git: 2d252934da51 - main - capsicum: Verify that openat("/", "..") fails with ENOTCAPABLE

From: Mark Johnston <markj_at_FreeBSD.org>
Date: Tue, 25 Apr 2023 14:08:27 UTC
The branch main has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=2d252934da51a4857662d3ae0e9d81c8f2833ff3

commit 2d252934da51a4857662d3ae0e9d81c8f2833ff3
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2023-04-25 13:54:47 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2023-04-25 13:54:47 +0000

    capsicum: Verify that openat("/", "..") fails with ENOTCAPABLE
    
    Add a regression test for a718431c30a5 ("lookup(): ensure that
    openat("/", "..", O_RESOLVE_BENEATH) fails").
    
    MFC after:      1 week
    Sponsored by:   The FreeBSD Foundation
---
 tests/sys/vfs/lookup_cap_dotdot.c | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/tests/sys/vfs/lookup_cap_dotdot.c b/tests/sys/vfs/lookup_cap_dotdot.c
index e023a50f8152..916129f7067f 100644
--- a/tests/sys/vfs/lookup_cap_dotdot.c
+++ b/tests/sys/vfs/lookup_cap_dotdot.c
@@ -233,6 +233,31 @@ ATF_TC_BODY(lookup_cap_dotdot__negative, tc)
 	ATF_REQUIRE_ERRNO(ENOTCAPABLE, openat(dirfd, "../testdir/d1/f1", O_RDONLY) < 0);
 }
 
+ATF_TC(lookup_cap_dotdot__root);
+ATF_TC_HEAD(lookup_cap_dotdot__root, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Validate cap-mode /.. lookup fails");
+}
+
+ATF_TC_BODY(lookup_cap_dotdot__root, tc)
+{
+	int dfd, dfd2;
+
+	check_capsicum();
+
+	dfd = open("/", O_DIRECTORY);
+	ATF_REQUIRE(dfd >= 0);
+
+	dfd2 = openat(dfd, "..", O_DIRECTORY);
+	ATF_REQUIRE(dfd2 >= 0);
+	ATF_REQUIRE(close(dfd2) == 0);
+
+	ATF_REQUIRE(cap_enter() >= 0);
+
+	dfd2 = openat(dfd, "..", O_DIRECTORY);
+	ATF_REQUIRE_ERRNO(ENOTCAPABLE, openat(dfd, "..", O_DIRECTORY));
+}
+
 ATF_TP_ADD_TCS(tp)
 {
 
@@ -244,6 +269,7 @@ ATF_TP_ADD_TCS(tp)
 	ATF_TP_ADD_TC(tp, lookup_cap_dotdot__basic);
 	ATF_TP_ADD_TC(tp, lookup_cap_dotdot__advanced);
 	ATF_TP_ADD_TC(tp, lookup_cap_dotdot__negative);
+	ATF_TP_ADD_TC(tp, lookup_cap_dotdot__root);
 
 	return (atf_no_error());
 }