On 10.11.2016 03:28, Paul Goyette wrote: > On Thu, 10 Nov 2016, matthew green wrote: > >>>> also, root can't attach to pid1 if securelevel is >= 0. >>> >>> To adjust securelevel this test would need to be modified to run under >>> rump ... We wouldn't want the test to manipulate securelevel of the >>> running system. >> >> s/wouldn't want/*can't* by design have/. >> >> i don't know that running under rump is useful here. i certainly >> would not trust ptrace tests in a rump to cover it properly. this >> test should just be skipped if securelevel >= 0. fact is that >> very few systems run with securelevel these days, so it's a small >> portion of systems that won't have it. > > Yeah, rump probably doesn't make much sense here. Skipping the test > (with atf_tc_skip(...) of course) is likely the best solution. > > This test is already enforcing unprivileged user. For now, I leave all other rump and securelevel use-cases.
Attachment:
signature.asc
Description: OpenPGP digital signature