diff options
| author | Lennart Poettering <lennart@poettering.net> | 2017-09-08 16:16:29 +0200 |
|---|---|---|
| committer | Evgeny Vereshchagin <evvers@ya.ru> | 2017-09-08 16:16:29 +0200 |
| commit | 21022b9dded0baa21f7715625fbc24db9aebebde (patch) | |
| tree | 5bd9d7f09dba1cbf13e8b67b6ec6ee3541d8e9b3 /src/test/test-seccomp.c | |
| parent | manager: when reexecuting try to connect to bus only when dbus.service is aro... (diff) | |
| download | systemd-21022b9dded0baa21f7715625fbc24db9aebebde.tar.xz systemd-21022b9dded0baa21f7715625fbc24db9aebebde.zip | |
util-lib: wrap personality() to fix up broken glibc error handling (#6766)
glibc appears to propagate different errors in different ways, let's fix
this up, so that our own code doesn't get confused by this.
See #6752 + #6737 for details.
Fixes: #6755
Diffstat (limited to 'src/test/test-seccomp.c')
| -rw-r--r-- | src/test/test-seccomp.c | 67 |
1 files changed, 18 insertions, 49 deletions
diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c index 30b87a8f24..5056a08117 100644 --- a/src/test/test-seccomp.c +++ b/src/test/test-seccomp.c @@ -582,59 +582,28 @@ static void test_lock_personality(void) { assert_se(pid >= 0); if (pid == 0) { - int ret; - assert_se(seccomp_lock_personality(current) >= 0); - assert_se((unsigned long) personality(current) == current); - - errno = EUCLEAN; - ret = personality(PER_LINUX | ADDR_NO_RANDOMIZE); - assert_se((ret == -1 && errno == EPERM) || (ret == -EPERM && errno == EUCLEAN)); - - errno = EUCLEAN; - ret = personality(PER_LINUX | MMAP_PAGE_ZERO); - assert_se((ret == -1 && errno == EPERM) || (ret == -EPERM && errno == EUCLEAN)); - - errno = EUCLEAN; - ret = personality(PER_LINUX | ADDR_COMPAT_LAYOUT); - assert_se((ret == -1 && errno == EPERM) || (ret == -EPERM && errno == EUCLEAN)); - - errno = EUCLEAN; - ret = personality(PER_LINUX | READ_IMPLIES_EXEC); - assert_se((ret == -1 && errno == EPERM) || (ret == -EPERM && errno == EUCLEAN)); - - errno = EUCLEAN; - ret = personality(PER_LINUX_32BIT); - assert_se((ret == -1 && errno == EPERM) || (ret == -EPERM && errno == EUCLEAN)); + assert_se((unsigned long) safe_personality(current) == current); - errno = EUCLEAN; - ret = personality(PER_SVR4); - assert_se((ret == -1 && errno == EPERM) || (ret == -EPERM && errno == EUCLEAN)); - - errno = EUCLEAN; - ret = personality(PER_BSD); - assert_se((ret == -1 && errno == EPERM) || (ret == -EPERM && errno == EUCLEAN)); - - errno = EUCLEAN; - ret = personality(current == PER_LINUX ? PER_LINUX32 : PER_LINUX); - assert_se((ret == -1 && errno == EPERM) || (ret == -EPERM && errno == EUCLEAN)); - - errno = EUCLEAN; - ret = personality(PER_LINUX32_3GB); - assert_se((ret == -1 && errno == EPERM) || (ret == -EPERM && errno == EUCLEAN)); - - errno = EUCLEAN; - ret = personality(PER_UW7); - assert_se((ret == -1 && errno == EPERM) || (ret == -EPERM && errno == EUCLEAN)); - - errno = EUCLEAN; - ret = personality(0x42); - assert_se((ret == -1 && errno == EPERM) || (ret == -EPERM && errno == EUCLEAN)); + /* Note, we also test that safe_personality() works correctly, by checkig whether errno is properly + * set, in addition to the return value */ + errno = 0; + assert_se(safe_personality(PER_LINUX | ADDR_NO_RANDOMIZE) == -EPERM); + assert_se(errno == EPERM); - errno = EUCLEAN; - ret = personality(PERSONALITY_INVALID); /* maybe remove this later */ - assert_se((ret == -1 && errno == EPERM) || (ret == -EPERM && errno == EUCLEAN)); + assert_se(safe_personality(PER_LINUX | MMAP_PAGE_ZERO) == -EPERM); + assert_se(safe_personality(PER_LINUX | ADDR_COMPAT_LAYOUT) == -EPERM); + assert_se(safe_personality(PER_LINUX | READ_IMPLIES_EXEC) == -EPERM); + assert_se(safe_personality(PER_LINUX_32BIT) == -EPERM); + assert_se(safe_personality(PER_SVR4) == -EPERM); + assert_se(safe_personality(PER_BSD) == -EPERM); + assert_se(safe_personality(current == PER_LINUX ? PER_LINUX32 : PER_LINUX) == -EPERM); + assert_se(safe_personality(PER_LINUX32_3GB) == -EPERM); + assert_se(safe_personality(PER_UW7) == -EPERM); + assert_se(safe_personality(0x42) == -EPERM); + + assert_se(safe_personality(PERSONALITY_INVALID) == -EPERM); /* maybe remove this later */ assert_se((unsigned long) personality(current) == current); _exit(EXIT_SUCCESS); |