11#define _GNU_SOURCE
22
33#include <cap-ng.h>
4- #include <err.h>
54#include <linux/capability.h>
65#include <stdbool.h>
76#include <string.h>
@@ -39,29 +38,32 @@ static void vmaybe_write_file(bool enoent_ok, char *filename, char *fmt, va_list
3938 int buf_len ;
4039
4140 buf_len = vsnprintf (buf , sizeof (buf ), fmt , ap );
42- if (buf_len < 0 ) {
43- err ( 1 , "vsnprintf failed" );
44- }
45- if (buf_len >= sizeof (buf )) {
46- errx ( 1 , "vsnprintf output truncated" );
47- }
41+ if (buf_len < 0 )
42+ ksft_exit_fail_msg ( "vsnprintf failed - %s\n" , strerror ( errno ) );
43+
44+ if (buf_len >= sizeof (buf ))
45+ ksft_exit_fail_msg ( "vsnprintf output truncated\n " );
46+
4847
4948 fd = open (filename , O_WRONLY );
5049 if (fd < 0 ) {
5150 if ((errno == ENOENT ) && enoent_ok )
5251 return ;
53- err (1 , "open of %s failed" , filename );
52+ ksft_exit_fail_msg ("open of %s failed - %s\n" ,
53+ filename , strerror (errno ));
5454 }
5555 written = write (fd , buf , buf_len );
5656 if (written != buf_len ) {
5757 if (written >= 0 ) {
58- errx ( 1 , "short write to %s" , filename );
58+ ksft_exit_fail_msg ( "short write to %s\n " , filename );
5959 } else {
60- err (1 , "write to %s failed" , filename );
60+ ksft_exit_fail_msg ("write to %s failed - %s\n" ,
61+ filename , strerror (errno ));
6162 }
6263 }
6364 if (close (fd ) != 0 ) {
64- err (1 , "close of %s failed" , filename );
65+ ksft_exit_fail_msg ("close of %s failed - %s\n" ,
66+ filename , strerror (errno ));
6567 }
6668}
6769
@@ -100,17 +102,19 @@ static bool create_and_enter_ns(uid_t inner_uid)
100102 if (unshare (CLONE_NEWNS ) == 0 ) {
101103 ksft_print_msg ("[NOTE]\tUsing global UIDs for tests\n" );
102104 if (prctl (PR_SET_KEEPCAPS , 1 , 0 , 0 , 0 ) != 0 )
103- err (1 , "PR_SET_KEEPCAPS" );
105+ ksft_exit_fail_msg ("PR_SET_KEEPCAPS - %s\n" ,
106+ strerror (errno ));
104107 if (setresuid (inner_uid , inner_uid , -1 ) != 0 )
105- err ( 1 , "setresuid" );
108+ ksft_exit_fail_msg ( "setresuid - %s\n" , strerror ( errno ) );
106109
107110 // Re-enable effective caps
108111 capng_get_caps_process ();
109112 for (i = 0 ; i < CAP_LAST_CAP ; i ++ )
110113 if (capng_have_capability (CAPNG_PERMITTED , i ))
111114 capng_update (CAPNG_ADD , CAPNG_EFFECTIVE , i );
112115 if (capng_apply (CAPNG_SELECT_CAPS ) != 0 )
113- err (1 , "capng_apply" );
116+ ksft_exit_fail_msg (
117+ "capng_apply - %s\n" , strerror (errno ));
114118
115119 have_outer_privilege = true;
116120 } else if (unshare (CLONE_NEWUSER | CLONE_NEWNS ) == 0 ) {
@@ -121,11 +125,12 @@ static bool create_and_enter_ns(uid_t inner_uid)
121125
122126 have_outer_privilege = false;
123127 } else {
124- errx ( 1 , "must be root or be able to create a userns" );
128+ ksft_exit_skip ( "must be root or be able to create a userns\n " );
125129 }
126130
127131 if (mount ("none" , "/" , NULL , MS_REC | MS_PRIVATE , NULL ) != 0 )
128- err (1 , "remount everything private" );
132+ ksft_exit_fail_msg ("remount everything private - %s\n" ,
