[LTP] [PATCH] Filecaps: Update error message for recent kernels

[LTP] [PATCH] Filecaps: Update error message for recent kernels

[Geert Uytterhoeven]

   - As of 2.6.24, `capability' can no longer be a module,
   - As of 2.6.27, CONFIG_SECURITY_CAPABILITIES no longer exists.

Signed-off-by: Geert Uytterhoeven <Geert.Uytterhoeven@sonycom.com>
---
 .../kernel/security/filecaps/checkforfilecaps.sh   |    3 +--
 1 files changed, 1 insertions(+), 2 deletions(-)

diff --git a/testcases/kernel/security/filecaps/checkforfilecaps.sh b/testcases/kernel/security/filecaps/checkforfilecaps.sh
index 20f97f5..3f6a4ec 100755
--- a/testcases/kernel/security/filecaps/checkforfilecaps.sh
+++ b/testcases/kernel/security/filecaps/checkforfilecaps.sh
@@ -23,8 +23,7 @@ check_simple_capset
 ret=$?
 if [ $ret -ne 0 ]; then
 	echo Posix capabilities not compiled into the kernel.  Please
-	echo modprobe capability or recompile your kernel with
-	echo CONFIG_SECURITY_CAPABILITIES=y.
+	echo recompile your kernel with CONFIG_SECURITY_FILE_CAPABILITIES=y.
 	exit 1
 fi
 
-- 
1.6.2.4

With kind regards,

Geert Uytterhoeven
Software Architect
Techsoft Centre

Technology and Software Centre Europe
The Corporate Village · Da Vincilaan 7-D1 · B-1935 Zaventem · Belgium

Phone:    +32 (0)2 700 8453
Fax:      +32 (0)2 700 8622
E-mail:   Geert.Uytterhoeven@sonycom.com
Internet: http://www.sony-europe.com/

A division of Sony Europe (Belgium) N.V.
VAT BE 0413.825.160 · RPR Brussels
Fortis · BIC GEBABEBB · IBAN BE41293037680010

------------------------------------------------------------------------------
Come build with us! The BlackBerry&reg; Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9&#45;12, 2009. Register now&#33;
http://p.sf.net/sfu/devconf
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

Re: [LTP] [PATCH] Filecaps: Update error message for recent kernels

[Serge E. Hallyn]

Quoting Geert Uytterhoeven (Geert.Uytterhoeven@sonycom.com):
>    - As of 2.6.24, `capability' can no longer be a module,
>    - As of 2.6.27, CONFIG_SECURITY_CAPABILITIES no longer exists.
> 
> Signed-off-by: Geert Uytterhoeven <Geert.Uytterhoeven@sonycom.com>

Yup, thanks.

Acked-by: Serge Hallyn <serue@us.ibm.com>

-serge

> ---
>  .../kernel/security/filecaps/checkforfilecaps.sh   |    3 +--
>  1 files changed, 1 insertions(+), 2 deletions(-)
> 
> diff --git a/testcases/kernel/security/filecaps/checkforfilecaps.sh b/testcases/kernel/security/filecaps/checkforfilecaps.sh
> index 20f97f5..3f6a4ec 100755
> --- a/testcases/kernel/security/filecaps/checkforfilecaps.sh
> +++ b/testcases/kernel/security/filecaps/checkforfilecaps.sh
> @@ -23,8 +23,7 @@ check_simple_capset
>  ret=$?
>  if [ $ret -ne 0 ]; then
>  	echo Posix capabilities not compiled into the kernel.  Please
> -	echo modprobe capability or recompile your kernel with
> -	echo CONFIG_SECURITY_CAPABILITIES=y.
> +	echo recompile your kernel with CONFIG_SECURITY_FILE_CAPABILITIES=y.
>  	exit 1
>  fi
>  
> -- 
> 1.6.2.4
> 
> With kind regards,
> 
> Geert Uytterhoeven
> Software Architect
> Techsoft Centre
> 
> Technology and Software Centre Europe
> The Corporate Village · Da Vincilaan 7-D1 · B-1935 Zaventem · Belgium
> 
> Phone:    +32 (0)2 700 8453
> Fax:      +32 (0)2 700 8622
> E-mail:   Geert.Uytterhoeven@sonycom.com
> Internet: http://www.sony-europe.com/
> 
> A division of Sony Europe (Belgium) N.V.
> VAT BE 0413.825.160 · RPR Brussels
> Fortis · BIC GEBABEBB · IBAN BE41293037680010
> 
> ------------------------------------------------------------------------------
> Come build with us! The BlackBerry&reg; Developer Conference in SF, CA
> is the only developer event you need to attend this year. Jumpstart your
> developing skills, take BlackBerry mobile applications to market and stay 
> ahead of the curve. Join us from November 9&#45;12, 2009. Register now&#33;
> http://p.sf.net/sfu/devconf
> _______________________________________________
> Ltp-list mailing list
> Ltp-list@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/ltp-list

