1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
// Program b215283 requires privilege to execute and is a minimally adapted
// version of a test case provided by Lorenz Bauer as a reproducer for a
// problem he found and reported in:
//
// https://bugzilla.kernel.org/show_bug.cgi?id=215283
package main
import (
"fmt"
"os"
"kernel.org/pub/linux/libs/security/libcap/cap"
)
func main() {
const secbits = cap.SecbitNoRoot | cap.SecbitNoSetUIDFixup
if v, err := cap.GetProc().GetFlag(cap.Permitted, cap.SETPCAP); err != nil {
panic(fmt.Sprintf("failed to get flag value: %v", err))
os.Exit(1)
} else if !v {
fmt.Printf("test requires cap_setpcap: found %q\n", cap.GetProc())
os.Exit(1)
}
if bits := cap.GetSecbits(); bits != 0 {
fmt.Printf("test expects secbits=0 to run; found: 0%o\n", bits)
os.Exit(1)
}
fmt.Println("secbits:", cap.GetSecbits(), " caps:", cap.GetProc())
l := cap.FuncLauncher(func(interface{}) error {
return cap.NewSet().SetProc()
})
if _, err := l.Launch(nil); err != nil {
fmt.Printf("launch failed: %v\n", err)
os.Exit(1)
}
fmt.Println("secbits:", cap.GetSecbits(), " caps:", cap.GetProc())
if err := secbits.Set(); err != nil {
fmt.Printf("set securebits: %v", err.Error())
os.Exit(1)
}
}
|
