From owner-svn-src-projects@freebsd.org Tue Sep 3 14:06:02 2019 Return-Path: Delivered-To: svn-src-projects@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 51397DC17F for ; Tue, 3 Sep 2019 14:06:00 +0000 (UTC) (envelope-from yuripv@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46N7yv172gz4P4G; Tue, 3 Sep 2019 14:05:59 +0000 (UTC) (envelope-from yuripv@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1452) id 47B3E19F12; Tue, 3 Sep 2019 14:05:53 +0000 (UTC) X-Original-To: yuripv@localmail.freebsd.org Delivered-To: yuripv@localmail.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client CN "mx1.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by freefall.freebsd.org (Postfix) with ESMTPS id E2EE11473B; Sun, 31 Mar 2019 04:24:56 +0000 (UTC) (envelope-from owner-src-committers@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2AFD58EF88; Sun, 31 Mar 2019 04:24:56 +0000 (UTC) (envelope-from owner-src-committers@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 538) id 0EA7D14701; Sun, 31 Mar 2019 04:24:56 +0000 (UTC) Delivered-To: src-committers@localmail.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [96.47.72.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client CN "mx1.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by freefall.freebsd.org (Postfix) with ESMTPS id CC3CF146FF for ; Sun, 31 Mar 2019 04:24:52 +0000 (UTC) (envelope-from ngie@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9C6898EF86; Sun, 31 Mar 2019 04:24:52 +0000 (UTC) (envelope-from ngie@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 737A321862; Sun, 31 Mar 2019 04:24:52 +0000 (UTC) (envelope-from ngie@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x2V4Oqkc075761; Sun, 31 Mar 2019 04:24:52 GMT (envelope-from ngie@FreeBSD.org) Received: (from ngie@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x2V4OqMS075760; Sun, 31 Mar 2019 04:24:52 GMT (envelope-from ngie@FreeBSD.org) Message-Id: <201903310424.x2V4OqMS075760@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ngie set sender to ngie@FreeBSD.org using -f From: Enji Cooper To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r345743 - projects/capsicum-test/contrib/capsicum-test X-SVN-Group: projects X-SVN-Commit-Author: ngie X-SVN-Commit-Paths: projects/capsicum-test/contrib/capsicum-test X-SVN-Commit-Revision: 345743 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk X-Loop: FreeBSD.org Sender: owner-src-committers@freebsd.org X-Rspamd-Queue-Id: 2AFD58EF88 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.92 / 15.00]; local_wl_from(0.00)[freebsd.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.997,0]; NEURAL_HAM_SHORT(-0.92)[-0.921,0]; ASN(0.00)[asn:11403, ipnet:96.47.64.0/20, country:US]; NEURAL_HAM_LONG(-1.00)[-1.000,0] Status: O X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.29 List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Tue, 03 Sep 2019 14:06:03 -0000 X-Original-Date: Sun, 31 Mar 2019 04:24:52 +0000 (UTC) X-List-Received-Date: Tue, 03 Sep 2019 14:06:03 -0000 Author: ngie Date: Sun Mar 31 04:24:51 2019 New Revision: 345743 URL: https://svnweb.freebsd.org/changeset/base/345743 Log: Add FreeBSD-specific capsicum feature sanity checks to Environment::SetUp * Not all consumers build with CAPABILITIES enabled kernels, thus, we must check for the `security_capabilities` feature via feature_present(3) before running the tests. Otherwise, the test results are invalid. * Check the `kern.trap_enotcap` sysctl to make sure it's disabled. If it's not disabled, skip the tests. Reason being is that it can trigger failures, as noted in https://github.com/google/capsicum-test/issues/23 by markj@. This fixes the first TODO item in D19758. Modified: projects/capsicum-test/contrib/capsicum-test/capsicum-test-main.cc Modified: projects/capsicum-test/contrib/capsicum-test/capsicum-test-main.cc ============================================================================== --- projects/capsicum-test/contrib/capsicum-test/capsicum-test-main.cc Sun Mar 31 03:19:10 2019 (r345742) +++ projects/capsicum-test/contrib/capsicum-test/capsicum-test-main.cc Sun Mar 31 04:24:51 2019 (r345743) @@ -2,6 +2,8 @@ #ifdef __linux__ #include #include +#elif defined(__FreeBSD__) +#include #endif #include #include @@ -21,6 +23,7 @@ class SetupEnvironment : public ::testing::Environment public: SetupEnvironment() : teardown_tmpdir_(false) {} void SetUp() override { + CheckCapsicumSupport(); if (tmpdir.empty()) { std::cerr << "Generating temporary directory root: "; CreateTemporaryRoot(); @@ -28,6 +31,33 @@ class SetupEnvironment : public ::testing::Environment std::cerr << "User provided temporary directory root: "; } std::cerr << tmpdir << std::endl; + } + void CheckCapsicumSupport() { +#ifdef __FreeBSD__ + size_t trap_enotcap_enabled_len; + int rc; + bool trap_enotcap_enabled; + + trap_enotcap_enabled_len = sizeof(trap_enotcap_enabled); + + if (feature_present("security_capabilities") == 0) { + GTEST_SKIP() << "Tests require a CAPABILITIES enabled kernel"; + } else { + std::cerr << "Running on a CAPABILITIES enabled kernel" << std::endl; + } + const char *oid = "kern.trap_enotcap"; + rc = sysctlbyname(oid, &trap_enotcap_enabled, &trap_enotcap_enabled_len, + nullptr, 0); + if (rc != 0) { + GTEST_FAIL() << "sysctlbyname failed: " << strerror(errno); + } + if (trap_enotcap_enabled) { + GTEST_SKIP() << "Sysctl " << oid << " enabled. " + << "Skipping tests to avoid non-determinism with results"; + } else { + std::cerr << "Sysctl " << oid << " not enabled." << std::endl; + } +#endif } void CreateTemporaryRoot() { char *tmpdir_name = tempnam(nullptr, "cptst");