------------------------------------------------------------------------------
Come build with us! The BlackBerry&reg; Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9&#45;12, 2009. Register now&#33;
http://p.sf.net/sfu/devconf
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

Re: [LTP] [PATCH] Filecaps: Update error message for recent kernels

[Matt Helsley]

On Tue, Sep 15, 2009 at 05:30:55PM +0200, Geert Uytterhoeven wrote:
>    - As of 2.6.24, `capability' can no longer be a module,
>    - As of 2.6.27, CONFIG_SECURITY_CAPABILITIES no longer exists.
> 
> Signed-off-by: Geert Uytterhoeven <Geert.Uytterhoeven@sonycom.com>
> ---
>  .../kernel/security/filecaps/checkforfilecaps.sh   |    3 +--
>  1 files changed, 1 insertions(+), 2 deletions(-)
> 
> diff --git a/testcases/kernel/security/filecaps/checkforfilecaps.sh b/testcases/kernel/security/filecaps/checkforfilecaps.sh
> index 20f97f5..3f6a4ec 100755
> --- a/testcases/kernel/security/filecaps/checkforfilecaps.sh
> +++ b/testcases/kernel/security/filecaps/checkforfilecaps.sh
> @@ -23,8 +23,7 @@ check_simple_capset
>  ret=$?
>  if [ $ret -ne 0 ]; then
>  	echo Posix capabilities not compiled into the kernel.  Please
> -	echo modprobe capability or recompile your kernel with
> -	echo CONFIG_SECURITY_CAPABILITIES=y.
> +	echo recompile your kernel with CONFIG_SECURITY_FILE_CAPABILITIES=y.

Then the advice is incorrect for older kernels. If LTP should still run
nicely for users of older kernels then perhaps something like this is better:

-	echo modprobe capability or recompile your kernel with
-	echo CONFIG_SECURITY_CAPABILITIES=y.
+	if tst_kvercmp 2 6 24 ; then
+		echo modprobe capability or recompile your kernel with
+		echo CONFIG_SECURITY_CAPABILITIES=y.
+	elif tst_kvercmp 2 6 27 ; then
+		echo recompile your kernel with CONFIG_SECURITY_CAPABILITIES=y.
+	else
+		echo recompile your kernel with CONFIG_SECURITY_FILE_CAPABILITIES=y.
+	fi

Cheers,
	-Matt Helsley

------------------------------------------------------------------------------
Come build with us! The BlackBerry&reg; Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9&#45;12, 2009. Register now&#33;
http://p.sf.net/sfu/devconf
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

Re: [LTP] [PATCH] Filecaps: Update error message for recent kernels

[Subrata Modak]

