1// Program b215283 requires privilege to execute and is a minimally adapted 2// version of a test case provided by Lorenz Bauer as a reproducer for a 3// problem he found and reported in: 4// 5// https://bugzilla.kernel.org/show_bug.cgi?id=215283 6package main 7 8import ( 9 "fmt" 10 "os" 11 12 "kernel.org/pub/linux/libs/security/libcap/cap" 13) 14 15func main() { 16 const secbits = cap.SecbitNoRoot | cap.SecbitNoSetUIDFixup 17 18 if v, err := cap.GetProc().GetFlag(cap.Permitted, cap.SETPCAP); err != nil { 19 panic(fmt.Sprintf("failed to get flag value: %v", err)) 20 os.Exit(1) 21 } else if !v { 22 fmt.Printf("test requires cap_setpcap: found %q\n", cap.GetProc()) 23 os.Exit(1) 24 } 25 if bits := cap.GetSecbits(); bits != 0 { 26 fmt.Printf("test expects secbits=0 to run; found: 0%o\n", bits) 27 os.Exit(1) 28 } 29 30 fmt.Println("secbits:", cap.GetSecbits(), " caps:", cap.GetProc()) 31 32 l := cap.FuncLauncher(func(interface{}) error { 33 return cap.NewSet().SetProc() 34 }) 35 36 if _, err := l.Launch(nil); err != nil { 37 fmt.Printf("launch failed: %v\n", err) 38 os.Exit(1) 39 } 40 41 fmt.Println("secbits:", cap.GetSecbits(), " caps:", cap.GetProc()) 42 43 if err := secbits.Set(); err != nil { 44 fmt.Printf("set securebits: %v", err.Error()) 45 os.Exit(1) 46 } 47} 48