search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Imported Upstream version 20091031
[ltp-debian.git] / testcases / kernel / security / cap_bound / exec_with_inh.c
blob21c60fdc9b755b3a10ba2d29318e335eb35a7f01
1 /******************************************************************************/
2 /* */
3 /* Copyright (c) International Business Machines Corp., 2007, 2008 */
4 /* */
5 /* This program is free software; you can redistribute it and/or modify */
6 /* it under the terms of the GNU General Public License as published by */
7 /* the Free Software Foundation; either version 2 of the License, or */
8 /* (at your option) any later version. */
9 /* */
10 /* This program is distributed in the hope that it will be useful, */
11 /* but WITHOUT ANY WARRANTY; without even the implied warranty of */
12 /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See */
13 /* the GNU General Public License for more details. */
14 /* */
15 /* You should have received a copy of the GNU General Public License */
16 /* along with this program; if not, write to the Free Software */
17 /* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */
18 /* */
19 /******************************************************************************/
20 /*
21 * File: exec_with_inh.c
22 * Author: Serge Hallyn
23 * Make sure that CAP_SYS_ADMIN is in pI
24 * drop CAP_SYS_ADMIN from bounding set
25 * Then exec "check_pe 1"
26 * check_pe will return PASS if it has CAP_SYS_ADMIN in pE.
27 */
28
29 #include <errno.h>
30 #include "config.h"
31 #if HAVE_SYS_CAPABILITY_H
32 #include <sys/capability.h>
33 #endif
34 #include <sys/prctl.h>
35 #include <test.h>
36
37 char *TCID = "exec_with_inh";
38 int TST_TOTAL=1;
39
40 int errno;
41
42 int main(int argc, char *argv[])
43 {
44 #if HAVE_SYS_CAPABILITY_H
45 int ret = 1;
46 cap_flag_value_t f;
47 cap_t cur = 0;
48
49 /* Make sure CAP_SYS_ADMIN is in pI */
50 #if HAVE_DECL_CAP_FROM_TEXT
51 cur = cap_from_text("all=eip");
52 #endif
53 if (!cur) {
54 tst_resm(TBROK, "Failed to create cap_sys_admin+i cap_t (errno %d)\n", errno);
55 tst_exit();
56 }
57 #if HAVE_DECL_CAP_SET_PROC
58 ret = cap_set_proc(cur);
59 #else
60 ret = -1;
61 errno = ENOSYS;
62 #endif
63 if (ret) {
64 tst_resm(TBROK, "Failed to cap_set_proc with cap_sys_admin+i (ret %d errno %d)\n",
65 ret, errno);
66 tst_exit();
67 }
68 #if HAVE_DECL_CAP_FREE
69 cap_free(cur);
70 #endif
71 #if HAVE_DECL_CAP_GET_FLAG
72 #if HAVE_DECL_CAP_GET_PROC
73 cur = cap_get_proc();
74 ret = cap_get_flag(cur, CAP_SYS_ADMIN, CAP_INHERITABLE, &f);
75 #else
76 ret = -1;
77 errno = ENOSYS;
78 #endif
79 #else
80 ret = -1;
81 errno = ENOSYS;
82 #endif
83 if (ret || f != CAP_SET) {
84 tst_resm(TBROK, "Failed to add CAP_SYS_ADMIN to pI\n");
85 tst_exit();
86 }
87 #if HAVE_DECL_CAP_FREE
88 cap_free(cur);
89 #endif
90
91 /* drop the capability from bounding set */
92 #if HAVE_DECL_CAP_BSET_DROP
93 ret = prctl(CAP_BSET_DROP, CAP_SYS_ADMIN);
94 #else
95 errno = ENOSYS;
96 ret = -1;
97 #endif
98 if (ret) {
99 tst_resm(TFAIL, "Failed to drop CAP_SYS_ADMIN from bounding set.\n");
100 tst_resm(TINFO, "(ret=%d, errno %d)\n", ret, errno);
101 tst_exit();
102 }
103
104 /* execute "check_pe 1" */
105 execl("check_pe", "check_pe", "1", NULL);
106 tst_resm(TBROK, "Failed to execute check_pe (errno %d)\n", errno);
107 #else
108 tst_resm(TCONF, "System doesn't have POSIX capabilities.");
109 #endif
110 tst_exit();
111 }
Debian packages of ltp