n");
> > + tst_exit();
> > + }
> > +#!/bin/sh
> > +
> > +echo "testing keepcaps"
> > +check_keepcaps 1
> > +tmp=$?
> > +if [ $tmp -ne 0 ]; then
> > + exit_code=$tmp
> > +fi
> > +check_keepcaps 2
> > +tmp=$?
> > +if [ $tmp -ne 0 ]; then
> > + exit_code=$tmp
> > +fi
> > +check_keepcaps 3
> > +tmp=$?
> > +if [ $tmp -ne 0 ]; then
> > + exit_code=$tmp
> > +fi
> > +
> > +exit $exit_code
>
> What if (for instance) test 1 fails, and tests 2 or 3 pass?
Yeah, I didn't do that right, and maybe it would be best
to just shortcut on the first failure anyway.
thanks,
-serge
------------------------------------------------------------------------------
Virtualization is moving to the mainstream and overtaking non-virtualized
environment for deploying applications. Does it make network security
easier or more difficult to achieve? Read this whitepaper to separate the
two and get a better understanding.
http://p.sf.net/sfu/hp-phase2-d2d
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
next prev parent reply other threads:[~2010-10-04 14:06 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-09-29 13:56 [LTP] [PATCH] securebits: add secure_keepcaps testcases Serge E. Hallyn
2010-09-29 15:02 ` Subrata Modak
2010-10-04 7:13 ` Subrata Modak
2010-10-04 13:04 ` Serge E. Hallyn
2010-10-13 7:19 ` Subrata Modak
2010-10-04 13:43 ` Garrett Cooper
2010-10-04 14:06 ` Serge E. Hallyn [this message]
2010-10-04 14:24 ` Garrett Cooper
2010-10-04 14:43 ` Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20101004140650.GG19814@hallyn.com \
--to=serge.hallyn@canonical.com \
--cc=ltp-list@lists.sf.net \
--cc=subrata.modak@in.ibm.com \
--cc=yanegomi@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox