From patchwork Fri Mar 25 09:36:18 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrea Cervesato X-Patchwork-Id: 1609314 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa header.b=HMV6ghFW; dkim=fail reason="signature verification failed" header.d=suse.de header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=lXsJMgYp; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.linux.it (client-ip=213.254.12.146; helo=picard.linux.it; envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it; receiver=) Received: from picard.linux.it (picard.linux.it [213.254.12.146]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4KPxnN6Blvz9s75 for ; Fri, 25 Mar 2022 20:36:56 +1100 (AEDT) Received: from picard.linux.it (localhost [IPv6:::1]) by picard.linux.it (Postfix) with ESMTP id 925BE3C6F21 for ; Fri, 25 Mar 2022 10:36:54 +0100 (CET) X-Original-To: ltp@lists.linux.it Delivered-To: ltp@picard.linux.it Received: from in-5.smtp.seeweb.it (in-5.smtp.seeweb.it [IPv6:2001:4b78:1:20::5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by picard.linux.it (Postfix) with ESMTPS id 62FCF3C0595 for ; Fri, 25 Mar 2022 10:36:29 +0100 (CET) Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by in-5.smtp.seeweb.it (Postfix) with ESMTPS id 39D59600F94 for ; Fri, 25 Mar 2022 10:36:28 +0100 (CET) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 8B7E81F7AC; Fri, 25 Mar 2022 09:36:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1648200988; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=O6iP2Id1soe0OZ/kDr2aTOAMFm+K+J3Z5eXr8ThYn1g=; b=HMV6ghFWEQpfzz9Qet8Ko5H2Om7MfYoKt2LFxbyFx5hAlp6hBc5NbaXPqx6d2ofpAPgYVK BEochBR1+k1HeZo4591vDwH3q+z2wxuXu+0hvlBaLOTPnSvLmShlVaugFs/BbLgp+LY6db 3O1kX7XnibUEUdiyePVc3DsEK7+USUk= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1648200988; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=O6iP2Id1soe0OZ/kDr2aTOAMFm+K+J3Z5eXr8ThYn1g=; b=lXsJMgYpfGz2ebQ33kWKQq/k502WO/UYBNwaNjaEAup+ZpddFJmI891gQs05lZRxcd7PQX CAWobhWp42ao7KDw== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 61EE6132E9; Fri, 25 Mar 2022 09:36:28 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id +KS7FRyNPWI1BQAAMHmgww (envelope-from ); Fri, 25 Mar 2022 09:36:28 +0000 From: Andrea Cervesato To: ltp@lists.linux.it Date: Fri, 25 Mar 2022 10:36:18 +0100 Message-Id: <20220325093626.11114-2-andrea.cervesato@suse.de> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220325093626.11114-1-andrea.cervesato@suse.de> References: <20220325093626.11114-1-andrea.cervesato@suse.de> MIME-Version: 1.0 X-Virus-Scanned: clamav-milter 0.102.4 at in-5.smtp.seeweb.it X-Virus-Status: Clean X-Spam-Status: No, score=0.1 required=7.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=disabled version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on in-5.smtp.seeweb.it Subject: [LTP] [PATCH v3 1/9] Rewrite userns01.c using new LTP API X-BeenThere: ltp@lists.linux.it X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux Test Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" Added common.h to be used instead of userns_helper.h by all userns tests. Signed-off-by: Andrea Cervesato Reviewed-by: Petr Vorel --- testcases/kernel/containers/userns/common.h | 58 +++++++++ testcases/kernel/containers/userns/userns01.c | 119 ++++++++---------- 2 files changed, 112 insertions(+), 65 deletions(-) create mode 100644 testcases/kernel/containers/userns/common.h diff --git a/testcases/kernel/containers/userns/common.h b/testcases/kernel/containers/userns/common.h new file mode 100644 index 000000000..aed4aa521 --- /dev/null +++ b/testcases/kernel/containers/userns/common.h @@ -0,0 +1,58 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright (c) Huawei Technologies Co., Ltd., 2015 + * Copyright (C) 2022 SUSE LLC Andrea Cervesato + */ + +#ifndef COMMON_H +#define COMMON_H + +#include "tst_test.h" +#include "lapi/namespaces_constants.h" + +#define UID_MAP 0 +#define GID_MAP 1 + +static int dummy_child(void *v) +{ + (void)v; + return 0; +} + +static inline void check_newuser(void) +{ + int pid, status; + + pid = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD, dummy_child, NULL); + if (pid == -1) + tst_brk(TCONF | TTERRNO, "CLONE_NEWUSER not supported"); + + SAFE_WAIT(&status); +} + +static inline void updatemap(int cpid, int type, int idnum, int parentmappid) +{ + char path[BUFSIZ]; + char content[BUFSIZ]; + int fd; + + switch(type) { + case UID_MAP: + sprintf(path, "/proc/%d/uid_map", cpid); + break; + case GID_MAP: + sprintf(path, "/proc/%d/gid_map", cpid); + break; + default: + tst_brk(TBROK, "invalid type parameter"); + break; + } + + sprintf(content, "%d %d 1", idnum, parentmappid); + + fd = SAFE_OPEN(path, O_WRONLY, 0644); + SAFE_WRITE(1, fd, content, strlen(content)); + SAFE_CLOSE(fd); +} + +#endif diff --git a/testcases/kernel/containers/userns/userns01.c b/testcases/kernel/containers/userns/userns01.c index 1c8cf570d..460c20a8d 100644 --- a/testcases/kernel/containers/userns/userns01.c +++ b/testcases/kernel/containers/userns/userns01.c @@ -1,115 +1,104 @@ +// SPDX-License-Identifier: GPL-2.0-or-later /* * Copyright (c) Huawei Technologies Co., Ltd., 2015 - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See - * the GNU General Public License for more details. + * Copyright (C) 2022 SUSE LLC Andrea Cervesato */ -/* - * Verify that: - * If a user ID has no mapping inside the namespace, user ID and group - * ID will be the value defined in the file /proc/sys/kernel/overflowuid(65534) - * and /proc/sys/kernel/overflowgid(65534). A child process has a full set - * of permitted and effective capabilities, even though the program was - * run from an unprivileged account. +/*\ + * [Description] + * + * Verify that if a user ID has no mapping inside the namespace, user ID and + * group ID will be the value defined in the file /proc/sys/kernel/overflowuid(65534) + * and /proc/sys/kernel/overflowgid(65534). A child process has a full set of + * permitted and effective capabilities, even though the program was run from an + * unprivileged account. */ +#include "tst_test.h" + +#ifdef HAVE_LIBCAP #define _GNU_SOURCE -#include -#include + #include -#include -#include -#include -#include -#include "userns_helper.h" -#include "test.h" +#include "common.h" #include "config.h" -#if HAVE_SYS_CAPABILITY_H #include -#endif #define OVERFLOWUIDPATH "/proc/sys/kernel/overflowuid" #define OVERFLOWGIDPATH "/proc/sys/kernel/overflowgid" -char *TCID = "user_namespace1"; -int TST_TOTAL = 