aboutsummaryrefslogtreecommitdiff
path: root/go/b215283.go
diff options
context:
space:
mode:
Diffstat (limited to 'go/b215283.go')
-rw-r--r--go/b215283.go47
1 files changed, 47 insertions, 0 deletions
diff --git a/go/b215283.go b/go/b215283.go
new file mode 100644
index 0000000..26596b6
--- /dev/null
+++ b/go/b215283.go
@@ -0,0 +1,47 @@
+// Program b215283 requires privilege to execute and is a minimally adapted
+// version of a test case provided by Lorenz Bauer as a reproducer for a
+// problem he found and reported in:
+//
+// https://bugzilla.kernel.org/show_bug.cgi?id=215283
+package main
+
+import (
+ "fmt"
+ "os"
+
+ "kernel.org/pub/linux/libs/security/libcap/cap"
+)
+
+func main() {
+ const secbits = cap.SecbitNoRoot | cap.SecbitNoSetUIDFixup
+
+ if v, err := cap.GetProc().GetFlag(cap.Permitted, cap.SETPCAP); err != nil {
+ panic(fmt.Sprintf("failed to get flag value: %v", err))
+ os.Exit(1)
+ } else if !v {
+ fmt.Printf("test requires cap_setpcap: found %q\n", cap.GetProc())
+ os.Exit(1)
+ }
+ if bits := cap.GetSecbits(); bits != 0 {
+ fmt.Printf("test expects secbits=0 to run; found: 0%o\n", bits)
+ os.Exit(1)
+ }
+
+ fmt.Println("secbits:", cap.GetSecbits(), " caps:", cap.GetProc())
+
+ l := cap.FuncLauncher(func(interface{}) error {
+ return cap.NewSet().SetProc()
+ })
+
+ if _, err := l.Launch(nil); err != nil {
+ fmt.Printf("launch failed: %v\n", err)
+ os.Exit(1)
+ }
+
+ fmt.Println("secbits:", cap.GetSecbits(), " caps:", cap.GetProc())
+
+ if err := secbits.Set(); err != nil {
+ fmt.Printf("set securebits: %v", err.Error())
+ os.Exit(1)
+ }
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-23 11:42:59 +0000