diff options
author | Andrew G. Morgan <morgan@kernel.org> | 2008-03-05 22:03:05 -0800 |
---|---|---|
committer | Andrew G. Morgan <morgan@kernel.org> | 2008-03-05 22:04:10 -0800 |
commit | 6410f786d68b9812cb69b41ecd78250cef9cfe4f (patch) | |
tree | bb7c81e37ae17dee79eb57815a073646a0276b2a | |
parent | f8e4eeb26683080042d1fd0f9c3c35a95bf487a8 (diff) | |
download | libcap-6410f786d68b9812cb69b41ecd78250cef9cfe4f.tar.gz |
Add a test for all= capability setting etc, support.
-rwxr-xr-x | progs/quicktest.sh | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/progs/quicktest.sh b/progs/quicktest.sh index 8671786..582ba86 100755 --- a/progs/quicktest.sh +++ b/progs/quicktest.sh @@ -41,9 +41,24 @@ pass_capsh () { } pass_capsh --print -pass_capsh --keep=0 --keep=1 --keep=0 --keep=1 --print + +# Make a local non-setuid-0 version of ping +cp /bin/ping . && chmod -s ./ping + +# Give it the forced capability it needs +./setcap all=ep ./ping +if [ $? -ne 0 ]; then + echo "Failed to set all capabilities on file" + exit 1 +fi +./setcap cap_net_raw=ep ./ping +if [ $? -ne 0 ]; then + echo "Failed to set single capability on ping file" + exit 1 +fi # Explore keep_caps support +pass_capsh --keep=0 --keep=1 --keep=0 --keep=1 --print rm -f tcapsh cp capsh tcapsh @@ -75,12 +90,6 @@ fail_capsh --secbits=47 -- -c "ping -c1 localhost" # Suppress uid=0 privilege fail_capsh --secbits=47 --print -- -c "/bin/ping -c1 localhost" -# Make a local non-setuid-0 version of ping -cp /bin/ping . && chmod -s ./ping - -# Give it the forced capability it needs -./setcap cap_net_raw=ep ./ping - # suppress uid=0 privilege and test this ping pass_capsh --secbits=0x2f --print -- -c "./ping -c1 localhost" |