Date: Sun, 31 Mar 2019 04:24:52 +0000 (UTC) From: Enji Cooper <ngie@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r345743 - projects/capsicum-test/contrib/capsicum-test Message-ID: <201903310424.x2V4OqMS075760@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ngie Date: Sun Mar 31 04:24:51 2019 New Revision: 345743 URL: https://svnweb.freebsd.org/changeset/base/345743 Log: Add FreeBSD-specific capsicum feature sanity checks to Environment::SetUp * Not all consumers build with CAPABILITIES enabled kernels, thus, we must check for the `security_capabilities` feature via feature_present(3) before running the tests. Otherwise, the test results are invalid. * Check the `kern.trap_enotcap` sysctl to make sure it's disabled. If it's not disabled, skip the tests. Reason being is that it can trigger failures, as noted in https://github.com/google/capsicum-test/issues/23 by markj@. This fixes the first TODO item in D19758. Modified: projects/capsicum-test/contrib/capsicum-test/capsicum-test-main.cc Modified: projects/capsicum-test/contrib/capsicum-test/capsicum-test-main.cc ============================================================================== --- projects/capsicum-test/contrib/capsicum-test/capsicum-test-main.cc Sun Mar 31 03:19:10 2019 (r345742) +++ projects/capsicum-test/contrib/capsicum-test/capsicum-test-main.cc Sun Mar 31 04:24:51 2019 (r345743) @@ -2,6 +2,8 @@ #ifdef __linux__ #include <sys/vfs.h> #include <linux/magic.h> +#elif defined(__FreeBSD__) +#include <sys/sysctl.h> #endif #include <ctype.h> #include <errno.h> @@ -21,6 +23,7 @@ class SetupEnvironment : public ::testing::Environment public: SetupEnvironment() : teardown_tmpdir_(false) {} void SetUp() override { + CheckCapsicumSupport(); if (tmpdir.empty()) { std::cerr << "Generating temporary directory root: "; CreateTemporaryRoot(); @@ -28,6 +31,33 @@ class SetupEnvironment : public ::testing::Environment std::cerr << "User provided temporary directory root: "; } std::cerr << tmpdir << std::endl; + } + void CheckCapsicumSupport() { +#ifdef __FreeBSD__ + size_t trap_enotcap_enabled_len; + int rc; + bool trap_enotcap_enabled; + + trap_enotcap_enabled_len = sizeof(trap_enotcap_enabled); + + if (feature_present("security_capabilities") == 0) { + GTEST_SKIP() << "Tests require a CAPABILITIES enabled kernel"; + } else { + std::cerr << "Running on a CAPABILITIES enabled kernel" << std::endl; + } + const char *oid = "kern.trap_enotcap"; + rc = sysctlbyname(oid, &trap_enotcap_enabled, &trap_enotcap_enabled_len, + nullptr, 0); + if (rc != 0) { + GTEST_FAIL() << "sysctlbyname failed: " << strerror(errno); + } + if (trap_enotcap_enabled) { + GTEST_SKIP() << "Sysctl " << oid << " enabled. " + << "Skipping tests to avoid non-determinism with results"; + } else { + std::cerr << "Sysctl " << oid << " not enabled." << std::endl; + } +#endif } void CreateTemporaryRoot() { char *tmpdir_name = tempnam(nullptr, "cptst");
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201903310424.x2V4OqMS075760>