On Tue, 2009-09-15 at 14:53 -0700, Matt Helsley wrote: 
> On Tue, Sep 15, 2009 at 05:30:55PM +0200, Geert Uytterhoeven wrote:
> >    - As of 2.6.24, `capability' can no longer be a module,
> >    - As of 2.6.27, CONFIG_SECURITY_CAPABILITIES no longer exists.
> > 
> > Signed-off-by: Geert Uytterhoeven <Geert.Uytterhoeven@sonycom.com>
> > ---
> >  .../kernel/security/filecaps/checkforfilecaps.sh   |    3 +--
> >  1 files changed, 1 insertions(+), 2 deletions(-)
> > 
> > diff --git a/testcases/kernel/security/filecaps/checkforfilecaps.sh b/testcases/kernel/security/filecaps/checkforfilecaps.sh
> > index 20f97f5..3f6a4ec 100755
> > --- a/testcases/kernel/security/filecaps/checkforfilecaps.sh
> > +++ b/testcases/kernel/security/filecaps/checkforfilecaps.sh
> > @@ -23,8 +23,7 @@ check_simple_capset
> >  ret=$?
> >  if [ $ret -ne 0 ]; then
> >  	echo Posix capabilities not compiled into the kernel.  Please
> > -	echo modprobe capability or recompile your kernel with
> > -	echo CONFIG_SECURITY_CAPABILITIES=y.
> > +	echo recompile your kernel with CONFIG_SECURITY_FILE_CAPABILITIES=y.
> 
> Then the advice is incorrect for older kernels. If LTP should still run
> nicely for users of older kernels then perhaps something like this is better:
> 
> -	echo modprobe capability or recompile your kernel with
> -	echo CONFIG_SECURITY_CAPABILITIES=y.
> +	if tst_kvercmp 2 6 24 ; then
> +		echo modprobe capability or recompile your kernel with
> +		echo CONFIG_SECURITY_CAPABILITIES=y.
> +	elif tst_kvercmp 2 6 27 ; then
> +		echo recompile your kernel with CONFIG_SECURITY_CAPABILITIES=y.
> +	else
> +		echo recompile your kernel with CONFIG_SECURITY_FILE_CAPABILITIES=y.
> +	fi

Yes, this is better. Please shoot off a patch.

Regards--
Subrata

> 
> Cheers,
> 	-Matt Helsley


------------------------------------------------------------------------------
Come build with us! The BlackBerry&reg; Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9&#45;12, 2009. Register now&#33;
http://p.sf.net/sfu/devconf
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

Re: [LTP] [PATCH] Filecaps: Update error message for recent kernels

[Geert Uytterhoeven]

On Wed, 16 Sep 2009, Subrata Modak wrote:
> On Tue, 2009-09-15 at 14:53 -0700, Matt Helsley wrote: 
> > On Tue, Sep 15, 2009 at 05:30:55PM +0200, Geert Uytterhoeven wrote:
> > >    - As of 2.6.24, `capability' can no longer be a module,
> > >    - As of 2.6.27, CONFIG_SECURITY_CAPABILITIES no longer exists.
> > > 
> > > Signed-off-by: Geert Uytterhoeven <Geert.Uytterhoeven@sonycom.com>
> > > ---
> > >  .../kernel/security/filecaps/checkforfilecaps.sh   |    3 +--
> > >  1 files changed, 1 insertions(+), 2 deletions(-)
> > > 
> > > diff --git a/testcases/kernel/security/filecaps/checkforfilecaps.sh b/testcases/kernel/security/filecaps/checkforfilecaps.sh
> > > index 20f97f5..3f6a4ec 100755
> > > --- a/testcases/kernel/security/filecaps/checkforfilecaps.sh
> > > +++ b/testcases/kernel/security/filecaps/checkforfilecaps.sh
> > > @@ -23,8 +23,7 @@ check_simple_capset
> > >  ret=$?
> > >  if [ $ret -ne 0 ]; then
> > >  	echo Posix capabilities not compiled into the kernel.  Please
> > > -	echo modprobe capability or recompile your kernel with
> > > -	echo CONFIG_SECURITY_CAPABILITIES=y.
> > > +	echo recompile your kernel with CONFIG_SECURITY_FILE_CAPABILITIES=y.
> > 
> > Then the advice is incorrect for older kernels. If LTP should still run
> > nicely for users of older kernels then perhaps something like this is better:
> > 
> > -	echo modprobe capability or recompile your kernel with
> > -	echo CONFIG_SECURITY_CAPABILITIES=y.
> > +	if tst_kvercmp 2 6 24 ; then
> > +		echo modprobe capability or recompile your kernel with
> > +		echo CONFIG_SECURITY_CAPABILITIES=y.
> > +	elif tst_kvercmp 2 6 27 ; then
> > +		echo recompile your kernel with CONFIG_SECURITY_CAPABILITIES=y.
> > +	else
> > +		echo recompile your kernel with CONFIG_SECURITY_FILE_CAPABILITIES=y.
> > +	fi
> 
> Yes, this is better. Please shoot off a patch.

