Test suite for Capsicum
C++ Shell C Python Makefile Other Other
Permalink
Failed to load latest commit information.
autoconf Add prefix to script variables Dec 17, 2014
casper Install into /usr/sbin not /usr/bin Jun 16, 2014
gtest-1.6.0 Add local copy of gtest-1.6.0 Oct 1, 2013
libcaprights capmode: allow some FD-creating syscalls Mar 7, 2016
.gitignore Add (Linux) test that capability mode survives arch change Jun 10, 2015
CONTRIBUTING.md Add initial CONTRIBUTING file Feb 13, 2014
GNUmakefile Only build x32 binary if header available Aug 21, 2015
LICENSE Coalesce licensing information & tidy header comments Jan 7, 2014
README.md Update README May 13, 2015
capability-fd-pair.cc Add ability to specify where temporary files go Jul 27, 2015
capability-fd.cc Cope with split-out versions of CAP_LINKAT, CAP_RENAMEAT Aug 28, 2015
capmode.cc Skip tests that aren't possible on tmpfs volumes Jul 31, 2015
capsicum-freebsd.h Fix clashing macro name Nov 26, 2015
capsicum-linux.h Use ENOTBENEATH if available Aug 22, 2015
capsicum-rights.h Include necessary headers (for bool in particular) Feb 17, 2014
capsicum-test-main.cc Macro Linux-specific code in capsicum-test-main.cc Aug 13, 2015
capsicum-test.cc Skip tests that aren't possible on tmpfs volumes Jul 31, 2015
capsicum-test.h Skip tests that aren't possible on tmpfs volumes Jul 31, 2015
capsicum.h Cope with split-out versions of CAP_LINKAT, CAP_RENAMEAT Aug 28, 2015
fcntl.cc Allow for different errors on invalid subrights Nov 13, 2015
fexecve.cc Add ability to specify where temporary files go Jul 27, 2015
ioctl.cc Fix clashing macro name Nov 26, 2015
linux.cc Test open_by_handle_at isn't allowed in capability mode Jun 2, 2016
makefile Add (Linux) test that capability mode survives arch change Jun 10, 2015
mini-me.c Add (Linux) test that capability mode survives arch change Jun 10, 2015
mqueue.cc Re-enable a couple of tests on FreeBSD Jun 26, 2015
openat.cc Test combination of capability mode and O_BENEATH Aug 10, 2015
overhead.cc Make overhead thresholds more generous Feb 17, 2015
procdesc.cc Deflake Pdfork.PdkillOtherSignal test Jul 31, 2015
sctp.cc Conditionally include SCTP test Mar 25, 2015
select.cc Add ability to specify where temporary files go Jul 27, 2015
showrights (Linux) Add utility to translate hex rights to text Feb 29, 2016
smoketest.c Check for ECAPMODE in smoketest Aug 10, 2015
socket.cc Add ability to specify where temporary files go Jul 27, 2015
syscalls.h Add tests for mknodat() variants Aug 14, 2015
sysctl.cc Coalesce licensing information & tidy header comments Jan 7, 2014
waittest.c Small standalone program to test wait() for pdfork()ed child Mar 5, 2014

README.md

Capsicum User Space Tests

This directory holds unit tests for Capsicum object-capabilities. The tests exercise the syscall interface to a Capsicum-enabled operating system, currently either FreeBSD 10.x or a modified Linux kernel (the capsicum-linux project).

The tests are written in C++98, and use the Google Test framework, with some additions to fork off particular tests (because a process that enters capability mode cannot leave it again).

Provenance

The original basis for these tests was:

  • unit tests written by Robert Watson and Jonathan Anderson for the original FreeBSD 9.x Capsicum implementation
  • unit tests written by Meredydd Luff for the original Capsicum-Linux port.

These tests were coalesced and moved into an independent repository to enable comparative testing across multiple OSes, and then substantially extended.

OS Configuration

Linux

The following kernel configuration options are needed to run the tests:

  • CONFIG_SECURITY_CAPSICUM: enable the Capsicum framework
  • CONFIG_PROCDESC: enable Capsicum process-descriptor functionality
  • CONFIG_DEBUG_FS: enable debug filesystem
  • CONFIG_IP_SCTP: enable SCTP support

FreeBSD (>= 10.x)

The following kernel configuration options are needed so that all tests can run:

  • options P1003_1B_MQUEUE: Enable POSIX message queues (or kldload mqueuefs)

Other Dependencies

Linux

The following additional development packages are needed to build the full test suite on Linux.

  • libcaprights: See below
  • libcap-dev: Provides headers for POSIX.1e capabilities.
  • libsctp1: Provides SCTP library functions.
  • libsctp-dev: Provides headers for SCTP library functions.

Linux libcaprights

The Capsicum userspace library is held in the libcaprights/ subdirectory. Ideally, this library should be built (with "./configure; make" or "dpkg-buildpackage -uc -us") and installed (with "make install" or "dpkg -i libcaprights*.deb") so that the tests will use behave like a normal Capsicum-aware application.

However, if no installed copy of the library is found, the GNUmakefile will attempt to use the local libcaprights/*.c source; this requires ./configure to have been performed in the libcaprights subdirectory. The local code is also used for cross-compiled builds of the test suite (e.g. make ARCH=32 or make ARCH=x32).