1 // Tests for the process descriptor API for Linux.
3 #include <sys/resource.h>
4 #include <sys/select.h>
5 #include <sys/socket.h>
21 #include "capsicum-test.h"
24 // Linux requires __WALL in order for waitpid(specific_pid,...) to
25 // see and reap any specific pid. Define this to nothing for platforms
26 // (FreeBSD) where it doesn't exist, to reduce macroing.
30 // TODO(drysdale): it would be nice to use proper synchronization between
31 // processes, rather than synchronization-via-sleep; faster too.
34 //------------------------------------------------
35 // Utilities for the tests.
37 static pid_t pdwait4_(int pd, int *status, int options, struct rusage *ru) {
39 return pdwait4(pd, status, options, ru);
41 // Simulate pdwait4() with wait4(pdgetpid()); this won't work in capability mode.
43 int rc = pdgetpid(pd, &pid);
48 return wait4(pid, status, options, ru);
52 static void print_rusage(FILE *f, struct rusage *ru) {
53 fprintf(f, " User CPU time=%ld.%06ld\n", (long)ru->ru_utime.tv_sec, (long)ru->ru_utime.tv_usec);
54 fprintf(f, " System CPU time=%ld.%06ld\n", (long)ru->ru_stime.tv_sec, (long)ru->ru_stime.tv_usec);
55 fprintf(f, " Max RSS=%ld\n", ru->ru_maxrss);
58 static void print_stat(FILE *f, const struct stat *stat) {
60 "{ .st_dev=%ld, st_ino=%ld, st_mode=%04o, st_nlink=%ld, st_uid=%d, st_gid=%d,\n"
61 " .st_rdev=%ld, .st_size=%ld, st_blksize=%ld, .st_block=%ld,\n "
62 #ifdef HAVE_STAT_BIRTHTIME
65 ".st_atime=%ld, .st_mtime=%ld, .st_ctime=%ld}\n",
66 (long)stat->st_dev, (long)stat->st_ino, stat->st_mode,
67 (long)stat->st_nlink, stat->st_uid, stat->st_gid,
68 (long)stat->st_rdev, (long)stat->st_size, (long)stat->st_blksize,
69 (long)stat->st_blocks,
70 #ifdef HAVE_STAT_BIRTHTIME
71 (long)stat->st_birthtime,
73 (long)stat->st_atime, (long)stat->st_mtime, (long)stat->st_ctime);
76 static std::map<int,bool> had_signal;
77 static void handle_signal(int x) {
81 // Check that the given child process terminates as expected.
82 void CheckChildFinished(pid_t pid, bool signaled=false) {
83 // Wait for the child to finish.
87 rc = waitpid(pid, &status, __WALL);
89 fprintf(stderr, "Warning: waitpid error %s (%d)\n", strerror(errno), errno);
90 ADD_FAILURE() << "Failed to wait for child";
92 } else if (rc == pid) {
99 EXPECT_TRUE(WIFSIGNALED(status));
101 EXPECT_TRUE(WIFEXITED(status)) << std::hex << status;
102 EXPECT_EQ(0, WEXITSTATUS(status));
107 //------------------------------------------------
108 // Basic tests of process descriptor functionality
110 TEST(Pdfork, Simple) {
112 pid_t parent = getpid_();
113 int pid = pdfork(&pd, 0);
116 // Child: check pid values.
118 EXPECT_NE(parent, getpid_());
119 EXPECT_EQ(parent, getppid());
123 usleep(100); // ensure the child has a chance to run
125 EXPECT_PID_ALIVE(pid);
127 EXPECT_OK(pdgetpid(pd, &pid_got));
128 EXPECT_EQ(pid, pid_got);
130 // Wait long enough for the child to exit().
132 EXPECT_PID_ZOMBIE(pid);
134 // Wait for the the child.
137 memset(&ru, 0, sizeof(ru));
138 int waitrc = pdwait4_(pd, &status, 0, &ru);
139 EXPECT_EQ(pid, waitrc);
141 fprintf(stderr, "For pd %d pid %d:\n", pd, pid);
142 print_rusage(stderr, &ru);
144 EXPECT_PID_GONE(pid);
146 // Can only pdwait4(pd) once (as initial call reaps zombie).
147 memset(&ru, 0, sizeof(ru));
148 EXPECT_EQ(-1, pdwait4_(pd, &status, 0, &ru));
149 EXPECT_EQ(ECHILD, errno);
151 EXPECT_OK(close(pd));
154 TEST(Pdfork, InvalidFlag) {
156 int pid = pdfork(&pd, PD_DAEMON<<5);
161 EXPECT_EQ(EINVAL, errno);
162 if (pid > 0) waitpid(pid, NULL, __WALL);
165 TEST(Pdfork, TimeCheck) {
166 time_t now = time(NULL); // seconds since epoch
168 if (verbose) fprintf(stderr, "Calling pdfork around %ld\n", (long)(long)now);
171 pid_t pid = pdfork(&pd, 0);
174 // Child: check we didn't get a valid process descriptor then exit.
175 EXPECT_EQ(-1, pdgetpid(pd, &pid));
176 EXPECT_EQ(EBADF, errno);
180 #ifdef HAVE_PROCDESC_FSTAT
181 // Parent process. Ensure that [acm]times have been set correctly.
183 memset(&stat, 0, sizeof(stat));
184 EXPECT_OK(fstat(pd, &stat));
185 if (verbose) print_stat(stderr, &stat);
187 #ifdef HAVE_STAT_BIRTHTIME
188 EXPECT_GE(now, stat.st_birthtime);
189 EXPECT_EQ(stat.st_birthtime, stat.st_atime);
191 EXPECT_LT((now - stat.st_atime), 2);
192 EXPECT_EQ(stat.st_atime, stat.st_ctime);
193 EXPECT_EQ(stat.st_ctime, stat.st_mtime);
196 // Wait for the child to finish.
198 EXPECT_OK(pdgetpid(pd, &pd_pid));
199 EXPECT_EQ(pid, pd_pid);
200 CheckChildFinished(pid);
203 TEST(Pdfork, UseDescriptor) {
205 pid_t pid = pdfork(&pd, 0);
208 // Child: immediately exit
211 CheckChildFinished(pid);
214 TEST(Pdfork, NonProcessDescriptor) {
215 int fd = open("/etc/passwd", O_RDONLY);
217 // pd*() operations should fail on a non-process descriptor.
218 EXPECT_EQ(-1, pdkill(fd, SIGUSR1));
220 EXPECT_EQ(-1, pdwait4_(fd, &status, 0, NULL));
222 EXPECT_EQ(-1, pdgetpid(fd, &pid));
226 static void *SubThreadMain(void *) {
228 if (verbose) fprintf(stderr, " subthread: \"I aten't dead\"\n");
234 static void *ThreadMain(void *) {
236 pid_t child = pdfork(&pd, 0);
238 // Child: start a subthread then loop
239 pthread_t child_subthread;
240 EXPECT_OK(pthread_create(&child_subthread, NULL, SubThreadMain, NULL));
242 if (verbose) fprintf(stderr, " pdforked process %d: \"I aten't dead\"\n", getpid());
247 if (verbose) fprintf(stderr, " thread generated pd %d\n", pd);
250 // Pass the process descriptor back to the main thread.
251 return reinterpret_cast<void *>(pd);
254 TEST(Pdfork, FromThread) {
255 // Fire off a new thread to do all of the creation work.
256 pthread_t child_thread;
257 EXPECT_OK(pthread_create(&child_thread, NULL, ThreadMain, NULL));
259 EXPECT_OK(pthread_join(child_thread, &data));
260 int pd = reinterpret_cast<intptr_t>(data);
261 if (verbose) fprintf(stderr, "retrieved pd %d from terminated thread\n", pd);
265 EXPECT_OK(pdgetpid(pd, &pid));
266 EXPECT_OK(pdkill(pd, SIGKILL));
268 EXPECT_EQ(pid, pdwait4_(pd, &status, 0, NULL));
269 EXPECT_TRUE(WIFSIGNALED(status));
272 //------------------------------------------------
273 // More complicated tests.