At your service!

---
From 0e13026c931d26393671884f63446b7389318b27 Mon Sep 17 00:00:00 2001
From: Geert Uytterhoeven <Geert.Uytterhoeven@sonycom.com>
Date: Tue, 15 Sep 2009 17:06:09 +0200
Subject: [PATCH 9/9] Filecaps: Update error message for recent kernels

   - As of 2.6.24, `capability' can no longer be a module,
   - As of 2.6.27, CONFIG_SECURITY_CAPABILITIES no longer exists.

Signed-off-by: Geert Uytterhoeven <Geert.Uytterhoeven@sonycom.com>
--
v2: Make the message dependent on the kernel version, as suggested by Matt
    Helsley
---
 .../kernel/security/filecaps/checkforfilecaps.sh   |   10 ++++++++--
 1 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/testcases/kernel/security/filecaps/checkforfilecaps.sh b/testcases/kernel/security/filecaps/checkforfilecaps.sh
index 20f97f5..5ca385e 100755
--- a/testcases/kernel/security/filecaps/checkforfilecaps.sh
+++ b/testcases/kernel/security/filecaps/checkforfilecaps.sh
@@ -23,8 +23,14 @@ check_simple_capset
 ret=$?
 if [ $ret -ne 0 ]; then
 	echo Posix capabilities not compiled into the kernel.  Please
-	echo modprobe capability or recompile your kernel with
-	echo CONFIG_SECURITY_CAPABILITIES=y.
+	if tst_kvercmp 2 6 24 ; then
+		echo modprobe capability or recompile your kernel with
+		echo CONFIG_SECURITY_CAPABILITIES=y.
+	elif tst_kvercmp 2 6 27 ; then
+		echo recompile your kernel with CONFIG_SECURITY_CAPABILITIES=y.
+	else
+		echo recompile your kernel with CONFIG_SECURITY_FILE_CAPABILITIES=y.
+	fi
 	exit 1
 fi
 
-- 
1.6.2.4

With kind regards,

Geert Uytterhoeven
Software Architect
Techsoft Centre

Technology and Software Centre Europe
The Corporate Village · Da Vincilaan 7-D1 · B-1935 Zaventem · Belgium

Phone:    +32 (0)2 700 8453
Fax:      +32 (0)2 700 8622
E-mail:   Geert.Uytterhoeven@sonycom.com
Internet: http://www.sony-europe.com/

A division of Sony Europe (Belgium) N.V.
VAT BE 0413.825.160 · RPR Brussels
Fortis · BIC GEBABEBB · IBAN BE41293037680010

------------------------------------------------------------------------------
Come build with us! The BlackBerry&reg; Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9&#45;12, 2009. Register now&#33;
http://p.sf.net/sfu/devconf
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

Re: [LTP] [PATCH] Filecaps: Update error message for recent kernels

[Serge E. Hallyn]