1; - static long overflowuid; static long overflowgid; /* * child_fn1() - Inside a new user namespace */ -static int child_fn1(void *arg LTP_ATTRIBUTE_UNUSED) +static int child_fn1(LTP_ATTRIBUTE_UNUSED void *arg) { - int exit_val = 0; int uid, gid; -#ifdef HAVE_LIBCAP cap_t caps; int i, last_cap; cap_flag_value_t flag_val; -#endif uid = geteuid(); gid = getegid(); - tst_resm(TINFO, "USERNS test is running in a new user namespace."); + tst_res(TINFO, "USERNS test is running in a new user namespace."); - if (uid != overflowuid || gid != overflowgid) { - printf("Got unexpected result of uid=%d gid=%d\n", uid, gid); - exit_val = 1; - } + if (uid != overflowuid || gid != overflowgid) + tst_res(TFAIL, "got unexpected uid=%d gid=%d", uid, gid); + else + tst_res(TPASS, "got expected uid and gid"); -#ifdef HAVE_LIBCAP caps = cap_get_proc(); - SAFE_FILE_SCANF(NULL, "/proc/sys/kernel/cap_last_cap", "%d", &last_cap); + + SAFE_FILE_SCANF("/proc/sys/kernel/cap_last_cap", "%d", &last_cap); + for (i = 0; i <= last_cap; i++) { cap_get_flag(caps, i, CAP_EFFECTIVE, &flag_val); - if (flag_val == 0) + if (!flag_val) break; + cap_get_flag(caps, i, CAP_PERMITTED, &flag_val); - if (flag_val == 0) + if (!flag_val) break; } - if (flag_val == 0) { - printf("unexpected effective/permitted caps at %d\n", i); - exit_val = 1; - } -#else - printf("System is missing libcap.\n"); -#endif - return exit_val; + if (!flag_val) + tst_res(TFAIL, "unexpected effective/permitted caps at %d", i); + else + tst_res(TPASS, "expected capabilities"); + + return 0; } static void setup(void) { check_newuser(); - SAFE_FILE_SCANF(NULL, OVERFLOWUIDPATH, "%ld", &overflowuid); - SAFE_FILE_SCANF(NULL, OVERFLOWGIDPATH, "%ld", &overflowgid); + + SAFE_FILE_SCANF(OVERFLOWUIDPATH, "%ld", &overflowuid); + SAFE_FILE_SCANF(OVERFLOWGIDPATH, "%ld", &overflowgid); } -int main(int argc, char *argv[]) +static void run(void) { - int lc; + int pid; - tst_parse_opts(argc, argv, NULL, NULL); - setup(); + pid = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD, child_fn1, NULL); + if (pid < 0) + tst_brk(TBROK | TTERRNO, "clone failed"); +} - for (lc = 0; TEST_LOOPING(lc); lc++) { - TEST(do_clone_unshare_test(T_CLONE, CLONE_NEWUSER, - child_fn1, NULL)); +static struct tst_test test = { + .setup = setup, + .test_all = run, + .needs_root = 1, + .needs_kconfigs = (const char *[]) { + "CONFIG_USER_NS", + NULL, + }, +}; - if (TEST_RETURN == -1) - tst_brkm(TFAIL | TTERRNO, NULL, "clone failed"); - tst_record_childstatus(NULL, -1); - } - tst_exit(); -} +#else +TST_TEST_TCONF("System is missing libcap"); +#endif From patchwork Fri Mar 25 09:36:19 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrea Cervesato X-Patchwork-Id: 1609313 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa header.b=0M9cpBHc; dkim=fail reason="signature verification failed" header.d=suse.de header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=YTZztV+3; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.linux.it (client-ip=2001:1418:10:5::2; helo=picard.linux.it; envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it; receiver=) Received: from picard.linux.it (picard.linux.it [IPv6:2001:1418:10:5::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4KPxnB3BQpz9s75 for ; Fri, 25 Mar 2022 20:36:46 +1100 (AEDT) Received: from picard.linux.it (localhost [IPv6:::1]) by picard.linux.it (Postfix) with ESMTP id 846BC3C0595 for ; Fri, 25 Mar 2022 10:36:43 +0100 (CET) X-Original-To: ltp@lists.linux.it Delivered-To: ltp@picard.linux.it Received: from in-4.smtp.seeweb.it (in-4.smtp.seeweb.it [IPv6:2001:4b78:1:20::4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by picard.linux.it (Postfix) with ESMTPS id 2E5C13C0595 for ; Fri, 25 Mar 2022 10:36:30 +0100 (CET) Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by in-4.smtp.seeweb.it (Postfix) with ESMTPS id A8BA11001270 for ; Fri, 25 Mar 2022 10:36:29 +0100 (CET) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id C32D3210F1; Fri, 25 Mar 2022 09:36:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1648200988; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=SBs3zWEqCmWmn7yahXWBn5UcvKfJlTi1hpwaekk0l60=; b=0M9cpBHc78TWUCLw316lUIDghi+cMyrZoEBy8OKw0n0tV6fBOs9wistWyL5uQqhAqniKOE D0FufvdJmhLxY1Kc4WGdIsITW+uczycNT7VFAzsBWI4tyXO32h4ThUkdOLtCkOJgI2b2Tf 7smMkmUby8dccKRm6aCA0mhT8MV09p4= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1648200988; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=SBs3zWEqCmWmn7yahXWBn5UcvKfJlTi1hpwaekk0l60=; b=YTZztV+3vh3P2e1r4pTJPFm+vfQ60fux63gdvoPfolLPdugtHFMSV3LFP3FVmmvSua4f3b TIoHZBLzYfzplJBQ== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 99C79132E9; Fri, 25 Mar 2022 09:36:28 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id SLMdIxyNPWI1BQAAMHmgww (envelope-from ); Fri, 25 Mar 2022 09:36:28 +0000 From: Andrea Cervesato To: ltp@lists.linux.it Date: Fri, 25 Mar 2022 10:36:19 +0100 Message-Id: <20220325093626.11114-3-andrea.cervesato@suse.de> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220325093626.11114-1-andrea.cervesato@suse.de> References: <20220325093626.11114-1-andrea.cervesato@suse.de> MIME-Version: 1.0 X-Virus-Scanned: clamav-milter 0.102.4 at in-4.smtp.seeweb.it X-Virus-Status: Clean X-Spam-Status: No, score=0.1 required=7.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=disabled version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on in-4.smtp.seeweb.it Subject: [LTP] [PATCH v3 2/9] Rewrite userns02.c using new LTP API X-BeenThere: ltp@lists.linux.it X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux Test Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" Signed-off-by: Andrea Cervesato Reviewed-by: Petr Vorel Reviewed-by: Petr Vorel --- testcases/kernel/containers/userns/userns02.c | 138 ++++++++---------- 1 file changed, 58 insertions(+), 80 deletions(-) diff --git a/testcases/kernel/containers/userns/userns02.c b/testcases/kernel/containers/userns/userns02.c index ae49a1599..1f7cba573 100644 --- a/testcases/kernel/containers/userns/userns02.c +++ b/testcases/kernel/containers/userns/userns02.c @@ -1,74 +1,49 @@ +// SPDX-License-Identifier: GPL-2.0-or-later /* * Copyright (c) Huawei Technologies Co., Ltd., 2015 - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See - * the GNU General Public License for more details. + * Copyright (C) 2022 SUSE LLC Andrea Cervesato */ -/* - * Verify that: - * The user ID and group ID, which are inside a container, can be modified - * by its parent process. +/*\ + * [Description] + * + * Verify that the user ID and group ID, which are inside a container, + * can be modified by its parent process. */ #define _GNU_SOURCE -#include -#include -#include -#include -#include -#include -#include -#include "userns_helper.h" -#include "test.h" - -char *TCID = "user_namespace2"; -int TST_TOTAL = 1; -static void cleanup(void) -{ - tst_rmdir(); -} +#include +#include "common.h" +#include "tst_test.h" /* * child_fn1() - Inside a new user namespace */ static int child_fn1(void) { - int exit_val; int uid, gid; - TST_SAFE_CHECKPOINT_WAIT(NULL, 0); + TST_CHECKPOINT_WAIT(0); + uid = geteuid(); gid = getegid(); - if (uid == 100 && gid == 100) { - printf("Got expected uid and gid.