Bug 236863 - Add a REQUIRE_FEATURE(security_capability) for sys/capsicum/ioctls_test
Summary: Add a REQUIRE_FEATURE(security_capability) for sys/capsicum/ioctls_test
Status: In Progress
Alias: None
Product: Base System
Classification: Unclassified
Component: tests (show other bugs)
Version: 12.0-RELEASE
Hardware: Any Any
: --- Affects Only Me
Assignee: Olivier Cochard
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-03-28 21:32 UTC by Olivier Cochard
Modified: 2019-08-12 17:51 UTC (History)
3 users (show)

See Also:


Attachments
patch to require capsicum feature for a test (975 bytes, patch)
2019-03-28 21:32 UTC, Olivier Cochard
no flags Details | Diff
patch v2 to require capsicum feature for a test (977 bytes, patch)
2019-03-28 23:14 UTC, Olivier Cochard
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Olivier Cochard freebsd_committer 2019-03-28 21:32:58 UTC
Created attachment 203225 [details]
patch to require capsicum feature for a test

On a system without capsicum, ioctls_test:cap_ioctls__listen_copy test failed and should be skipped:

Before the patch:

# kyua test sys/capsicum/ioctls_test
sys/capsicum/ioctls_test:cap_ioctls__listen_copy  ->  failed: /var/jenkins/workspace/ocafirmware_build-master/FreeBSD/tests/sys/capsicum/io$
tls_test.c:94: cap_rights_limit(s[0], &rights) == 0 not met  [0.003s]

Results file id is usr_tests.20190328-212133-379353
Results saved to /root/.kyua/store/results.usr_tests.20190328-212133-379353.db

0/1 passed (1 failed)


After the patch:
# kyua test sys/capsicum/ioctls_test
sys/capsicum/ioctls_test:cap_ioctls__listen_copy  ->  skipped: kernel feature (security_capability) not present  [0.003s]

Results file id is usr_tests.20190328-213129-974398
Results saved to /root/.kyua/store/results.usr_tests.20190328-213129-974398.db

1/1 passed (0 failed)
Comment 1 Alan Somers freebsd_committer 2019-03-28 22:07:13 UTC
Check the spelling on that feature.  I think it should be either "security_capabilities" or "security_capability_mode".
Comment 2 Olivier Cochard freebsd_committer 2019-03-28 23:14:21 UTC
Created attachment 203227 [details]
patch v2 to require capsicum feature for a test

Ouch, good catch! I need to add tests to tests my tests ;-)
Comment 3 Alan Somers freebsd_committer 2019-03-29 01:06:38 UTC
Approved.
Comment 4 commit-hook freebsd_committer 2019-03-29 08:43:58 UTC
A commit references this bug:

Author: olivier
Date: Fri Mar 29 08:43:22 UTC 2019
New revision: 345681
URL: https://svnweb.freebsd.org/changeset/base/345681

Log:
  Skip test if feature security_capabilities is not available

  PR:		236863
  Approved by:	asomers
  MFC after:	1 month
  Sponsored by:	Netflix

Changes:
  head/tests/sys/capsicum/Makefile
  head/tests/sys/capsicum/ioctls_test.c
Comment 5 Olivier Cochard freebsd_committer 2019-03-29 08:46:18 UTC
Thanks for your advice.
Comment 6 Olivier Cochard freebsd_committer 2019-03-29 15:07:07 UTC
Switched it back to "in progress" until all MFC done.
Comment 7 Ed Maste freebsd_committer 2019-06-09 10:50:31 UTC
MFC expected soon?
Comment 8 Ed Maste freebsd_committer 2019-08-12 17:51:47 UTC
Ping