rpms
/
libcap
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: rpms:rawhide
Branches Tags
rpms:rawhide
rpms:main-riscv64
rpms:main
rpms:f39
rpms:f38
rpms:f37
rpms:f36
rpms:f35
rpms:f33
rpms:f34
rpms:f32
rpms:f31
rpms:f30
rpms:f29
rpms:f28
rpms:f27
rpms:f26
rpms:f25
rpms:f24
rpms:f23
rpms:f21
rpms:f22
rpms:f20
rpms:f19
rpms:f18
rpms:f17
rpms:f14
rpms:f15
rpms:f16
rpms:f11
rpms:f9
rpms:f10
rpms:f12
rpms:f13
rpms:f7
rpms:f8
rpms:libcap-2_17-1_fc13
rpms:F-13-start
rpms:F-13-split
rpms:libcap-2_16-5_fc12
rpms:F-12-start
rpms:F-12-split
rpms:libcap-2_16-4_fc11_1
rpms:libcap-2_16-4_fc12
rpms:libcap-2_16-4_fc11
rpms:libcap-2_16-3_fc11
rpms:libcap-2_16-2_fc11
rpms:F-11-start
rpms:F-11-split
rpms:libcap-2_10-3_fc11
rpms:libcap-2_10-2_fc10
rpms:F-10-start
rpms:F-10-split
rpms:libcap-2_10-1_fc10
rpms:libcap-2_06-4_fc9
rpms:F-9-start
rpms:F-9-split
rpms:libcap-2_06-3_fc9
rpms:libcap-2_06-2_fc9
rpms:libcap-2_06-1_fc9
rpms:libcap-1_10-33_fc9
rpms:libcap-1_10-31
rpms:F-8-start
rpms:F-8-split
rpms:libcap-1_10-30
rpms:libcap-1_10-29
rpms:F-7-start
rpms:F-7-split
rpms:libcap-1_10-28
rpms:libcap-1_10-27
rpms:libcap-1_10-25
rpms:FC-6-split
rpms:libcap-1_10-24_2_1
rpms:libcap-1_10-24_2
rpms:FC-5-split
rpms:libcap-1_10-24_1
rpms:libcap-1_10-24
rpms:libcap-1_10-23_1
rpms:libcap-1_10-23
rpms:libcap-1_10-22
rpms:FC-4-split
rpms:libcap-1_10-21
rpms:present-on-devel
rpms:libcap-1_10-20
rpms:RHEL-4-split
rpms:FC-3-split
rpms:libcap-1_10-19
rpms:libcap-1_10-18_1
rpms:libcap-1_10-17
rpms:FC-2-split
rpms:libcap-1_10-16
rpms:FC-1-split
rpms:libcap-1_10-15
rpms:RHL-9-split
rpms:RHL-8-split
rpms:RHEL-3-split
rpms:libcap-1_10-12
rpms:libcap-1_10-11
rpms:libcap-1_10-8
rpms:RHL-7_3-split
rpms:libcap-1_10-6
rpms:RHL-7_2-split
rpms:RHEL-2_1-split
rpms:libcap-1_10-5
rpms:libcap-1_10-4
...
pull from: rpms:f38
Branches Tags
rpms:main-riscv64
rpms:main
rpms:rawhide
rpms:f39
rpms:f38
rpms:f37
rpms:f36
rpms:f35
rpms:f33
rpms:f34
rpms:f32
rpms:f31
rpms:f30
rpms:f29
rpms:f28
rpms:f27
rpms:f26
rpms:f25
rpms:f24
rpms:f23
rpms:f21
rpms:f22
rpms:f20
rpms:f19
rpms:f18
rpms:f17
rpms:f14
rpms:f15
rpms:f16
rpms:f11
rpms:f9
rpms:f10
rpms:f12
rpms:f13
rpms:f7
rpms:f8
rpms:libcap-2_17-1_fc13
rpms:F-13-start
rpms:F-13-split
rpms:libcap-2_16-5_fc12
rpms:F-12-start
rpms:F-12-split
rpms:libcap-2_16-4_fc11_1
rpms:libcap-2_16-4_fc12
rpms:libcap-2_16-4_fc11
rpms:libcap-2_16-3_fc11
rpms:libcap-2_16-2_fc11
rpms:F-11-start
rpms:F-11-split
rpms:libcap-2_10-3_fc11
rpms:libcap-2_10-2_fc10
rpms:F-10-start
rpms:F-10-split
rpms:libcap-2_10-1_fc10
rpms:libcap-2_06-4_fc9
rpms:F-9-start
rpms:F-9-split
rpms:libcap-2_06-3_fc9
rpms:libcap-2_06-2_fc9
rpms:libcap-2_06-1_fc9
rpms:libcap-1_10-33_fc9
rpms:libcap-1_10-31
rpms:F-8-start
rpms:F-8-split
rpms:libcap-1_10-30
rpms:libcap-1_10-29
rpms:F-7-start
rpms:F-7-split
rpms:libcap-1_10-28
rpms:libcap-1_10-27
rpms:libcap-1_10-25
rpms:FC-6-split
rpms:libcap-1_10-24_2_1
rpms:libcap-1_10-24_2
rpms:FC-5-split
rpms:libcap-1_10-24_1
rpms:libcap-1_10-24
rpms:libcap-1_10-23_1
rpms:libcap-1_10-23
rpms:libcap-1_10-22
rpms:FC-4-split
rpms:libcap-1_10-21
rpms:present-on-devel
rpms:libcap-1_10-20
rpms:RHEL-4-split
rpms:FC-3-split
rpms:libcap-1_10-19
rpms:libcap-1_10-18_1
rpms:libcap-1_10-17
rpms:FC-2-split
rpms:libcap-1_10-16
rpms:FC-1-split
rpms:libcap-1_10-15
rpms:RHL-9-split
rpms:RHL-8-split
rpms:RHEL-3-split
rpms:libcap-1_10-12
rpms:libcap-1_10-11
rpms:libcap-1_10-8
rpms:RHL-7_3-split
rpms:libcap-1_10-6
rpms:RHL-7_2-split
rpms:RHEL-2_1-split
rpms:libcap-1_10-5
rpms:libcap-1_10-4