133+ strerror (errno ));
129134
130135 return have_outer_privilege ;
131136}
@@ -134,20 +139,22 @@ static void chdir_to_tmpfs(void)
134139{
135140 char cwd [PATH_MAX ];
136141 if (getcwd (cwd , sizeof (cwd )) != cwd )
137- err ( 1 , "getcwd" );
142+ ksft_exit_fail_msg ( "getcwd - %s\n" , strerror ( errno ) );
138143
139144 if (mount ("private_tmp" , "." , "tmpfs" , 0 , "mode=0777" ) != 0 )
140- err (1 , "mount private tmpfs" );
145+ ksft_exit_fail_msg ("mount private tmpfs - %s\n" ,
146+ strerror (errno ));
141147
142148 if (chdir (cwd ) != 0 )
143- err (1 , "chdir to private tmpfs" );
149+ ksft_exit_fail_msg ("chdir to private tmpfs - %s\n" ,
150+ strerror (errno ));
144151}
145152
146153static void copy_fromat_to (int fromfd , const char * fromname , const char * toname )
147154{
148155 int from = openat (fromfd , fromname , O_RDONLY );
149156 if (from == -1 )
150- err ( 1 , "open copy source" );
157+ ksft_exit_fail_msg ( "open copy source - %s\n" , strerror ( errno ) );
151158
152159 int to = open (toname , O_CREAT | O_WRONLY | O_EXCL , 0700 );
153160
@@ -157,10 +164,11 @@ static void copy_fromat_to(int fromfd, const char *fromname, const char *toname)
157164 if (sz == 0 )
158165 break ;
159166 if (sz < 0 )
160- err ( 1 , "read" );
167+ ksft_exit_fail_msg ( "read - %s\n" , strerror ( errno ) );
161168
162169 if (write (to , buf , sz ) != sz )
163- err (1 , "write" ); /* no short writes on tmpfs */
170+ /* no short writes on tmpfs */
171+ ksft_exit_fail_msg ("write - %s\n" , strerror (errno ));
164172 }
165173
166174 close (from );
@@ -189,7 +197,8 @@ static bool fork_wait(void)
189197 }
190198 return false;
191199 } else {
192- err (1 , "fork" );
200+ ksft_exit_fail_msg ("fork - %s\n" , strerror (errno ));
201+ return false;
193202 }
194203}
195204
@@ -199,7 +208,7 @@ static void exec_other_validate_cap(const char *name,
199208 execl (name , name , (eff ? "1" : "0" ),
200209 (perm ? "1" : "0" ), (inh ? "1" : "0" ), (ambient ? "1" : "0" ),
201210 NULL );
202- err ( 1 , "execl" );
211+ ksft_exit_fail_msg ( "execl - %s\n" , strerror ( errno ) );
203212}
204213
205214static void exec_validate_cap (bool eff , bool perm , bool inh , bool ambient )
@@ -213,7 +222,8 @@ static int do_tests(int uid, const char *our_path)
213222
214223 int ourpath_fd = open (our_path , O_RDONLY | O_DIRECTORY );
215224 if (ourpath_fd == -1 )
216- err (1 , "open '%s'" , our_path );
225+ ksft_exit_fail_msg ("open '%s' - %s\n" ,
226+ our_path , strerror (errno ));
217227
218228 chdir_to_tmpfs ();
219229
@@ -225,38 +235,38 @@ static int do_tests(int uid, const char *our_path)
225235 copy_fromat_to (ourpath_fd , "validate_cap" ,
226236 "validate_cap_suidroot" );
227237 if (chown ("validate_cap_suidroot" , 0 , -1 ) != 0 )
228- err ( 1 , "chown" );
238+ ksft_exit_fail_msg ( "chown - %s\n" , strerror ( errno ) );
229239 if (chmod ("validate_cap_suidroot" , S_ISUID | 0700 ) != 0 )
230- err ( 1 , "chmod" );
240+ ksft_exit_fail_msg ( "chmod - %s\n" , strerror ( errno ) );
231241
