test: different_creds -- Enhance the testing

To test c/r of creds we need more precise way, so lets add a few additional creds to test. Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org> Signed-off-by: Pavel Emelyanov <xemul@parallels.com>

test: different_creds -- Enhance the testing
To test c/r of creds we need more precise way, so lets add a few additional creds to test. Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org> Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
35cb5996 · Cyrill Gorcunov · Pavel Emelyanov · e8dd8c63 · 35cb5996 · 35cb5996
Commit 35cb5996 authored Dec 23, 2015 by Cyrill Gorcunov Committed by Pavel Emelyanov Dec 24, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 54 additions and 7 deletions

different_creds.c test/zdtm/live/static/different_creds.c +53 -6

different_creds.desc test/zdtm/live/static/different_creds.desc +1 -1

No files found.
--- a/test/zdtm/live/static/different_creds.c
+++ b/test/zdtm/live/static/different_creds.c
@@ -17,21 +17,53 @@ const char *test_author	= "Tycho Andersen <tycho.andersen@canonical.com>";

 void *drop_caps_and_wait(void *arg)
 {
-	int fd = *((int *) arg);
+	int fd = *((int *) arg), i;
 	void *retcode = (void *)0xdeadbeaf;
 	cap_t caps;
 	char c;

+	typedef struct cap_set {
+		cap_flag_value_t	val;
+		cap_flag_value_t	new;
+		cap_flag_t		flag;
+		cap_value_t		bit;
+	} cap_set_t;
+
+	cap_set_t src[] = {
+		{
+			.val	= CAP_CLEAR,
+			.flag	= CAP_EFFECTIVE,
+			.bit	= CAP_CHOWN,
+		},
+		{
+			.val	= CAP_SET,
+			.flag	= CAP_EFFECTIVE,
+			.bit	= CAP_DAC_OVERRIDE,
+		},
+		{
+			.val	= CAP_CLEAR,
+			.flag	= CAP_INHERITABLE,
+			.bit	= CAP_SETPCAP,
+		},
+		{
+			.val	= CAP_SET,
+			.flag	= CAP_INHERITABLE,
+			.bit	= CAP_NET_BIND_SERVICE,
+		},
+	};
+
        caps = cap_get_proc();
        if (!caps) {
                pr_perror("cap_get_proc");
                return NULL;
        }

-        if (cap_clear_flag(caps, CAP_EFFECTIVE) < 0) {
-                pr_perror("cap_clear_flag");
-                goto die;
-        }
+	for (i = 0; i < ARRAY_SIZE(src); i++) {
+		if (cap_set_flag(caps, src[i].flag, 1, &src[i].bit, src[i].val) < 0) {
+			pr_perror("Can't setup CAP %s", cap_to_name(src[i].bit));
+			goto die;
+		}
+	}

        if (cap_set_proc(caps) < 0) {
                pr_perror("cap_set_proc");
@@ -48,6 +80,18 @@ void *drop_caps_and_wait(void *arg)
 		goto die;
 	}

+	for (i = 0; i < ARRAY_SIZE(src); i++) {
+		if (cap_get_flag(caps, src[i].bit, src[i].flag, &src[i].new) < 0) {
+			pr_perror("Can't get CAP %s", cap_to_name(src[i].bit));
+			goto die;
+		}
+
+		if (src[i].val != src[i].new) {
+			pr_err("Val mismatch on CAP %s\n", cap_to_name(src[i].bit));
+			goto die;
+		}
+	}
+
 	retcode = NULL;
 die:
        cap_free(caps);
@@ -93,8 +137,11 @@ int main(int argc, char ** argv)
 		pr_perror("Unable to jount a thread");
 		return 1;
 	}
-	if (retcode != NULL)
+
+	if (retcode != NULL) {
+		fail("retcode returned %p", retcode);
 		return 1;
+	}

 	pass();


--- a/test/zdtm/live/static/different_creds.desc
+++ b/test/zdtm/live/static/different_creds.desc
-{'flavor': 'h', 'flags': 'suid crfail'}
+{'flavor': 'h', 'flags': 'suid'}