3 Commits
rawhide ... f38

Author SHA1 Message Date
Carlos Rodriguez-Fernandez f3b197e5d9
ignore known lint issues 2023-11-25 11:48:28 -07:00
Carlos Rodriguez-Fernandez 27444a9506
fix gating and modernize tests 2023-11-23 22:41:44 -07:00
Carlos Rodriguez-Fernandez 679a97c1ab
Backport fix for CVE-2023-2602 and CVE-2023-2603 2023-11-22 08:07:21 -07:00
36 changed files with 413 additions and 732 deletions
Show Stats Expand all files Collapse all files

1
.fmf/version Normal file
View File

@ -0,0 +1 @@
1

34
0001-cap_alloc.c-fix-CVE-2023-2603.patch Normal file
View File

@ -0,0 +1,34 @@
From 59bae31a96003840c064573904a4041427df3890 Mon Sep 17 00:00:00 2001
From: Carlos Rodriguez-Fernandez <carlosrodrifernandez@gmail.com>
Date: Wed, 22 Nov 2023 07:53:36 -0700
Subject: [PATCH 1/2] cap_alloc.c:fix CVE-2023-2603
---
libcap/cap_alloc.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/libcap/cap_alloc.c b/libcap/cap_alloc.c
index 6dab4e6..7456d97 100644
--- a/libcap/cap_alloc.c
+++ b/libcap/cap_alloc.c
@@ -81,8 +81,15 @@ char *_libcap_strdup(const char *old)
errno = EINVAL;
return NULL;
}
-
- raw_data = malloc( sizeof(__u32) + strlen(old) + 1 );
+ size_t len;
+ len = strlen(old);
+ if ((len & 0x3fffffff) != len) {
+ _cap_debug("len is too long for libcap to manage");
+ errno = EINVAL;
+ return NULL;
+ }
+ len += sizeof(__u32) + 1;
+ raw_data = malloc(len);
if (raw_data == NULL) {
errno = ENOMEM;
return NULL;
--
2.42.0

25
0002-psx.c-fix-CVE-2023-2602.patch Normal file
View File

@ -0,0 +1,25 @@
From 5abae730d176107642d5d24cc14f27595ca88a69 Mon Sep 17 00:00:00 2001
From: Carlos Rodriguez-Fernandez <carlosrodrifernandez@gmail.com>
Date: Wed, 22 Nov 2023 07:55:04 -0700
Subject: [PATCH 2/2] psx.c:fix CVE-2023-2602
---
psx/psx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/psx/psx.c b/psx/psx.c
index 4de3653..eec6db8 100644
--- a/psx/psx.c
+++ b/psx/psx.c
@@ -478,7 +478,7 @@ int __wrap_pthread_create(pthread_t *thread, const pthread_attr_t *attr,
pthread_sigmask(SIG_BLOCK, &sigbit, NULL);
int ret = __real_pthread_create(thread, attr, _psx_start_fn, starter);
- if (ret == -1) {
+ if (ret > 0) {
psx_new_state(_PSX_CREATE, _PSX_IDLE);
memset(starter, 0, sizeof(*starter));
free(starter);
--
2.42.0

17
gating.yaml
View File

@ -2,6 +2,19 @@
product_versions:
- fedora-*
decision_context: bodhi_update_push_testing
subject_type: koji_build
rules:
- !PassingTestCaseRule {test_case_name: dist.depcheck}
- !PassingTestCaseRule {test_case_name: dist.abicheck}
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.rpmdeplint.functional}
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.rpminspect.static-analysis}
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.installability.functional}
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
--- !Policy
product_versions:
- fedora-*
decision_context: bodhi_update_push_stable
subject_type: koji_build
rules:
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.rpmdeplint.functional}
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.rpminspect.static-analysis}
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.installability.functional}
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}

2
libcap.rpmlintrc Normal file
View File

@ -0,0 +1,2 @@
addFilter('.*static-library-without-debuginfo.*')
addFilter('.*pam-unauthorized-module.*')

7
libcap.spec
View File

@ -1,12 +1,14 @@
Name: libcap
Version: 2.48
Release: 6%{?dist}
Release: 7%{?dist}
Summary: Library for getting and setting POSIX.1e capabilities
URL: https://sites.google.com/site/fullycapable/
License: BSD or GPLv2
Source: https://git.kernel.org/pub/scm/libs/libcap/libcap.git/snapshot/%{name}-%{version}.tar.gz
Patch0: libcap-use-compiler-flag-options.patch
Patch1: 0001-cap_alloc.c-fix-CVE-2023-2603.patch
Patch2: 0002-psx.c-fix-CVE-2023-2602.patch
BuildRequires: libattr-devel pam-devel perl-interpreter gcc
BuildRequires: make
@ -83,6 +85,9 @@ chmod +x %{buildroot}/%{_libdir}/*.so.*
%changelog
* Wed Nov 22 2023 Carlos Rodriguez-Fernandez <carlosrodrifernandez@gmail.com> - 2.48-7
- Backport fix for CVE-2023-2602 and CVE-2023-2603
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.48-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild

5
plans/main.fmf Normal file
View File

@ -0,0 +1,5 @@
summary: Basic smoke test for libcap
discover:
how: fmf
execute:
how: tmt

