This ptest implementation includes a subset of upstream tests that provide functional coverage of core libcap and libpsx behavior across target systems.
This approach is preferred instead of using libcap's quicktest.sh script because the later assumes the upstream build-tree layout and has too many dependencies not available after installation. Quicktest exercises a wide range of kernel capability features and environment-specific functionality that is too comprehensive for ptests. The ptests include the following libcap/tests executables: uns_test, psx_test, libcap_psx_test, libcap_launch_test, and exploit/noexploit. cap_test from libcap/libcap is also included. These provide coverage for capability manipulation, libpsx integration, launch handling, and basic security validation. Signed-off-by: Kris Gavvala <[email protected]> --- .../distro/include/ptest-packagelists.inc | 1 + meta/recipes-support/libcap/files/run-ptest | 25 +++++++++++ meta/recipes-support/libcap/libcap_2.78.bb | 43 ++++++++++++++++++- 3 files changed, 68 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-support/libcap/files/run-ptest diff --git a/meta/conf/distro/include/ptest-packagelists.inc b/meta/conf/distro/include/ptest-packagelists.inc index f3f42f908a..1254a9e204 100644 --- a/meta/conf/distro/include/ptest-packagelists.inc +++ b/meta/conf/distro/include/ptest-packagelists.inc @@ -31,6 +31,7 @@ PTESTS_FAST = "\ libarchive \ libassuan \ libatomic-ops \ + libcap \ libcheck \ libconfig \ libconvert-asn1-perl \ diff --git a/meta/recipes-support/libcap/files/run-ptest b/meta/recipes-support/libcap/files/run-ptest new file mode 100644 index 0000000000..c56d483545 --- /dev/null +++ b/meta/recipes-support/libcap/files/run-ptest @@ -0,0 +1,25 @@ +#!/bin/sh + +EXPECT_FAIL=1 +EXPECT_PASS=0 + +cd tests || exit + +for t in uns_test psx_test libcap_psx_test libcap_launch_test cap_test exploit noexploit; do + output=$("./$t" 2>&1 ) + status=$? + + expected="$EXPECT_PASS" + + if [ $t = 'exploit' ]; then + expected="$EXPECT_FAIL" + fi + + if [ "$status" -eq "$expected" ]; then + echo "PASS: $t" + else + echo "FAIL: $t" + echo "$output" + fi +done + diff --git a/meta/recipes-support/libcap/libcap_2.78.bb b/meta/recipes-support/libcap/libcap_2.78.bb index 782ad02665..d91ece4aaf 100644 --- a/meta/recipes-support/libcap/libcap_2.78.bb +++ b/meta/recipes-support/libcap/libcap_2.78.bb @@ -16,11 +16,14 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/libs/security/linux-privs/${BPN}2/${BPN}-${ SRC_URI:append:class-nativesdk = " \ file://0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch \ " +SRC_URI:append = " \ + file://run-ptest \ + " SRC_URI[sha256sum] = "0d621e562fd932ccf67b9660fb018e468a683d7b827541df27813228c996bb11" UPSTREAM_CHECK_URI = "https://www.kernel.org/pub/linux/libs/security/linux-privs/${BPN}2/"; -inherit lib_package +inherit lib_package ptest PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" PACKAGECONFIG[pam] = "PAM_CAP=yes,PAM_CAP=no,libpam" @@ -62,6 +65,44 @@ do_install:append() { fi } +LIBCAP_PTEST_TESTS = " \ + uns_test \ + psx_test \ + libcap_psx_test \ + noop \ + libcap_launch_test \ + exploit \ + noexploit \ +" + +do_compile_ptest() { + oe_runmake -C tests uns_test psx_test libcap_psx_test noop libcap_launch_test exploit noexploit \ + AR="${AR}" \ + CC="${CC}" \ + RANLIB="${RANLIB}" \ + OBJCOPY="${OBJCOPY}" + oe_runmake -C libcap cap_test \ + AR="${AR}" \ + CC="${CC}" \ + RANLIB="${RANLIB}" \ + OBJCOPY="${OBJCOPY}" + oe_runmake -C progs tcapsh-static \ + AR="${AR}" \ + RANLIB="${RANLIB}" \ + OBJCOPY="${OBJCOPY}" \ + CC="${CC}" +} + +do_install_ptest() { + install -d ${D}${PTEST_PATH}/tests ${D}${PTEST_PATH}/progs + + for f in ${LIBCAP_PTEST_TESTS}; do + install -m 0755 ${B}/tests/${f} ${D}${PTEST_PATH}/tests + done + install -m 0755 ${B}/libcap/cap_test ${D}${PTEST_PATH}/tests + install -m 0755 ${B}/progs/tcapsh-static ${D}${PTEST_PATH}/progs +} + # pam files FILES:${PN} += "${base_libdir}/security/*.so" -- 2.49.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#238649): https://lists.openembedded.org/g/openembedded-core/message/238649 Mute This Topic: https://lists.openembedded.org/mt/119784304/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
