Change Details

This change takes capsicum-test from upstream [1] and applies some local changes to make the openat test pass on FreeBSD, as well as make the test execute using an absolute path (this is needed for the test to be executed via Kyua). The former local change is under discussion; I favored my solution for the time being [2], but @drysdale_google.com is proposing an alternate solution [3]. The latter change--to make capsicum-test pass when executed via an absolute path--has been submitted upstream [4]. 1. https://github.com/google/capsicum-test 2. https://github.com/google/capsicum-test/pull/35/ 3. https://github.com/google/capsicum-test/pull/40/ 4. https://github.com/google/capsicum-test/pull/41/ This change requires D19755 and D19756. Commit blocking TODO items: * conditionalize running capsicum-test on CAPABILITIES-enabled kernels, as some downstream consumers, e.g., Netflix, don't seem to run CAPABILITIES-enabled kernels. * conditionalize running the mqueuefs tests when `feature_present("p1003_1b_mqueue");` returns boolean true. MFC after: 1 month

This change takes capsicum-test from upstream [1] and applies some local changes to make the test work on FreeBSD when executed via Kyua. The local modifications are as follows: 1. Make `OpenatTest.WithFlag` pass with the new dot-dot lookup behavior in FreeBSD 12.x+. 2. capsicum-test references a set of helper binaries: `mini-me`, `mini-me.noexec`, and `mini-me.setuid`, as part of the execve/fexecve tests, via execve, fexecve, and open. It achieves this upstream by assuming `mini-me*` is in the current directory, however, in order for Kyua to execute `capsicum-test`, it needs to provide a full path to `mini-me*`. In order to achieve this, I made `capsicum-test` cache the executable's path from argv[0] in main(..) and use the cached value to compute the path to `mini-me*` as part of the execve/fexecve testcases. 3. The capsicum-test test suite assumes that it's always being run on CAPABILITIES enabled kernels. However, there's a chance that the test will be run on a host without a CAPABILITIES enabled kernel, so we must check for the support before running the tests. The way to achieve this is to add the relevant `feature_present("security_capabilities")` check to SetupEnvironment::SetUp() and skip the tests when the support is not available. While here, add a check for `kern.trap_enotcap` being enabled. As noted by @markj in https://github.com/google/capsicum-test/issues/23, this sysctl being enabled can trigger non-deterministic failures. Therefore, the tests should be skipped if this sysctl is enabled. This change requires D19765 in order to function. All local changes have been submitted to the capsicum-test project (https://github.com/google/capsicum-test) and are in various stages of review. MFC after: 1 month

This change takes capsicum-test from upstream [1] and applies some local changes to make the openat test passwork on FreeBSD, when executed via Kyua. as well as make the testThe local execute using an absolute path (this is needed for the test to be executedmodifications are as follows: 1. Make `OpenatTest.WithFlag` pass with the new dot-dot lookup behavior in FreeBSD 12.x+. via Kyua).2. capsicum-test references a set of helper binaries: `mini-me`, The former local change is under discussion;`mini-me.noexec`, I favored my solutionand for `mini-me.setuid`, as part of the time being [2]execve/fexecve tests, via execve, but @drysdale_google.com is proposing an alternatefexecve, and open. solution [3]. It achieves this upstream by assuming `mini-me*` is in the current directory, The latter change--to make capsicum-test pass when executed viahowever, an absolute path--has been submitted upstream [4]. 1. in order for Kyua to execute `capsicum-test`, https://github.com/google/capsicum-testit needs to provide a full path to 2 `mini-me*`. https://github.com/google/In order to achieve this, I made `capsicum-test/pull/35/t` cache the executable's 3. https://github.com/google/capsicum-test/pull/40/ path from argv[0] in main(..) and use the cached value to compute the path to 4 `mini-me*` as part of the execve/fexecve testcases. 3. The capsicum-test test suite assumes that it's always being run on CAPABILITIES enabled kernels. However, there's a chance that the test will be run on a host without a CAPABILITIES enabled kernel, so we must check for the support before running the tests. The way to achieve this is to add the relevant `feature_present("security_capabilities")` check to SetupEnvironment::SetUp() and skip the tests when the support is not available. While here, add a check for `kern.trap_enotcap` being enabled. As noted by @markj in https://github.com/google/capsicum-test/pull/41/issues/23, this sysctl being enabled can trigger non-deterministic failures. Therefore, the tests should be skipped if this sysctl is enabled. This change requires D19755 and D1975665 in order to function. Commit blocking TODO items:All local changes have been submitted to the capsicum-test project * conditionalize running capsicum-test on CAPABILITIES-enabled kernels, as some downstream consumers, e.g., Netflix, don't seem to run CAPABILITIES-enabled kernels. * conditionalize running the mqueuefs tests when `feature_present("p1003_1b_mqueue");` returns boolean true(https://github.com/google/capsicum-test) and are in various stages of review. MFC after: 1 month