\n"); - exit_val = 0; - } else { - printf("Got unexpected result of uid=%d gid=%d\n", uid, gid); - exit_val = 1; - } + if (uid == 100 && gid == 100) + tst_res(TPASS, "got expected uid and gid"); + else + tst_res(TFAIL, "got unexpected uid=%d gid=%d", uid, gid); - return exit_val; + return 0; } static void setup(void) { check_newuser(); - tst_tmpdir(); - TST_CHECKPOINT_INIT(NULL); } -int main(int argc, char *argv[]) +static void run(void) { - int lc; int childpid; int parentuid; int parentgid; @@ -76,42 +51,45 @@ int main(int argc, char *argv[]) char content[BUFSIZ]; int fd; - tst_parse_opts(argc, argv, NULL, NULL); - setup(); - - for (lc = 0; TEST_LOOPING(lc); lc++) { - tst_count = 0; - childpid = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD, - (void *)child_fn1, NULL); - - if (childpid < 0) - tst_brkm(TFAIL | TERRNO, cleanup, "clone failed"); - - parentuid = geteuid(); - parentgid = getegid(); - sprintf(path, "/proc/%d/uid_map", childpid); - sprintf(content, "100 %d 1", parentuid); - fd = SAFE_OPEN(cleanup, path, O_WRONLY, 0644); - SAFE_WRITE(cleanup, 1, fd, content, strlen(content)); - SAFE_CLOSE(cleanup, fd); - - if (access("/proc/self/setgroups", F_OK) == 0) { - sprintf(path, "/proc/%d/setgroups", childpid); - fd = SAFE_OPEN(cleanup, path, O_WRONLY, 0644); - SAFE_WRITE(cleanup, 1, fd, "deny", 4); - SAFE_CLOSE(cleanup, fd); - } - - sprintf(path, "/proc/%d/gid_map", childpid); - sprintf(content, "100 %d 1", parentgid); - fd = SAFE_OPEN(cleanup, path, O_WRONLY, 0644); - SAFE_WRITE(cleanup, 1, fd, content, strlen(content)); - SAFE_CLOSE(cleanup, fd); - - TST_SAFE_CHECKPOINT_WAKE(cleanup, 0); - - tst_record_childstatus(cleanup, childpid); + childpid = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD, (void *)child_fn1, NULL); + if (childpid < 0) + tst_brk(TBROK | TTERRNO, "clone failed"); + + parentuid = geteuid(); + parentgid = getegid(); + + sprintf(path, "/proc/%d/uid_map", childpid); + sprintf(content, "100 %d 1", parentuid); + + fd = SAFE_OPEN(path, O_WRONLY, 0644); + SAFE_WRITE(1, fd, content, strlen(content)); + SAFE_CLOSE(fd); + + if (access("/proc/self/setgroups", F_OK) == 0) { + sprintf(path, "/proc/%d/setgroups", childpid); + + fd = SAFE_OPEN(path, O_WRONLY, 0644); + SAFE_WRITE(1, fd, "deny", 4); + SAFE_CLOSE(fd); } - cleanup(); - tst_exit(); + + sprintf(path, "/proc/%d/gid_map", childpid); + sprintf(content, "100 %d 1", parentgid); + + fd = SAFE_OPEN(path, O_WRONLY, 0644); + SAFE_WRITE(1, fd, content, strlen(content)); + SAFE_CLOSE(fd); + + TST_CHECKPOINT_WAKE(0); } + +static struct tst_test test = { + .setup = setup, + .test_all = run, + .needs_root = 1, + .needs_checkpoints = 1, + .needs_kconfigs = (const char *[]) { + "CONFIG_USER_NS", + NULL, + }, +}; From patchwork Fri Mar 25 09:36:20 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrea Cervesato X-Patchwork-Id: 1609316 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa header.b=rejmOkY1; dkim=fail reason="signature verification failed" header.d=suse.de header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=xzQMkDvZ; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.linux.it (client-ip=213.254.12.146; helo=picard.linux.it; envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it; receiver=) Received: from picard.linux.it (picard.linux.it [213.254.12.146]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4KPxnn2vlnz9s75 for ; Fri, 25 Mar 2022 20:37:17 +1100 (AEDT) Received: from picard.linux.it (localhost [IPv6:::1]) by picard.linux.it (Postfix) with ESMTP id 5B1593C70D9 for ; Fri, 25 Mar 2022 10:37:15 +0100 (CET) X-Original-To: ltp@lists.linux.it Delivered-To: ltp@picard.linux.it Received: from in-4.smtp.seeweb.it (in-4.smtp.seeweb.it [217.194.8.4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by picard.linux.it (Postfix) with ESMTPS id 6B8373C5A8A for ; Fri, 25 Mar 2022 10:36:30 +0100 (CET) Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by in-4.smtp.seeweb.it (Postfix) with ESMTPS id 70A211001262 for ; Fri, 25 Mar 2022 10:36:29 +0100 (CET) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 05AD11F7AE; Fri, 25 Mar 2022 09:36:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1648200989; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=sDgF7KbQiA1rzjtiGLDKZ0Im7qwcLcimlH9E0NNGNZM=; b=rejmOkY12vL20n88zppwlrTr1Y1VQG+6jakNb27hKZybR2KD4G1BNcq3r5SuG9W8q+sDoD 1LXSqiyktPoChc9HveqglSq4Ud0xQiEeOA9hyXrBcjouYGwKpkaNFntx9qG6SPFn1XztZ8 eoYYx9sGEcY4NBJGmbe3ZpVGHra7tE8= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1648200989; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=sDgF7KbQiA1rzjtiGLDKZ0Im7qwcLcimlH9E0NNGNZM=; b=xzQMkDvZRDU4AMHMVM61K7ci1iovKpHxmOOPbgkH7sHORx7syKJX6NDYxZsgM4LCT1z+YE vD2ciuBzqQ1bGyDQ== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id D00E6132E9; Fri, 25 Mar 2022 09:36:28 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id cIaDMByNPWI1BQAAMHmgww (envelope-from ); Fri, 25 Mar 2022 09:36:28 +0000 From: Andrea Cervesato To: ltp@lists.linux.it Date: Fri, 25 Mar 2022 10:36:20 +0100 Message-Id: <20220325093626.11114-4-andrea.cervesato@suse.de> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220325093626.11114-1-andrea.cervesato@suse.de> References: <20220325093626.11114-1-andrea.cervesato@suse.de> MIME-Version: 1.0 X-Virus-Scanned: clamav-milter 0.102.4 at in-4.smtp.seeweb.it X-Virus-Status: Clean X-Spam-Status: No, score=0.1 required=7.