276 // Test fixture that pdfork()s off a child process, which terminates
277 // when it receives anything on a pipe.
278 class PipePdforkBase : public ::testing::Test {
280 PipePdforkBase(int pdfork_flags) : pd_(-1), pid_(-1) {
283 EXPECT_OK(pipe(pipes));
285 int parent = getpid_();
286 if (verbose) fprintf(stderr, "[%d] about to pdfork()\n", getpid_());
287 int rc = pdfork(&pd_, pdfork_flags);
290 // Child process: blocking-read an int from the pipe then exit with that value.
291 EXPECT_NE(parent, getpid_());
292 EXPECT_EQ(parent, getppid());
293 if (verbose) fprintf(stderr, " [%d] child of %d waiting for value on pipe\n", getpid_(), getppid());
294 read(pipes[0], &rc, sizeof(rc));
295 if (verbose) fprintf(stderr, " [%d] got value %d on pipe, exiting\n", getpid_(), rc);
299 usleep(100); // ensure the child has a chance to run
302 // Terminate by any means necessary.
304 pdkill(pd_, SIGKILL);
309 waitpid(pid_, NULL, __WALL|WNOHANG);
311 // Check signal expectations.
312 EXPECT_FALSE(had_signal[SIGCHLD]);
314 int TerminateChild() {
315 // Tell the child to exit.
317 if (verbose) fprintf(stderr, "[%d] write 0 to pipe\n", getpid_());
318 return write(pipe_, &zero, sizeof(zero));
326 class PipePdfork : public PipePdforkBase {
328 PipePdfork() : PipePdforkBase(0) {}
331 class PipePdforkDaemon : public PipePdforkBase {
333 PipePdforkDaemon() : PipePdforkBase(PD_DAEMON) {}
336 // Can we poll a process descriptor?
337 TEST_F(PipePdfork, Poll) {
338 // Poll the process descriptor, nothing happening.
341 fdp.events = POLLIN | POLLERR | POLLHUP;
343 EXPECT_EQ(0, poll(&fdp, 1, 0));
347 // Poll again, should have activity on the process descriptor.
348 EXPECT_EQ(1, poll(&fdp, 1, 2000));
349 EXPECT_TRUE(fdp.revents & POLLHUP);
351 // Poll a third time, still have POLLHUP.
353 EXPECT_EQ(1, poll(&fdp, 1, 0));
354 EXPECT_TRUE(fdp.revents & POLLHUP);
357 // Can multiple processes poll on the same descriptor?
358 TEST_F(PipePdfork, PollMultiple) {
362 // Child: wait to give time for setup, then write to the pipe (which will
363 // induce exit of the pdfork()ed process) and exit.
368 usleep(100); // ensure the child has a chance to run
374 // pid A: main process, here
375 // |--pid B: pdfork()ed process, blocked on read()
376 // |--pid C: fork()ed process, in sleep(1) above
377 // +--pid D: doppel process, here
379 // Both A and D execute the following code.
380 // First, check no activity on the process descriptor yet.
383 fdp.events = POLLIN | POLLERR | POLLHUP;
385 EXPECT_EQ(0, poll(&fdp, 1, 0));
387 // Now, wait (indefinitely) for activity on the process descriptor.
389 // - pid C will finish its sleep, write to the pipe and exit
390 // - pid B will unblock from read(), and exit
391 // - this will generate an event on the process descriptor...
392 // - ...in both process A and process D.
393 EXPECT_EQ(1, poll(&fdp, 1, 2000));
394 EXPECT_TRUE(fdp.revents & POLLHUP);
397 // Child: process D exits.
400 // Parent: wait on process D.