64
tests/capsh-basic-functionality/Makefile
View File

@ -1,64 +0,0 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /CoreOS/libcap/Sanity/capsh-basic-functionality
# Description: tests basic functionality
# Author: Karel Srot <ksrot@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2017 Red Hat, Inc.
#
# This copyrighted material is made available to anyone wishing
# to use, modify, copy, or redistribute it subject to the terms
# and conditions of the GNU General Public License version 2.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/CoreOS/libcap/Sanity/capsh-basic-functionality
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile PURPOSE
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
test -x runtest.sh || chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Karel Srot <ksrot@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: tests basic functionality" >> $(METADATA)
@echo "Type: Sanity" >> $(METADATA)
@echo "TestTime: 5m" >> $(METADATA)
@echo "RunFor: libcap" >> $(METADATA)
@echo "Requires: libcap" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
@echo "Releases: -RHEL4 -RHELClient5 -RHELServer5 -RHEL6" >> $(METADATA)
rhts-lint $(METADATA)

3
tests/capsh-basic-functionality/PURPOSE
View File

@ -1,3 +0,0 @@
PURPOSE of /CoreOS/libcap/Sanity/capsh-basic-functionality
Description: tests basic functionality
Author: Karel Srot <ksrot@redhat.com>

123
tests/capsh-basic-functionality/runtest.sh
View File

@ -1,123 +0,0 @@
#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /CoreOS/libcap/Sanity/capsh-basic-functionality
# Description: tests basic functionality
# Author: Karel Srot <ksrot@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2017 Red Hat, Inc.
#
# This copyrighted material is made available to anyone wishing
# to use, modify, copy, or redistribute it subject to the terms
# and conditions of the GNU General Public License version 2.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/bin/rhts-environment.sh || exit 1
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="libcap"
rlJournalStart
rlPhaseStartSetup
rlAssertRpm $PACKAGE
rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
rlRun "pushd $TmpDir"
rlRun "useradd -m libcap_tester"
rlPhaseEnd
rlPhaseStartTest "Remove the listed capabilities from the prevailing bounding set"
rlRun -s "capsh --drop=cap_net_raw -- -c 'getpcaps \$\$'"
rlAssertGrep "Capabilities for" $rlRun_LOG
rlAssertNotGrep cap_net_raw $rlRun_LOG
rlRun -s "capsh --drop=cap_net_raw -- -c 'ping localhost -c 1'" 2,126 "Ping without cap_net_raw shoud fail"
rlAssertGrep "Operation not permitted" $rlRun_LOG
rlPhaseEnd
rlPhaseStartTest "Set the prevailing process capabilities"
rlRun -s "capsh --caps=cap_chown+p --print"
rlAssertGrep "Current: = cap_chown+p" $rlRun_LOG
rlPhaseEnd
rlPhaseStartTest "Set the inheritable set of capabilities"
rlRun -s "capsh --inh=cap_chown --print"
rlRun "grep 'Current: = ' $rlRun_LOG | grep 'cap_chown+eip'"
rlRun -s "capsh --inh=cap_chown -- -c 'getpcaps \$\$' 2>&1"
rlAssertGrep "cap_chown+eip" $rlRun_LOG
rlPhaseEnd
rlPhaseStartTest "Assume the identity of the user nobody"
USERID=`id -u nobody`
GROUPID=`id -g nobody`
rlRun -s "capsh --user=nobody -- -c 'id'"
rlAssertGrep "uid=$USERID(nobody) gid=$GROUPID(nobody) groups=$GROUPID(nobody)" $rlRun_LOG
rlPhaseEnd
rlPhaseStartTest "Force all uid values to equal to nobody"
rlRun -s "capsh --uid=$USERID -- -c 'id'"
rlAssertGrep "uid=$USERID(nobody) gid=0(root) groups=0(root)" $rlRun_LOG
rlPhaseEnd
rlPhaseStartTest "Force all gid values to equal to nobody"
rlRun -s "capsh --gid=$GROUPID -- -c 'id'"
rlAssertGrep "uid=0(root) gid=$GROUPID(nobody)" $rlRun_LOG
rlPhaseEnd
rlPhaseStartTest "Set the supplementary groups"
GROUP2ID=`id -g daemon`
rlRun -s "capsh --groups=${GROUPID},${GROUP2ID} -- -c id"
rlAssertGrep "uid=0(root) gid=0(root) groups=0(root),${GROUP2ID}(daemon),${GROUPID}(nobody)" $rlRun_LOG
rlPhaseEnd
rlPhaseStartTest "Permit the process to retain its capabilities after a setuid"
CURRENT=`capsh --print | grep 'Current:' | cut -d '+' -f 1`
rlRun -s "capsh --keep=0 --uid=$USERID --print"
rlAssertGrep 'Current: =$' $rlRun_LOG -E
rlRun -s "capsh --keep=1 --uid=$USERID --print"
rlAssertGrep "$CURRENT" $rlRun_LOG
rlPhaseEnd
rlPhaseStartTest "Decode capabilities"
rlRun "CODE=$( cat /proc/$$/status | awk '/CapEff/ { print $2 }' )"
rlRun "DECODE=$( capsh --decode=$CODE | cut -d '=' -f 2 )"
rlRun "capsh --print | grep 'Current: = $DECODE'"
rlPhaseEnd
rlPhaseStartTest "Verify the existence of a capability on the system"
rlRun "capsh --supports=cap_net_raw"
rlRun -s "capsh --supports=cap_foo_bar" 1
rlAssertGrep "cap\[cap_foo_bar\] not recognized by library" $rlRun_LOG
rlPhaseEnd
rlPhaseStartTest "Verify exit code for unsupported option"
rlRun "capsh --foo bar" 1
rlPhaseEnd
rlPhaseStartTest "Run as a regular user"
USERID=`id -u libcap_tester`
rlRun -s "su - libcap_tester -c 'capsh --print'"
rlAssertGrep "Current: =\$" $rlRun_LOG -E
rlAssertGrep "uid=$USERID(libcap_tester)" $rlRun_LOG
rlPhaseEnd
rlPhaseStartCleanup
rlRun "userdel -r libcap_tester"
rlRun "popd"
rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
rlPhaseEnd
rlJournalPrintText
rlJournalEnd