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=disabled version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on in-4.smtp.seeweb.it Subject: [LTP] [PATCH v3 3/9] Rewrite userns03.c using new LTP API X-BeenThere: ltp@lists.linux.it X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux Test Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" Signed-off-by: Andrea Cervesato Reviewed-by: Petr Vorel --- testcases/kernel/containers/userns/userns03.c | 284 ++++++++---------- 1 file changed, 129 insertions(+), 155 deletions(-) diff --git a/testcases/kernel/containers/userns/userns03.c b/testcases/kernel/containers/userns/userns03.c index be511fec8..9a6f1b54a 100644 --- a/testcases/kernel/containers/userns/userns03.c +++ b/testcases/kernel/containers/userns/userns03.c @@ -1,24 +1,22 @@ +// SPDX-License-Identifier: GPL-2.0-or-later /* * Copyright (c) Huawei Technologies Co., Ltd., 2015 - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. This program is distributed in the hope that it will be - * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General - * Public License for more details. You should have received a copy of the GNU - * General Public License along with this program. + * Copyright (C) 2022 SUSE LLC Andrea Cervesato */ -/* - * Verify that: - * /proc/PID/uid_map and /proc/PID/gid_map contains three values separated by - * white space: +/*\ + * [Description] + * + * Verify that /proc/PID/uid_map and /proc/PID/gid_map contains three values + * separated by white space: + * * ID-inside-ns ID-outside-ns length * * ID-outside-ns is interpreted according to which process is opening the file. + * * If the process opening the file is in the same user namespace as the process * PID, then ID-outside-ns is defined with respect to the parent user namespace. + * * If the process opening the file is in a different user namespace, then * ID-outside-ns is defined with respect to the user namespace of the process * opening the file. @@ -26,29 +24,16 @@ * The string "deny" would be written to /proc/self/setgroups before GID * check if setgroups is allowed, see kernel commits: * - * commit 9cc46516ddf497ea16e8d7cb986ae03a0f6b92f8 - * Author: Eric W. Biederman - * Date: Tue Dec 2 12:27:26 2014 -0600 - * userns: Add a knob to disable setgroups on a per user namespace basis - * - * commit 66d2f338ee4c449396b6f99f5e75cd18eb6df272 - * Author: Eric W. Biederman - * Date: Fri Dec 5 19:36:04 2014 -0600 - * userns: Allow setting gid_maps without privilege when setgroups is disabled - * + * * 9cc46516ddf4 ("userns: Add a knob to disable setgroups on a per user namespace basis") + * * 66d2f338ee4c ("userns: Allow setting gid_maps without privilege when setgroups is disabled") */ #define _GNU_SOURCE -#include -#include + #include -#include #include -#include -#include -#include -#include "userns_helper.h" -#include "test.h" +#include "common.h" +#include "tst_test.h" #define CHILD1UID 0 #define CHILD1GID 0 @@ -57,16 +42,16 @@ #define UID_MAP 0 #define GID_MAP 1 -char *TCID = "user_namespace3"; -int TST_TOTAL = 1; -static int cpid1, parentuid, parentgid; +static int cpid1; +static int parentuid; +static int parentgid; /* * child_fn1() - Inside a new user namespace */ static int child_fn1(void) { - TST_SAFE_CHECKPOINT_WAIT(NULL, 0); + TST_CHECKPOINT_WAIT(0); return 0; } @@ -75,161 +60,150 @@ static int child_fn1(void) */ static int child_fn2(void) { - int exit_val = 0; int uid, gid; char cpid1uidpath[BUFSIZ]; char cpid1gidpath[BUFSIZ]; int idinsidens, idoutsidens, length; - TST_SAFE_CHECKPOINT_WAIT(NULL, 1); + TST_CHECKPOINT_WAIT(1); uid = geteuid(); gid = getegid(); - if (uid != CHILD2UID || gid != CHILD2GID) { - printf("unexpected uid=%d gid=%d\n", uid, gid); - exit_val = 1; - } + tst_res(TINFO, "uid=%d, gid=%d", uid, gid); + + if (uid != CHILD2UID || gid != CHILD2GID) + tst_res(TFAIL, "unexpected uid=%d gid=%d", uid, gid); + else + tst_res(TPASS, "expected uid and gid"); - /*Get the uid parameters of the child_fn2 process.*/ - SAFE_FILE_SCANF(NULL, "/proc/self/uid_map", "%d %d %d", &idinsidens, - &idoutsidens, &length); + /* Get the uid parameters of the child_fn2 process */ + SAFE_FILE_SCANF("/proc/self/uid_map", "%d %d %d", &idinsidens, &idoutsidens, &length); /* map file format:ID-inside-ns ID-outside-ns length - If the process opening the file is in the same user namespace as - the process PID, then ID-outside-ns is defined with respect to the - parent user namespace.*/ - if (idinsidens != CHILD2UID || idoutsidens != parentuid) { - printf("child_fn2 checks /proc/cpid2/uid_map:\n"); - printf("unexpected: idinsidens=%d idoutsidens=%d\n", - idinsidens, idoutsidens); - exit_val = 1; - } + * If the process opening the file is in the same user namespace as + * the process PID, then ID-outside-ns is defined with respect to the + * parent user namespace + */ + tst_res(TINFO, "child2 checks /proc/cpid2/uid_map"); + + if (idinsidens != CHILD2UID || idoutsidens != parentuid) + tst_res(TFAIL, "unexpected: namespace ID inside=%d outside=%d", idinsidens, idoutsidens); + else + tst_res(TPASS, "expected namespaces IDs"); sprintf(cpid1uidpath, "/proc/%d/uid_map", cpid1); - SAFE_FILE_SCANF(NULL, cpid1uidpath, "%d %d %d", &idinsidens, - &idoutsidens, &length); + SAFE_FILE_SCANF(cpid1uidpath, "%d %d %d", &idinsidens, &idoutsidens, &length); /* If the process opening the file is in a different user namespace, - then ID-outside-ns is defined with respect to the user namespace - of the process opening the file.*/ - if (idinsidens != CHILD1UID || idoutsidens != CHILD2UID) { - printf("child_fn2 checks /proc/cpid1/uid_map:\n"); - printf("unexpected: idinsidens=%d idoutsidens=%d\n", - idinsidens, idoutsidens); - exit_val = 1; - } + * then ID-outside-ns is defined with respect to the user namespace + * of the process opening the file + */ + tst_res(TINFO, "child2 checks /proc/cpid1/uid_map"); + + if (idinsidens != CHILD1UID || idoutsidens != CHILD2UID) + tst_res(TFAIL, "unexpected: namespace ID inside=%d outside=%d", idinsidens, idoutsidens); + else + tst_res(TPASS, "expected namespaces IDs"); sprintf(cpid1gidpath, "/proc/%d/gid_map", cpid1); - SAFE_FILE_SCANF(NULL, "/proc/self/gid_map", "%d %d %d", - &idinsidens, &idoutsidens, &length); - - if (idinsidens != CHILD2GID || idoutsidens != parentgid) { - printf("child_fn2 checks /proc/cpid2/gid_map:\n"); - printf("unexpected: idinsidens=%d idoutsidens=%d\n", - idinsidens, idoutsidens); - exit_val = 1; - } + SAFE_FILE_SCANF("/proc/self/gid_map", "%d %d %d", &idinsidens, &idoutsidens, &length); - SAFE_FILE_SCANF(NULL, cpid1gidpath, "%d %d %d", &idinsidens, - &idoutsidens, &length); + tst_res(TINFO, "child2 checks /proc/cpid2/gid_map"); - if (idinsidens != CHILD1GID || idoutsidens != CHILD2GID) { - printf("child_fn1 checks /proc/cpid1/gid_map:\n"); - printf("unexpected: idinsidens=%d idoutsidens=%d\n", - idinsidens, idoutsidens); - exit_val = 1; - } + if (idinsidens != CHILD2GID || idoutsidens != parentgid) + tst_res(TFAIL, "unexpected: namespace ID inside=%d outside=%d", idinsidens, idoutsidens); + else + tst_res(TPASS, "expected namespaces IDs"); - TST_SAFE_CHECKPOINT_WAKE(NULL, 0); - TST_SAFE_CHECKPOINT_WAKE(NULL, 1); - return exit_val; -} + SAFE_FILE_SCANF(cpid1gidpath, "%d %d %d", &idinsidens, &idoutsidens, &length); -static void cleanup(void) -{ - tst_rmdir(); + tst_res(TINFO, "child1 checks /proc/cpid1/gid_map"); + + if (idinsidens != CHILD1GID || idoutsidens != CHILD2GID) + tst_res(TFAIL, "unexpected: namespace ID inside=%d outside=%d", idinsidens, idoutsidens); + else + tst_res(TPASS, "expected namespaces IDs"); + + TST_CHECKPOINT_WAKE(0); + TST_CHECKPOINT_WAKE(1); + + return 0; } static void setup(void) { check_newuser(); - tst_tmpdir(); - TST_CHECKPOINT_INIT(NULL); } -int main(int argc, char *argv[]) +static void run(void) { pid_t cpid2; char path[BUFSIZ]; - int lc; int fd; int ret; - tst_parse_opts(argc, argv, NULL, NULL); - setup(); - - for (lc = 0; TEST_LOOPING(lc); lc++) { - tst_count = 0; - - parentuid = geteuid(); - parentgid = getegid(); - - cpid1 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD, - (void *)child_fn1, NULL); - if (cpid1 < 0) - tst_brkm(TBROK | TERRNO, cleanup, - "cpid1 clone failed"); - - cpid2 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD, - (void *)child_fn2, NULL); - if (cpid2 < 0) - tst_brkm(TBROK | TERRNO, cleanup, - "cpid2 clone failed"); - - if (access("/proc/self/setgroups", F_OK) == 0) { - sprintf(path, "/proc/%d/setgroups", cpid1); - fd = SAFE_OPEN(cleanup, path, O_WRONLY, 0644); - SAFE_WRITE(cleanup, 1, fd, "deny", 4); - SAFE_CLOSE(cleanup, fd); - /* If the setgroups file has the value "deny", - * then the setgroups(2) system call can't - * subsequently be reenabled (by writing "allow" to - * the file) in this user namespace. (Attempts to - * do so will fail with the error EPERM.) - */ - - /* test that setgroups can't be re-enabled */ - fd = SAFE_OPEN(cleanup, path, O_WRONLY, 0644); - ret = write(fd, "allow", 5); - - if (ret != -1) { - tst_brkm(TBROK | TERRNO, cleanup, - "write action should fail"); - } else if (errno != EPERM) { - tst_brkm(TBROK | TERRNO, cleanup, - "unexpected error: \n"); - } - SAFE_CLOSE(cleanup, fd); - tst_resm(TPASS, "setgroups can't be re-enabled"); - - sprintf(path, "/proc/%d/setgroups", cpid2); - fd = SAFE_OPEN(cleanup, path, O_WRONLY, 0644); - SAFE_WRITE(cleanup, 1, fd, "deny", 4); - SAFE_CLOSE(cleanup, fd); - } - - updatemap(cpid1, UID_MAP, CHILD1UID, parentuid, cleanup); - updatemap(cpid2, UID_MAP, CHILD2UID, parentuid, cleanup); - - updatemap(cpid1, GID_MAP, CHILD1GID, parentgid, cleanup); - updatemap(cpid2, GID_MAP, CHILD2GID, parentgid, cleanup); - - TST_SAFE_CHECKPOINT_WAKE_AND_WAIT(cleanup, 1); - - tst_record_childstatus(cleanup, cpid1); - tst_record_childstatus(cleanup, cpid2); + parentuid = geteuid(); + parentgid = getegid(); + + cpid1 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD, (void *)child_fn1, NULL); + if (cpid1 < 0) + tst_brk(TBROK | TTERRNO, "cpid1 clone failed"); + + cpid2 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD, (void *)child_fn2, NULL); + if (cpid2 < 0) + tst_brk(TBROK | TTERRNO, "cpid2 clone failed"); + + if (access("/proc/self/setgroups", F_OK) == 0) { + sprintf(path, "/proc/%d/setgroups", cpid1); + + fd = SAFE_OPEN(path, O_WRONLY, 0644); + SAFE_WRITE(1, fd, "deny", 4); + SAFE_CLOSE(fd); + + /* If the setgroups file has the value "deny", + * then the setgroups(2) system call can't + * subsequently be reenabled (by writing "allow" to + * the file) in this user namespace. (Attempts to + * do so will fail with the error EPERM.) + */ + + /* test that setgroups can't be re-enabled */ + fd = SAFE_OPEN(path, O_WRONLY, 0644); + ret = write(fd, "allow", 5); + + if (ret != -1) + tst_brk(TBROK, "write action should fail"); + else if (errno != EPERM) + tst_brk(TBROK | TTERRNO, "unexpected error"); + + SAFE_CLOSE(fd); + + tst_res(TPASS, "setgroups can't be re-enabled"); + + sprintf(path, "/proc/%d/setgroups", cpid2); + + fd = SAFE_OPEN(path, O_WRONLY, 0644); + SAFE_WRITE(1, fd, "deny", 4); + SAFE_CLOSE(fd); } - cleanup(); - tst_exit(); + + updatemap(cpid1, UID_MAP, CHILD1UID, parentuid); + updatemap(cpid2, UID_MAP, CHILD2UID, parentuid); + + updatemap(cpid1, GID_MAP, CHILD1GID, parentgid); + updatemap(cpid2, GID_MAP, CHILD2GID, parentgid); + + TST_CHECKPOINT_WAKE_AND_WAIT(1); } + +static struct tst_test test = { + .setup = setup, + .test_all = run, + .needs_root = 1, + .needs_checkpoints = 1, + .needs_kconfigs = (const char *[]) { + "CONFIG_USER_NS", + NULL, + }, +}; From patchwork Fri Mar 25 09:36:21 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrea Cervesato X-Patchwork-Id: 1609320 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa header.b=ZP6RRvlz; dkim=fail reason="signature verification failed" header.d=suse.de header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=cGXSUh+Z; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.linux.it (client-ip=213.254.12.146; helo=picard.linux.it; envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it; receiver=) Received: from picard.linux.it (picard.linux.it [213.254.12.146]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4KPxph38cqz9s75 for ; Fri, 25 Mar 2022 20:38:04 +1100 (AEDT) Received: from picard.linux.it (localhost [IPv6:::1]) by picard.linux.it (Postfix) with ESMTP id 6C0FC3C86F2 for ; Fri, 25 Mar 2022 10:38:02 +0100 (CET) X-Original-To: ltp@lists.linux.it Delivered-To: ltp@picard.linux.it Received: from in-7.smtp.seeweb.it (in-7.smtp.seeweb.it [217.194.8.7]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by picard.linux.it (Postfix) with ESMTPS id 8CE6F3C5A8A for ; Fri, 25 Mar 2022 10:36:30 +0100 (CET) Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by in-7.smtp.seeweb.it (Postfix) with ESMTPS id A57BC200D5E for ; Fri, 25 Mar 2022 10:36:29 +0100 (CET) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 3972C210FD; Fri, 25 Mar 2022 09:36:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1648200989; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ZrCim5Q3VhoFP5E0+SCJVveQjFcOg3YOjMc/48olrkc=; b=ZP6RRvlz4Ytl0p/+YiibA1sSm/iT6RSxb8EkZafCJZUJcO/73ukSm2PWUhODZkBCOCJVRf e+YtbQNh23IHftWcwn6fQRjxLQyeqgPrW3cV2roC0o8RNbAO2t3tKGTIFY5+gej6zhFKdE gux03EYbqSme6CnegMWkpVTj+nK9V64= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1648200989; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ZrCim5Q3VhoFP5E0+SCJVveQjFcOg3YOjMc/48olrkc=; b=cGXSUh+ZlPWCAjH96o774AQv0iN+KCpf3M6ZfRh3OWMIJXI3hrtA4ivZbzGgejcP9ZFpq1 OutMH7F6jhgF3CCA== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 0FFE6132E9; Fri, 25 Mar 2022 09:36:29 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id gNIFAh2NPWI1BQAAMHmgww (envelope-from ); Fri, 25 Mar 2022 09:36:29 +0000 From: Andrea Cervesato To: ltp@lists.linux.it Date: Fri, 25 Mar 2022 10:36:21 +0100 Message-Id: <20220325093626.11114-5-andrea.cervesato@suse.de> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220325093626.11114-1-andrea.cervesato@suse.de> References: <20220325093626.11114-1-andrea.cervesato@suse.de> MIME-Version: 1.0 X-Virus-Scanned: clamav-milter 0.102.4 at in-7.smtp.seeweb.it X-Virus-Status: Clean X-Spam-Status: No, score=0.1 required=7.