WIP: Update capsicum-test after O_BENEATH changes.
AbandonedPublic
Actions

Authored by arichardson on Feb 15 2021, 4:18 PM.

Details

Reviewers

kib
markj
emaste

Group Reviewers

capsicum

Summary

I'm not convinced this behaviour is correct. I feel like cap_enter()
should have the same effect whether O_BENEATH is passed or not.

Test Plan

This updates the openat test for the current behaviour, but I think we probably want to change the kernel instead?

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

No Lint Coverage

Unit

No Test Coverage

Build Status

Buildable 37022
Build 33911: arc lint + arc unit

Event Timeline

arichardson created this revision.Feb 15 2021, 4:18 PM

Herald added a subscriber: imp. · View Herald TranscriptFeb 15 2021, 4:18 PM

arichardson requested review of this revision.Feb 15 2021, 4:18 PM

Harbormaster completed remote builds in B37022: Diff 83936.Feb 15 2021, 4:18 PM

I'm not convinced this behaviour is correct.

It is not. In capability mode we must return ENOTCAPABLE for openat(sub_fd, "../subdir/...", ...)

emaste added a subscriber: oshogbo.Feb 15 2021, 5:14 PM

emaste requested changes to this revision.Feb 15 2021, 6:12 PM

This revision now requires changes to proceed.Feb 15 2021, 6:12 PM

I'll submit the contrib/capsicum-test/capsicum-test.h debugging changes upstream and will close this once the kernel has been updated.
I guess adding the extra EXPECT_FAIL checks also makes sense upstream.

I am not sure what is going on with this test. With patched kernel I see faiures on open of relative symlinks that go out of the topping directory, as I would suppose things should work. But the tests are not marked for failure.

Anyway, please see D28698 D28699. I believe a discussion of how to proceed is required.