1*8dd5e09dSSadaf Ebrahimi #include "config.h" 2*8dd5e09dSSadaf Ebrahimi #include <stdio.h> 3*8dd5e09dSSadaf Ebrahimi #include <stdlib.h> 4*8dd5e09dSSadaf Ebrahimi #include <cap-ng.h> 5*8dd5e09dSSadaf Ebrahimi #include <pthread.h> 6*8dd5e09dSSadaf Ebrahimi 7*8dd5e09dSSadaf Ebrahimi //#define DEBUG 1 8*8dd5e09dSSadaf Ebrahimi 9*8dd5e09dSSadaf Ebrahimi pthread_t thread1, thread2; 10*8dd5e09dSSadaf Ebrahimi thread1_main(void * arg)11*8dd5e09dSSadaf Ebrahimivoid *thread1_main(void *arg) 12*8dd5e09dSSadaf Ebrahimi { 13*8dd5e09dSSadaf Ebrahimi capng_fill(CAPNG_SELECT_BOTH); 14*8dd5e09dSSadaf Ebrahimi #ifdef DEBUG 15*8dd5e09dSSadaf Ebrahimi printf("thread1 filled capabilities\n"); 16*8dd5e09dSSadaf Ebrahimi #endif 17*8dd5e09dSSadaf Ebrahimi sleep(2); 18*8dd5e09dSSadaf Ebrahimi if (capng_have_capabilities(CAPNG_SELECT_CAPS) < CAPNG_FULL) { 19*8dd5e09dSSadaf Ebrahimi printf("Capabilities missing when there should be some\n"); 20*8dd5e09dSSadaf Ebrahimi exit(1); 21*8dd5e09dSSadaf Ebrahimi } 22*8dd5e09dSSadaf Ebrahimi #ifdef DEBUG 23*8dd5e09dSSadaf Ebrahimi printf("SUCCESS: Full capabilities reported\n"); 24*8dd5e09dSSadaf Ebrahimi #endif 25*8dd5e09dSSadaf Ebrahimi return NULL; 26*8dd5e09dSSadaf Ebrahimi } 27*8dd5e09dSSadaf Ebrahimi thread2_main(void * arg)28*8dd5e09dSSadaf Ebrahimivoid *thread2_main(void *arg) 29*8dd5e09dSSadaf Ebrahimi { 30*8dd5e09dSSadaf Ebrahimi sleep(1); 31*8dd5e09dSSadaf Ebrahimi #ifdef DEBUG 32*8dd5e09dSSadaf Ebrahimi printf("thread2 getting capabilities\n"); 33*8dd5e09dSSadaf Ebrahimi #endif 34*8dd5e09dSSadaf Ebrahimi if (capng_get_caps_process()) { 35*8dd5e09dSSadaf Ebrahimi printf("Unable to get process capabilities"); 36*8dd5e09dSSadaf Ebrahimi exit(1); 37*8dd5e09dSSadaf Ebrahimi } 38*8dd5e09dSSadaf Ebrahimi if (capng_have_capabilities(CAPNG_SELECT_CAPS) != CAPNG_NONE) { 39*8dd5e09dSSadaf Ebrahimi printf("Detected capabilities when there should not be any\n"); 40*8dd5e09dSSadaf Ebrahimi exit(1); 41*8dd5e09dSSadaf Ebrahimi } 42*8dd5e09dSSadaf Ebrahimi capng_clear(CAPNG_SELECT_BOTH); 43*8dd5e09dSSadaf Ebrahimi #ifdef DEBUG 44*8dd5e09dSSadaf Ebrahimi printf("SUCCESS: No capabilities reported\n"); 45*8dd5e09dSSadaf Ebrahimi #endif 46*8dd5e09dSSadaf Ebrahimi return NULL; 47*8dd5e09dSSadaf Ebrahimi } 48*8dd5e09dSSadaf Ebrahimi main(void)49*8dd5e09dSSadaf Ebrahimiint main(void) 50*8dd5e09dSSadaf Ebrahimi { 51*8dd5e09dSSadaf Ebrahimi // This test must be run as root which naturally has all capabilities 52*8dd5e09dSSadaf Ebrahimi // set. So, we need to clear the capabilities so that we can see if 53*8dd5e09dSSadaf Ebrahimi // the test works. 54*8dd5e09dSSadaf Ebrahimi capng_clear(CAPNG_SELECT_CAPS); 55*8dd5e09dSSadaf Ebrahimi if (capng_apply(CAPNG_SELECT_CAPS)) { 56*8dd5e09dSSadaf Ebrahimi printf("Clearing capabilities failed"); 57*8dd5e09dSSadaf Ebrahimi return 1; 58*8dd5e09dSSadaf Ebrahimi } 59*8dd5e09dSSadaf Ebrahimi 60*8dd5e09dSSadaf Ebrahimi printf("Testing thread separation of capabilities\n"); 61*8dd5e09dSSadaf Ebrahimi pthread_create(&thread1, NULL, thread1_main, NULL); 62*8dd5e09dSSadaf Ebrahimi pthread_create(&thread2, NULL, thread2_main, NULL); 63*8dd5e09dSSadaf Ebrahimi sleep(3); 64*8dd5e09dSSadaf Ebrahimi return 0; 65*8dd5e09dSSadaf Ebrahimi } 66*8dd5e09dSSadaf Ebrahimi 67