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=disabled version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on in-7.smtp.seeweb.it Subject: [LTP] [PATCH v3 4/9] Rewrite userns03.c using new LTP API X-BeenThere: ltp@lists.linux.it X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux Test Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" Signed-off-by: Andrea Cervesato Reviewed-by: Petr Vorel Reviewed-by: Petr Vorel --- testcases/kernel/containers/userns/userns04.c | 138 ++++++------------ 1 file changed, 47 insertions(+), 91 deletions(-) diff --git a/testcases/kernel/containers/userns/userns04.c b/testcases/kernel/containers/userns/userns04.c index 66d3388a9..d8639502e 100644 --- a/testcases/kernel/containers/userns/userns04.c +++ b/testcases/kernel/containers/userns/userns04.c @@ -1,131 +1,87 @@ +// SPDX-License-Identifier: GPL-2.0-or-later /* * Copyright (c) Huawei Technologies Co., Ltd., 2015 - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See - * the GNU General Public License for more details. + * Copyright (C) 2022 SUSE LLC Andrea Cervesato */ -/* - * Verify that: - * If a namespace isn't another namespace's ancestor, the process in - * first namespace does not have the CAP_SYS_ADMIN capability in the - * second namespace and the setns() call fails. +/*\ + * [Description] + * + * Verify that if a namespace isn't another namespace's ancestor, the process in + * first namespace does not have the CAP_SYS_ADMIN capability in the second + * namespace and the setns() call fails. */ #define _GNU_SOURCE -#include -#include -#include -#include -#include -#include -#include -#include "userns_helper.h" -#include "test.h" -char *TCID = "user_namespace4"; -int TST_TOTAL = 1; +#include +#include "common.h" +#include "tst_test.h" +#include "lapi/syscalls.h" static void setup(void) { check_newuser(); tst_syscall(__NR_setns, -1, 0); - tst_tmpdir(); - TST_CHECKPOINT_INIT(NULL); } -static void cleanup(void) +static int child_fn1(LTP_ATTRIBUTE_UNUSED void *arg) { - tst_rmdir(); -} - -static int child_fn1(void *arg LTP_ATTRIBUTE_UNUSED) -{ - TST_SAFE_CHECKPOINT_WAIT(NULL, 0); + TST_CHECKPOINT_WAIT(0); return 0; } static int child_fn2(void *arg) { - int exit_val = 0; - int ret; - - ret = tst_syscall(__NR_setns, ((long)arg), CLONE_NEWUSER); - if (ret != -1) { - printf("child2 setns() unexpected success\n"); - exit_val = 1; - } else if (errno != EPERM) { - printf("child2 setns() unexpected error: (%d) %s\n", - errno, strerror(errno)); - exit_val = 1; - } + TEST(tst_syscall(__NR_setns, ((long)arg), CLONE_NEWUSER)); + if (TST_RET != -1 || TST_ERR != EPERM) + tst_res(TFAIL | TERRNO, "child2 setns() error"); + else + tst_res(TPASS, "child2 setns() failed as expected"); + + TST_CHECKPOINT_WAIT(1); - TST_SAFE_CHECKPOINT_WAIT(NULL, 1); - return exit_val; + return 0; } -static void test_cap_sys_admin(void) +static void run(void) { pid_t cpid1, cpid2, cpid3; char path[BUFSIZ]; int fd; - /* child 1 */ - cpid1 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD, - (void *)child_fn1, NULL); + cpid1 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD, (void *)child_fn1, NULL); if (cpid1 < 0) - tst_brkm(TBROK | TERRNO, cleanup, "clone failed"); + tst_brk(TBROK | TTERRNO, "clone failed"); - /* child 2 */ sprintf(path, "/proc/%d/ns/user", cpid1); - fd = SAFE_OPEN(cleanup, path, O_RDONLY, 0644); - cpid2 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD, - (void *)child_fn2, (void *)((long)fd)); + + fd = SAFE_OPEN(path, O_RDONLY, 0644); + cpid2 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD, (void *)child_fn2, (void *)((long)fd)); if (cpid2 < 0) - tst_brkm(TBROK | TERRNO, cleanup, "clone failed"); + tst_brk(TBROK | TTERRNO, "clone failed"); /* child 3 - throw-away process changing ns to child1 */ - switch (cpid3 = fork()) { - case -1: - tst_brkm(TBROK | TERRNO, cleanup, "fork"); - case 0: - if (tst_syscall(__NR_setns, fd, CLONE_NEWUSER) == -1) { - printf("parent pid setns failure: (%d) %s", - errno, strerror(errno)); - exit(1); - } - exit(0); + cpid3 = SAFE_FORK(); + if (!cpid3) { + TST_EXP_PASS(tst_syscall(__NR_setns, fd, CLONE_NEWUSER)); + return; } - TST_SAFE_CHECKPOINT_WAKE(cleanup, 0); - TST_SAFE_CHECKPOINT_WAKE(cleanup, 1); - - tst_record_childstatus(cleanup, cpid1); - tst_record_childstatus(cleanup, cpid2); - tst_record_childstatus(cleanup, cpid3); - - SAFE_CLOSE(cleanup, fd); + TST_CHECKPOINT_WAKE(0); + TST_CHECKPOINT_WAKE(1); + SAFE_CLOSE(fd); } -int main(int argc, char *argv[]) -{ - int lc; - - setup(); - tst_parse_opts(argc, argv, NULL, NULL); - - for (lc = 0; TEST_LOOPING(lc); lc++) { - tst_count = 0; - test_cap_sys_admin(); - } - - cleanup(); - tst_exit(); -} +static struct tst_test test = { + .setup = setup, + .test_all = run, + .needs_root = 1, + .forks_child = 1, + .needs_checkpoints = 1, + .needs_kconfigs = (const char *[]) { + "CONFIG_USER_NS", + NULL, + }, +}; From patchwork Fri Mar 25 09:36:22 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrea Cervesato X-Patchwork-Id: 1609315 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa header.b=prjdjU3R; dkim=fail reason="signature verification failed" header.d=suse.de header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=BHpyXaca; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.linux.it (client-ip=2001:1418:10:5::2; helo=picard.linux.it; envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it; receiver=) Received: from picard.linux.it (picard.linux.it [IPv6:2001:1418:10:5::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4KPxnb2B0Mz9s75 for ; Fri, 25 Mar 2022 20:37:07 +1100 (AEDT) Received: from picard.linux.it (localhost [IPv6:::1]) by picard.linux.it (Postfix) with ESMTP id BEA813C54E4 for ; Fri, 25 Mar 2022 10:37:04 +0100 (CET) X-Original-To: ltp@lists.linux.it Delivered-To: ltp@picard.linux.it Received: from in-7.smtp.seeweb.it (in-7.smtp.seeweb.it [217.194.8.7]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by picard.linux.it (Postfix) with ESMTPS id 6A3703C54E4 for ; Fri, 25 Mar 2022 10:36:30 +0100 (CET) Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by in-7.smtp.seeweb.it (Postfix) with ESMTPS id CA7F5200DC9 for ; Fri, 25 Mar 2022 10:36:29 +0100 (CET) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 6E6901F856; Fri, 25 Mar 2022 09:36:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1648200989; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=h2UtKasGjfNCdYmLjKpoIKLipycx1IcP6pqBG22TejQ=; b=prjdjU3RjP4rF/VTYYV+QaTeVIDWeXilmoxczOPKznyAOuDRMxe2HXEs+YuKP3TqvZSw6u trBnFlJOGLFuB2R35vTHekYo+QNL8efRbzh9/0MoDG/mRUydzP3VD5KrI1CwuKChL8c+N9 hC6J9LZ4UnVSOhOzJW0mUjhV67ibSkI= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1648200989; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=h2UtKasGjfNCdYmLjKpoIKLipycx1IcP6pqBG22TejQ=; b=BHpyXacaDL0L0YY+xtWnr0zlNxcOzxvhGIBp+qR/CeL9VF9CwxXrh3EBKjUIXtxjToDP9U E/LM59hRu9CK3KCA== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 43B2E132E9; Fri, 25 Mar 2022 09:36:29 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id OICdDh2NPWI1BQAAMHmgww (envelope-from ); Fri, 25 Mar 2022 09:36:29 +0000 From: Andrea Cervesato To: ltp@lists.linux.it Date: Fri, 25 Mar 2022 10:36:22 +0100 Message-Id: <20220325093626.11114-6-andrea.cervesato@suse.de> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220325093626.11114-1-andrea.cervesato@suse.de> References: <20220325093626.11114-1-andrea.cervesato@suse.de> MIME-Version: 1.0 X-Virus-Scanned: clamav-milter 0.102.4 at in-7.smtp.seeweb.it X-Virus-Status: Clean X-Spam-Status: No, score=0.1 required=7.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=disabled version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on in-7.smtp.seeweb.it Subject: [LTP] [PATCH v3 5/9] Rewrite userns05.c using new LTP API X-BeenThere: ltp@lists.linux.it X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux Test Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" Signed-off-by: Andrea Cervesato Reviewed-by: Petr Vorel --- testcases/kernel/containers/userns/userns05.c | 146 +++++++----------- 1 file changed, 60 insertions(+), 86 deletions(-) diff --git a/testcases/kernel/containers/userns/userns05.c b/testcases/kernel/containers/userns/userns05.c index be77cb7e9..4c16694b1 100644 --- a/testcases/kernel/containers/userns/userns05.c +++ b/testcases/kernel/containers/userns/userns05.c @@ -1,51 +1,31 @@ +// SPDX-License-Identifier: GPL-2.0-or-later /* * Copyright (c) Huawei Technologies Co., Ltd., 2015 - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See - * the GNU General Public License for more details. + * Copyright (C) 2022 SUSE LLC Andrea Cervesato */ -/* - * Verify that: - * A process created via fork(2) or clone(2) without the - * CLONE_NEWUSER flag is a member of the same user namespace as its - * parent. - * When unshare an user namespace, the calling process is moved into - * a new user namespace which is not shared with any previously - * existing process. +/*\ + * [Description] + * + * Verify that if a process created via fork(2) or clone(2) without the + * CLONE_NEWUSER flag is a member of the same user namespace as its parent. + * + * When unshare an user namespace, the calling process is moved into a new user + * namespace which is not shared with any previously existing process. */ #define _GNU_SOURCE -#include -#include -#include -#include -#include -#include -#include -#include "userns_helper.h" -#include "test.h" - -char *TCID = "user_namespace5"; -int TST_TOTAL = 1; -static void cleanup(void) -{ - tst_rmdir(); -} +#include +#include "tst_test.h" +#include "common.h" /* * child_fn1() - Inside a new user namespace */ static int child_fn1(void) { - TST_SAFE_CHECKPOINT_WAIT(NULL, 0); + TST_CHECKPOINT_WAIT(0); return 0; } @@ -57,86 +37,80 @@ static unsigned int getusernsidbypid(int pid) sprintf(path, "/proc/%d/ns/user", pid); - if (readlink(path, userid, BUFSIZ) == -1) - tst_resm(TFAIL | TERRNO, "readlink failure."); + SAFE_READLINK(path, userid, BUFSIZ); + + if (sscanf(userid, "user:[%u]", &id) < 0) + tst_brk(TBROK | TERRNO, "sscanf failure"); - if (sscanf(userid, "user:[%u]", &id) != 1) - tst_resm(TFAIL, "sscanf failure."); return id; } -static void test_userns_id(void) +static void run(void) { int cpid1, cpid2, cpid3; unsigned int parentuserns, cpid1userns, cpid2userns, newparentuserns; parentuserns = getusernsidbypid(getpid()); - cpid1 = ltp_clone_quick(SIGCHLD, (void *)child_fn1, - NULL); + + cpid1 = ltp_clone_quick(SIGCHLD, (void *)child_fn1, NULL); if (cpid1 < 0) - tst_brkm(TBROK | TERRNO, cleanup, "clone failed"); + tst_brk(TBROK | TTERRNO, "clone failed"); + cpid1userns = getusernsidbypid(cpid1); - TST_SAFE_CHECKPOINT_WAKE(cleanup, 0); + + TST_CHECKPOINT_WAKE(0); /* A process created via fork(2) or clone(2) without the - CLONE_NEWUSER flag is a member of the same user namespace as its - parent.*/ + * CLONE_NEWUSER flag is a member of the same user namespace as its + * parent + */ if (parentuserns != cpid1userns) - tst_resm(TFAIL, "userns:parent should be equal to cpid1"); + tst_res(TFAIL, "userns:parent should be equal to cpid1"); + else + tst_res(TPASS, "userns:parent is equal to cpid1"); - cpid2 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD, - (void *)child_fn1, NULL); + cpid2 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD, (void *)child_fn1, NULL); if (cpid2 < 0) - tst_brkm(TBROK | TERRNO, cleanup, "clone failed"); + tst_brk(TBROK | TTERRNO, "clone failed"); + cpid2userns = getusernsidbypid(cpid2); - TST_SAFE_CHECKPOINT_WAKE(cleanup, 0); + + TST_CHECKPOINT_WAKE(0); if (parentuserns == cpid2userns) - tst_resm(TFAIL, "userns:parent should be not equal to cpid2"); - - switch (cpid3 = fork()) { - case -1: - tst_brkm(TBROK | TERRNO, cleanup, "fork"); - case 0: - if (unshare(CLONE_NEWUSER) == -1) { - printf("parent pid unshare failure: (%d) %s", - errno, strerror(errno)); - exit(1); - } + tst_res(TFAIL, "userns:parent should be not equal to cpid2"); + else + tst_res(TPASS, "userns:parent is not equal to cpid2"); + + cpid3 = SAFE_FORK(); + if (!cpid3) { + SAFE_UNSHARE(CLONE_NEWUSER); newparentuserns = getusernsidbypid(getpid()); /* When unshare an user namespace, the calling process - is moved into a new user namespace which is not shared - with any previously existing process.