@@ -31,6 +31,7 @@ PTESTS_FAST = "\
libarchive \
libassuan \
libatomic-ops \
+ libcap \
libcheck \
libconfig \
libconvert-asn1-perl \
new file mode 100644
@@ -0,0 +1,25 @@
+#!/bin/sh
+
+EXPECT_FAIL=1
+EXPECT_PASS=0
+
+cd tests || exit
+
+for t in uns_test psx_test libcap_psx_test libcap_launch_test cap_test exploit noexploit; do
+ output=$("./$t" 2>&1 )
+ status=$?
+
+ expected="$EXPECT_PASS"
+
+ if [ $t = 'exploit' ]; then
+ expected="$EXPECT_FAIL"
+ fi
+
+ if [ "$status" -eq "$expected" ]; then
+ echo "PASS: $t"
+ else
+ echo "FAIL: $t"
+ echo "$output"
+ fi
+done
+
@@ -16,11 +16,14 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/libs/security/linux-privs/${BPN}2/${BPN}-${
SRC_URI:append:class-nativesdk = " \
file://0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch \
"
+SRC_URI:append = " \
+ file://run-ptest \
+ "
SRC_URI[sha256sum] = "0d621e562fd932ccf67b9660fb018e468a683d7b827541df27813228c996bb11"
UPSTREAM_CHECK_URI = "https://www.kernel.org/pub/linux/libs/security/linux-privs/${BPN}2/"
-inherit lib_package
+inherit lib_package ptest
PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}"
PACKAGECONFIG[pam] = "PAM_CAP=yes,PAM_CAP=no,libpam"
@@ -62,6 +65,44 @@ do_install:append() {
fi
}
+LIBCAP_PTEST_TESTS = " \
+ uns_test \
+ psx_test \
+ libcap_psx_test \
+ noop \
+ libcap_launch_test \
+ exploit \
+ noexploit \
+"
+
+do_compile_ptest() {
+ oe_runmake -C tests uns_test psx_test libcap_psx_test noop libcap_launch_test exploit noexploit \
+ AR="${AR}" \
+ CC="${CC}" \
+ RANLIB="${RANLIB}" \
+ OBJCOPY="${OBJCOPY}"
+ oe_runmake -C libcap cap_test \
+ AR="${AR}" \
+ CC="${CC}" \
+ RANLIB="${RANLIB}" \
+ OBJCOPY="${OBJCOPY}"
+ oe_runmake -C progs tcapsh-static \
+ AR="${AR}" \
+ RANLIB="${RANLIB}" \
+ OBJCOPY="${OBJCOPY}" \
+ CC="${CC}"
+}
+
+do_install_ptest() {
+ install -d ${D}${PTEST_PATH}/tests ${D}${PTEST_PATH}/progs
+
+ for f in ${LIBCAP_PTEST_TESTS}; do
+ install -m 0755 ${B}/tests/${f} ${D}${PTEST_PATH}/tests
+ done
+ install -m 0755 ${B}/libcap/cap_test ${D}${PTEST_PATH}/tests
+ install -m 0755 ${B}/progs/tcapsh-static ${D}${PTEST_PATH}/progs
+}
+
# pam files
FILES:${PN} += "${base_libdir}/security/*.so"
This ptest implementation includes a subset of upstream tests that provide functional coverage of core libcap and libpsx behavior across target systems. This approach is preferred instead of using libcap's quicktest.sh script because the later assumes the upstream build-tree layout and has too many dependencies not available after installation. Quicktest exercises a wide range of kernel capability features and environment-specific functionality that is too comprehensive for ptests. The ptests include the following libcap/tests executables: uns_test, psx_test, libcap_psx_test, libcap_launch_test, and exploit/noexploit. cap_test from libcap/libcap is also included. These provide coverage for capability manipulation, libpsx integration, launch handling, and basic security validation. Signed-off-by: Kris Gavvala <kris.gavvala@windriver.com> --- .../distro/include/ptest-packagelists.inc | 1 + meta/recipes-support/libcap/files/run-ptest | 25 +++++++++++ meta/recipes-support/libcap/libcap_2.78.bb | 43 ++++++++++++++++++- 3 files changed, 68 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-support/libcap/files/run-ptest