Details

Reviewers

kib
emaste
allanjude
ngie
oshogbo

Commits

rS309897: Add basic ATF tests for Capability mode .. lookups

Summary

To accompany https://reviews.freebsd.org/D8746 .

Test Plan

Could also use symlink tests. Anything else?

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

cem updated this revision to Diff 22808.Dec 11 2016, 4:07 AM

cem retitled this revision from to Add basic ATF tests for Capability mode .. lookups.

cem updated this object.

cem edited the test plan for this revision. (Show Details)

cem added reviewers: emaste, allanjude, oshogbo, kib, ngie.

ngie added inline comments.Dec 11 2016, 4:33 AM

tests/sys/vfs/lookup_cap_dotdot.c
41 ↗	(On Diff #22808)	Why is this hardcoded to /tmp ? This violates the kyua test sandbox and makes this test impossible to cleanup after if it's interrupted or killed mid-test :(. Honestly, it seems like you should be able to create a directory under the sandbox, 2 elements deep, which would fulfill your requirements.
56–60 ↗	(On Diff #22808)	ATF_CHECK(mkdirat(testdir_fd, "b", 0700) == 0); is simpler.
84–97 ↗	(On Diff #22808)	This should be replaced with this simpler logic (which uses the `feature_present(3)` API): #include "freebsd_test_suite/macros.h" /* ... */ ATF_REQUIRE_FEATURE("security_capabilities"); ATF_REQUIRE_FEATURE("security_capability_mode"); Be sure to add: CFLAGS+= ${SRCTOP}/tests to the Makefile.

Could also use symlink tests. Anything else?

Tests that cross mount points, perhaps?

I think it would be useful to include all tests from the original ed program, including non-capsicum kinds.
https://github.com/emaste/snippets/blob/master/test_openat.c

In D8748#181282, @kib wrote:

I think it would be useful to include all tests from the original ed program, including non-capsicum kinds.
https://github.com/emaste/snippets/blob/master/test_openat.c

Will do, thanks.

tests/sys/vfs/lookup_cap_dotdot.c
41 ↗	(On Diff #22808)	I'm unfamiliar with kyua sandboxing. How do I use it? Is it just the current directory during test body? I'm not attached to /tmp, just not aware of anything better.
56–60 ↗	(On Diff #22808)	Ok.
84–97 ↗	(On Diff #22808)	Thanks. That's in HEAD or BODY?

Address ngie@ review feedback.

Use cwd (assuming that's the sandbox) instead of tmp, drop cleanup code
Use ATF_CHECK/ATF_REQUIRE for simplicity
Use ATF_REQUIRE_FEATURE macro instead of raw sysctls

Actually fix commit and push changes.

Bring in Ed's openat tests, adapted to ATF. Includes symlink tests.

We don't want to put it under tools/regression/capsicum ?

In D8748#181353, @oshogbo wrote:

We don't want to put it under tools/regression/capsicum ?

As an ATF test the logical place is under tests/. I don't know any good reason to prefer tools/regression over tests or vice versa, so as this is already implemented, I'm inclined to keep it as-is (if it isn't broken, don't fix it).

kib accepted this revision.Dec 12 2016, 10:47 AM

kib edited edge metadata.

kib added inline comments.

tests/sys/vfs/lookup_cap_dotdot.c
193 ↗	(On Diff #22818)	We use c89-style /* */ comments in FreeBSD source code.

This revision is now accepted and ready to land.Dec 12 2016, 10:47 AM

Closed by commit rS309897: Add basic ATF tests for Capability mode .. lookups (authored by cem). · Explain WhyDec 12 2016, 5:23 PM

This revision was automatically updated to reflect the committed changes.

Add basic ATF tests for Capability mode .. lookups
ClosedPublic
Actions

Details

Diff Detail

Event Timeline

Revision Contents
Changeset List

Diff 22848

head/tests/sys/vfs/Makefile

head/tests/sys/vfs/lookup_cap_dotdot.c

Add basic ATF tests for Capability mode .. lookupsClosedPublicActions

Details

Diff Detail

Event Timeline

Revision ContentsChangeset List

Diff 22848

head/tests/sys/vfs/Makefile

head/tests/sys/vfs/lookup_cap_dotdot.c

Add basic ATF tests for Capability mode .. lookups
ClosedPublic
Actions

Revision Contents
Changeset List