Test suite for Capsicum
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
autoconf Add prefix to script variables Dec 17, 2014
casper Install into /usr/sbin not /usr/bin Jun 16, 2014
gtest-1.6.0 Add local copy of gtest-1.6.0 Oct 1, 2013
libcaprights libcaprights: fix sign extension in AT_FDCWD check Oct 13, 2017
.gitignore Add (Linux) test that capability mode survives arch change Jun 10, 2015
CONTRIBUTING.md Add initial CONTRIBUTING file Feb 13, 2014
GNUmakefile Only build x32 binary if header available Aug 21, 2015
LICENSE Coalesce licensing information & tidy header comments Jan 7, 2014
README.md Update README Sep 21, 2017
capability-fd-pair.cc Add ability to specify where temporary files go Jul 27, 2015
capability-fd.cc Add utilities to show fd's rights Oct 2, 2017
capmode.cc Test that invalid FD gets a non-Capsicum error Oct 13, 2017
capsicum-freebsd.h Check FreeBSD version for intermediate .. behaviour Sep 22, 2017
capsicum-linux.h Drop unneeded AT_SYSCALLS_IN_CAPMODE macro Sep 22, 2017
capsicum-rights.h Track FreeBSD header rename sys/capability.h -> sys/capsicum.h (#14) Jul 4, 2017
capsicum-test-main.cc Macro Linux-specific code in capsicum-test-main.cc Aug 13, 2015
capsicum-test.cc Fix FreeBSD ps command to retrieve zombie process state (#17) Jul 11, 2017
capsicum-test.h Add utilities to show fd's rights Oct 2, 2017
capsicum.h Cope with split-out versions of CAP_LINKAT, CAP_RENAMEAT Aug 28, 2015
fcntl.cc Allow for different errors on invalid subrights Nov 13, 2015
fexecve.cc Test *at(AT_FDCWD,...) syscalls are policed Sep 21, 2017
ioctl.cc Fix clashing macro name Nov 26, 2015
linux.cc Run Linux epoll test in capability mode Sep 25, 2017
makefile Test rename[at] syscalls with absolute path (#22) Oct 13, 2017
mini-me.c Add (Linux) test that capability mode survives arch change Jun 10, 2015
mqueue.cc Re-enable a couple of tests on FreeBSD Jun 26, 2015
openat.cc Use macro to indicate if intermediate .. is supported Sep 19, 2017
overhead.cc Make overhead thresholds more generous Feb 17, 2015
procdesc.cc Deflake Pdfork.PdkillOtherSignal test Jul 31, 2015
rename.cc Test rename[at] syscalls with absolute path (#22) Oct 13, 2017
sctp.cc Conditionally include SCTP test Mar 25, 2015
select.cc Add ability to specify where temporary files go Jul 27, 2015
showrights (Linux) Add utility to translate hex rights to text Feb 29, 2016
smoketest.c Check for ECAPMODE in smoketest Aug 10, 2015
socket.cc Add ability to specify where temporary files go Jul 27, 2015
syscalls.h Add tests for mknodat() variants Aug 14, 2015
sysctl.cc Coalesce licensing information & tidy header comments Jan 7, 2014
waittest.c Small standalone program to test wait() for pdfork()ed child Mar 5, 2014

README.md

Capsicum User Space Tests

This directory holds unit tests for Capsicum object-capabilities. The tests exercise the syscall interface to a Capsicum-enabled operating system, currently either FreeBSD >=10.x or a modified Linux kernel (the capsicum-linux project).

The tests are written in C++98, and use the Google Test framework, with some additions to fork off particular tests (because a process that enters capability mode cannot leave it again).

Provenance

The original basis for these tests was:

  • unit tests written by Robert Watson and Jonathan Anderson for the original FreeBSD 9.x Capsicum implementation
  • unit tests written by Meredydd Luff for the original Capsicum-Linux port.

These tests were coalesced and moved into an independent repository to enable comparative testing across multiple OSes, and then substantially extended.

OS Configuration

Linux

The following kernel configuration options are needed to run the tests:

  • CONFIG_SECURITY_CAPSICUM: enable the Capsicum framework
  • CONFIG_PROCDESC: enable Capsicum process-descriptor functionality
  • CONFIG_DEBUG_FS: enable debug filesystem
  • CONFIG_IP_SCTP: enable SCTP support

FreeBSD (>= 10.x)

The following kernel configuration options are needed so that all tests can run:

  • options P1003_1B_MQUEUE: Enable POSIX message queues (or kldload mqueuefs)

Other Dependencies

Linux

The following additional development packages are needed to build the full test suite on Linux.

  • libcaprights: See below
  • libcap-dev: Provides headers for POSIX.1e capabilities.
  • libsctp1: Provides SCTP library functions.
  • libsctp-dev: Provides headers for SCTP library functions.

Linux libcaprights

The Capsicum userspace library is held in the libcaprights/ subdirectory. Ideally, this library should be built (with ./configure; make or dpkg-buildpackage -uc -us) and installed (with make install or dpkg -i libcaprights*.deb) so that the tests will use behave like a normal Capsicum-aware application.

However, if no installed copy of the library is found, the GNUmakefile will attempt to use the local libcaprights/*.c source; this requires ./configure to have been performed in the libcaprights subdirectory. The local code is also used for cross-compiled builds of the test suite (e.g. make ARCH=32 or make ARCH=x32).