/* * Copyright (c) Huawei Technologies Co., Ltd., 2015 * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See * the GNU General Public License for more details. */ /* * Verify that: * When a process with non-zero user IDs performs an execve(), the * process's capability sets are cleared. When a process with zero * user IDs performs an execve(), the process's capability sets * are set. */ #define _GNU_SOURCE #include <sys/wait.h> #include <assert.h> #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <string.h> #include <errno.h> #include "libclone.h" #include "test.h" #include "config.h" #if HAVE_SYS_CAPABILITY_H #include <sys/capability.h> #endif char *TCID = "userns06_capcheck"; int TST_TOTAL = 1; int main(int argc, char *argv[]) { #ifdef HAVE_LIBCAP cap_t caps; int i, last_cap; cap_flag_value_t flag_val; cap_flag_value_t expected_flag = 1; #endif tst_parse_opts(argc, argv, NULL, NULL); #ifdef HAVE_LIBCAP if (strcmp("privileged", argv[1])) expected_flag = 0; caps = cap_get_proc(); SAFE_FILE_SCANF(NULL, "/proc/sys/kernel/cap_last_cap", "%d", &last_cap); for (i = 0; i <= last_cap; i++) { cap_get_flag(caps, i, CAP_EFFECTIVE, &flag_val); if (flag_val != expected_flag) break; cap_get_flag(caps, i, CAP_PERMITTED, &flag_val); if (flag_val != expected_flag) break; } if (flag_val != expected_flag) { printf("unexpected effective/permitted caps at %d\n", i); exit(1); } #else printf("System is missing libcap.\n"); #endif tst_exit(); }