2
tests/capsh/main.fmf Normal file
View File

@ -0,0 +1,2 @@
summary: capsh tests
description: tests basic capsh functionality

94
tests/capsh/test.sh Executable file
View File

@ -0,0 +1,94 @@
#!/bin/bash
. /usr/share/beakerlib/beakerlib.sh || exit 1
rlJournalStart
rlPhaseStartSetup
rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
rlRun "pushd $TmpDir"
rlRun "useradd -m libcap_tester"
rlPhaseEnd
rlPhaseStartTest "Should remove capability"
rlRun -s "capsh --drop=cap_sys_admin -- -c 'getpcaps \$\$'"
rlAssertGrep "cap_sys_admin-ep" $rlRun_LOG
rlPhaseEnd
rlPhaseStartTest "Should prevent the use of removed capability"
rlRun -s "capsh --drop=cap_net_raw -- -c 'ping localhost -e 0 -c 1'" 2,126 "Ping without cap_net_raw shoud fail"
rlAssertGrep "Operation not permitted" $rlRun_LOG
rlPhaseEnd
rlPhaseStartTest "Should set the prevailing process capabilities"
rlRun -s "capsh --caps=cap_chown+p --print"
rlAssertGrep "^Current:.*cap_chown[+=][ei]?p[ei]?.*" $rlRun_LOG -E
rlPhaseEnd
rlPhaseStartTest "Should set the inheritable set of capabilities"
rlRun -s "capsh --inh=cap_chown --print"
rlAssertGrep "^Current:.*cap_chown[+=][ep]?i[ep]?.*" $rlRun_LOG -E
rlPhaseEnd
rlPhaseStartTest "Should set and show the inheritable set of capabilities"
rlRun -s "capsh --inh=cap_chown -- -c 'getpcaps \$\$' 2>&1"
rlAssertGrep ".*cap_chown[+=][ep]?i[ep]?.*" $rlRun_LOG -E
rlPhaseEnd
rlPhaseStartTest "Should assume the identity of the user nobody"
USERID=`id -u nobody`
GROUPID=`id -g nobody`
rlRun -s "capsh --user=nobody -- -c 'id'"
rlAssertGrep "uid=$USERID(nobody) gid=$GROUPID(nobody) groups=$GROUPID(nobody)" $rlRun_LOG
rlPhaseEnd
rlPhaseStartTest "Should assume the nobody identity with uid"
USERID=`id -u nobody`
rlRun -s "capsh --uid=$USERID -- -c 'id'"
rlAssertGrep "uid=$USERID(nobody) gid=0(root) groups=0(root)" $rlRun_LOG
rlPhaseEnd
rlPhaseStartTest "Should assume guid of nobody"
GROUPID=`id -g nobody`
rlRun -s "capsh --gid=$GROUPID -- -c 'id'"
rlAssertGrep "uid=0(root) gid=$GROUPID(nobody)" $rlRun_LOG
rlPhaseEnd
rlPhaseStartTest "Should assume the supplementary groups"
GROUPID=`id -g nobody`
GROUP2ID=`id -g daemon`
rlRun -s "capsh --groups=${GROUPID},${GROUP2ID} -- -c id"
rlAssertGrep "uid=0(root) gid=0(root) groups=0(root),${GROUP2ID}(daemon),${GROUPID}(nobody)" $rlRun_LOG
rlPhaseEnd
rlPhaseStartTest "Should decode capabilities"
rlRun "CODE=$( cat /proc/$$/status | awk '/CapEff/ { print $2 }' )"
rlRun "DECODE=$( capsh --decode=$CODE | cut -d '=' -f 2 )"
rlRun "capsh --print | grep \"$DECODE\""
rlPhaseEnd
rlPhaseStartTest "Should detect the existence of a capability on the system"
rlRun "capsh --supports=cap_net_raw"
rlPhaseEnd
rlPhaseStartTest "Should detect the absence of a capability on the system"
rlRun -s "capsh --supports=cap_foo_bar" 1
rlAssertGrep "cap\[cap_foo_bar\] not recognized by library" $rlRun_LOG
rlPhaseEnd
rlPhaseStartTest "Should error for unsupported option"
rlRun "capsh --foo bar" 1
rlPhaseEnd
rlPhaseStartTest "Should run as a regular user"
USERID=`id -u libcap_tester`
rlRun -s "su - libcap_tester -c 'capsh --print'"
rlAssertGrep "Current: =\$" $rlRun_LOG -E
rlAssertGrep "uid=$USERID(libcap_tester)" $rlRun_LOG
rlPhaseEnd
rlPhaseStartCleanup
rlRun "userdel -r libcap_tester"
rlRun "popd"
rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
rlPhaseEnd
rlJournalEnd

2
tests/getcap-setcap/main.fmf Normal file
View File

@ -0,0 +1,2 @@
summary: setcap and getcap tests
description: tests setcap and getcap basic functionality

