test: use cap_last_cap() for max supported cap number, not capability_list_length()

author Dan Streetman <ddstreet@canonical.com>

Wed, 25 Nov 2020 20:22:24 +0000 (15:22 -0500)

committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>

Thu, 26 Nov 2020 12:35:48 +0000 (13:35 +0100)
author Dan Streetman <ddstreet@canonical.com>
Wed, 25 Nov 2020 20:22:24 +0000 (15:22 -0500)
committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Thu, 26 Nov 2020 12:35:48 +0000 (13:35 +0100)
diff --git a/src/basic/cap-list.c b/src/basic/cap-list.c

index 1e783a6f29ddf82768955fea76b8ab5c3e343c2b..d295a635ca9bbc38c099aad0b4aa06fdf5796a6f 100644 (file)
--- a/src/basic/cap-list.c
+++ b/src/basic/cap-list.c
@@ -50,6 +50,9 @@ int capability_from_name(const char *name) {
          return sc->id;
  }
  
+/* This is the number of capability names we are *compiled* with.
+ * For the max capability number of the currently-running kernel,
+ * use cap_last_cap(). */
  int capability_list_length(void) {
          return (int) ELEMENTSOF(capability_names);
  }
diff --git a/src/test/test-cap-list.c b/src/test/test-cap-list.c

index c5f429d052722f9c5052e0443a5fdaff02bcdcfc..c4b40f34faca09f33fc48b1444dc3d3b68d37495 100644 (file)
--- a/src/test/test-cap-list.c
+++ b/src/test/test-cap-list.c
@@ -55,7 +55,7 @@ static void test_cap_list(void) {
  
  static void test_capability_set_one(uint64_t c, const char *t) {
          _cleanup_free_ char *t1 = NULL;
-        uint64_t c1, c_masked = c & ((UINT64_C(1) << capability_list_length()) - 1);
+        uint64_t c1, c_masked = c & all_capabilities();
  
          assert_se(capability_set_to_string_alloc(c, &t1) == 0);
          assert_se(streq(t1, t));
@@ -70,7 +70,7 @@ static void test_capability_set_one(uint64_t c, const char *t) {
          assert_se(c1 == c_masked);
  }
  
-static void test_capability_set(void) {
+static void test_capability_set_from_string(void) {
          uint64_t c;
  
          assert_se(capability_set_from_string(NULL, &c) == 0);
@@ -87,38 +87,42 @@ static void test_capability_set(void) {
  
          assert_se(capability_set_from_string("0 1 2 3", &c) == 0);
          assert_se(c == (UINT64_C(1) << 4) - 1);
+}
+
+static void test_capability_set_to_string(uint64_t invalid_cap_set) {
+        uint64_t c;
  
-        test_capability_set_one(0, "");
-        test_capability_set_one(
-                UINT64_C(1) << CAP_DAC_OVERRIDE,
-                "cap_dac_override");
-        test_capability_set_one(
-                UINT64_C(1) << CAP_DAC_OVERRIDE |
-                UINT64_C(1) << capability_list_length(),
-                "cap_dac_override");
-        test_capability_set_one(
-                UINT64_C(1) << capability_list_length(), "");
-        test_capability_set_one(
-                UINT64_C(1) << CAP_CHOWN |
-                UINT64_C(1) << CAP_DAC_OVERRIDE |
-                UINT64_C(1) << CAP_DAC_READ_SEARCH |
-                UINT64_C(1) << CAP_FOWNER |
-                UINT64_C(1) << CAP_SETGID |
-                UINT64_C(1) << CAP_SETUID |
-                UINT64_C(1) << CAP_SYS_PTRACE |
-                UINT64_C(1) << CAP_SYS_ADMIN |
-                UINT64_C(1) << CAP_AUDIT_CONTROL |
-                UINT64_C(1) << CAP_MAC_OVERRIDE |
-                UINT64_C(1) << CAP_SYSLOG |
-                UINT64_C(1) << (capability_list_length() + 1),
-                "cap_chown cap_dac_override cap_dac_read_search cap_fowner "
-                "cap_setgid cap_setuid cap_sys_ptrace cap_sys_admin "
-                "cap_audit_control cap_mac_override cap_syslog");
+        test_capability_set_one(invalid_cap_set, "");
+
+        c = (UINT64_C(1) << CAP_DAC_OVERRIDE | invalid_cap_set);
+        test_capability_set_one(c, "cap_dac_override");
+
+        c = (UINT64_C(1) << CAP_CHOWN |
+             UINT64_C(1) << CAP_DAC_OVERRIDE |
+             UINT64_C(1) << CAP_DAC_READ_SEARCH |
+             UINT64_C(1) << CAP_FOWNER |
+             UINT64_C(1) << CAP_SETGID |
+             UINT64_C(1) << CAP_SETUID |
+             UINT64_C(1) << CAP_SYS_PTRACE |
+             UINT64_C(1) << CAP_SYS_ADMIN |
+             UINT64_C(1) << CAP_AUDIT_CONTROL |
+             UINT64_C(1) << CAP_MAC_OVERRIDE |
+             UINT64_C(1) << CAP_SYSLOG |
+             invalid_cap_set);
+        test_capability_set_one(c, ("cap_chown cap_dac_override cap_dac_read_search cap_fowner "
+                                    "cap_setgid cap_setuid cap_sys_ptrace cap_sys_admin "
+                                    "cap_audit_control cap_mac_override cap_syslog"));
  }
  
  int main(int argc, char *argv[]) {
          test_cap_list();
-        test_capability_set();
+        test_capability_set_from_string();
+        test_capability_set_to_string(0);
+
+        /* once the kernel supports 63 caps, there are no 'invalid' numbers
+         * for us to test with */
+        if (cap_last_cap() < 63)
+                test_capability_set_to_string(all_capabilities() + 1);
  
          return 0;
  }
author	Dan Streetman <ddstreet@canonical.com>
	Wed, 25 Nov 2020 20:22:24 +0000 (15:22 -0500)
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Thu, 26 Nov 2020 12:35:48 +0000 (13:35 +0100)
src/basic/cap-list.c		patch \| blob \| blame \| history
src/test/test-cap-list.c		patch \| blob \| blame \| history