| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <7900802c-3860-4a52-aede-edc544461a57@linuxfoundation.org>
Date: Thu, 30 Nov 2023 16:38:42 -0700
From: Shuah Khan <skhan@...uxfoundation.org>
To: Swarup Laxman Kotiaklapudi <swarupkotikalapudi@...il.com>,
shuah@...nel.org, linux-kselftest@...r.kernel.org,
linux-kernel@...r.kernel.org,
linux-kernel-mentees@...ts.linuxfoundation.org, luto@...nel.org,
Shuah Khan <skhan@...uxfoundation.org>
Subject: Re: [PATCH v2] selftests: capabilities: namespace create varies for
root and normal user
On 11/11/23 10:38, Swarup Laxman Kotiaklapudi wrote:
> This patchset fixes TODO:
> "If we're already root, we could skip creating the userns."
>
> Change namespace creation for root and non-root
> user differently in create_and_enter_ns() function
> in this file:
> tools/testing/selftests/capabilities/test_execve.c
>
> Test result with root user:
> $sudo make TARGETS="capabilities" kselftest
> ...
> TAP version 13
> 1..1
> timeout set to 45
> selftests: capabilities: test_execve
> TAP version 13
> 1..12
> [RUN] +++ Tests with uid == 0 +++
> [NOTE] Using global UIDs for tests
> [RUN] Root => ep
> ...
> ok 12 Passed
> Totals: pass:12 fail:0 xfail:0 xpass:0 skip:0 error:0
> ==================================================
> TAP version 13
> 1..9
> [RUN] +++ Tests with uid != 0 +++
> [NOTE] Using global UIDs for tests
> [RUN] Non-root => no caps
> ...
> ok 9 Passed
> Totals: pass:9 fail:0 xfail:0 xpass:0 skip:0 error:0
>
> Test result without root or normal user:
> $make TARGETS="capabilities" kselftest
> ...
> timeout set to 45
> selftests: capabilities: test_execve
> TAP version 13
> 1..12
> [RUN] +++ Tests with uid == 0 +++
> [NOTE] Using a user namespace for tests
> [RUN] Root => ep
> validate_cap:: Capabilities after execve were correct
> ok 1 Passed
> Check cap_ambient manipulation rules
> ok 2 PR_CAP_AMBIENT_RAISE failed on non-inheritable cap
> ok 3 PR_CAP_AMBIENT_RAISE failed on non-permitted cap
> ok 4 PR_CAP_AMBIENT_RAISE worked
> ok 5 Basic manipulation appears to work
> [RUN] Root +i => eip
> validate_cap:: Capabilities after execve were correct
> ok 6 Passed
> [RUN] UID 0 +ia => eipa
> validate_cap:: Capabilities after execve were correct
> ok 7 Passed
> ok 8 # SKIP SUID/SGID tests (needs privilege)
> Planned tests != run tests (12 != 8)
> Totals: pass:7 fail:0 xfail:0 xpass:0 skip:1 error:0
> ==================================================
> TAP version 13
> 1..9
> [RUN] +++ Tests with uid != 0 +++
> [NOTE] Using a user namespace for tests
> [RUN] Non-root => no caps
> validate_cap:: Capabilities after execve were correct
> ok 1 Passed
> Check cap_ambient manipulation rules
> ok 2 PR_CAP_AMBIENT_RAISE failed on non-inheritable cap
> ok 3 PR_CAP_AMBIENT_RAISE failed on non-permitted cap
> ok 4 PR_CAP_AMBIENT_RAISE worked
> ok 5 Basic manipulation appears to work
> [RUN] Non-root +i => i
> validate_cap:: Capabilities after execve were correct
> ok 6 Passed
> [RUN] UID 1 +ia => eipa
> validate_cap:: Capabilities after execve were correct
> ok 7 Passed
> ok 8 # SKIP SUID/SGID tests (needs privilege)
> Planned tests != run tests (9 != 8)
> Totals: pass:7 fail:0 xfail:0 xpass:0 skip:1 error:0
>
> Signed-off-by: Swarup Laxman Kotiaklapudi <swarupkotikalapudi@...il.com>
> ---
>
> Changes in V2:
> - Change the commit message explaining
> why this patchset is needed.
>
Applied to linux-kselftest next for Linux 6.8-rc1
thanks,
-- Shuah
Powered by blists - more mailing lists