98
tests/getcap-setcap/test.sh Executable file
View File

@ -0,0 +1,98 @@
#!/bin/bash
. /usr/share/beakerlib/beakerlib.sh || exit 1
rlJournalStart
rlPhaseStartSetup
rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
rlRun "pushd $TmpDir"
rlPhaseEnd
rlPhaseStartTest "Should set and get capabilities on multiple files"
rlRun "touch test-file-0"
rlRun "touch test-file-1"
rlRun "setcap cap_net_admin+p test-file-0 cap_net_raw+ei test-file-1"
rlRun -s "getcap test-file-0 test-file-1"
rlAssertGrep "test-file-0.*cap_net_admin[+=]p" $rlRun_LOG -E
rlAssertGrep "test-file-1.*cap_net_raw[+=]ei" $rlRun_LOG -E
rlRun "rm -f test-file-0 test-file-1"
rlPhaseEnd
rlPhaseStartTest "Should set capabilities via stdin"
rlRun "touch test-file-0"
rlRun "echo -e 'cap_net_raw+p\ncap_net_admin+p' > input"
rlRun -s "setcap - test-file-0 < input"
rlAssertGrep "Please" $rlRun_LOG
rlRun -s "getcap test-file-0"
rlAssertGrep "cap_net_admin,cap_net_raw[+=]p" $rlRun_LOG -E
rlRun "rm -f test-file-0"
rlPhaseEnd
rlPhaseStartTest "Should set capabilities quietly via stdin"
rlRun "touch test-file-0"
rlRun "echo -e 'cap_net_raw+p' > input"
rlRun -s "setcap -q - test-file-0 < input"
rlAssertNotGrep "Please" $rlRun_LOG
rlRun -s "getcap test-file-0"
rlAssertGrep "cap_net_raw[+=]p" $rlRun_LOG -E
rlRun "rm -f test-file-0"
rlPhaseEnd
rlPhaseStartTest "Should remove capabilities"
rlRun "touch test-file-0"
rlRun "setcap cap_net_admin+p test-file-0"
rlRun "setcap -r test-file-0"
rlRun -s "getcap test-file-0"
rlAssertNotGrep "cap_net_admin" $rlRun_LOG
rlRun "rm -f test-file-0"
rlPhaseEnd
rlPhaseStartTest "Should list capabilities recursively"
rlRun "touch test-file-0"
rlRun "mkdir test-dir-1"
rlRun "touch test-dir-1/test-file-1"
rlRun "setcap cap_net_admin+p test-file-0 cap_net_raw+ei test-dir-1/test-file-1"
rlRun -s "getcap -r *"
rlAssertGrep "^test-file-0.*cap_net_admin[+=]p\$" $rlRun_LOG -E
rlAssertGrep "^test-dir-1/test-file-1.*cap_net_raw[+=]ei\$" $rlRun_LOG -E
rlRun "rm -f test-file-0"
rlRun "rm -rf test-dir-1"
rlPhaseEnd
rlPhaseStartTest "listing capabilities verbosely"
rlRun "touch test-file-0"
rlRun "mkdir test-dir-1"
rlRun "touch test-dir-1/test-file-1"
rlRun "touch test-dir-1/test-file-2"
rlRun "setcap cap_net_admin+p test-file-0 cap_net_raw+ei test-dir-1/test-file-1"
rlRun -s "getcap -v -r *"
rlAssertGrep "^test-file-0.*cap_net_admin[+=]p\$" $rlRun_LOG -E
rlAssertGrep "^test-dir-1/test-file-1.*cap_net_raw[+=]ei\$" $rlRun_LOG -E
rlAssertGrep "^test-dir-1/test-file-2\$" $rlRun_LOG -E
rlRun "rm -f test-file-0"
rlRun "rm -rf test-dir-1"
rlPhaseEnd
rlPhaseStartTest "Should setcap print help"
rlRun -s "setcap -h"
rlAssertGrep "usage" $rlRun_LOG
rlPhaseEnd
rlPhaseStartTest "Should getcap print help"
rlRun -s "getcap -h"
rlAssertGrep "usage" $rlRun_LOG
rlPhaseEnd
rlPhaseStartTest "setcap should exit with 1 on invalid arguments"
rlRun -s "setcap foo bar" 1
rlAssertGrep "Invalid" $rlRun_LOG -i
rlPhaseEnd
rlPhaseStartTest "getcap should exit with 1 on invalid arguments"
rlRun -s "getcap -f oo" 1
rlAssertGrep "Invalid" $rlRun_LOG -i
rlPhaseEnd
rlPhaseStartCleanup
rlRun "popd"
rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
rlPhaseEnd
rlJournalEnd

2
tests/libcap-devel/main.fmf Normal file
View File

@ -0,0 +1,2 @@
summary: libcap-devel tests
description: tests libcap-devel functionality

0
tests/sanity-tests/test-libcap.c → tests/libcap-devel/test-libcap.c
View File

17
tests/libcap-devel/test.sh Executable file
View File

@ -0,0 +1,17 @@
#!/bin/bash
. /usr/share/beakerlib/beakerlib.sh || exit 1
rlJournalStart
rlPhaseStartSetup
rlRun "gcc -lcap -lcmocka -Wall -g3 -o test-libcap test-libcap.c"
rlPhaseEnd
rlPhaseStartTest
rlRun "./test-libcap"
rlPhaseEnd
rlPhaseStartCleanup
rlRun "rm test-libcap"
rlPhaseEnd
rlJournalEnd

9
tests/main.fmf Normal file
View File

@ -0,0 +1,9 @@
test: ./test.sh
framework: beakerlib
require:
- libcap
- libcap-devel
- libcmocka
- libcmocka-devel
- gcc
- iputils

2
tests/manpages/main.fmf Normal file
View File

@ -0,0 +1,2 @@
summary: man pages install smoke tests
description: verify that the man pages are installed correctly

19
tests/manpages/test.sh Executable file
View File

@ -0,0 +1,19 @@
#!/bin/bash
. /usr/share/beakerlib/beakerlib.sh || exit 1
expected_manpages=(
'capsh(1)'
'libcap(3)' # there are many more but if these are present then it verifies it because of the glob install
'libpsx(3)'
'getcap(8)'
'getpcaps(8)'
'setcap(8)'
)
rlJournalStart
for page in "${expected_manpages[@]}"; do
rlPhaseStartTest "test ${page}"
rlRun "man --pager=cat '${page}'"
rlPhaseEnd
done
rlJournalEnd