232242 copy_fromat_to (ourpath_fd , "validate_cap" ,
233243 "validate_cap_suidnonroot" );
234244 if (chown ("validate_cap_suidnonroot" , uid + 1 , -1 ) != 0 )
235- err ( 1 , "chown" );
245+ ksft_exit_fail_msg ( "chown - %s\n" , strerror ( errno ) );
236246 if (chmod ("validate_cap_suidnonroot" , S_ISUID | 0700 ) != 0 )
237- err ( 1 , "chmod" );
247+ ksft_exit_fail_msg ( "chmod - %s\n" , strerror ( errno ) );
238248
239249 copy_fromat_to (ourpath_fd , "validate_cap" ,
240250 "validate_cap_sgidroot" );
241251 if (chown ("validate_cap_sgidroot" , -1 , 0 ) != 0 )
242- err ( 1 , "chown" );
252+ ksft_exit_fail_msg ( "chown - %s\n" , strerror ( errno ) );
243253 if (chmod ("validate_cap_sgidroot" , S_ISGID | 0710 ) != 0 )
244- err ( 1 , "chmod" );
254+ ksft_exit_fail_msg ( "chmod - %s\n" , strerror ( errno ) );
245255
246256 copy_fromat_to (ourpath_fd , "validate_cap" ,
247257 "validate_cap_sgidnonroot" );
248258 if (chown ("validate_cap_sgidnonroot" , -1 , gid + 1 ) != 0 )
249- err ( 1 , "chown" );
259+ ksft_exit_fail_msg ( "chown - %s\n" , strerror ( errno ) );
250260 if (chmod ("validate_cap_sgidnonroot" , S_ISGID | 0710 ) != 0 )
251- err ( 1 , "chmod" );
261+ ksft_exit_fail_msg ( "chmod - %s\n" , strerror ( errno ) );
252262 }
253263
254264 capng_get_caps_process ();
255265
256266 /* Make sure that i starts out clear */
257267 capng_update (CAPNG_DROP , CAPNG_INHERITABLE , CAP_NET_BIND_SERVICE );
258268 if (capng_apply (CAPNG_SELECT_CAPS ) != 0 )
259- err ( 1 , "capng_apply" );
269+ ksft_exit_fail_msg ( "capng_apply - %s\n" , strerror ( errno ) );
260270
261271 if (uid == 0 ) {
262272 ksft_print_msg ("[RUN]\tRoot => ep\n" );
@@ -287,7 +297,7 @@ static int do_tests(int uid, const char *our_path)
287297 capng_update (CAPNG_DROP , CAPNG_PERMITTED , CAP_NET_RAW );
288298 capng_update (CAPNG_DROP , CAPNG_EFFECTIVE , CAP_NET_RAW );
289299 if (capng_apply (CAPNG_SELECT_CAPS ) != 0 )
290- err ( 1 , "capng_apply" );
300+ ksft_exit_fail_msg ( "capng_apply - %s\n" , strerror ( errno ) );
291301 if (prctl (PR_CAP_AMBIENT , PR_CAP_AMBIENT_RAISE , CAP_NET_RAW , 0 , 0 , 0 ) != -1 || errno != EPERM ) {
292302 ksft_test_result_fail (
293303 "PR_CAP_AMBIENT_RAISE should have failed on a non-permitted cap\n" );
@@ -298,7 +308,7 @@ static int do_tests(int uid, const char *our_path)
298308
299309 capng_update (CAPNG_ADD , CAPNG_INHERITABLE , CAP_NET_BIND_SERVICE );
300310 if (capng_apply (CAPNG_SELECT_CAPS ) != 0 )
301- err ( 1 , "capng_apply" );
311+ ksft_exit_fail_msg ( "capng_apply - %s\n" , strerror ( errno ) );
302312 if (prctl (PR_CAP_AMBIENT , PR_CAP_AMBIENT_RAISE , CAP_NET_BIND_SERVICE , 0 , 0 , 0 ) != 0 ) {
303313 ksft_test_result_fail (
304314 "PR_CAP_AMBIENT_RAISE should have succeeded\n" );
@@ -312,7 +322,8 @@ static int do_tests(int uid, const char *our_path)
312322 }
313323
314324 if (prctl (PR_CAP_AMBIENT , PR_CAP_AMBIENT_CLEAR_ALL , 0 , 0 , 0 , 0 ) != 0 )
315- err (1 , "PR_CAP_AMBIENT_CLEAR_ALL" );
325+ ksft_exit_fail_msg ("PR_CAP_AMBIENT_CLEAR_ALL - %s\n" ,