402 waitpid(doppel, &rc, __WALL);
403 EXPECT_TRUE(WIFEXITED(rc));
404 EXPECT_EQ(0, WEXITSTATUS(rc));
405 // Also wait on process B.
406 CheckChildFinished(child);
410 // Check that exit status/rusage for a dead pdfork()ed child can be retrieved
411 // via any process descriptor, multiple times.
412 TEST_F(PipePdfork, MultipleRetrieveExitStatus) {
413 EXPECT_PID_ALIVE(pid_);
414 int pd_copy = dup(pd_);
415 EXPECT_LT(0, TerminateChild());
419 memset(&ru, 0, sizeof(ru));
420 int waitrc = pdwait4_(pd_copy, &status, 0, &ru);
421 EXPECT_EQ(pid_, waitrc);
423 fprintf(stderr, "For pd %d -> pid %d:\n", pd_, pid_);
424 print_rusage(stderr, &ru);
426 EXPECT_PID_GONE(pid_);
429 // Child has been reaped, so original process descriptor dangles but
430 // still has access to rusage information.
431 memset(&ru, 0, sizeof(ru));
432 EXPECT_EQ(0, pdwait4_(pd_, &status, 0, &ru));
437 TEST_F(PipePdfork, ChildExit) {
438 EXPECT_PID_ALIVE(pid_);
439 EXPECT_LT(0, TerminateChild());
440 EXPECT_PID_DEAD(pid_);
443 int rc = pdwait4_(pd_, &status, 0, NULL);
449 #ifdef HAVE_PROC_FDINFO
450 TEST_F(PipePdfork, FdInfo) {
452 sprintf(buffer, "/proc/%d/fdinfo/%d", getpid_(), pd_);
453 int procfd = open(buffer, O_RDONLY);
456 EXPECT_OK(read(procfd, buffer, sizeof(buffer)));
457 // The fdinfo should include the file pos of the underlying file
458 EXPECT_NE((char*)NULL, strstr(buffer, "pos:\t0")) << buffer;
459 // ...and the underlying pid
461 sprintf(pidline, "pid:\t%d", pid_);
462 EXPECT_NE((char*)NULL, strstr(buffer, pidline)) << buffer;
467 // Closing a normal process descriptor terminates the underlying process.
468 TEST_F(PipePdfork, Close) {
469 sighandler_t original = signal(SIGCHLD, handle_signal);
470 EXPECT_PID_ALIVE(pid_);
472 EXPECT_EQ(0, waitpid(pid_, &status, __WALL|WNOHANG));
474 EXPECT_OK(close(pd_));
476 EXPECT_FALSE(had_signal[SIGCHLD]);
477 EXPECT_PID_DEAD(pid_);
480 EXPECT_EQ(-1, waitpid(pid_, NULL, __WALL));
481 EXPECT_EQ(errno, ECHILD);
483 // Having closed the process descriptor means that pdwait4(pd) now doesn't work.
484 int rc = pdwait4_(pd_, &status, 0, NULL);
486 EXPECT_EQ(EBADF, errno);
488 // Closing all process descriptors means the the child can only be reaped via pid.
489 EXPECT_EQ(pid_, waitpid(pid_, &status, __WALL|WNOHANG));
491 signal(SIGCHLD, original);
494 TEST_F(PipePdfork, CloseLast) {
495 sighandler_t original = signal(SIGCHLD, handle_signal);
496 // Child should only die when last process descriptor is closed.
497 EXPECT_PID_ALIVE(pid_);
498 int pd_other = dup(pd_);
500 EXPECT_OK(close(pd_));
503 EXPECT_PID_ALIVE(pid_);
505 EXPECT_EQ(0, waitpid(pid_, &status, __WALL|WNOHANG));
507 // Can no longer pdwait4() the closed process descriptor...
508 EXPECT_EQ(-1, pdwait4_(pd_, &status, WNOHANG, NULL));
509 EXPECT_EQ(EBADF, errno);
510 // ...but can pdwait4() the still-open process descriptor.
