2 * Copyright (c) 2012 The FreeBSD Foundation
5 * This software was developed by Pawel Jakub Dawidek under sponsorship from
6 * the FreeBSD Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 #include <sys/cdefs.h>
31 __FBSDID("$FreeBSD$");
33 #include <sys/types.h>
34 #include <sys/capsicum.h>
35 #include <sys/procdesc.h>
56 CHECK(cap_getmode(&mode) == 0);
57 /* If cap_getmode() succeeded mode should be modified. */
59 /* We are not in capability mode. */
64 CHECK(cap_getmode(NULL) == -1);
65 CHECK(errno == EFAULT);
67 CHECK(cap_getmode((void *)(uintptr_t)0xdeadc0de) == -1);
68 CHECK(errno == EFAULT);
70 /* If parent is not in capability mode, child after fork() also won't be. */
74 err(1, "fork() failed");
77 CHECK(cap_getmode(&mode) == 0);
78 /* If cap_getmode() succeeded mode should be modified. */
80 /* We are not in capability mode. */
84 if (waitpid(pid, NULL, 0) == -1)
85 err(1, "waitpid() failed");
88 /* If parent is not in capability mode, child after pdfork() also won't be. */
89 pid = pdfork(&pfd, 0);
92 err(1, "pdfork() failed");
95 CHECK(cap_getmode(&mode) == 0);
96 /* If cap_getmode() succeeded mode should be modified. */
98 /* We are not in capability mode. */
102 if (pdwait(pfd) == -1)
103 err(1, "pdwait() failed");
107 /* In capability mode... */
109 CHECK(cap_enter() == 0);
112 CHECK(cap_getmode(&mode) == 0);
113 /* If cap_getmode() succeeded mode should be modified. */
115 /* We are in capability mode. */
120 CHECK(cap_getmode(NULL) == -1);
121 CHECK(errno == EFAULT);
123 CHECK(cap_getmode((void *)(uintptr_t)0xdeadc0de) == -1);
124 CHECK(errno == EFAULT);
126 /* If parent is in capability mode, child after fork() also will be. */
130 err(1, "fork() failed");
133 CHECK(cap_getmode(&mode) == 0);
134 /* If cap_getmode() succeeded mode should be modified. */
136 /* We are in capability mode. */
141 * wait(2) and friends are not permitted in the capability mode,
142 * so we can only just wait for a while.
147 /* If parent is in capability mode, child after pdfork() also will be. */
148 pid = pdfork(&pfd, 0);
151 err(1, "pdfork() failed");
154 CHECK(cap_getmode(&mode) == 0);
155 /* If cap_getmode() succeeded mode should be modified. */
157 /* We are in capability mode. */
161 if (pdwait(pfd) == -1)
162 err(1, "pdwait() failed");