capsicum-test: Move out of contrib

Google developed the Capsicum unit test suite[1] as part of the
Capsicum-Linux[2] project, based on unit tests that existed in FreeBSD
and unit tests developed as part of the initial Capsicum-Linux port.

Capsicum-Linux was archived as of October 31, 2022 and is no longer
being maintained.  FreeBSD is currently the only consumer of and
contributor to the test suite.  Move the src into tests/sys/capsicum to
simplify ongoing maintenance.

The makefiles were deleted as we (continue to) use the existing bespoke
FreeBSD Makefile, and CONTRIBUTING.md was removed as the Google CLA is
no longer applicable.

[1] https://github.com/google/capsicum-test
[2] https://github.com/google/capsicum-linux

Reviewed by:	asomers, oshogbo
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D54917
This commit is contained in:
Ed Maste
2026-01-27 08:28:23 -05:00
parent 59bbb62b60
commit 670b568ec1
37 changed files with 1 additions and 160 deletions
+1 -1
View File
@@ -34,7 +34,6 @@
/bin/sh @jillest /bin/sh @jillest
/contrib/atf @ngie-eign /contrib/atf @ngie-eign
/contrib/blocklist @jlduran /contrib/blocklist @jlduran
/contrib/capsicum-test @ngie-eign @emaste
/contrib/googletest @ngie-eign /contrib/googletest @ngie-eign
/contrib/libcxxrt @DimitryAndric @emaste /contrib/libcxxrt @DimitryAndric @emaste
/contrib/llvm-project @DimitryAndric /contrib/llvm-project @DimitryAndric
@@ -118,6 +117,7 @@
/sys/x86/pci @bsdimp @bsdjhb /sys/x86/pci @bsdimp @bsdjhb
/tests @ngie-eign /tests @ngie-eign
/tests/sys/aio/ @asomers /tests/sys/aio/ @asomers
/tests/sys/capsicum-test @ngie-eign @emaste
/tests/sys/fs/fusefs/ @asomers /tests/sys/fs/fusefs/ @asomers
/tests/sys/kqueue/ @jmgurney /tests/sys/kqueue/ @jmgurney
/tests/sys/opencrypto/ @jmgurney /tests/sys/opencrypto/ @jmgurney
-19
View File
@@ -1,19 +0,0 @@
capsicum-test
mini-me
mini-me.noexec
mini-me.setuid
mini-me.32
mini-me.x32
mini-me.64
libgtest.a
smoketest
*.o
libcap*.deb
libcap*.dsc
libcap*.tar.gz
libcap*.changes
casper*.deb
casper*.dsc
casper*.tar.gz
casper*.changes
libcaprights.a
-20
View File
@@ -1,20 +0,0 @@
## Contributor License Agreement ##
Contributions to any Google project must be accompanied by a Contributor
License Agreement. This is not a copyright **assignment**, it simply gives
Google permission to use and redistribute your contributions as part of the
project.
* If you are an individual writing original source code and you're sure you
own the intellectual property, then you'll need to sign an [individual
CLA][].
* If you work for a company that wants to allow you to contribute your work,
then you'll need to sign a [corporate CLA][].
You generally only need to submit a CLA once, so if you've already submitted
one (even if it was for a different project), you probably don't need to do it
again.
[individual CLA]: https://developers.google.com/open-source/cla/individual
[corporate CLA]: https://developers.google.com/open-source/cla/corporate
-82
View File
@@ -1,82 +0,0 @@
OS:=$(shell uname)
# Set ARCH to 32 or x32 for i386/x32 ABIs
ARCH?=64
ARCHFLAG=-m$(ARCH)
ifeq ($(OS),FreeBSD)
EXTRA_LIBS=-lprocstat
endif
ifeq ($(OS),Linux)
PROCESSOR:=$(shell uname -p)
ifneq ($(wildcard /usr/lib/$(PROCESSOR)-linux-gnu),)
# Can use standard Debian location for static libraries.
PLATFORM_LIBDIR=/usr/lib/$(PROCESSOR)-linux-gnu
else
# Attempt to determine library location from gcc configuration.
PLATFORM_LIBDIR=$(shell gcc -v 2>&1 | grep "Configured with:" | sed 's/.*--libdir=\(\/usr\/[^ ]*\).*/\1/g')
endif
# Override for explicitly specified ARCHFLAG.
# Use locally compiled libcaprights in this case, on the
# assumption that any installed version is 64-bit.
ifeq ($(ARCHFLAG),-m32)
PROCESSOR=i386
