2 This file is part of systemd
4 Copyright 2014 Ronny Chevalier
6 systemd is free software; you can redistribute it and/or modify it
7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
9 (at your option) any later version.
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
16 You should have received a copy of the GNU Lesser General Public License
17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 #include <netinet/in.h>
22 #include <sys/capability.h>
23 #include <sys/prctl.h>
24 #include <sys/socket.h>
28 #include "capability-util.h"
33 static uid_t test_uid
= -1;
34 static gid_t test_gid
= -1;
36 /* We keep CAP_DAC_OVERRIDE to avoid errors with gcov when doing test coverage */
37 static uint64_t test_flags
= 1ULL << CAP_DAC_OVERRIDE
;
39 static void fork_test(void (*test_func
)(void)) {
50 assert_se(waitpid(pid
, &status
, 0) > 0);
51 assert_se(WIFEXITED(status
) && WEXITSTATUS(status
) == 0);
55 static void show_capabilities(void) {
59 caps
= cap_get_proc();
62 text
= cap_to_text(caps
, NULL
);
65 log_info("Capabilities:%s", text
);
70 static int setup_tests(bool *run_ambient
) {
71 struct passwd
*nobody
;
74 nobody
= getpwnam("nobody");
76 log_error_errno(errno
, "Could not find nobody user: %m");
77 return -EXIT_TEST_SKIP
;
79 test_uid
= nobody
->pw_uid
;
80 test_gid
= nobody
->pw_gid
;
84 r
= prctl(PR_CAP_AMBIENT
, PR_CAP_AMBIENT_CLEAR_ALL
, 0, 0, 0);
86 /* There's support for PR_CAP_AMBIENT if the prctl() call
87 * succeeded or error code was something else than EINVAL. The
88 * EINVAL check should be good enough to rule out false
91 if (r
>= 0 || errno
!= EINVAL
)
97 static void test_drop_privileges_keep_net_raw(void) {
100 sock
= socket(AF_INET
, SOCK_RAW
, IPPROTO_UDP
);
101 assert_se(sock
>= 0);
104 assert_se(drop_privileges(test_uid
, test_gid
, test_flags
| (1ULL << CAP_NET_RAW
)) >= 0);
105 assert_se(getuid() == test_uid
);
106 assert_se(getgid() == test_gid
);
109 sock
= socket(AF_INET
, SOCK_RAW
, IPPROTO_UDP
);
110 assert_se(sock
>= 0);
114 static void test_drop_privileges_dontkeep_net_raw(void) {
117 sock
= socket(AF_INET
, SOCK_RAW
, IPPROTO_UDP
);
118 assert_se(sock
>= 0);
121 assert_se(drop_privileges(test_uid
, test_gid
, test_flags
) >= 0);
122 assert_se(getuid() == test_uid
);
123 assert_se(getgid() == test_gid
);
126 sock
= socket(AF_INET
, SOCK_RAW
, IPPROTO_UDP
);
130 static void test_drop_privileges_fail(void) {
131 assert_se(drop_privileges(test_uid
, test_gid
, test_flags
) >= 0);
132 assert_se(getuid() == test_uid
);
133 assert_se(getgid() == test_gid
);
135 assert_se(drop_privileges(test_uid
, test_gid
, test_flags
) < 0);
136 assert_se(drop_privileges(0, 0, test_flags
) < 0);
139 static void test_drop_privileges(void) {
140 fork_test(test_drop_privileges_keep_net_raw
);
141 fork_test(test_drop_privileges_dontkeep_net_raw
);
142 fork_test(test_drop_privileges_fail
);
145 static void test_have_effective_cap(void) {
146 assert_se(have_effective_cap(CAP_KILL
));
147 assert_se(have_effective_cap(CAP_CHOWN
));
149 assert_se(drop_privileges(test_uid
, test_gid
, test_flags
| (1ULL << CAP_KILL
)) >= 0);
150 assert_se(getuid() == test_uid
);
151 assert_se(getgid() == test_gid
);
153 assert_se(have_effective_cap(CAP_KILL
));
154 assert_se(!have_effective_cap(CAP_CHOWN
));
157 static void test_update_inherited_set(void) {
162 caps
= cap_get_proc();
164 assert_se(!cap_get_flag(caps
, CAP_CHOWN
, CAP_INHERITABLE
, &fv
));
165 assert(fv
== CAP_CLEAR
);
167 set
= (UINT64_C(1) << CAP_CHOWN
);
169 assert_se(!capability_update_inherited_set(caps
, set
));
170 assert_se(!cap_get_flag(caps
, CAP_CHOWN
, CAP_INHERITABLE
, &fv
));
171 assert(fv
== CAP_SET
);
176 static void test_set_ambient_caps(void) {
181 caps
= cap_get_proc();
183 assert_se(!cap_get_flag(caps
, CAP_CHOWN
, CAP_INHERITABLE
, &fv
));
184 assert(fv
== CAP_CLEAR
);
187 assert_se(prctl(PR_CAP_AMBIENT
, PR_CAP_AMBIENT_IS_SET
, CAP_CHOWN
, 0, 0) == 0);
189 set
= (UINT64_C(1) << CAP_CHOWN
);
191 assert_se(!capability_ambient_set_apply(set
, true));
193 caps
= cap_get_proc();
194 assert_se(!cap_get_flag(caps
, CAP_CHOWN
, CAP_INHERITABLE
, &fv
));
195 assert(fv
== CAP_SET
);
198 assert_se(prctl(PR_CAP_AMBIENT
, PR_CAP_AMBIENT_IS_SET
, CAP_CHOWN
, 0, 0) == 1);
201 int main(int argc
, char *argv
[]) {
205 log_parse_environment();
208 log_info("have ambient caps: %s", yes_no(ambient_capabilities_supported()));
211 return EXIT_TEST_SKIP
;
213 r
= setup_tests(&run_ambient
);
219 test_drop_privileges();
220 test_update_inherited_set();
222 fork_test(test_have_effective_cap
);
225 fork_test(test_set_ambient_caps
);