512 EXPECT_EQ(0, pdwait4_(pd_other, &status, WNOHANG, NULL));
515 EXPECT_OK(close(pd_other));
516 EXPECT_PID_DEAD(pid_);
518 EXPECT_FALSE(had_signal[SIGCHLD]);
519 signal(SIGCHLD, original);
522 FORK_TEST(Pdfork, OtherUser) {
525 pid_t pid = pdfork(&pd, 0);
528 // Child process: loop forever.
529 while (true) usleep(100000);
533 // Now that the second process has been pdfork()ed, change euid.
535 if (verbose) fprintf(stderr, "uid=%d euid=%d\n", getuid(), geteuid());
537 // Fail to kill child with normal PID operation.
538 EXPECT_EQ(-1, kill(pid, SIGKILL));
539 EXPECT_EQ(EPERM, errno);
540 EXPECT_PID_ALIVE(pid);
542 // Succeed with pdkill though.
543 EXPECT_OK(pdkill(pd, SIGKILL));
544 EXPECT_PID_ZOMBIE(pid);
547 int rc = pdwait4_(pd, &status, WNOHANG, NULL);
550 EXPECT_TRUE(WIFSIGNALED(status));
553 TEST_F(PipePdfork, WaitPidThenPd) {
556 // If we waitpid(pid) first...
557 int rc = waitpid(pid_, &status, __WALL);
562 // ...the zombie is reaped but we can still subsequently pdwait4(pd).
563 EXPECT_EQ(0, pdwait4_(pd_, &status, 0, NULL));
567 TEST_F(PipePdfork, WaitPdThenPid) {
570 // If we pdwait4(pd) first...
571 int rc = pdwait4_(pd_, &status, 0, NULL);
575 // ...the zombie is reaped and cannot subsequently waitpid(pid).
576 EXPECT_EQ(-1, waitpid(pid_, &status, __WALL));
577 EXPECT_EQ(ECHILD, errno);
580 // Setting PD_DAEMON prevents close() from killing the child.
581 TEST_F(PipePdforkDaemon, Close) {
582 EXPECT_OK(close(pd_));
584 EXPECT_PID_ALIVE(pid_);
586 // Can still explicitly kill it via the pid.
588 EXPECT_OK(kill(pid_, SIGKILL));
589 EXPECT_PID_DEAD(pid_);
593 static void TestPdkill(pid_t pid, int pd) {
594 EXPECT_PID_ALIVE(pid);
595 // SIGCONT is ignored by default.
596 EXPECT_OK(pdkill(pd, SIGCONT));
597 EXPECT_PID_ALIVE(pid);
600 EXPECT_OK(pdkill(pd, SIGINT));
601 EXPECT_PID_DEAD(pid);
603 // pdkill() on zombie is no-op.
605 EXPECT_EQ(0, pdkill(pd, SIGINT));
608 // pdkill() on reaped process gives -ESRCH.
609 CheckChildFinished(pid, true);
610 EXPECT_EQ(-1, pdkill(pd, SIGINT));
611 EXPECT_EQ(ESRCH, errno);
614 TEST_F(PipePdfork, Pdkill) {
615 TestPdkill(pid_, pd_);
618 TEST_F(PipePdforkDaemon, Pdkill) {
619 TestPdkill(pid_, pd_);
622 TEST(Pdfork, PdkillOtherSignal) {
624 int pid = pdfork(&pd, 0);
627 // Child: watch for SIGUSR1 forever.
629 signal(SIGUSR1, handle_signal);
630 while (!had_signal[SIGUSR1]) {
637 // Send an invalid signal.
638 EXPECT_EQ(-1, pdkill(pd, 0xFFFF));
639 EXPECT_EQ(EINVAL, errno);
641 // Send an expected SIGUSR1 to the pdfork()ed child.
642 EXPECT_PID_ALIVE(pid);
644 EXPECT_PID_DEAD(pid);
646 // Child's exit status confirms whether it received the signal.