PLATFORM_LIBDIR=/usr/lib32
LIBCAPRIGHTS=./libcaprights.a
endif
ifeq ($(ARCHFLAG),-mx32)
PROCESSOR=x32
PLATFORM_LIBDIR=/usr/libx32
LIBCAPRIGHTS=./libcaprights.a
endif
# Detect presence of libsctp in normal Debian location
ifneq ($(wildcard $(PLATFORM_LIBDIR)/libsctp.a),)
LIBSCTP=-lsctp
CXXFLAGS=-DHAVE_SCTP
endif
ifneq ($(LIBCAPRIGHTS),)
# Build local libcaprights.a (assuming ./configure
# has already been done in libcaprights/)
LOCAL_LIBS=$(LIBCAPRIGHTS)
LIBCAPRIGHTS_OBJS=libcaprights/capsicum.o libcaprights/linux-bpf-capmode.o libcaprights/procdesc.o libcaprights/signal.o
LOCAL_CLEAN=$(LOCAL_LIBS) $(LIBCAPRIGHTS_OBJS)
else
# Detect installed libcaprights static library.
ifneq ($(wildcard $(PLATFORM_LIBDIR)/libcaprights.a),)
LIBCAPRIGHTS=$(PLATFORM_LIBDIR)/libcaprights.a
else
ifneq ($(wildcard /usr/lib/libcaprights.a),)
LIBCAPRIGHTS=/usr/lib/libcaprights.a
endif
endif
endif
endif
# Extra test programs for arch-transition tests
EXTRA_PROGS = mini-me.32 mini-me.64
ifneq ($(wildcard /usr/include/gnu/stubs-x32.h),)
EXTRA_PROGS += mini-me.x32
endif
# Chain on to the master makefile
include makefile
./libcaprights.a: $(LIBCAPRIGHTS_OBJS)
ar cr $@ $^
# Small static programs of known architectures
# These may require additional packages to be installed; for example, for Debian:
# - libc6-dev-i386 provides 32-bit headers for a 64-bit system
# - libc6-dev-x32 provides headers for the x32 ABI.
mini-me.32: mini-me.c
$(CC) $(CFLAGS) -m32 -static -o $@ $<
mini-me.x32: mini-me.c
$(CC) $(CFLAGS) -mx32 -static -o $@ $<
mini-me.64: mini-me.c
$(CC) $(CFLAGS) -m64 -static -o $@ $<
-36
View File
@@ -1,36 +0,0 @@
all: capsicum-test smoketest mini-me mini-me.noexec mini-me.setuid $(EXTRA_PROGS)
OBJECTS=capsicum-test-main.o capsicum-test.o capability-fd.o copy_file_range.o fexecve.o procdesc.o capmode.o fcntl.o ioctl.o openat.o sysctl.o select.o mqueue.o socket.o sctp.o capability-fd-pair.o linux.o overhead.o rename.o
GTEST_DIR=gtest-1.10.0
GTEST_INCS=-I$(GTEST_DIR)/include -I$(GTEST_DIR)
GTEST_FLAGS=-DGTEST_USE_OWN_TR1_TUPLE=1 -DGTEST_HAS_TR1_TUPLE=1
CXXFLAGS+=$(ARCHFLAG) -Wall -g $(GTEST_INCS) $(GTEST_FLAGS) --std=c++11
CFLAGS+=$(ARCHFLAG) -Wall -g
capsicum-test: $(OBJECTS) libgtest.a $(LOCAL_LIBS)
$(CXX) $(CXXFLAGS) -g -o $@ $(OBJECTS) libgtest.a -lpthread -lrt $(LIBSCTP) $(LIBCAPRIGHTS) $(EXTRA_LIBS)
# Small statically-linked program for fexecve tests
# (needs to be statically linked so that execve()ing it
# doesn't involve ld.so traversing the filesystem).
mini-me: mini-me.c
$(CC) $(CFLAGS) -static -o $@ $<
mini-me.noexec: mini-me
cp mini-me $@ && chmod -x $@
mini-me.setuid: mini-me
rm -f $@ && cp mini-me $@&& sudo chown root $@ && sudo chmod u+s $@
# Simple C test of Capsicum syscalls
SMOKETEST_OBJECTS=smoketest.o
smoketest: $(SMOKETEST_OBJECTS) $(LOCAL_LIBS)
$(CC) $(CFLAGS) -o $@ $(SMOKETEST_OBJECTS) $(LIBCAPRIGHTS)
test: capsicum-test mini-me mini-me.noexec mini-me.setuid $(EXTRA_PROGS)
./capsicum-test
gtest-all.o:
$(CXX) $(CXXFLAGS) $(ARCHFLAG) -I$(GTEST_DIR)/include -I$(GTEST_DIR) $(GTEST_FLAGS) -c ${GTEST_DIR}/src/gtest-all.cc
libgtest.a: gtest-all.o
$(AR) -rv libgtest.a gtest-all.o
clean:
rm -rf gtest-all.o libgtest.a capsicum-test mini-me mini-me.noexec smoketest $(SMOKETEST_OBJECTS) $(OBJECTS) $(LOCAL_CLEAN) $(EXTRA_PROGS)
-2
View File
@@ -9,8 +9,6 @@ CFLAGS+= -I${SRCTOP}/tests
.if ${MK_GOOGLETEST} != no .if ${MK_GOOGLETEST} != no
.PATH: ${SRCTOP}/contrib/capsicum-test
GTESTS+= capsicum-test GTESTS+= capsicum-test
GTESTS_WRAPPER_SH.capsicum-test= functional GTESTS_WRAPPER_SH.capsicum-test= functional
# This test script runs the same test suite twice, once as root and once as an # This test script runs the same test suite twice, once as root and once as an