Quoting Geert Uytterhoeven (Geert.Uytterhoeven@sonycom.com):
> On Wed, 16 Sep 2009, Subrata Modak wrote:
> > On Tue, 2009-09-15 at 14:53 -0700, Matt Helsley wrote: 
> > > On Tue, Sep 15, 2009 at 05:30:55PM +0200, Geert Uytterhoeven wrote:
> > > >    - As of 2.6.24, `capability' can no longer be a module,
> > > >    - As of 2.6.27, CONFIG_SECURITY_CAPABILITIES no longer exists.
> > > > 
> > > > Signed-off-by: Geert Uytterhoeven <Geert.Uytterhoeven@sonycom.com>
> > > > ---
> > > >  .../kernel/security/filecaps/checkforfilecaps.sh   |    3 +--
> > > >  1 files changed, 1 insertions(+), 2 deletions(-)
> > > > 
> > > > diff --git a/testcases/kernel/security/filecaps/checkforfilecaps.sh b/testcases/kernel/security/filecaps/checkforfilecaps.sh
> > > > index 20f97f5..3f6a4ec 100755
> > > > --- a/testcases/kernel/security/filecaps/checkforfilecaps.sh
> > > > +++ b/testcases/kernel/security/filecaps/checkforfilecaps.sh
> > > > @@ -23,8 +23,7 @@ check_simple_capset
> > > >  ret=$?
> > > >  if [ $ret -ne 0 ]; then
> > > >  	echo Posix capabilities not compiled into the kernel.  Please
> > > > -	echo modprobe capability or recompile your kernel with
> > > > -	echo CONFIG_SECURITY_CAPABILITIES=y.
> > > > +	echo recompile your kernel with CONFIG_SECURITY_FILE_CAPABILITIES=y.
> > > 
> > > Then the advice is incorrect for older kernels. If LTP should still run
> > > nicely for users of older kernels then perhaps something like this is better:
> > > 
> > > -	echo modprobe capability or recompile your kernel with
> > > -	echo CONFIG_SECURITY_CAPABILITIES=y.
> > > +	if tst_kvercmp 2 6 24 ; then
> > > +		echo modprobe capability or recompile your kernel with
> > > +		echo CONFIG_SECURITY_CAPABILITIES=y.
> > > +	elif tst_kvercmp 2 6 27 ; then
> > > +		echo recompile your kernel with CONFIG_SECURITY_CAPABILITIES=y.
> > > +	else
> > > +		echo recompile your kernel with CONFIG_SECURITY_FILE_CAPABILITIES=y.
> > > +	fi
> > 
> > Yes, this is better. Please shoot off a patch.
> 
> At your service!
> 
> ---
> >From 0e13026c931d26393671884f63446b7389318b27 Mon Sep 17 00:00:00 2001
> From: Geert Uytterhoeven <Geert.Uytterhoeven@sonycom.com>
> Date: Tue, 15 Sep 2009 17:06:09 +0200
> Subject: [PATCH 9/9] Filecaps: Update error message for recent kernels
> 
>    - As of 2.6.24, `capability' can no longer be a module,
>    - As of 2.6.27, CONFIG_SECURITY_CAPABILITIES no longer exists.
> 
> Signed-off-by: Geert Uytterhoeven <Geert.Uytterhoeven@sonycom.com>
> --
> v2: Make the message dependent on the kernel version, as suggested by Matt
>     Helsley
> ---
>  .../kernel/security/filecaps/checkforfilecaps.sh   |   10 ++++++++--
>  1 files changed, 8 insertions(+), 2 deletions(-)
> 
> diff --git a/testcases/kernel/security/filecaps/checkforfilecaps.sh b/testcases/kernel/security/filecaps/checkforfilecaps.sh
> index 20f97f5..5ca385e 100755
> --- a/testcases/kernel/security/filecaps/checkforfilecaps.sh
> +++ b/testcases/kernel/security/filecaps/checkforfilecaps.sh
> @@ -23,8 +23,14 @@ check_simple_capset
>  ret=$?
>  if [ $ret -ne 0 ]; then
>  	echo Posix capabilities not compiled into the kernel.  Please
> -	echo modprobe capability or recompile your kernel with
> -	echo CONFIG_SECURITY_CAPABILITIES=y.
> +	if tst_kvercmp 2 6 24 ; then
> +		echo modprobe capability or recompile your kernel with
> +		echo CONFIG_SECURITY_CAPABILITIES=y.
> +	elif tst_kvercmp 2 6 27 ; then
> +		echo recompile your kernel with CONFIG_SECURITY_CAPABILITIES=y.
> +	else
> +		echo recompile your kernel with CONFIG_SECURITY_FILE_CAPABILITIES=y.

