diff options
| author | Andrew G. Morgan <morgan@kernel.org> | 2023-02-09 20:13:25 -0800 |
|---|---|---|
| committer | Andrew G. Morgan <morgan@kernel.org> | 2023-02-09 20:13:25 -0800 |
| commit | ddbaa98412398a6766552285c8e3c0dcdf632dbb (patch) | |
| tree | 319233e3123486316d67a01625ddeeb5e7b6b5c6 | |
| parent | 329b69ea640960d7afffc1c780ed4dde13549292 (diff) | |
| download | libcap-ddbaa98412398a6766552285c8e3c0dcdf632dbb.tar.gz | |
Make the compare-cap binary clean up after itself.
When run via sudo, compare-cap exits with some file capabilities
left on its binary file. This is a test binary, so that's not a
big problem, however, it does mean that a 2nd run of the program
is started with, potentially, a different initial state.
This commit fixes that exit condition and addresses:
https://bugzilla.kernel.org/show_bug.cgi?id=217018
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
| -rw-r--r-- | go/compare-cap.go | 12 | ||||
| -rwxr-xr-x | progs/quicktest.sh | 1 |
2 files changed, 8 insertions, 5 deletions
diff --git a/go/compare-cap.go b/go/compare-cap.go index 5e489e5..064d5fa 100644 --- a/go/compare-cap.go +++ b/go/compare-cap.go @@ -116,16 +116,18 @@ func tryFileCaps() { if err := want.SetFd(f); err != nil { log.Fatalf("failed to fset file capability: %v", err) } - if err := saved.SetProc(); err != nil { - log.Fatalf("failed to lower effective capability: %v", err) - } - // End of critical section. - if got, err := cap.GetFd(f); err != nil { log.Fatalf("failed to fread caps: %v", err) } else if is, was := got.String(), want.String(); is != was { log.Fatalf("fread file caps do not match desired: got=%q want=%q", is, was) } + if err := empty.SetFd(f); err != nil && err != syscall.ENODATA { + log.Fatalf("blocked from cleanup fremoving filecaps: %v", err) + } + if err := saved.SetProc(); err != nil { + log.Fatalf("failed to lower effective capability: %v", err) + } + // End of critical section. } // tryProcCaps performs a set of convenience functions and compares diff --git a/progs/quicktest.sh b/progs/quicktest.sh index 7366a6c..59e16b0 100755 --- a/progs/quicktest.sh +++ b/progs/quicktest.sh @@ -283,6 +283,7 @@ if [ -f ../go/compare-cap ]; then grep "skipping file cap tests" if [ $? -eq 0 ]; then echo "FAILED not engaging file cap tests" + exit 1 fi echo "PASSED" else |