[Bug 236857] Fix sysctl check for some sys/audit/process-control tests
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Mar 28 23:07:52 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=236857
Olivier Cochard <olivier at freebsd.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #203223|0 |1
is obsolete| |
--- Comment #7 from Olivier Cochard <olivier at freebsd.org> ---
Created attachment 203226
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=203226&action=edit
patch using ATF_REQUIRE_SYSCTL_INT
Good remark.
The original code was:
```
const char *capname = "kern.features.security_capability_mode";
ATF_REQUIRE_EQ(0, sysctlbyname(capname, &capinfo, &len, NULL, 0))
/* Without CAPABILITY_MODE enabled, cap_enter() returns ENOSYS */
if (!capinfo)
atf_tc_skip("Capsicum is not enabled in the system");
```
So, the purpose was to check if kern.features.security_capability_mode==1.
Which mean "Check if capability is enabled".
My patch was adding a "Check if this capability exist", before to check its
status.
If I remove the old sysctlbyname(3) call, I will not catch this condition:
- Capability exist
- But capability is disabled
So I've read freebsd_test_suite/macros.h, and I've found these functions:
- ATF_REQUIRE_FEATURE(_feature_name)
- ATF_REQUIRE_KERNEL_MODULE(_mod_name)
- ATF_REQUIRE_SYSCTL_INT(_mib_name, _required_value)
And I think the best way should using ATF_REQUIRE_SYSCTL_INT(capname,1) that
manage both condition.
With this new patch:
# kyua test sys/audit/process-control:cap_enter_success
sys/audit/process-control:cap_enter_success -> skipped: sysctl for
kern.features.security_capability_mode failed: No such file or director
y [0.003s]
Results file id is usr_tests.20190328-230635-632822
Results saved to /root/.kyua/store/results.usr_tests.20190328-230635-632822.db
1/1 passed (0 failed)
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-testing
mailing list