audit(4): add tests for _exit(2), cap_enter(2), and cap_getmode(2)
Also, fix a bug in common code that could cause other tests to fail: using ppoll(2) in combination with buffered I/O for /dev/auditpipe. Fix it by disabling buffering. Submitted by: aniketp MFC after: 2 weeks Sponsored by: Google, Inc. (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D16099
This commit is contained in:
Alan Somers
parent
9295517ac9
commit
405f09319f
@ -26,6 +26,7 @@
|
||||
*/
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/capsicum.h>
|
||||
#include <sys/uio.h>
|
||||
#include <sys/ktrace.h>
|
||||
#include <sys/mman.h>
|
||||
@ -34,6 +35,7 @@
|
||||
#include <sys/resource.h>
|
||||
#include <sys/rtprio.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/sysctl.h>
|
||||
#include <sys/time.h>
|
||||
#include <sys/wait.h>
|
||||
|
||||
@ -85,6 +87,35 @@ ATF_TC_CLEANUP(fork_success, tc)
|
||||
*/
|
||||
|
||||
|
||||
ATF_TC_WITH_CLEANUP(_exit_success);
|
||||
ATF_TC_HEAD(_exit_success, tc)
|
||||
{
|
||||
atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
|
||||
"_exit(2) call");
|
||||
}
|
||||
|
||||
ATF_TC_BODY(_exit_success, tc)
|
||||
{
|
||||
FILE *pipefd = setup(fds, auclass);
|
||||
ATF_REQUIRE((pid = fork()) != -1);
|
||||
if (pid) {
|
||||
snprintf(pcregex, sizeof(pcregex), "exit.*%d.*success", pid);
|
||||
check_audit(fds, pcregex, pipefd);
|
||||
}
|
||||
else
|
||||
_exit(0);
|
||||
}
|
||||
|
||||
ATF_TC_CLEANUP(_exit_success, tc)
|
||||
{
|
||||
cleanup();
|
||||
}
|
||||
|
||||
/*
|
||||
* _exit(2) never returns, hence the auditing by default is always successful
|
||||
*/
|
||||
|
||||
|
||||
ATF_TC_WITH_CLEANUP(rfork_success);
|
||||
ATF_TC_HEAD(rfork_success, tc)
|
||||
{
|
||||
@ -1472,9 +1503,104 @@ ATF_TC_CLEANUP(procctl_failure, tc)
|
||||
}
|
||||
|
||||
|
||||
ATF_TC_WITH_CLEANUP(cap_enter_success);
|
||||
ATF_TC_HEAD(cap_enter_success, tc)
|
||||
{
|
||||
atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
|
||||
"cap_enter(2) call");
|
||||
}
|
||||
|
||||
ATF_TC_BODY(cap_enter_success, tc)
|
||||
{
|
||||
int capinfo;
|
||||
size_t len = sizeof(capinfo);
|
||||
const char *capname = "kern.features.security_capability_mode";
|
||||
ATF_REQUIRE_EQ(0, sysctlbyname(capname, &capinfo, &len, NULL, 0));
|
||||
|
||||
/* Without CAPABILITY_MODE enabled, cap_enter() returns ENOSYS */
|
||||
if (!capinfo)
|
||||
atf_tc_skip("Capsicum is not enabled in the system");
|
||||
|
||||
FILE *pipefd = setup(fds, auclass);
|
||||
ATF_REQUIRE((pid = fork()) != -1);
|
||||
if (pid) {
|
||||
snprintf(pcregex, sizeof(pcregex),
|
||||
"cap_enter.*%d.*return,success", pid);
|
||||
ATF_REQUIRE(wait(&status) != -1);
|
||||
check_audit(fds, pcregex, pipefd);
|
||||
}
|
||||
else {
|
||||
ATF_REQUIRE_EQ(0, cap_enter());
|
||||
_exit(0);
|
||||
}
|
||||
}
|
||||
|
||||
ATF_TC_CLEANUP(cap_enter_success, tc)
|
||||
{
|
||||
cleanup();
|
||||
}
|
||||
|
||||
|
||||
ATF_TC_WITH_CLEANUP(cap_getmode_success);
