Garrett Cooper wrote:On Wed, Jan 6, 2010 at 5:33 PM, Jiri Palecek <[email protected]> wrote:Garrett Cooper napsal(a):On Tue, Jan 5, 2010 at 5:41 PM, Garrett Cooper<[email protected]> wrote:Couldn't the executable just get CAP_CHOWN with cap_set_proc in case it isOn Tue, Jan 5, 2010 at 5:27 PM, Jiri Palecek<[email protected]> wrote:Michal Simek napsal(a):Hi,Hi,I have some problems with lchown02 test which is caused with this patch. What is prep_create_link?Thanks, Michal http://git.kernel.org/?p=linux/kernel/git/galak/ltp.git;a=commitdiff;h=ee1a022fc76076d7fc1b6b1797c195244414c038 diff --git a/runtest/syscalls b/runtest/syscalls index fbe8641..34631ed 100644 (file) --- a/runtest/syscalls +++ b/runtest/syscalls @@ -462,10 +462,10 @@ kill12 kill12 lchown01 lchown01 lchown01_16 lchown01_16 -lchown02 cp -p $LTPROOT/testcases/bin/create_link $TMP; lchown02-lchown02_16 cp -p $LTPROOT/testcases/bin/create_link $TMP; lchown02_16+lchown02 prep_create_link; lchown02 +lchown02_16 prep_create_link; lchown02_16IMHO it should do the same as the line above. But I think the whole thing could be deleted without causing any grief: http://repo.or.cz/w/ltp-debian.git?a=commit;h=a5499edcf368fa88df924f94ffcbe63c22b46e82The test needs create_link in $TMP; that's why I scripted it as a one-liner (but stupid me probably forgot to add the script to CVS -_-). Let me look and I'll get back to you shortly.Fixed. The executable needed CAP_CHOWN capability and that's part of the point behind that script...running under root with restricted capabilities?I'm not sure it wouldn't fail even with the suid-root executable under such condition - are you really sure it doesn't (esp. in the face of lchown01,which would fail almost surely and doesn't have this hack)?This requires libcap though, which means that any system under test without it would fail the test: NAMEcap_get_proc, cap_set_proc, capgetp - capability manipulation on pro-cesses SYNOPSIS #include <sys/capability.h> cap_t cap_get_proc(void); int cap_set_proc(cap_t cap_p); #include <sys/types.h> cap_t cap_get_pid(pid_t pid); Link with -lcap. I agree though, this is the best / cleanest solution...Please keep in your mind that not everybody has capability.h in toolchain. For example we don't have it. I can imagine that this could
True, but do you have a capability restricted root and NOT have capability.h.
be one option. You can check if is capability.h and then use it. But if is not there still should be able to run that tests.
Yet I'm still unconviced about the motivation behind this. I tried running the *chown* tests under root with CAP_CHOWN dropped. As you can see in the attachment, all the tests failed (except for chown01, which is because this test doesn't actually test the functionality of chown). But, only lchown02 has this prep_create_link hack (and I'm actually unsure it would help in this case). So I don't know if these tests are actually meant to be working under these conditions, and if not, I can't see the reason of this prep_create_link script.
Regards Jiri Palecek
output
Description: Binary data
------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________ Ltp-list mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ltp-list