64
tests/pam_cap-so-sanity-test/Makefile
View File

@ -1,64 +0,0 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /CoreOS/libcap/Sanity/pam_cap-so-sanity-test
# Description: basic functionality test for pam_cap.so module
# Author: Karel Srot <ksrot@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2017 Red Hat, Inc.
#
# This copyrighted material is made available to anyone wishing
# to use, modify, copy, or redistribute it subject to the terms
# and conditions of the GNU General Public License version 2.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/CoreOS/libcap/Sanity/pam_cap-so-sanity-test
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile PURPOSE
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
test -x runtest.sh || chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Karel Srot <ksrot@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: basic functionality test for pam_cap.so module" >> $(METADATA)
@echo "Type: Sanity" >> $(METADATA)
@echo "TestTime: 5m" >> $(METADATA)
@echo "RunFor: libcap" >> $(METADATA)
@echo "Requires: libcap" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
@echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA)
rhts-lint $(METADATA)

5
tests/pam_cap-so-sanity-test/PURPOSE
View File

@ -1,5 +0,0 @@
PURPOSE of /CoreOS/libcap/Sanity/pam_cap-so-sanity-test
Description: basic functionality test for pam_cap.so module
Author: Karel Srot <ksrot@redhat.com>
Test if a test user can be granted capabilities via pam_cap.so module.

63
tests/pam_cap-so-sanity-test/runtest.sh
View File

@ -1,63 +0,0 @@
#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /CoreOS/libcap/Sanity/pam_cap-so-sanity-test
# Description: basic functionality test for pam_cap.so module
# Author: Karel Srot <ksrot@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2017 Red Hat, Inc.
#
# This copyrighted material is made available to anyone wishing
# to use, modify, copy, or redistribute it subject to the terms
# and conditions of the GNU General Public License version 2.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/bin/rhts-environment.sh || exit 1
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="libcap"
rlJournalStart
rlPhaseStartSetup
rlAssertRpm $PACKAGE
rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
rlRun "pushd $TmpDir"
rlRun "useradd -m pam_cap_user"
rlRun "useradd -m pam_cap_user2"
rlFileBackup /etc/pam.d/su
[ -f /etc/security/capability.conf ] && rlFileBackup /etc/security/capability.conf
rlRun "echo -e 'cap_net_raw pam_cap_user\nnone *' > /etc/security/capability.conf"
rlRun "sed '1 s/^/auth required pam_cap.so/' -i /etc/pam.d/su" 0 "Configure pam_cap.so in /etc/pam.d/su"
rlPhaseEnd
rlPhaseStartTest
rlRun "su - pam_cap_user -c 'getpcaps \$\$' &> user1.log"
rlAssertGrep "Capabilities for.* = cap_net_raw" user1.log -E
rlRun "su - pam_cap_user2 -c 'getpcaps \$\$' &> user2.log"
rlAssertNotGrep "cap_net_raw" user2.log
rlPhaseEnd
rlPhaseStartCleanup
rlRun "userdel -r pam_cap_user"
rlRun "userdel -r pam_cap_user2"
rlFileRestore
rlRun "popd"
rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
rlPhaseEnd
rlJournalPrintText
rlJournalEnd

2
tests/pam_cap/main.fmf Normal file
View File

@ -0,0 +1,2 @@
summary: pam_cap.so tests
description: tests pam_cap.so functionality

32
tests/pam_cap/test.sh Executable file
View File

@ -0,0 +1,32 @@
#!/bin/bash
. /usr/share/beakerlib/beakerlib.sh || exit 1
rlJournalStart
rlPhaseStartSetup
rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
rlRun "pushd $TmpDir"
rlRun "useradd -m pam_cap_user"
rlRun "useradd -m pam_cap_user2"
rlFileBackup /etc/pam.d/su
[ -f /etc/security/capability.conf ] && rlFileBackup /etc/security/capability.conf
rlRun "echo -e 'cap_net_raw pam_cap_user\nnone *' > /etc/security/capability.conf"
rlRun "sed '1 s/^/auth required pam_cap.so/' -i /etc/pam.d/su" 0 "Configure pam_cap.so in /etc/pam.d/su"
rlPhaseEnd
rlPhaseStartTest "Should given pam_cap_user the cap_net_raw capability"
rlRun -s "su - pam_cap_user -c 'getpcaps \$\$'"
rlAssertGrep ".*cap_net_raw[+=].*" $rlRun_LOG -E
rlPhaseEnd
rlPhaseStartTest "The user pam_cap_user2 should not have the cap_net_raw capability"
rlRun -s "su - pam_cap_user2 -c 'getpcaps \$\$'"
rlAssertNotGrep "cap_net_raw" $rlRun_LOG
rlPhaseEnd
rlPhaseStartCleanup
rlRun "userdel -r pam_cap_user"
rlRun "userdel -r pam_cap_user2"
rlFileRestore
rlRun "popd"
rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
rlPhaseEnd
rlJournalEnd

65
tests/pkg-config-libcap-pc-addition/Makefile
View File

@ -1,65 +0,0 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /CoreOS/libcap/Sanity/pkg-config-libcap-pc-addition
# Description: Test for BZ#1425490 (Missing libcap.pc)
# Author: Karel Srot <ksrot@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2017 Red Hat, Inc.
#
# This copyrighted material is made available to anyone wishing
# to use, modify, copy, or redistribute it subject to the terms
# and conditions of the GNU General Public License version 2.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/CoreOS/libcap/Sanity/pkg-config-libcap-pc-addition
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile PURPOSE
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
test -x runtest.sh || chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Karel Srot <ksrot@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: Test for BZ#1425490 (Missing libcap.pc)" >> $(METADATA)
@echo "Type: Sanity" >> $(METADATA)
@echo "TestTime: 5m" >> $(METADATA)
@echo "RunFor: libcap" >> $(METADATA)
@echo "Requires: libcap libcap-devel pkgconfig" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
@echo "Bug: 1425490" >> $(METADATA)
@echo "Releases: -RHEL4 -RHELClient5 -RHELServer5 -RHEL6" >> $(METADATA)
rhts-lint $(METADATA)

7
tests/pkg-config-libcap-pc-addition/PURPOSE
View File

@ -1,7 +0,0 @@
PURPOSE of /CoreOS/libcap/Sanity/pkg-config-libcap-pc-addition
Description: Test for BZ#1425490 (Missing libcap.pc)
Author: Karel Srot <ksrot@redhat.com>
Bug summary: Missing libcap.pc
Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1425490
Checking the presence and sanity of the libcap.pc file.

