1 /*
2  * Copyright (c) Huawei Technologies Co., Ltd., 2015
3  * This program is free software; you can redistribute it and/or modify
4  * it under the terms of the GNU General Public License as published by
5  * the Free Software Foundation; either version 2 of the License, or
6  *  (at your option) any later version.
7  *
8  * This program is distributed in the hope that it will be useful,
9  * but WITHOUT ANY WARRANTY; without even the implied warranty of
10  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
11  * the GNU General Public License for more details.
12  */
13 
14 /*
15  * Verify that:
16  * When a process with non-zero user IDs performs an execve(), the
17  * process's capability sets are cleared. When a process with zero
18  * user IDs performs an execve(), the process's capability sets
19  * are set.
20  */
21 
22 #define _GNU_SOURCE
23 #include <sys/wait.h>
24 #include <assert.h>
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <unistd.h>
28 #include <string.h>
29 #include <errno.h>
30 #include "libclone.h"
31 #include "test.h"
32 #include "config.h"
33 #if HAVE_SYS_CAPABILITY_H
34 #include <sys/capability.h>
35 #endif
36 
37 char *TCID = "userns06_capcheck";
38 int TST_TOTAL = 1;
39 
main(int argc,char * argv[])40 int main(int argc, char *argv[])
41 {
42 #ifdef HAVE_LIBCAP
43 	cap_t caps;
44 	int i, last_cap;
45 	cap_flag_value_t flag_val;
46 	cap_flag_value_t expected_flag = 1;
47 #endif
48 	tst_parse_opts(argc, argv, NULL, NULL);
49 
50 #ifdef HAVE_LIBCAP
51 	if (strcmp("privileged", argv[1]))
52 		expected_flag = 0;
53 
54 	caps = cap_get_proc();
55 	SAFE_FILE_SCANF(NULL, "/proc/sys/kernel/cap_last_cap", "%d", &last_cap);
56 	for (i = 0; i <= last_cap; i++) {
57 		cap_get_flag(caps, i, CAP_EFFECTIVE, &flag_val);
58 		if (flag_val != expected_flag)
59 			break;
60 		cap_get_flag(caps, i, CAP_PERMITTED, &flag_val);
61 		if (flag_val != expected_flag)
62 			break;
63 	}
64 
65 	if (flag_val != expected_flag) {
66 		printf("unexpected effective/permitted caps at %d\n", i);
67 		exit(1);
68 	}
69 
70 #else
71 	printf("System is missing libcap.\n");
72 #endif
73 	tst_exit();
74 }
75