diff options
| author | Andrew G. Morgan <morgan@kernel.org> | 2021-03-30 18:43:34 -0700 |
|---|---|---|
| committer | Andrew G. Morgan <morgan@kernel.org> | 2021-03-30 18:43:42 -0700 |
| commit | 1eb64332b1e6cde634b78d6f15f5ae98e6cfac99 (patch) | |
| tree | 2cf161905b38d2083addde8e95f7318b71b8052b /cap | |
| parent | cf6ddafe1d34d84e7a30b0b497c6174fc93ba074 (diff) | |
| download | libcap2-1eb64332b1e6cde634b78d6f15f5ae98e6cfac99.tar.gz | |
More aggressive cap_test to ensure the launcher isolates context
Stress test the launcher code a little harder.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
Diffstat (limited to 'cap')
| -rw-r--r-- | cap/cap_test.go | 61 |
1 files changed, 36 insertions, 25 deletions
diff --git a/cap/cap_test.go b/cap/cap_test.go index db4d61c..71c9618 100644 --- a/cap/cap_test.go +++ b/cap/cap_test.go @@ -220,34 +220,45 @@ func TestFuncLaunch(t *testing.T) { t.Fatalf("trivial launcher failed: %v", err) } - before, err := singlesc.prctlrcall(prGetKeepCaps, 0, 0) - if err != nil { - t.Fatalf("failed to get PR_KEEP_CAPS: %v", err) - } - - if _, err := FuncLauncher(func(data interface{}) error { - was, ok := data.(int) - if !ok { - return fmt.Errorf("data was not an int: %v", data) + for i := 0; i < 100; i++ { + expect := i & 1 + before, err := Prctl(prGetKeepCaps) + if err != nil { + t.Fatalf("failed to get PR_KEEP_CAPS: %v", err) } - if _, err := Prctlw(prSetKeepCaps, uintptr(1-was)); err != nil { - return err + if before != expect { + t.Fatalf("invalid initial state: got=%d want=%d", before, expect) } - if v, err := Prctl(prGetKeepCaps); err != nil { - return err - } else if v == was { - return fmt.Errorf("PR_KEEP_CAPS unchanged: got=%d, want=%v", v, 1-was) + + if _, err := FuncLauncher(func(data interface{}) error { + was, ok := data.(int) + if !ok { + return fmt.Errorf("data was not an int: %v", data) + } + if _, err := Prctlw(prSetKeepCaps, uintptr(1-was)); err != nil { + return err + } + if v, err := Prctl(prGetKeepCaps); err != nil { + return err + } else if v == was { + return fmt.Errorf("PR_KEEP_CAPS unchanged: got=%d, want=%v", v, 1-was) + } + // All good. + return nil + }).Launch(before); err != nil { + t.Fatalf("trivial launcher failed: %v", err) } - // All good. - return nil - }).Launch(before); err != nil { - t.Fatalf("trivial launcher failed: %v", err) - } - // Now validate that the main process is still OK. - if after, err := singlesc.prctlrcall(prGetKeepCaps, 0, 0); err != nil { - t.Fatalf("failed to get PR_KEEP_CAPS: %v", err) - } else if before != after { - t.Fatalf("FuncLauncher leaked privileged state: got=%v want=%v", after, before) + // Now validate that the main process is still OK. + if after, err := Prctl(prGetKeepCaps); err != nil { + t.Fatalf("failed to get PR_KEEP_CAPS: %v", err) + } else if before != after { + t.Fatalf("FuncLauncher leaked privileged state: got=%v want=%v", after, before) + } + + // Now force the other way + if _, err := Prctlw(prSetKeepCaps, uintptr(1-expect)); err != nil { + t.Fatalf("[%d] attempt to flip PR_KEEP_CAPS failed: %v", i, err) + } } } |