62
tests/pkg-config-libcap-pc-addition/runtest.sh
View File

@ -1,62 +0,0 @@
#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /CoreOS/libcap/Sanity/pkg-config-libcap-pc-addition
# Description: Test for BZ#1425490 (Missing libcap.pc)
# Author: Karel Srot <ksrot@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2017 Red Hat, Inc.
#
# This copyrighted material is made available to anyone wishing
# to use, modify, copy, or redistribute it subject to the terms
# and conditions of the GNU General Public License version 2.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/bin/rhts-environment.sh || exit 1
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="libcap"
rlJournalStart
rlPhaseStartSetup
rlAssertRpm $PACKAGE
rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
rlRun "pushd $TmpDir"
rlPhaseEnd
rlPhaseStartTest
rlRun "rpm -ql libcap-devel | grep libcap.pc" 0 "There must be libcap.pc"
if [ $? -eq 0 ]; then
PCFILE=$(rpm -ql libcap-devel | grep libcap.pc)
rlRun "pkg-config --libs libcap | grep -- '-lcap'"
VER=$(awk '/Version:/ { print $2 }' $PCFILE | tail -1)
rlRun "pkg-config --modversion libcap | grep $VER"
rlRun -s "pkg-config --print-variables libcap"
rlAssertGrep "^prefix" $rlRun_LOG
rlAssertGrep "^exec_prefix" $rlRun_LOG
rlAssertGrep "^libdir" $rlRun_LOG
rlAssertGrep "^includedir" $rlRun_LOG
fi
rlPhaseEnd
rlPhaseStartCleanup
rlRun "popd"
rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
rlPhaseEnd
rlJournalPrintText
rlJournalEnd

2
tests/pkg-configs/main.fmf Normal file
View File

@ -0,0 +1,2 @@
summary: validates pkg-configs presence.
description: ensures libcap.pc and libpsx.pc are installed

44
tests/pkg-configs/test.sh Executable file
View File

@ -0,0 +1,44 @@
#!/bin/bash
. /usr/share/beakerlib/beakerlib.sh || exit 1
rlJournalStart
rlPhaseStartSetup
rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
rlRun "pushd $TmpDir"
rlPhaseEnd
rlPhaseStartTest "libcap pkg-config should be present and valid"
rlRun "rpm -ql libcap-devel | grep libcap.pc" 0 "There must be libcap.pc"
if [ $? -eq 0 ]; then
PCFILE=$(rpm -ql libcap-devel | grep libcap.pc)
rlRun "pkg-config --libs libcap | grep -- '-lcap'"
VER=$(awk '/Version:/ { print $2 }' $PCFILE | tail -1)
rlRun "pkg-config --modversion libcap | grep $VER"
rlRun -s "pkg-config --print-variables libcap"
rlAssertGrep "^prefix" $rlRun_LOG
rlAssertGrep "^exec_prefix" $rlRun_LOG
rlAssertGrep "^libdir" $rlRun_LOG
rlAssertGrep "^includedir" $rlRun_LOG
fi
rlPhaseEnd
rlPhaseStartTest "libcap pkg-config should be present and valid"
rlRun "rpm -ql libcap-devel | grep libpsx.pc" 0 "There must be libpsx.pc"
if [ $? -eq 0 ]; then
PCFILE=$(rpm -ql libcap-devel | grep libpsx.pc)
rlRun "pkg-config --libs libpsx | grep -- '-lpsx -lpthread -Wl,-wrap,pthread_create'"
VER=$(awk '/Version:/ { print $2 }' $PCFILE | tail -1)
rlRun "pkg-config --modversion libpsx | grep $VER"
rlRun -s "pkg-config --print-variables libpsx"
rlAssertGrep "^prefix" $rlRun_LOG
rlAssertGrep "^exec_prefix" $rlRun_LOG
rlAssertGrep "^libdir" $rlRun_LOG
rlAssertGrep "^includedir" $rlRun_LOG
fi
rlPhaseEnd
rlPhaseStartCleanup
rlRun "popd"
rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
rlPhaseEnd
rlJournalEnd

46
tests/sanity-tests/Makefile
View File

@ -1,46 +0,0 @@
# SPDX-License-Identifier: LGPL-2.1+
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /CoreOS/libcap
# Description: Test if libcap working ok
# Author: Susant Sahani<susant@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/CoreOS/libcap
export TESTVERSION=1.0
OBJS = test-libcap.c
CFLAG = -Wall -g3
CC = gcc
LIBS = -lcap -lcmocka
test-libcap:${OBJ}
${CC} ${CFLAGS} ${INCLUDES} -o $@ ${OBJS} ${LIBS}
run: test-libcap
./runtest.sh
clean:
-rm -f *~ test-libcap
.c.o:
${CC} ${CFLAGS} ${INCLUDES} -c $<
CC = gcc
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Susant Sahani<susant@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: Test libcap works ok" >> $(METADATA)
@echo "Type: Sanity" >> $(METADATA)
@echo "TestTime: 5m" >> $(METADATA)
@echo "RunFor: libcap" >> $(METADATA)
@echo "Requires: libcap libcap-devel" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
@echo "Releases: -Fedora 29" >> $(METADATA)
rhts-lint $(METADATA)

