dce069b617cf5e42fde707196eaf2ee8d62bc96c |
|
07-Feb-2016 |
Andrew G. Morgan <morgan@kernel.org> |
Add something to run libcap's quicktest tests against development kernel. The kdebug directory requires qemu to run and expects the kernel to be compiled with the running architecture. My setup has the kernel sources as a peer to the libcap directory so kdebug assumes that too. Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
/external/libcap/progs/quicktest.sh
|
22579a76da810d3cc58cf3e802b29a28082ea5cd |
|
31-Jan-2016 |
Andrew G. Morgan <morgan@kernel.org> |
Sigh. Compiling capsh statically and we get no getpw*() functions. This is, at least, true on my Fedora based system. The chroot tests won't work with a dynamic binary, so stop using --user and use --uid instead. Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
/external/libcap/progs/quicktest.sh
|
12ea42e59cbac9b6c58ac81af577086beda86ead |
|
24-Dec-2013 |
Andrew G Morgan <morgan@kernel.org> |
Stop using ping to test privilege use. It appears that ping has been modified to hard-code non-file-capability acquired privilege use. That is, it requires PR_SET_KEEPCAPS (a legacy supporting secure bit) to function in order for ping to work. As such, we can't rely on it for quicktest.sh. Instead, we use a copy of capsh enhanced with file-caps for our test cases. Thanks to Serge Hallyn @ Ubuntu for figuring out what broke. Signed-off-by: Andrew G Morgan <morgan@kernel.org>
/external/libcap/progs/quicktest.sh
|
af725c50c2930485947bd958dbdf984faf8fc1ba |
|
25-Jul-2011 |
Andrew G. Morgan <morgan@kernel.org> |
Change directory to "/" after --chroot operation. Thanks to Steve Grubb for suggesting this. He wrote: ========= I was reviewing something recently and discovered a problem in capsh. The capsh program has a --chroot command line option. Inspecting the code shows that it does not do a chdir("/") after calling chroot. This means that '.' is outside the chroot. Additional info: http://cwe.mitre.org/data/definitions/243.html ========= Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
/external/libcap/progs/quicktest.sh
|
85748f41a73ea18241a7291a8d4a29e06377cd79 |
|
09-Aug-2010 |
Andrew G. Morgan <morgan@kernel.org> |
Default to installing setcap with an inheritable capability. For my conveneince, default to installing an inheritable file capability on setcap when installed. This requires the process inherit a capability for it to take effect, but that's what pam_cap is for... You can disable this install feature with: make RAISE_SETFCAP=no install Also, clean up Make files and a test, and add more comments. The make files needed a fix (remove -lpam from pam_cap/Makefile) and I've added a number of comments in support of various issues folk have asked me about. Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
/external/libcap/progs/quicktest.sh
|
8525eb6615366f46f9bb753ce7f16b1c4a2adfff |
|
12-Jan-2010 |
Andrew G. Morgan <morgan@kernel.org> |
Clean up of prctl code. Also add linux securebits.h file in case the system headers did not include them. Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
/external/libcap/progs/quicktest.sh
|
319cbc6501a0e78da9e2a2a608e7c4a14123594d |
|
03-Jan-2010 |
Andrew G. Morgan <morgan@kernel.org> |
Add a test for maximal lock-down. Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
/external/libcap/progs/quicktest.sh
|
5df3c2a2822a1fbcbe22834490cfd8d2212e6a5d |
|
27-Aug-2009 |
Andrew G. Morgan <morgan@kernel.org> |
Fix test to actually test setuid-0 scripts don't get capabilities. Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
/external/libcap/progs/quicktest.sh
|
1b5fb7eb0d8737e961ded5ce731d7f10a26da8f1 |
|
11-Nov-2008 |
Andrew G. Morgan <morgan@kernel.org> |
Makefile tweaks mostly add rule to build HTML add LIBATTR=no makefile support for not including filesystem support comment cleanup for cap_file.c. Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
/external/libcap/progs/quicktest.sh
|
a0b745aed508179e140df99e94bea5195c23721d |
|
06-Mar-2008 |
Chris Friedhoff <chris@friedhoff.org> |
Added missing rm -f ./ping to quicktest.sh (for early exit) Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
/external/libcap/progs/quicktest.sh
|
6410f786d68b9812cb69b41ecd78250cef9cfe4f |
|
06-Mar-2008 |
Andrew G. Morgan <morgan@kernel.org> |
Add a test for all= capability setting etc, support.
/external/libcap/progs/quicktest.sh
|
f8e4eeb26683080042d1fd0f9c3c35a95bf487a8 |
|
01-Mar-2008 |
Andrew G. Morgan <morgan@kernel.org> |
Rearranged order to support bailing early if no securebits support available Also activated test for 2.6.24 bug (fixed by serge in 2.6.25)
/external/libcap/progs/quicktest.sh
|
b1759d812ce05bf126e49b3f8e57481ba96735c7 |
|
22-Feb-2008 |
Andrew G. Morgan <morgan@kernel.org> |
Extend capsh with --caps= --killit= --forkfor= and == support Add these features to capsh, and add two new test cases to quicktest.sh (inspired by wireshark) for keeping an eye on legacy --keep functionality: --caps=xxx set caps as per cap_from_text() --killit=<n> send signal(n) to child --forkfor=<n> fork and make child sleep for <n> sec == re-exec(capsh) with args as for -- Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
/external/libcap/progs/quicktest.sh
|
e57378c88b6144ff9c06777ff0e0c9d722eeefd3 |
|
05-Feb-2008 |
Andrew G. Morgan <morgan@kernel.org> |
We don't need to export _cap_names[] any more. I've added perfect hash generation support for looking up names (if you have gperf installed). Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
/external/libcap/progs/quicktest.sh
|
d3ea8da3c1acaabf5accbec15a29919ed0170598 |
|
04-Feb-2008 |
Andrew G. Morgan <morgan@kernel.org> |
Support for prctl based securebits. Add a quick regression/reference test for the various capability manipulations. (Run it as root.)
/external/libcap/progs/quicktest.sh
|