326+ strerror (errno ));
316327
317328 if (prctl (PR_CAP_AMBIENT , PR_CAP_AMBIENT_IS_SET , CAP_NET_BIND_SERVICE , 0 , 0 , 0 ) != 0 ) {
318329 ksft_test_result_fail (
@@ -321,11 +332,12 @@ static int do_tests(int uid, const char *our_path)
321332 }
322333
323334 if (prctl (PR_CAP_AMBIENT , PR_CAP_AMBIENT_RAISE , CAP_NET_BIND_SERVICE , 0 , 0 , 0 ) != 0 )
324- err (1 , "PR_CAP_AMBIENT_RAISE" );
335+ ksft_exit_fail_msg ("PR_CAP_AMBIENT_RAISE - %s\n" ,
336+ strerror (errno ));
325337
326338 capng_update (CAPNG_DROP , CAPNG_INHERITABLE , CAP_NET_BIND_SERVICE );
327339 if (capng_apply (CAPNG_SELECT_CAPS ) != 0 )
328- err ( 1 , "capng_apply" );
340+ ksft_exit_fail_msg ( "capng_apply - %s\n" , strerror ( errno ) );
329341
330342 if (prctl (PR_CAP_AMBIENT , PR_CAP_AMBIENT_IS_SET , CAP_NET_BIND_SERVICE , 0 , 0 , 0 ) != 0 ) {
331343 ksft_test_result_fail ("Dropping I should have dropped A\n" );
@@ -336,7 +348,7 @@ static int do_tests(int uid, const char *our_path)
336348
337349 capng_update (CAPNG_ADD , CAPNG_INHERITABLE , CAP_NET_BIND_SERVICE );
338350 if (capng_apply (CAPNG_SELECT_CAPS ) != 0 )
339- err ( 1 , "capng_apply" );
351+ ksft_exit_fail_msg ( "capng_apply - %s\n" , strerror ( errno ) );
340352 if (uid == 0 ) {
341353 ksft_print_msg ("[RUN]\tRoot +i => eip\n" );
342354 if (fork_wait ())
@@ -348,7 +360,8 @@ static int do_tests(int uid, const char *our_path)
348360 }
349361
350362 if (prctl (PR_CAP_AMBIENT , PR_CAP_AMBIENT_RAISE , CAP_NET_BIND_SERVICE , 0 , 0 , 0 ) != 0 )
351- err (1 , "PR_CAP_AMBIENT_RAISE" );
363+ ksft_exit_fail_msg ("PR_CAP_AMBIENT_RAISE - %s\n" ,
364+ strerror (errno ));
352365
353366 ksft_print_msg ("[RUN]\tUID %d +ia => eipa\n" , uid );
354367 if (fork_wait ())
@@ -381,7 +394,8 @@ static int do_tests(int uid, const char *our_path)
381394 ksft_print_msg (
382395 "[RUN]\tRoot, gid != 0, +ia, sgidroot => eip\n" );
383396 if (setresgid (1 , 1 , 1 ) != 0 )
384- err (1 , "setresgid" );
397+ ksft_exit_fail_msg ("setresgid - %s\n" ,
398+ strerror (errno ));
385399 exec_other_validate_cap ("./validate_cap_sgidroot" ,
386400 true, true, true, false);
387401 }
@@ -399,7 +413,8 @@ static int do_tests(int uid, const char *our_path)
399413 if (fork_wait ()) {
400414 ksft_print_msg ("[RUN]\tNon-root +ia, sgidroot => i\n" );
401415 if (setresgid (1 , 1 , 1 ) != 0 )
402- err (1 , "setresgid" );
416+ ksft_exit_fail_msg ("setresgid - %s\n" ,
417+ strerror (errno ));
403418 exec_other_validate_cap ("./validate_cap_sgidroot" ,
404419 false, false, true, false);
405420 }
@@ -419,11 +434,11 @@ int main(int argc, char **argv)
419434 /* Find our path */
420435 tmp1 = strdup (argv [0 ]);
421436 if (!tmp1 )
422- err ( 1 , "strdup" );
437+ ksft_exit_fail_msg ( "strdup - %s\n" , strerror ( errno ) );
423438 tmp2 = dirname (tmp1 );
424439 our_path = strdup (tmp2 );
425440 if (!our_path )
426- err ( 1 , "strdup" );
441+ ksft_exit_fail_msg ( "strdup - %s\n" , strerror ( errno ) );
427442 free (tmp1 );
428443
429444 mpid = getpid ();
0 commit comments