Bug 236863

Summary: Add a REQUIRE_FEATURE(security_capability) for sys/capsicum/ioctls_test
Product: Base System Reporter: Olivier Cochard <olivier>
Component: testsAssignee: Olivier Cochard <olivier>
Status: In Progress ---    
Severity: Affects Only Me CC: asomers, emaste, ngie
Priority: ---    
Version: 12.0-RELEASE   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
patch to require capsicum feature for a test
none
patch v2 to require capsicum feature for a test none

Description Olivier Cochard freebsd_committer 2019-03-28 21:32:58 UTC
Created attachment 203225 [details]
patch to require capsicum feature for a test

On a system without capsicum, ioctls_test:cap_ioctls__listen_copy test failed and should be skipped:

Before the patch:

# kyua test sys/capsicum/ioctls_test
sys/capsicum/ioctls_test:cap_ioctls__listen_copy  ->  failed: /var/jenkins/workspace/ocafirmware_build-master/FreeBSD/tests/sys/capsicum/io$
tls_test.c:94: cap_rights_limit(s[0], &rights) == 0 not met  [0.003s]

Results file id is usr_tests.20190328-212133-379353
Results saved to /root/.kyua/store/results.usr_tests.20190328-212133-379353.db

0/1 passed (1 failed)


After the patch:
# kyua test sys/capsicum/ioctls_test
sys/capsicum/ioctls_test:cap_ioctls__listen_copy  ->  skipped: kernel feature (security_capability) not present  [0.003s]

Results file id is usr_tests.20190328-213129-974398
Results saved to /root/.kyua/store/results.usr_tests.20190328-213129-974398.db

1/1 passed (0 failed)
Comment 1 Alan Somers freebsd_committer 2019-03-28 22:07:13 UTC
Check the spelling on that feature.  I think it should be either "security_capabilities" or "security_capability_mode".
Comment 2 Olivier Cochard freebsd_committer 2019-03-28 23:14:21 UTC
Created attachment 203227 [details]
patch v2 to require capsicum feature for a test

Ouch, good catch! I need to add tests to tests my tests ;-)
Comment 3 Alan Somers freebsd_committer 2019-03-29 01:06:38 UTC
Approved.
Comment 4 commit-hook freebsd_committer 2019-03-29 08:43:58 UTC
A commit references this bug:

Author: olivier
Date: Fri Mar 29 08:43:22 UTC 2019
New revision: 345681
URL: https://svnweb.freebsd.org/changeset/base/345681

Log:
  Skip test if feature security_capabilities is not available

  PR:		236863
  Approved by:	asomers
  MFC after:	1 month
  Sponsored by:	Netflix

Changes:
  head/tests/sys/capsicum/Makefile
  head/tests/sys/capsicum/ioctls_test.c
Comment 5 Olivier Cochard freebsd_committer 2019-03-29 08:46:18 UTC
Thanks for your advice.
Comment 6 Olivier Cochard freebsd_committer 2019-03-29 15:07:07 UTC
Switched it back to "in progress" until all MFC done.
Comment 7 Ed Maste freebsd_committer 2019-06-09 10:50:31 UTC
MFC expected soon?
Comment 8 Ed Maste freebsd_committer 2019-08-12 17:51:47 UTC
Ping