34
tests/sanity-tests/runtest.sh
View File

@ -1,34 +0,0 @@
#!/bin/bash
# SPDX-License-Identifier: LGPL-2.1+
# ~~~
# runtest.sh of libcap
# Description: Tests for libcap
#
# Author: Susant Sahani <susant@redhat.com>
# Copyright (c) 2018 Red Hat, Inc.
# ~~~
# Include Beaker environment
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="libcap"
rlJournalStart
rlPhaseStartSetup
rlAssertRpm $PACKAGE
rlRun "cp test-libcap /usr/bin/"
rlPhaseEnd
rlPhaseStartTest
rlLog "Starting libcap tests ..."
rlRun "/usr/bin/test-libcap"
rlPhaseEnd
rlPhaseStartCleanup
rlRun "rm /usr/bin/test-libcap"
rlLog "libcap tests done"
rlPhaseEnd
rlJournalPrintText
rlJournalEnd
rlGetTestState

64
tests/setcap-getcap-basic-functionality/Makefile
View File

@ -1,64 +0,0 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /CoreOS/libcap/Sanity/setcap-getcap-basic-functionality
# Description: test basic functionality
# Author: Karel Srot <ksrot@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2017 Red Hat, Inc.
#
# This copyrighted material is made available to anyone wishing
# to use, modify, copy, or redistribute it subject to the terms
# and conditions of the GNU General Public License version 2.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/CoreOS/libcap/Sanity/setcap-getcap-basic-functionality
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile PURPOSE
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
test -x runtest.sh || chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Karel Srot <ksrot@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: test basic functionality" >> $(METADATA)
@echo "Type: Sanity" >> $(METADATA)
@echo "TestTime: 5m" >> $(METADATA)
@echo "RunFor: libcap" >> $(METADATA)
@echo "Requires: libcap" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
@echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA)
rhts-lint $(METADATA)

3
tests/setcap-getcap-basic-functionality/PURPOSE
View File

@ -1,3 +0,0 @@
PURPOSE of /CoreOS/libcap/Sanity/setcap-getcap-basic-functionality
Description: test basic functionality
Author: Karel Srot <ksrot@redhat.com>

98
tests/setcap-getcap-basic-functionality/runtest.sh
View File

@ -1,98 +0,0 @@
#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /CoreOS/libcap/Sanity/setcap-getcap-basic-functionality
# Description: test basic functionality
# Author: Karel Srot <ksrot@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2017 Red Hat, Inc.
#
# This copyrighted material is made available to anyone wishing
# to use, modify, copy, or redistribute it subject to the terms
# and conditions of the GNU General Public License version 2.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/bin/rhts-environment.sh || exit 1
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="libcap"
rlJournalStart
rlPhaseStartSetup
rlAssertRpm $PACKAGE
rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
rlRun "pushd $TmpDir"
rlRun "mkdir mydir && touch file1 mydir/file2 mydir/file3"
rlPhaseEnd
rlPhaseStartTest "set and get capabilities"
rlRun "setcap cap_net_admin+p file1 cap_net_raw+ei mydir/file2"
rlRun -s "getcap file1 mydir/file2"
rlAssertGrep "file1 = cap_net_admin+p" $rlRun_LOG
rlAssertGrep "mydir/file2 = cap_net_raw+ei" $rlRun_LOG
rlPhaseEnd
rlPhaseStartTest "set capabilities via stdin"
rlRun "echo -e 'cap_net_raw+p\ncap_net_admin+p' > input"
rlRun -s "setcap - mydir/file3 < input"
rlAssertGrep "Please enter caps for file \[empty line to end\]:" $rlRun_LOG
rlRun "getcap mydir/file3 | grep 'mydir/file3 = cap_net_admin,cap_net_raw+p'"
rlPhaseEnd
rlPhaseStartTest "set capabilities quietly via stdin"
rlRun "echo -e 'cap_net_raw+p' > input"
rlRun -s "setcap -q - mydir/file3 < input"
rlAssertNotGrep "Please enter caps for file" $rlRun_LOG
rlRun "getcap mydir/file3 | grep 'mydir/file3 = cap_net_raw+p'"
rlPhaseEnd
rlPhaseStartTest "remove capabilities"
rlRun "setcap -r mydir/file3"
rlRun "getcap | grep file3" 1 "There should be no capabilities listed for file1"
rlPhaseEnd
rlPhaseStartTest "listing capabilities recursively"
rlRun -s "getcap -r *"
rlAssertGrep "file1 = cap_net_admin+p" $rlRun_LOG
rlAssertGrep "mydir/file2 = cap_net_raw+ei" $rlRun_LOG
rlPhaseEnd
rlPhaseStartTest "listing capabilities verbosely"
rlRun -s "getcap -v mydir/*"
rlAssertGrep "mydir/file2 = cap_net_raw+ei" $rlRun_LOG
rlAssertGrep "mydir/file3\$" $rlRun_LOG -E
rlPhaseEnd
rlPhaseStartTest "print help"
rlRun "setcap -h | grep 'usage: setcap'" 1
rlRun "getcap -h | grep 'usage: getcap'" 1
rlPhaseEnd
rlPhaseStartTest "exit with 1 on error"
rlRun -s "setcap foo bar" 1
rlAssertGrep "fatal error: Invalid argument" $rlRun_LOG
rlRun -s "getcap -f oo" 1
rlAssertGrep "getcap: invalid option -- 'f'" $rlRun_LOG
rlPhaseEnd
rlPhaseStartCleanup
rlRun "popd"
rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
rlPhaseEnd
rlJournalPrintText
rlJournalEnd

28
tests/tests.yml
View File

@ -1,28 +0,0 @@
- hosts: localhost
roles:
- role: standard-test-beakerlib
tags:
- classic
- container
tests:
- sanity-tests
- pam_cap-so-sanity-test
- setcap-getcap-basic-functionality
required_packages:
- libcap # libcap package required for all tests
- libcap-devel
- libcmocka
- libcmocka-devel
- gcc
- iputils # ping command required for capsh-basic-functionality
# Tests that run in atomic
- hosts: localhost
roles:
- role: standard-test-beakerlib
tags:
- atomic
tests:
- capsh-basic-functionality
- pam_cap-so-sanity-test
- setcap-getcap-basic-functionality