Page MenuHomeFreeBSD

Add basic ATF tests for Capability mode .. lookups
ClosedPublic

Authored by cem on Dec 11 2016, 4:07 AM.
Tags
None
Referenced Files
F106101189: D8748.diff
Wed, Dec 25, 10:18 AM
Unknown Object (File)
Wed, Dec 18, 7:47 PM
Unknown Object (File)
Mon, Dec 16, 4:57 AM
Unknown Object (File)
Tue, Dec 10, 10:50 AM
Unknown Object (File)
Oct 27 2024, 9:32 PM
Unknown Object (File)
Oct 24 2024, 9:49 PM
Unknown Object (File)
Sep 24 2024, 6:53 PM
Unknown Object (File)
Sep 17 2024, 3:20 PM
Subscribers
None

Details

Summary
Test Plan

Could also use symlink tests. Anything else?

Diff Detail

Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 6191
Build 6440: arc lint + arc unit

Event Timeline

cem retitled this revision from to Add basic ATF tests for Capability mode .. lookups.
cem updated this object.
cem edited the test plan for this revision. (Show Details)
cem added reviewers: emaste, allanjude, oshogbo, kib, ngie.
tests/sys/vfs/lookup_cap_dotdot.c
42

Why is this hardcoded to /tmp ? This violates the kyua test sandbox and makes this test impossible to cleanup after if it's interrupted or killed mid-test :(.

Honestly, it seems like you should be able to create a directory under the sandbox, 2 elements deep, which would fulfill your requirements.

57–61
ATF_CHECK(mkdirat(testdir_fd, "b", 0700) == 0);

is simpler.

85–98

This should be replaced with this simpler logic (which uses the feature_present(3) API):

#include "freebsd_test_suite/macros.h"

/* ... */

ATF_REQUIRE_FEATURE("security_capabilities");
ATF_REQUIRE_FEATURE("security_capability_mode");

Be sure to add:

CFLAGS+= ${SRCTOP}/tests

to the Makefile.

Could also use symlink tests. Anything else?

Tests that cross mount points, perhaps?

I think it would be useful to include all tests from the original ed program, including non-capsicum kinds.
https://github.com/emaste/snippets/blob/master/test_openat.c

In D8748#181282, @kib wrote:

I think it would be useful to include all tests from the original ed program, including non-capsicum kinds.
https://github.com/emaste/snippets/blob/master/test_openat.c

Will do, thanks.

tests/sys/vfs/lookup_cap_dotdot.c
42

I'm unfamiliar with kyua sandboxing. How do I use it? Is it just the current directory during test body?

I'm not attached to /tmp, just not aware of anything better.

57–61

Ok.

85–98

Thanks. That's in HEAD or BODY?

cem marked 6 inline comments as done.
cem edited edge metadata.

Address ngie@ review feedback.

  • Use cwd (assuming that's the sandbox) instead of tmp, drop cleanup code
  • Use ATF_CHECK/ATF_REQUIRE for simplicity
  • Use ATF_REQUIRE_FEATURE macro instead of raw sysctls

Actually fix commit and push changes.

Bring in Ed's openat tests, adapted to ATF. Includes symlink tests.

We don't want to put it under tools/regression/capsicum ?

We don't want to put it under tools/regression/capsicum ?

As an ATF test the logical place is under tests/. I don't know any good reason to prefer tools/regression over tests or vice versa, so as this is already implemented, I'm inclined to keep it as-is (if it isn't broken, don't fix it).

kib edited edge metadata.
kib added inline comments.
tests/sys/vfs/lookup_cap_dotdot.c
193

We use c89-style /* */ comments in FreeBSD source code.

This revision is now accepted and ready to land.Dec 12 2016, 10:47 AM
This revision was automatically updated to reflect the committed changes.