I don't think splitting these last two up is necessary - the
CONFIG_SECURITY_FILE_CAPABILITIES check is in the next stanza
in checkforfilecaps.sh.  This check is only for
CONFIG_SECURITY_CAPABILITIES itself.

> +	fi
>  	exit 1
>  fi

-serge

------------------------------------------------------------------------------
Come build with us! The BlackBerry&reg; Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9&#45;12, 2009. Register now&#33;
http://p.sf.net/sfu/devconf
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

Re: [LTP] [PATCH] Filecaps: Update error message for recent kernels

[Geert Uytterhoeven]

On Wed, 16 Sep 2009, Serge E. Hallyn wrote:
> Quoting Geert Uytterhoeven (Geert.Uytterhoeven@sonycom.com):
> > >From 0e13026c931d26393671884f63446b7389318b27 Mon Sep 17 00:00:00 2001
> > From: Geert Uytterhoeven <Geert.Uytterhoeven@sonycom.com>
> > Date: Tue, 15 Sep 2009 17:06:09 +0200
> > Subject: [PATCH 9/9] Filecaps: Update error message for recent kernels
> > 
> >    - As of 2.6.24, `capability' can no longer be a module,
> >    - As of 2.6.27, CONFIG_SECURITY_CAPABILITIES no longer exists.
> > 
> > Signed-off-by: Geert Uytterhoeven <Geert.Uytterhoeven@sonycom.com>
> > --
> > v2: Make the message dependent on the kernel version, as suggested by Matt
> >     Helsley
> > ---
> >  .../kernel/security/filecaps/checkforfilecaps.sh   |   10 ++++++++--
> >  1 files changed, 8 insertions(+), 2 deletions(-)
> > 
> > diff --git a/testcases/kernel/security/filecaps/checkforfilecaps.sh b/testcases/kernel/security/filecaps/checkforfilecaps.sh
> > index 20f97f5..5ca385e 100755
> > --- a/testcases/kernel/security/filecaps/checkforfilecaps.sh
> > +++ b/testcases/kernel/security/filecaps/checkforfilecaps.sh
> > @@ -23,8 +23,14 @@ check_simple_capset
> >  ret=$?
> >  if [ $ret -ne 0 ]; then
> >  	echo Posix capabilities not compiled into the kernel.  Please
> > -	echo modprobe capability or recompile your kernel with
> > -	echo CONFIG_SECURITY_CAPABILITIES=y.
> > +	if tst_kvercmp 2 6 24 ; then
> > +		echo modprobe capability or recompile your kernel with
> > +		echo CONFIG_SECURITY_CAPABILITIES=y.
> > +	elif tst_kvercmp 2 6 27 ; then
> > +		echo recompile your kernel with CONFIG_SECURITY_CAPABILITIES=y.
> > +	else
> > +		echo recompile your kernel with CONFIG_SECURITY_FILE_CAPABILITIES=y.
> 
> I don't think splitting these last two up is necessary - the
> CONFIG_SECURITY_FILE_CAPABILITIES check is in the next stanza
> in checkforfilecaps.sh.  This check is only for
> CONFIG_SECURITY_CAPABILITIES itself.