648 int rc = waitpid(pid, &status, __WALL);
651 EXPECT_TRUE(WIFEXITED(status)) << "0x" << std::hex << rc;
652 EXPECT_EQ(123, WEXITSTATUS(status));
655 pid_t PdforkParentDeath(int pdfork_flags) {
657 // pid A: main process, here
658 // +--pid B: fork()ed process, sleep(4)s then exits
659 // +--pid C: pdfork()ed process, looping forever
661 EXPECT_OK(socketpair(AF_UNIX, SOCK_STREAM, 0, sock_fds));
662 if (verbose) fprintf(stderr, "[%d] parent about to fork()...\n", getpid_());
663 pid_t child = fork();
667 if (verbose) fprintf(stderr, " [%d] child about to pdfork()...\n", getpid_());
668 pid_t grandchild = pdfork(&pd, pdfork_flags);
669 if (grandchild == 0) {
671 if (verbose) fprintf(stderr, " [%d] grandchild: \"I aten't dead\"\n", getpid_());
675 if (verbose) fprintf(stderr, " [%d] pdfork()ed grandchild %d, sending ID to parent\n", getpid_(), grandchild);
676 // send grandchild pid to parent
677 write(sock_fds[1], &grandchild, sizeof(grandchild));
679 if (verbose) fprintf(stderr, " [%d] child terminating\n", getpid_());
682 if (verbose) fprintf(stderr, "[%d] fork()ed child is %d\n", getpid_(), child);
684 read(sock_fds[0], &grandchild, sizeof(grandchild));
685 if (verbose) fprintf(stderr, "[%d] receive grandchild id %d\n", getpid_(), grandchild);
686 EXPECT_PID_ALIVE(child);
687 EXPECT_PID_ALIVE(grandchild);
689 // Child dies, closing its process descriptor for the grandchild.
690 EXPECT_PID_DEAD(child);
691 CheckChildFinished(child);
695 TEST(Pdfork, Bagpuss) {
696 // "And of course when Bagpuss goes to sleep, all his friends go to sleep too"
697 pid_t grandchild = PdforkParentDeath(0);
698 // By default: child death => closed process descriptor => grandchild death.
699 EXPECT_PID_DEAD(grandchild);
702 TEST(Pdfork, BagpussDaemon) {
703 pid_t grandchild = PdforkParentDeath(PD_DAEMON);
704 // With PD_DAEMON: child death => closed process descriptor => no effect on grandchild.
705 EXPECT_PID_ALIVE(grandchild);
706 if (grandchild > 0) {
707 EXPECT_OK(kill(grandchild, SIGKILL));
711 // The exit of a pdfork()ed process should not generate SIGCHLD.
712 TEST_F(PipePdfork, NoSigchld) {
714 sighandler_t original = signal(SIGCHLD, handle_signal);
717 // Can waitpid() for the specific pid of the pdfork()ed child.
718 EXPECT_EQ(pid_, waitpid(pid_, &rc, __WALL));
719 EXPECT_TRUE(WIFEXITED(rc)) << "0x" << std::hex << rc;
720 EXPECT_FALSE(had_signal[SIGCHLD]);
721 signal(SIGCHLD, original);
724 // The exit of a pdfork()ed process whose process descriptors have
725 // all been closed should generate SIGCHLD. The child process needs
726 // PD_DAEMON to survive the closure of the process descriptors.
727 TEST_F(PipePdforkDaemon, NoPDSigchld) {
729 sighandler_t original = signal(SIGCHLD, handle_signal);
731 EXPECT_OK(close(pd_));
734 EXPECT_EQ(-1, waitpid(pid_, NULL, __WALL));
735 EXPECT_EQ(errno, ECHILD);
738 // Can waitpid() for the specific pid of the pdfork()ed child.
