diff options
| author | David Herrmann <dh.herrmann@gmail.com> | 2014-12-29 13:24:35 +0100 |
|---|---|---|
| committer | David Herrmann <dh.herrmann@gmail.com> | 2014-12-29 14:05:38 +0100 |
| commit | 80b4378314cf62148fd053e97018cc5c78dd6af6 (patch) | |
| tree | 002fd8517de717e0b5d952fa8c5765450da71fdd /src/test/test-cap-list.c | |
| parent | 2f0af4e120385e6078c96189f4a4d0cce0e12a3a (diff) | |
capability: use /proc/sys/kernel/cap_last_cap
This file was introduced with linux-3.2, use it instead of probing for it
via prctl(PR_CAPBSET_READ).
For now, keep the old code for backwards compat. We can drop it once 3.2
is our lowest requirement.
The test-cap-list code is extended to verify cap_last_cap() is the same as
we'd get via prctl probing and /proc.
Diffstat (limited to 'src/test/test-cap-list.c')
| -rw-r--r-- | src/test/test-cap-list.c | 44 |
1 files changed, 43 insertions, 1 deletions
diff --git a/src/test/test-cap-list.c b/src/test/test-cap-list.c index 4e75136498..632d62ff8f 100644 --- a/src/test/test-cap-list.c +++ b/src/test/test-cap-list.c @@ -21,10 +21,13 @@ #include "util.h" #include "log.h" +#include "fileio.h" #include "cap-list.h" #include "capability.h" +#include <sys/prctl.h> -int main(int argc, char *argv[]) { +/* verify the capability parser */ +static void test_cap_list(void) { int i; assert_se(!capability_to_name(-1)); @@ -64,6 +67,45 @@ int main(int argc, char *argv[]) { assert_se(strcasecmp(a, b) == 0); } +} + +/* verify cap_last_cap() against /proc/sys/kernel/cap_last_cap */ +static void test_last_cap_file(void) { + _cleanup_free_ char *content = NULL; + unsigned long val = 0; + int r; + + r = read_one_line_file("/proc/sys/kernel/cap_last_cap", &content); + assert_se(r >= 0); + + r = safe_atolu(content, &val); + assert_se(r >= 0); + assert_se(val != 0); + assert_se(val == cap_last_cap()); +} + +/* verify cap_last_cap() against syscall probing */ +static void test_last_cap_probe(void) { + unsigned long p = (unsigned long)CAP_LAST_CAP; + + if (prctl(PR_CAPBSET_READ, p) < 0) { + for (p--; p > 0; p --) + if (prctl(PR_CAPBSET_READ, p) >= 0) + break; + } else { + for (;; p++) + if (prctl(PR_CAPBSET_READ, p+1) < 0) + break; + } + + assert_se(p != 0); + assert_se(p == cap_last_cap()); +} + +int main(int argc, char *argv[]) { + test_cap_list(); + test_last_cap_file(); + test_last_cap_probe(); return 0; } |