1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 This file is part of systemd
5 Copyright 2014 Ronny Chevalier
7 systemd is free software; you can redistribute it and/or modify it
8 under the terms of the GNU Lesser General Public License as published by
9 the Free Software Foundation; either version 2.1 of the License, or
10 (at your option) any later version.
12 systemd is distributed in the hope that it will be useful, but
13 WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 Lesser General Public License for more details.
17 You should have received a copy of the GNU Lesser General Public License
18 along with systemd; If not, see <http://www.gnu.org/licenses/>.
21 #include <netinet/in.h>
23 #include <sys/capability.h>
24 #include <sys/prctl.h>
25 #include <sys/socket.h>
29 #include "capability-util.h"
34 static uid_t test_uid
= -1;
35 static gid_t test_gid
= -1;
37 /* We keep CAP_DAC_OVERRIDE to avoid errors with gcov when doing test coverage */
38 static uint64_t test_flags
= 1ULL << CAP_DAC_OVERRIDE
;
40 static void fork_test(void (*test_func
)(void)) {
51 assert_se(waitpid(pid
, &status
, 0) > 0);
52 assert_se(WIFEXITED(status
) && WEXITSTATUS(status
) == 0);
56 static void show_capabilities(void) {
60 caps
= cap_get_proc();
63 text
= cap_to_text(caps
, NULL
);
66 log_info("Capabilities:%s", text
);
71 static int setup_tests(bool *run_ambient
) {
72 struct passwd
*nobody
;
75 nobody
= getpwnam("nobody");
77 log_error_errno(errno
, "Could not find nobody user: %m");
78 return -EXIT_TEST_SKIP
;
80 test_uid
= nobody
->pw_uid
;
81 test_gid
= nobody
->pw_gid
;
85 r
= prctl(PR_CAP_AMBIENT
, PR_CAP_AMBIENT_CLEAR_ALL
, 0, 0, 0);
87 /* There's support for PR_CAP_AMBIENT if the prctl() call
88 * succeeded or error code was something else than EINVAL. The
89 * EINVAL check should be good enough to rule out false
92 if (r
>= 0 || errno
!= EINVAL
)
98 static void test_drop_privileges_keep_net_raw(void) {
101 sock
= socket(AF_INET
, SOCK_RAW
, IPPROTO_UDP
);
102 assert_se(sock
>= 0);
105 assert_se(drop_privileges(test_uid
, test_gid
, test_flags
| (1ULL << CAP_NET_RAW
)) >= 0);
106 assert_se(getuid() == test_uid
);
107 assert_se(getgid() == test_gid
);
110 sock
= socket(AF_INET
, SOCK_RAW
, IPPROTO_UDP
);
111 assert_se(sock
>= 0);
115 static void test_drop_privileges_dontkeep_net_raw(void) {
118 sock
= socket(AF_INET
, SOCK_RAW
, IPPROTO_UDP
);
119 assert_se(sock
>= 0);
122 assert_se(drop_privileges(test_uid
, test_gid
, test_flags
) >= 0);
123 assert_se(getuid() == test_uid
);
124 assert_se(getgid() == test_gid
);
127 sock
= socket(AF_INET
, SOCK_RAW
, IPPROTO_UDP
);
131 static void test_drop_privileges_fail(void) {
132 assert_se(drop_privileges(test_uid
, test_gid
, test_flags
) >= 0);
133 assert_se(getuid() == test_uid
);
134 assert_se(getgid() == test_gid
);
136 assert_se(drop_privileges(test_uid
, test_gid
, test_flags
) < 0);
137 assert_se(drop_privileges(0, 0, test_flags
) < 0);
140 static void test_drop_privileges(void) {
141 fork_test(test_drop_privileges_keep_net_raw
);
142 fork_test(test_drop_privileges_dontkeep_net_raw
);
143 fork_test(test_drop_privileges_fail
);
146 static void test_have_effective_cap(void) {
147 assert_se(have_effective_cap(CAP_KILL
));
148 assert_se(have_effective_cap(CAP_CHOWN
));
150 assert_se(drop_privileges(test_uid
, test_gid
, test_flags
| (1ULL << CAP_KILL
)) >= 0);
151 assert_se(getuid() == test_uid
);
152 assert_se(getgid() == test_gid
);
154 assert_se(have_effective_cap(CAP_KILL
));
155 assert_se(!have_effective_cap(CAP_CHOWN
));
158 static void test_update_inherited_set(void) {
163 caps
= cap_get_proc();
165 assert_se(!cap_get_flag(caps
, CAP_CHOWN
, CAP_INHERITABLE
, &fv
));
166 assert(fv
== CAP_CLEAR
);
168 set
= (UINT64_C(1) << CAP_CHOWN
);
170 assert_se(!capability_update_inherited_set(caps
, set
));
171 assert_se(!cap_get_flag(caps
, CAP_CHOWN
, CAP_INHERITABLE
, &fv
));
172 assert(fv
== CAP_SET
);
177 static void test_set_ambient_caps(void) {
182 caps
= cap_get_proc();
184 assert_se(!cap_get_flag(caps
, CAP_CHOWN
, CAP_INHERITABLE
, &fv
));
185 assert(fv
== CAP_CLEAR
);
188 assert_se(prctl(PR_CAP_AMBIENT
, PR_CAP_AMBIENT_IS_SET
, CAP_CHOWN
, 0, 0) == 0);
190 set
= (UINT64_C(1) << CAP_CHOWN
);
192 assert_se(!capability_ambient_set_apply(set
, true));
194 caps
= cap_get_proc();
195 assert_se(!cap_get_flag(caps
, CAP_CHOWN
, CAP_INHERITABLE
, &fv
));
196 assert(fv
== CAP_SET
);
199 assert_se(prctl(PR_CAP_AMBIENT
, PR_CAP_AMBIENT_IS_SET
, CAP_CHOWN
, 0, 0) == 1);
202 int main(int argc
, char *argv
[]) {
206 log_parse_environment();
209 log_info("have ambient caps: %s", yes_no(ambient_capabilities_supported()));
212 return EXIT_TEST_SKIP
;
214 r
= setup_tests(&run_ambient
);
220 test_drop_privileges();
221 test_update_inherited_set();
223 fork_test(test_have_effective_cap
);
226 fork_test(test_set_ambient_caps
);