diff options
| author | Andrew G. Morgan <morgan@kernel.org> | 2020-09-07 12:24:43 -0700 |
|---|---|---|
| committer | Andrew G. Morgan <morgan@kernel.org> | 2020-09-07 12:53:04 -0700 |
| commit | 307e7f5744b7c84af4c07091c5310cf4f9514694 (patch) | |
| tree | 3ec6ff066311b0431d581eef07b0e1cb78b77741 /progs | |
| parent | 91fc109c647c65f6b973131155bfe1a52134cf6e (diff) | |
| download | libcap2-307e7f5744b7c84af4c07091c5310cf4f9514694.tar.gz | |
Support dynamic test compilation and execution.
make DYNAMIC=yes test sudotest
works now. Thomas Petazzoni provided a patch that built
the tests this way, but I've restructured things to
make the above command line work against the uninstalled
library builds.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
Diffstat (limited to 'progs')
| -rw-r--r-- | progs/.gitignore | 1 | ||||
| -rw-r--r-- | progs/Makefile | 15 | ||||
| -rwxr-xr-x | progs/quicktest.sh | 8 |
3 files changed, 15 insertions, 9 deletions
diff --git a/progs/.gitignore b/progs/.gitignore index 1c7ff23..978229e 100644 --- a/progs/.gitignore +++ b/progs/.gitignore @@ -1,4 +1,5 @@ capsh +tcapsh-static getcap getpcaps setcap diff --git a/progs/Makefile b/progs/Makefile index 076e44f..1b27c41 100644 --- a/progs/Makefile +++ b/progs/Makefile @@ -8,13 +8,15 @@ PROGS=getpcaps capsh getcap setcap BUILD=$(PROGS) -ifneq ($(DYNAMIC),yes) +ifeq ($(DYNAMIC),yes) +LDPATH = LD_LIBRARY_PATH=../libcap +else LDFLAGS += --static endif DEPS=../libcap/libcap.a ../libcap/libpsx.a -all: $(BUILD) +all: $(BUILD) tcapsh-static $(DEPS): make -C ../libcap all @@ -36,9 +38,12 @@ endif test: $(PROGS) -sudotest: test - sudo ./quicktest.sh +tcapsh-static: capsh.c $(DEPS) + $(CC) $(IPATH) $(CAPSH_SHELL) $(CFLAGS) -o $@ $< $(LIBCAPLIB) $(LDFLAGS) --static + +sudotest: test tcapsh-static + sudo $(LDPATH) ./quicktest.sh clean: $(LOCALCLEAN) - rm -f *.o $(BUILD) tcapsh ping hack.sh compare-cap + rm -f *.o $(BUILD) tcapsh* privileged ping hack.sh compare-cap diff --git a/progs/quicktest.sh b/progs/quicktest.sh index fbe98a6..5873317 100755 --- a/progs/quicktest.sh +++ b/progs/quicktest.sh @@ -45,7 +45,7 @@ pass_capsh () { pass_capsh --print # Make a local non-setuid-0 version of capsh and call it privileged -cp ./capsh ./privileged && /bin/chmod -s ./privileged +cp ./tcapsh-static ./privileged && /bin/chmod -s ./privileged if [ $? -ne 0 ]; then echo "Failed to copy capsh for capability manipulation" exit 1 @@ -77,7 +77,7 @@ pass_capsh --mode=PURE1E --iab='!%cap_chown,cap_sys_admin' pass_capsh --keep=0 --keep=1 --keep=0 --keep=1 --print /bin/rm -f tcapsh -/bin/cp capsh tcapsh +/bin/cp tcapsh-static tcapsh /bin/chown root.root tcapsh /bin/chmod u+s tcapsh /bin/ls -l tcapsh @@ -166,7 +166,7 @@ pass_capsh --keep=1 --uid=$nouid --caps=cap_setpcap=ep \ # Verify we can chroot pass_capsh --chroot=$(/bin/pwd) -pass_capsh --chroot=$(/bin/pwd) == +pass_capsh -- -c "./tcapsh-static --chroot=$(/bin/pwd) ==" fail_capsh --chroot=$(/bin/pwd) -- -c "echo oops" ./capsh --has-ambient @@ -216,7 +216,7 @@ echo "testing namespaced file caps" # nsprivileged capsh will have an ns rootid value (this is # the same setup as an earlier test but with a ns file cap). rm -f nsprivileged -cp ./capsh ./nsprivileged && /bin/chmod -s ./nsprivileged +cp ./tcapsh-static ./nsprivileged && /bin/chmod -s ./nsprivileged ./setcap -n 1 all=ep ./nsprivileged if [ $? -eq 0 ]; then ./getcap -n ./nsprivileged | fgrep "[rootid=1]" |