739 EXPECT_EQ(pid_, waitpid(pid_, &rc, __WALL));
740 EXPECT_TRUE(WIFEXITED(rc)) << "0x" << std::hex << rc;
742 EXPECT_FALSE(had_signal[SIGCHLD]);
743 signal(SIGCHLD, original);
746 #ifdef HAVE_PROCDESC_FSTAT
747 TEST_F(PipePdfork, ModeBits) {
748 // Owner rwx bits indicate liveness of child
750 memset(&stat, 0, sizeof(stat));
751 EXPECT_OK(fstat(pd_, &stat));
752 if (verbose) print_stat(stderr, &stat);
753 EXPECT_EQ(S_IRWXU, (long)(stat.st_mode & S_IRWXU));
758 memset(&stat, 0, sizeof(stat));
759 EXPECT_OK(fstat(pd_, &stat));
760 if (verbose) print_stat(stderr, &stat);
761 EXPECT_EQ(0, (int)(stat.st_mode & S_IRWXU));
765 TEST_F(PipePdfork, WildcardWait) {
766 // TODO(FreeBSD): make wildcard wait ignore pdfork()ed children
767 // https://bugs.freebsd.org/201054
769 sleep(1); // Ensure child is truly dead.
771 // Wildcard waitpid(-1) should not see the pdfork()ed child because
772 // there is still a process descriptor for it.
774 EXPECT_EQ(-1, waitpid(-1, &rc, WNOHANG));
775 EXPECT_EQ(ECHILD, errno);
777 EXPECT_OK(close(pd_));
781 FORK_TEST(Pdfork, Pdkill) {
784 pid_t pid = pdfork(&pd, 0);
788 // Child: set a SIGINT handler and sleep.
790 signal(SIGINT, handle_signal);
791 if (verbose) fprintf(stderr, "[%d] child about to sleep(10)\n", getpid_());
792 int left = sleep(10);
793 if (verbose) fprintf(stderr, "[%d] child slept, %d sec left, had[SIGINT]=%d\n",
794 getpid_(), left, had_signal[SIGINT]);
795 // Expect this sleep to be interrupted by the signal (and so left > 0).
799 // Parent: get child's PID.
801 EXPECT_OK(pdgetpid(pd, &pd_pid));
802 EXPECT_EQ(pid, pd_pid);
804 // Interrupt the child after a second.
806 EXPECT_OK(pdkill(pd, SIGINT));
808 // Make sure the child finished properly (caught signal then exited).
809 CheckChildFinished(pid);
812 FORK_TEST(Pdfork, PdkillSignal) {
814 pid_t pid = pdfork(&pd, 0);
818 // Child: sleep. No SIGINT handler.
819 if (verbose) fprintf(stderr, "[%d] child about to sleep(10)\n", getpid_());
820 int left = sleep(10);
821 if (verbose) fprintf(stderr, "[%d] child slept, %d sec left\n", getpid_(), left);
825 // Kill the child (as it doesn't handle SIGINT).
827 EXPECT_OK(pdkill(pd, SIGINT));
829 // Make sure the child finished properly (terminated by signal).
830 CheckChildFinished(pid, true);
833 //------------------------------------------------
834 // Test interactions with other parts of Capsicum:
838 FORK_TEST(Pdfork, DaemonUnrestricted) {
839 EXPECT_OK(cap_enter());
842 // Capability mode leaves pdfork() available, with and without flag.
844 rc = pdfork(&fd, PD_DAEMON);
847 // Child: immediately terminate.
854 // Child: immediately terminate.
859 TEST(Pdfork, MissingRights) {
860 pid_t parent = getpid_();
862 pid_t pid = pdfork(&pd, 0);
865 // Child: loop forever.
866 EXPECT_NE(parent, getpid_());
867 while (true) sleep(1);
869 // Create two capabilities from the process descriptor.
