Re: [LTP] [PATCH V2] userns01: add capability verification

public inbox for ltp@lists.linux.it
 help / color / mirror / Atom feed

From: Jan Stancek <jstancek@redhat.com>
To: Yuan Sun <sunyuan3@huawei.com>
Cc: ltp-list@lists.sourceforge.net
Subject: Re: [LTP] [PATCH V2] userns01: add capability verification
Date: Fri, 3 Jul 2015 06:51:30 -0400 (EDT)	[thread overview]
Message-ID: <2085106054.12234211.1435920690266.JavaMail.zimbra@redhat.com> (raw)
In-Reply-To: <1708470684.12227407.1435919269525.JavaMail.zimbra@redhat.com>





----- Original Message -----
> From: "Jan Stancek" <jstancek@redhat.com>
> To: "Yuan Sun" <sunyuan3@huawei.com>
> Cc: ltp-list@lists.sourceforge.net
> Sent: Friday, 3 July, 2015 12:27:49 PM
> Subject: Re: [LTP] [PATCH V2] userns01: add capability verification
> 
> 
> 
> 
> 
> ----- Original Message -----
> > From: "Yuan Sun" <sunyuan3@huawei.com>
> > To: "Jan Stancek" <jstancek@redhat.com>
> > Cc: ltp-list@lists.sourceforge.net
> > Sent: Friday, 3 July, 2015 11:37:45 AM
> > Subject: Re: [PATCH V2] userns01: add capability verification
> > 
> > 
> > Log is as follow. I am not clear if new feature is added.
> 
> I have installed "ubuntu-15.04-server-amd64.iso" and I get
> the same failure:
> 
> root@ubuntu:~# apt-cache show libcap2 | grep Vers
> Version: 1:2.24-6
> 
> root@ubuntu:~# uname -r
> 3.19.0-15-generic
> 
> root@ubuntu:~# cat /proc/self/status | grep Eff
> CapEff: 0000003fffffffff
> 
> root@ubuntu:~# ./a.out
> ffffffff 0000003f
> ffffffff ffffffff
> cap_compare: 3

Since this doesn't work on multiple distros, I'm thinking about
this as alternative (plus checking ret code from cap_get_flag):

        int i, last_cap;
        cap_flag_value_t flag_val;

        SAFE_FILE_SCANF(NULL, "/proc/sys/kernel/cap_last_cap", "%d", &last_cap);
        for (i = 0; i <= last_cap; i++) {
                cap_get_flag(caps, i, CAP_EFFECTIVE, &flag_val);
                if (flag_val == 0)
                        break;
                cap_get_flag(caps, i, CAP_PERMITTED, &flag_val);
                if (flag_val == 0)
                        break;
        }

        if (flag_val == 0) {
                printf("unexpected effective/permitted caps\n");
                exit_val = 1;
        }


> 
> Regards,
> Jan
> 
> ------------------------------------------------------------------------------
> Don't Limit Your Business. Reach for the Cloud.
> GigeNET's Cloud Solutions provide you with the tools and support that
> you need to offload your IT needs and focus on growing your business.
> Configured For All Businesses. Start Your Cloud Today.
> https://www.gigenetcloud.com/
> _______________________________________________
> Ltp-list mailing list
> Ltp-list@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/ltp-list
> 

------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

     prev parent reply	other threads:[~2015-07-03 10:51 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-07-01  4:22 [LTP] [PATCH V2] userns01: add capability verification Yuan Sun
2015-07-02 14:09 ` Jan Stancek
2015-07-03  3:05   ` Yuan Sun
2015-07-03  7:43     ` Jan Stancek
2015-07-03  9:13       ` Yuan Sun
2015-07-03  9:18         ` Jan Stancek
2015-07-03  9:24           ` Yuan Sun
2015-07-03  9:32             ` Jan Stancek
2015-07-03  9:37               ` Yuan Sun
2015-07-03 10:27                 ` Jan Stancek
2015-07-03 10:51                   ` Jan Stancek [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2085106054.12234211.1435920690266.JavaMail.zimbra@redhat.com \
    --to=jstancek@redhat.com \
    --cc=ltp-list@lists.sourceforge.net \
    --cc=sunyuan3@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox