int main(int argc, char *argv[]) { int ret = 1; int i; ret = prctl(CAP_BSET_DROP, -1); if (ret != -1) { tst_resm(TFAIL, "prctl(CAP_BSET_DROP, -1) returned %d\n", ret); tst_exit(); } /* Ideally I'd check CAP_LAST_CAP+1, but userspace * tends to be far too unreliable to trust CAP_LAST_CAP> * We could test using kernel API, but that's what we're * testing... So let's take an insanely high value */ #define INSANE 63 #define max(x,y) (x > y ? x : y) ret = prctl(CAP_BSET_DROP, max(INSANE,CAP_LAST_CAP+1)); if (ret != -1) { tst_resm(TFAIL, "prctl(CAP_BSET_DROP, %d) returned %d\n", max(INSANE, CAP_LAST_CAP+1), ret); tst_resm(TINFO, " %d is should not exist\n", max(INSANE, CAP_LAST_CAP+1)); tst_exit(); } for (i=0; i<=CAP_LAST_CAP; i++) { ret = prctl(CAP_BSET_DROP, i); if (ret != 0) { tst_resm(TFAIL, "prctl(CAP_BSET_DROP, %d) returned %d\n", i, ret); if (ret == -1) tst_resm(TINFO, "errno was %d\n", errno); tst_exit(); } ret = check_remaining_caps(i); if (ret > 0) { tst_resm(TFAIL, "after dropping bits 0..%d, %d was still in bounding set\n", i, ret); tst_exit(); } else if (ret < 0) { tst_resm(TFAIL, "after dropping bits 0..%d, %d was not in bounding set\n", i, -ret); tst_exit(); } } tst_resm(TPASS, "CAP_BSET_DROP tests passed\n"); tst_exit(); }
int main(int argc, char *argv[]) { int ret = 1; int i; #ifdef HAVE_LIBCAP #if HAVE_DECL_PR_CAPBSET_DROP ret = prctl(PR_CAPBSET_READ, -1); #else errno = ENOSYS; ret = -1; #endif if (ret != -1) { tst_brkm(TFAIL, NULL, "prctl(PR_CAPBSET_DROP, -1) returned %d\n", ret); } /* Ideally I'd check CAP_LAST_CAP+1, but userspace * tends to be far too unreliable to trust CAP_LAST_CAP> * We could test using kernel API, but that's what we're * testing... So let's take an insanely high value */ #define INSANE 63 #define max(x,y) (x > y ? x : y) #if HAVE_DECL_PR_CAPBSET_DROP ret = prctl(PR_CAPBSET_DROP, max(INSANE, CAP_LAST_CAP + 1)); #else errno = ENOSYS; ret = -1; #endif if (ret != -1) { tst_resm(TFAIL, "prctl(PR_CAPBSET_DROP, %d) returned %d\n", max(INSANE, CAP_LAST_CAP + 1), ret); tst_resm(TINFO, " %d is should not exist\n", max(INSANE, CAP_LAST_CAP + 1)); tst_exit(); } for (i = 0; i <= CAP_LAST_CAP; i++) { #if HAVE_DECL_PR_CAPBSET_DROP ret = prctl(PR_CAPBSET_DROP, i); #else errno = ENOSYS; ret = -1; #endif if (ret != 0) { tst_resm(TFAIL, "prctl(PR_CAPBSET_DROP, %d) returned %d\n", i, ret); if (ret == -1) tst_resm(TINFO, "errno was %d\n", errno); tst_exit(); } ret = check_remaining_caps(i); if (ret > 0) { tst_brkm(TFAIL, NULL, "after dropping bits 0..%d, %d was still in bounding set\n", i, ret); } else if (ret < 0) { tst_brkm(TFAIL, NULL, "after dropping bits 0..%d, %d was not in bounding set\n", i, -ret); } } tst_resm(TPASS, "PR_CAPBSET_DROP tests passed\n"); #else tst_resm(TCONF, "System doesn't have POSIX capabilities."); #endif tst_exit(); }