ping
On 3/13/2017 10:14 AM, Li Zhijian wrote:
Hi guys
I run the kernel selttests at the latest linux, and got test_execve
failure when i run this case under root
and it passed under non-root user. are those behaviors expected?
if i miss something, pls let me know.
my environment is like:
root@haswell-OptiPlex-9020:/home/lizj/linux/tools/testing/selftests/capabilities#
uname -a
Linux haswell-OptiPlex-9020 4.8.0-rc7 #2 SMP PREEMPT Fri Mar 10
13:50:19 CST 2017 x86_64 x86_64 x86_64 GNU/Linux
root@haswell-OptiPlex-9020:/home/lizj/linux/tools/testing/selftests/capabilities#
root@haswell-OptiPlex-9020:/home/lizj/linux/tools/testing/selftests/capabilities#
lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.04 LTS
Release: 14.04
Codename: trusty
root@haswell-OptiPlex-9020:/home/lizj/linux/tools/testing/selftests/capabilities#
dpkg -l |grep -e cap-ng
ii libcap-ng-dev 0.7.3-1ubuntu2 amd64
Development and header files for libcap-ng
ii libcap-ng-utils 0.7.3-1ubuntu2 amd64 Utilities for
analysing and setting file capabilities
ii libcap-ng0 0.7.3-1ubuntu2 amd64 An alternate POSIX
capabilities library
root@haswell-OptiPlex-9020:/home/lizj/linux/tools/testing/selftests/capabilities#
make run_tests
[RUN] +++ Tests with uid == 0 +++
[NOTE] Using global UIDs for tests
[RUN] Root => ep
[OK] Capabilities after execve were correct
[OK] Child succeeded
[OK] Check cap_ambient manipulation rules
[OK] PR_CAP_AMBIENT_RAISE failed on non-inheritable cap
[OK] PR_CAP_AMBIENT_RAISE failed on non-permitted cap
[OK] PR_CAP_AMBIENT_RAISE worked
[OK] Basic manipulation appears to work
[RUN] Root +i => eip
[OK] Capabilities after execve were correct
[OK] Child succeeded
[RUN] UID 0 +ia => eipa
[OK] Capabilities after execve were correct
[OK] Child succeeded
[RUN] Root +ia, suidroot => eipa
[OK] Capabilities after execve were correct
[OK] Child succeeded
[RUN] Root +ia, suidnonroot => ip
[FAIL] Wrong effective state (AT_SECURE is not set)
[FAIL] Child failed
[RUN] Root +ia, sgidroot => eipa
[OK] Capabilities after execve were correct
[OK] Child succeeded
[RUN] Root, gid != 0, +ia, sgidroot => eip
[FAIL] Wrong ambient state (AT_SECURE is not set)
[FAIL] Child failed
[RUN] Root +ia, sgidnonroot => eip
[FAIL] Wrong ambient state (AT_SECURE is not set)
[FAIL] Child failed
[FAIL] Child failed
[RUN] +++ Tests with uid != 0 +++
[NOTE] Using global UIDs for tests
[RUN] Non-root => no caps
[OK] Capabilities after execve were correct
[OK] Child succeeded
[OK] Check cap_ambient manipulation rules
[OK] PR_CAP_AMBIENT_RAISE failed on non-inheritable cap
[OK] PR_CAP_AMBIENT_RAISE failed on non-permitted cap
[OK] PR_CAP_AMBIENT_RAISE worked
[OK] Basic manipulation appears to work
[RUN] Non-root +i => i
[OK] Capabilities after execve were correct
[OK] Child succeeded
[RUN] UID 1 +ia => eipa
[OK] Capabilities after execve were correct
[OK] Child succeeded
[RUN] Non-root +ia, sgidnonroot => i
[FAIL] Wrong effective state (AT_SECURE is not set)
[FAIL] Child failed
selftests: test_execve [FAIL]
/home/lizj/linux/tools/testing/selftests/capabilities
--
To unsubscribe from this list: send the line "unsubscribe linux-kselftest" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html