However, this (first) check is triggered on my 2.6.31+ kernel with
CONFIG_SECURITY_FILE_CAPABILITIES=n, where the config symbol
CONFIG_SECURITY_CAPABILITIES no longer exists.

Or should it be plain CONFIG_SECURITY?

With kind regards,

Geert Uytterhoeven
Software Architect
Techsoft Centre

Technology and Software Centre Europe
The Corporate Village · Da Vincilaan 7-D1 · B-1935 Zaventem · Belgium

Phone:    +32 (0)2 700 8453
Fax:      +32 (0)2 700 8622
E-mail:   Geert.Uytterhoeven@sonycom.com
Internet: http://www.sony-europe.com/

A division of Sony Europe (Belgium) N.V.
VAT BE 0413.825.160 · RPR Brussels
Fortis · BIC GEBABEBB · IBAN BE41293037680010

------------------------------------------------------------------------------
Come build with us! The BlackBerry&reg; Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9&#45;12, 2009. Register now&#33;
http://p.sf.net/sfu/devconf
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

Re: [LTP] [PATCH] Filecaps: Update error message for recent kernels

[Serge E. Hallyn]

Quoting Geert Uytterhoeven (Geert.Uytterhoeven@sonycom.com):
> On Wed, 16 Sep 2009, Serge E. Hallyn wrote:
> > Quoting Geert Uytterhoeven (Geert.Uytterhoeven@sonycom.com):
...
> > > +	if tst_kvercmp 2 6 24 ; then
> > > +		echo modprobe capability or recompile your kernel with
> > > +		echo CONFIG_SECURITY_CAPABILITIES=y.
> > > +	elif tst_kvercmp 2 6 27 ; then
> > > +		echo recompile your kernel with CONFIG_SECURITY_CAPABILITIES=y.
> > > +	else
> > > +		echo recompile your kernel with CONFIG_SECURITY_FILE_CAPABILITIES=y.
> > 
> > I don't think splitting these last two up is necessary - the
> > CONFIG_SECURITY_FILE_CAPABILITIES check is in the next stanza
> > in checkforfilecaps.sh.  This check is only for
> > CONFIG_SECURITY_CAPABILITIES itself.
> 
> However, this (first) check is triggered on my 2.6.31+ kernel with
> CONFIG_SECURITY_FILE_CAPABILITIES=n, where the config symbol
> CONFIG_SECURITY_CAPABILITIES no longer exists.
> 
> Or should it be plain CONFIG_SECURITY?

???  Well, taking a quick look at check_simple_capset.c, it's actually
a bit messed up.  I'm pretty sure I did in fact write it, but it isn't
right.  The second test in checkforfilecaps.sh isn't right either -
it checks for the xattr support, not actual file capabilities support.

check_simple_capset.c should just read:

	caps = cap_from_text("cap_sys_admin=ep");
	caps2 = cap_get_proc();
	if (!caps || !caps2)
		fail;
	ret = cap_compare(caps, caps);
	cap_free(caps);
	cap_free(caps2);
	return ret;

The second test should actually execute a copy of sleep with filecaps,
i.e.
	cp `which sleep` .
	setcap cap_sys_admin=ep ./sleep
	capsh --uid=`id -u ltp`  -- -c "./sleep 20" &
	p=`jobs -p`
	prm=`cat /proc/$p/status | grep CapPrm | awk '{ print $2 '}`
	inh=`cat /proc/$p/status | grep CapInh | awk '{ print $2 '}`
	eff=`cat /proc/$p/status | grep CapEff | awk '{ print $2 '}`
	if [ "$inh" != "0000000000000000" ]; then
		fail;
	fi
	if [ "$prm" != "0000000000200000" ]; then
		fail;
	fi
	if [ "$eff" != "0000000000200000" ]; then
		fail;
	fi
	pass

-serge

------------------------------------------------------------------------------
Come build with us! The BlackBerry® Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9-12, 2009. Register now!
http://p.sf.net/sfu/devconf
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list