1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 #include <netinet/in.h>
5 #include <sys/capability.h>
7 #include <sys/socket.h>
11 #include "alloc-util.h"
12 #include "capability-util.h"
16 #include "parse-util.h"
20 static uid_t test_uid
= -1;
21 static gid_t test_gid
= -1;
23 /* We keep CAP_DAC_OVERRIDE to avoid errors with gcov when doing test coverage */
24 static uint64_t test_flags
= 1ULL << CAP_DAC_OVERRIDE
;
26 /* verify cap_last_cap() against /proc/sys/kernel/cap_last_cap */
27 static void test_last_cap_file(void) {
28 _cleanup_free_
char *content
= NULL
;
29 unsigned long val
= 0;
32 r
= read_one_line_file("/proc/sys/kernel/cap_last_cap", &content
);
35 r
= safe_atolu(content
, &val
);
38 assert_se(val
== cap_last_cap());
41 /* verify cap_last_cap() against syscall probing */
42 static void test_last_cap_probe(void) {
43 unsigned long p
= (unsigned long)CAP_LAST_CAP
;
45 if (prctl(PR_CAPBSET_READ
, p
) < 0) {
46 for (p
--; p
> 0; p
--)
47 if (prctl(PR_CAPBSET_READ
, p
) >= 0)
51 if (prctl(PR_CAPBSET_READ
, p
+1) < 0)
56 assert_se(p
== cap_last_cap());
59 static void fork_test(void (*test_func
)(void)) {
70 assert_se(waitpid(pid
, &status
, 0) > 0);
71 assert_se(WIFEXITED(status
) && WEXITSTATUS(status
) == 0);
75 static void show_capabilities(void) {
79 caps
= cap_get_proc();
82 text
= cap_to_text(caps
, NULL
);
85 log_info("Capabilities:%s", text
);
90 static int setup_tests(bool *run_ambient
) {
91 struct passwd
*nobody
;
94 nobody
= getpwnam(NOBODY_USER_NAME
);
96 return log_error_errno(errno
, "Could not find nobody user: %m");
98 test_uid
= nobody
->pw_uid
;
99 test_gid
= nobody
->pw_gid
;
101 *run_ambient
= false;
103 r
= prctl(PR_CAP_AMBIENT
, PR_CAP_AMBIENT_CLEAR_ALL
, 0, 0, 0);
105 /* There's support for PR_CAP_AMBIENT if the prctl() call
106 * succeeded or error code was something else than EINVAL. The
107 * EINVAL check should be good enough to rule out false
110 if (r
>= 0 || errno
!= EINVAL
)
116 static void test_drop_privileges_keep_net_raw(void) {
119 sock
= socket(AF_INET
, SOCK_RAW
, IPPROTO_UDP
);
120 assert_se(sock
>= 0);
123 assert_se(drop_privileges(test_uid
, test_gid
, test_flags
| (1ULL << CAP_NET_RAW
)) >= 0);
124 assert_se(getuid() == test_uid
);
125 assert_se(getgid() == test_gid
);
128 sock
= socket(AF_INET
, SOCK_RAW
, IPPROTO_UDP
);
129 assert_se(sock
>= 0);
133 static void test_drop_privileges_dontkeep_net_raw(void) {
136 sock
= socket(AF_INET
, SOCK_RAW
, IPPROTO_UDP
);
137 assert_se(sock
>= 0);
140 assert_se(drop_privileges(test_uid
, test_gid
, test_flags
) >= 0);
141 assert_se(getuid() == test_uid
);
142 assert_se(getgid() == test_gid
);
145 sock
= socket(AF_INET
, SOCK_RAW
, IPPROTO_UDP
);
149 static void test_drop_privileges_fail(void) {
150 assert_se(drop_privileges(test_uid
, test_gid
, test_flags
) >= 0);
151 assert_se(getuid() == test_uid
);
152 assert_se(getgid() == test_gid
);
154 assert_se(drop_privileges(test_uid
, test_gid
, test_flags
) < 0);
155 assert_se(drop_privileges(0, 0, test_flags
) < 0);
158 static void test_drop_privileges(void) {
159 fork_test(test_drop_privileges_keep_net_raw
);
160 fork_test(test_drop_privileges_dontkeep_net_raw
);
161 fork_test(test_drop_privileges_fail
);
164 static void test_have_effective_cap(void) {
165 assert_se(have_effective_cap(CAP_KILL
));
166 assert_se(have_effective_cap(CAP_CHOWN
));
168 assert_se(drop_privileges(test_uid
, test_gid
, test_flags
| (1ULL << CAP_KILL
)) >= 0);
169 assert_se(getuid() == test_uid
);
170 assert_se(getgid() == test_gid
);
172 assert_se(have_effective_cap(CAP_KILL
));
173 assert_se(!have_effective_cap(CAP_CHOWN
));
176 static void test_update_inherited_set(void) {
181 caps
= cap_get_proc();
183 assert_se(!cap_get_flag(caps
, CAP_CHOWN
, CAP_INHERITABLE
, &fv
));
184 assert(fv
== CAP_CLEAR
);
186 set
= (UINT64_C(1) << CAP_CHOWN
);
188 assert_se(!capability_update_inherited_set(caps
, set
));
189 assert_se(!cap_get_flag(caps
, CAP_CHOWN
, CAP_INHERITABLE
, &fv
));
190 assert(fv
== CAP_SET
);
195 static void test_set_ambient_caps(void) {
200 caps
= cap_get_proc();
202 assert_se(!cap_get_flag(caps
, CAP_CHOWN
, CAP_INHERITABLE
, &fv
));
203 assert(fv
== CAP_CLEAR
);
206 assert_se(prctl(PR_CAP_AMBIENT
, PR_CAP_AMBIENT_IS_SET
, CAP_CHOWN
, 0, 0) == 0);
208 set
= (UINT64_C(1) << CAP_CHOWN
);
210 assert_se(!capability_ambient_set_apply(set
, true));
212 caps
= cap_get_proc();
213 assert_se(!cap_get_flag(caps
, CAP_CHOWN
, CAP_INHERITABLE
, &fv
));
214 assert(fv
== CAP_SET
);
217 assert_se(prctl(PR_CAP_AMBIENT
, PR_CAP_AMBIENT_IS_SET
, CAP_CHOWN
, 0, 0) == 1);
220 int main(int argc
, char *argv
[]) {
223 test_setup_logging(LOG_INFO
);
225 test_last_cap_file();
226 test_last_cap_probe();
228 log_info("have ambient caps: %s", yes_no(ambient_capabilities_supported()));
231 return log_tests_skipped("not running as root");
233 if (setup_tests(&run_ambient
) < 0)
234 return log_tests_skipped("setup failed");
238 test_drop_privileges();
239 test_update_inherited_set();
241 fork_test(test_have_effective_cap
);
244 fork_test(test_set_ambient_caps
);