Re: selftests/capabilities: test FAIL on linux mainline and linux-next and PASS on linux-4.4.70+

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 06/27/2017 09:32 AM, Shuah Khan wrote:
> Hi Naresh,
> 
> On 06/27/2017 02:40 AM, Naresh Kamboju wrote:
>> selftest capabilities test failed on linux mainline and linux-next and
>> PASS on linux-4.4.70+
>> Tested on HiKey ARM64 Development board.
>>
>> A bug reported in Linaro bug tracking system,
>> LKFT: Capabilities test_execve fail Wrong effective state AT_SECURE is not set
>> https://bugs.linaro.org/show_bug.cgi?id=2947
>>
>> Please guide me to debug the reason for failure.
>> Kernel config link,
>> https://pastebin.com/P1uYmdMG
>>
>> Linux version 4.12.0-rc7-00004-gda8b14e (buildslave@x86-64-08) (gcc
>> version 6.2.1 20161016 (Linaro GCC 6.2-2016.11) ) #1 SMP PREEMPT Mon
>> Jun 26 20:04:35 UTC 2017
>>
>> Linux version 4.12.0-rc7-next-20170627 (buildslave@x86-64-07) (gcc
>> version 6.2.1 20161016 (Linaro GCC 6.2-2016.11)) #1 SMP PREEMPT Tue
>> Jun 27 06:33:39 UTC 2017
>>
>> LAVA job id:
>> https://lkft.validation.linaro.org/scheduler/job/4397#L1412
>>
>> Running tests in capabilities
>> ========================================
>> [OK] Capabilities after execve were correct
>> [OK] Capabilities after execve were correct
>> [OK] Capabilities after execve were correct
>> [OK] Capabilities after execve were correct
>> [FAIL] Wrong effective state (AT_SECURE is not set)
>> [OK] Capabilities after execve were correct
>> [FAIL] Wrong ambient state (AT_SECURE is not set)
>> [FAIL] Wrong ambient state (AT_SECURE is not set)
>> [RUN] +++ Tests with uid == 0 +++
>> [NOTE] Using global UIDs for tests
>> [RUN] Root => ep
>> [OK] Child succeeded
>> [OK] Check cap_ambient manipulation rules
>> [OK] PR_CAP_AMBIENT_RAISE failed on non-inheritable cap
>> [OK] PR_CAP_AMBIENT_RAISE failed on non-permitted cap
>> [OK] PR_CAP_AMBIENT_RAISE worked
>> [OK] Basic manipulation appears to work
>> [RUN] Root +i => eip
>> [OK] Child succeeded
>> [RUN] UID 0 +ia => eipa
>> [OK] Child succeeded
>> [RUN] Root +ia, suidroot => eipa
>> [OK] Child succeeded
> 
> Okay the following appears to be the first difference
> between the runs on the mainline and 4.4.74
> 
> When udi != 0 case, these tests fail. Could it be that
> there are security related changes to this area and the
> tests need updates?

uid is still 0!

> 
> Kees/Andy: Do you have any insight
> 

Sorry hit return too soon. There is no change to the test
itself. I wonder if this is new in mainline or the failure
occurs in 4.11 - I am building stables now, I will try the test
on 4.9 and 4.11 and see how it behaves and let you know

> 
> ------------------------------------
>> [RUN] Root +ia, suidnonroot => ip
>> [FAIL] Child failed
>> [RUN] Root +ia, sgidroot => eipa
>> [OK] Child succeeded
>> [FAIL] Child failed
>> [RUN] Root +ia, sgidnonroot => eip
>> [FAIL] Child failed
> -------------------------------------
> 
>> [OK] Capabilities after execve were correct
>> [OK] Capabilities after execve were correct
>> [OK] Capabilities after execve were correct
>> [FAIL] Wrong effective state (AT_SECURE is not set)
>> [FAIL] Child failed
>> [FAIL] Child failed
>> selftests: test_execve [FAIL]
>>
>> capabilities test PASS on Linux-4.4.70+.
>>
>> Running tests in capabilities
>> ========================================
>> case: step_after_suspend_test
>> definition: 1_kselftest
>> result: skip
>> [OK] Capabilities after execve were correct
>> [OK] Capabilities after execve were correct
>> [OK] Capabilities after execve were correct
>> [OK] Capabilities after execve were correct
>> [OK] Capabilities after execve were correct
>> [OK] Capabilities after execve were correct
>> [OK] Capabilities after execve were correct
>> [OK] Capabilities after execve were correct
>> [RUN] +++ Tests with uid == 0 +++
>> [NOTE] Using global UIDs for tests
>> [RUN] Root => ep
>> [OK] Child succeeded
>> [OK] Check cap_ambient manipulation rules
>> [OK] PR_CAP_AMBIENT_RAISE failed on non-inheritable cap
>> [OK] PR_CAP_AMBIENT_RAISE failed on non-permitted cap
>> [OK] PR_CAP_AMBIENT_RAISE worked
>> [OK] Basic manipulation appears to work
>> [RUN] Root +i => eip
>> [OK] Child succeeded
>> [RUN] UID 0 +ia => eipa
>> [OK] Child succeeded
>> [RUN] Root +ia, suidroot => eipa
>> [OK] Child succeeded
>> [RUN] Root +ia, suidnonroot => ip
>> [OK] Child succeeded
>> [RUN] Root +ia, sgidroot => eipa
>> [OK] Child succeeded
>> [OK] Child succeeded
>> [RUN] Root +ia, sgidnonroot => eip
>> [OK] Child succeeded
>> [OK] Capabilities after execve were correct
>> [OK] Capabilities after execve were correct
>> [OK] Capabilities after execve were correct
>> [OK] Capabilities after execve were correct
>> [OK] Child succeeded
>> [OK] Child succeeded
>> selftests: test_execve [PASS]
>>
>> Thanks and best regards,
>> Naresh Kamboju
>>
> 

--
To unsubscribe from this list: send the line "unsubscribe linux-kselftest" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux