[Bug 236857] Fix sysctl check for some sys/audit/process-control tests

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Thu Mar 28 23:07:52 UTC 2019 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=236857

Olivier Cochard <olivier at freebsd.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #203223|0                           |1
        is obsolete|                            |

--- Comment #7 from Olivier Cochard <olivier at freebsd.org> ---
Created attachment 203226
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=203226&action=edit
patch using ATF_REQUIRE_SYSCTL_INT

Good remark.

The original code was:

```
const char *capname = "kern.features.security_capability_mode";
ATF_REQUIRE_EQ(0, sysctlbyname(capname, &capinfo, &len, NULL, 0))
/* Without CAPABILITY_MODE enabled, cap_enter() returns ENOSYS */
if (!capinfo)
   atf_tc_skip("Capsicum is not enabled in the system");
```

So, the purpose was to check if kern.features.security_capability_mode==1.
Which mean "Check if capability is enabled".

My patch was adding a "Check if this capability exist", before to check its
status.

If I remove the old sysctlbyname(3) call, I will not catch this condition:
- Capability exist
- But capability is disabled

So I've read freebsd_test_suite/macros.h, and I've found these functions:
- ATF_REQUIRE_FEATURE(_feature_name)
- ATF_REQUIRE_KERNEL_MODULE(_mod_name)
- ATF_REQUIRE_SYSCTL_INT(_mib_name, _required_value)

And I think the best way should using ATF_REQUIRE_SYSCTL_INT(capname,1) that
manage both condition.

With this new patch:
# kyua test sys/audit/process-control:cap_enter_success
sys/audit/process-control:cap_enter_success  ->  skipped: sysctl for
kern.features.security_capability_mode failed: No such file or director
y  [0.003s]

Results file id is usr_tests.20190328-230635-632822
Results saved to /root/.kyua/store/results.usr_tests.20190328-230635-632822.db

1/1 passed (0 failed)

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-testing mailing list