Page MenuHomeFreeBSD

tests: Add ktrace capability violation test cases
ClosedPublic

Authored by jfree on Jun 20 2023, 10:10 PM.
Referenced Files
F106177860: D40682.diff
Thu, Dec 26, 4:29 PM
Unknown Object (File)
Sun, Dec 15, 12:18 AM
Unknown Object (File)
Tue, Dec 3, 3:09 PM
Unknown Object (File)
Mon, Dec 2, 4:49 PM
Unknown Object (File)
Wed, Nov 27, 8:48 PM
Unknown Object (File)
Nov 23 2024, 3:21 AM
Unknown Object (File)
Nov 20 2024, 3:32 AM
Unknown Object (File)
Nov 17 2024, 6:36 PM

Details

Summary
tests: Add ktrace capability violation test cases

Introduce regression tests for ktrace(2) that target capability
violations.

These test cases ensure that ktrace(2) records these violations:
- CAPFAIL_NOTCAPABLE
- CAPFAIL_INCREASE
- CAPFAIL_SYSCALL
- CAPFAIL_SIGNAL
- CAPFAIL_PROTO
- CAPFAIL_SOCKADDR
- CAPFAIL_NAMEI
- CAPFAIL_CPUSET

A portion of these test cases create processes that do NOT enter
capability mode, but raise violations. This is intended behavior.
Users may run `ktrace -t p` on non-Capsicumized programs to detect
violations that would occur if the process were in capability mode.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 56528
Build 53416: arc lint + arc unit

Event Timeline

Use cap_svflags instead of cap_flags when determining kernel ABI with syscallabi().

Fix formatting issue in license text

This revision is now accepted and ready to land.Jan 18 2024, 3:46 PM
  • Rename all instances of CAPFAIL_VFS to CAPFAIL_NAMEI
  • Rebase on main after several months
This revision now requires review to proceed.Mar 10 2024, 4:20 AM
This revision was not accepted when it landed; it landed in state Needs Review.Apr 7 2024, 11:58 PM
This revision was automatically updated to reflect the committed changes.