871 cap_rights_init(&r_ro, CAP_READ, CAP_LOOKUP);
872 int cap_incapable = dup(pd);
873 EXPECT_OK(cap_incapable);
874 EXPECT_OK(cap_rights_limit(cap_incapable, &r_ro));
875 cap_rights_t r_pdall;
876 cap_rights_init(&r_pdall, CAP_PDGETPID, CAP_PDWAIT, CAP_PDKILL);
877 int cap_capable = dup(pd);
878 EXPECT_OK(cap_capable);
879 EXPECT_OK(cap_rights_limit(cap_capable, &r_pdall));
882 EXPECT_NOTCAPABLE(pdgetpid(cap_incapable, &other_pid));
883 EXPECT_NOTCAPABLE(pdkill(cap_incapable, SIGINT));
885 EXPECT_NOTCAPABLE(pdwait4_(cap_incapable, &status, 0, NULL));
887 EXPECT_OK(pdgetpid(cap_capable, &other_pid));
888 EXPECT_EQ(pid, other_pid);
889 EXPECT_OK(pdkill(cap_capable, SIGINT));
890 int rc = pdwait4_(pd, &status, 0, NULL);
896 //------------------------------------------------
897 // Passing process descriptors between processes.
899 TEST_F(PipePdfork, PassProcessDescriptor) {
901 EXPECT_OK(socketpair(AF_UNIX, SOCK_STREAM, 0, sock_fds));
904 mh.msg_name = NULL; // No address needed
908 iov[0].iov_base = buffer1;
909 iov[0].iov_len = sizeof(buffer1);
913 mh.msg_control = buffer2;
914 mh.msg_controllen = sizeof(buffer2);
915 struct cmsghdr *cmptr;
917 if (verbose) fprintf(stderr, "[%d] about to fork()\n", getpid_());
918 pid_t child2 = fork();
920 // Child: close our copy of the original process descriptor.
923 // Child: wait to receive process descriptor over socket
924 if (verbose) fprintf(stderr, " [%d] child of %d waiting for process descriptor on socket\n", getpid_(), getppid());
925 int rc = recvmsg(sock_fds[0], &mh, 0);
927 EXPECT_LE(CMSG_LEN(sizeof(int)), mh.msg_controllen);
928 cmptr = CMSG_FIRSTHDR(&mh);
929 int pd = *(int*)CMSG_DATA(cmptr);
930 EXPECT_EQ(CMSG_LEN(sizeof(int)), cmptr->cmsg_len);
931 cmptr = CMSG_NXTHDR(&mh, cmptr);
932 EXPECT_TRUE(cmptr == NULL);
933 if (verbose) fprintf(stderr, " [%d] got process descriptor %d on socket\n", getpid_(), pd);
935 // Child: confirm we can do pd*() operations on the process descriptor
937 EXPECT_OK(pdgetpid(pd, &other));
938 if (verbose) fprintf(stderr, " [%d] process descriptor %d is pid %d\n", getpid_(), pd, other);
941 if (verbose) fprintf(stderr, " [%d] close process descriptor %d\n", getpid_(), pd);
944 // Last process descriptor closed, expect death
945 EXPECT_PID_DEAD(other);
949 usleep(1000); // Ensure subprocess runs
951 // Send the process descriptor over the pipe to the sub-process
952 mh.msg_controllen = CMSG_LEN(sizeof(int));
953 cmptr = CMSG_FIRSTHDR(&mh);
954 cmptr->cmsg_level = SOL_SOCKET;
955 cmptr->cmsg_type = SCM_RIGHTS;
956 cmptr->cmsg_len = CMSG_LEN(sizeof(int));
957 *(int *)CMSG_DATA(cmptr) = pd_;
961 if (verbose) fprintf(stderr, "[%d] send process descriptor %d on socket\n", getpid_(), pd_);
962 int rc = sendmsg(sock_fds[1], &mh, 0);
965 if (verbose) fprintf(stderr, "[%d] close process descriptor %d\n", getpid_(), pd_);
966 close(pd_); // Not last open process descriptor
970 EXPECT_EQ(child2, waitpid(child2, &status, __WALL));
971 rc = WIFEXITED(status) ? WEXITSTATUS(status) : -1;
974 // confirm death all round
975 EXPECT_PID_DEAD(child2);
976 EXPECT_PID_DEAD(pid_);