|
||||
ATF_TC_HEAD(cap_getmode_success, tc)
|
||||
{
|
||||
atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
|
||||
"cap_getmode(2) call");
|
||||
}
|
||||
|
||||
ATF_TC_BODY(cap_getmode_success, tc)
|
||||
{
|
||||
int capinfo, modep;
|
||||
size_t len = sizeof(capinfo);
|
||||
const char *capname = "kern.features.security_capability_mode";
|
||||
ATF_REQUIRE_EQ(0, sysctlbyname(capname, &capinfo, &len, NULL, 0));
|
||||
|
||||
/* Without CAPABILITY_MODE enabled, cap_getmode() returns ENOSYS */
|
||||
if (!capinfo)
|
||||
atf_tc_skip("Capsicum is not enabled in the system");
|
||||
|
||||
pid = getpid();
|
||||
snprintf(pcregex, sizeof(pcregex), "cap_getmode.*%d.*success", pid);
|
||||
|
||||
FILE *pipefd = setup(fds, auclass);
|
||||
ATF_REQUIRE_EQ(0, cap_getmode(&modep));
|
||||
check_audit(fds, pcregex, pipefd);
|
||||
}
|
||||
|
||||
ATF_TC_CLEANUP(cap_getmode_success, tc)
|
||||
{
|
||||
cleanup();
|
||||
}
|
||||
|
||||
|
||||
ATF_TC_WITH_CLEANUP(cap_getmode_failure);
|
||||
ATF_TC_HEAD(cap_getmode_failure, tc)
|
||||
{
|
||||
atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
|
||||
"cap_getmode(2) call");
|
||||
}
|
||||
|
||||
ATF_TC_BODY(cap_getmode_failure, tc)
|
||||
{
|
||||
pid = getpid();
|
||||
snprintf(pcregex, sizeof(pcregex), "cap_getmode.*%d.*failure", pid);
|
||||
|
||||
FILE *pipefd = setup(fds, auclass);
|
||||
/* cap_getmode(2) can either fail with EFAULT or ENOSYS */
|
||||
ATF_REQUIRE_EQ(-1, cap_getmode(NULL));
|
||||
check_audit(fds, pcregex, pipefd);
|
||||
}
|
||||
|
||||
ATF_TC_CLEANUP(cap_getmode_failure, tc)
|
||||
{
|
||||
cleanup();
|
||||
}
|
||||
|
||||
|
||||
ATF_TP_ADD_TCS(tp)
|
||||
{
|
||||
ATF_TP_ADD_TC(tp, fork_success);
|
||||
ATF_TP_ADD_TC(tp, _exit_success);
|
||||
ATF_TP_ADD_TC(tp, rfork_success);
|
||||
ATF_TP_ADD_TC(tp, rfork_failure);
|
||||
|
||||
@ -1540,5 +1666,9 @@ ATF_TP_ADD_TCS(tp)
|
||||
ATF_TP_ADD_TC(tp, procctl_success);
|
||||
ATF_TP_ADD_TC(tp, procctl_failure);
|
||||
|
||||
ATF_TP_ADD_TC(tp, cap_enter_success);
|
||||
ATF_TP_ADD_TC(tp, cap_getmode_success);
|
||||
ATF_TP_ADD_TC(tp, cap_getmode_failure);
|
||||
|
||||
return (atf_no_error());
|
||||
}
|
||||
|
||||
@ -211,6 +211,14 @@ FILE
|
||||
ATF_REQUIRE((pipestream = fdopen(fd[0].fd, "r")) != NULL);
|
||||
fd[0].events = POLLIN;
|
||||
|
||||
/*
|
||||
* Disable stream buffering for read operations from /dev/auditpipe.
|
||||
* Otherwise it is possible that fread(3), called via au_read_rec(3),
|
||||
* can store buffered data in user-space unbeknown to ppoll(2), which
|
||||
* as a result, reports that /dev/auditpipe is empty.
|
||||
*/
|
||||
ATF_REQUIRE_EQ(0, setvbuf(pipestream, NULL, _IONBF, 0));
|
||||
|
||||
/* Set local preselection audit_class as "no" for audit startup */
|
||||
set_preselect_mode(fd[0].fd, &nomask);
|
||||
ATF_REQUIRE_EQ(0, system("service auditd onestatus || \
|
||||
|
||||
Loading…
Reference in New Issue
Block a user