*/ + * is moved into a new user namespace which is not shared + * with any previously existing process + */ if (parentuserns == newparentuserns) - exit(1); - exit(0); + tst_res(TFAIL, "unshared namespaces with same id"); + else + tst_res(TPASS, "unshared namespaces with different id"); } - - tst_record_childstatus(cleanup, cpid1); - tst_record_childstatus(cleanup, cpid2); - tst_record_childstatus(cleanup, cpid3); } static void setup(void) { check_newuser(); - - tst_tmpdir(); - TST_CHECKPOINT_INIT(NULL); } -int main(int argc, char *argv[]) -{ - int lc; - - tst_parse_opts(argc, argv, NULL, NULL); - setup(); - - for (lc = 0; TEST_LOOPING(lc); lc++) { - tst_count = 0; - test_userns_id(); - } - cleanup(); - tst_exit(); -} +static struct tst_test test = { + .setup = setup, + .test_all = run, + .needs_root = 1, + .forks_child = 1, + .needs_checkpoints = 1, + .needs_kconfigs = (const char *[]) { + "CONFIG_USER_NS", + NULL, + }, +}; From patchwork Fri Mar 25 09:36:23 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrea Cervesato X-Patchwork-Id: 1609321 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa header.b=ENPrrOhA; dkim=fail reason="signature verification failed" header.d=suse.de header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=1z78qkEH; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.linux.it (client-ip=213.254.12.146; helo=picard.linux.it; envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it; receiver=) Received: from picard.linux.it (picard.linux.it [213.254.12.146]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4KPxpv3d7Gz9s75 for ; Fri, 25 Mar 2022 20:38:15 +1100 (AEDT) Received: from picard.linux.it (localhost [IPv6:::1]) by picard.linux.it (Postfix) with ESMTP id 63F053C80B1 for ; Fri, 25 Mar 2022 10:38:13 +0100 (CET) X-Original-To: ltp@lists.linux.it Delivered-To: ltp@picard.linux.it Received: from in-3.smtp.seeweb.it (in-3.smtp.seeweb.it [IPv6:2001:4b78:1:20::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by picard.linux.it (Postfix) with ESMTPS id 915723C6D9E for ; Fri, 25 Mar 2022 10:36:30 +0100 (CET) Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by in-3.smtp.seeweb.it (Postfix) with ESMTPS id 055661A014AA for ; Fri, 25 Mar 2022 10:36:30 +0100 (CET) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id A682B1F745; Fri, 25 Mar 2022 09:36:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1648200989; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gtqSdq12HK1lqfb5U/8tjp/sT8j6+6EX2ihWH5d0m5I=; b=ENPrrOhAQER0+dnpkdviETvJ8WIFaENOR4nh3NOjUn7pTF1oLf3ifhTV3kGytAWjoujEfB eFD4gejKjFnzB1HZrCcDgquRTpl8PZ7exZfj1V+TLygs1xbmsNkKP/dqbW5v9Sy5U+RX02 J+OuL6g5/vhdrxur6TaYUd3TPApvPtc= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1648200989; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gtqSdq12HK1lqfb5U/8tjp/sT8j6+6EX2ihWH5d0m5I=; b=1z78qkEHaD8aPHsBmY1Hd+Annwb/g3ioMLV+/Jk8kGGT53ACH4fUgus+BT31gX+JhwNviJ R+ZZGQANyurGd7Dw== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 7AA27132E9; Fri, 25 Mar 2022 09:36:29 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id CIHiGx2NPWI1BQAAMHmgww (envelope-from ); Fri, 25 Mar 2022 09:36:29 +0000 From: Andrea Cervesato To: ltp@lists.linux.it Date: Fri, 25 Mar 2022 10:36:23 +0100 Message-Id: <20220325093626.11114-7-andrea.cervesato@suse.de> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220325093626.11114-1-andrea.cervesato@suse.de> References: <20220325093626.11114-1-andrea.cervesato@suse.de> MIME-Version: 1.0 X-Virus-Scanned: clamav-milter 0.102.4 at in-3.smtp.seeweb.it X-Virus-Status: Clean X-Spam-Status: No, score=0.1 required=7.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=disabled version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on in-3.smtp.seeweb.it Subject: [LTP] [PATCH v3 6/9] Rewrite userns06.c using new LTP API X-BeenThere: ltp@lists.linux.it X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux Test Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" Signed-off-by: Andrea Cervesato Reviewed-by: Petr Vorel --- testcases/kernel/containers/userns/userns06.c | 180 ++++++++---------- .../containers/userns/userns06_capcheck.c | 75 +++++--- 2 files changed, 126 insertions(+), 129 deletions(-) diff --git a/testcases/kernel/containers/userns/userns06.c b/testcases/kernel/containers/userns/userns06.c index 29f635de5..6a4123f99 100644 --- a/testcases/kernel/containers/userns/userns06.c +++ b/testcases/kernel/containers/userns/userns06.c @@ -1,65 +1,49 @@ +// SPDX-License-Identifier: GPL-2.0-or-later /* * Copyright (c) Huawei Technologies Co., Ltd., 2015 - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. This program is distributed in the hope that it will be - * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General - * Public License for more details. You should have received a copy of the GNU - * General Public License along with this program. + * Copyright (C) 2022 SUSE LLC Andrea Cervesato */ -/* - * Verify that: - * When a process with non-zero user IDs performs an execve(), the process's - * capability sets are cleared. +/*\ + * [Description] + * + * Verify that when a process with non-zero user IDs performs an execve(), + * the process's capability sets are cleared. * When a process with zero user IDs performs an execve(), the process's * capability sets are set. - * */ +#include "tst_test.h" +#include "config.h" + +#ifdef HAVE_LIBCAP #define _GNU_SOURCE -#include -#include + #include -#include -#include -#include -#include -#include -#include "libclone.h" -#include "test.h" -#include "config.h" -#include "userns_helper.h" +#include "common.h" + +#define TEST_APP "userns06_capcheck" #define CHILD1UID 0 #define CHILD1GID 0 #define CHILD2UID 200 #define CHILD2GID 200 -char *TCID = "user_namespace6"; -int TST_TOTAL = 1; - -static int cpid1, parentuid, parentgid; - /* * child_fn1() - Inside a new user namespace */ static int child_fn1(void) { - int exit_val = 0; - char *const args[] = { "userns06_capcheck", "privileged", NULL }; + char *const args[] = { TEST_APP, "privileged", NULL }; - TST_SAFE_CHECKPOINT_WAIT(NULL, 0); + TST_CHECKPOINT_WAIT(0); - if (execve(args[0], args, NULL) == -1) { - printf("execvp unexpected error: (%d) %s\n", - errno, strerror(errno)); - exit_val = 1; - } + /* execv will replace the main function and it will end this child + * accordingly. + */ + execv(args[0], args); - return exit_val; + return 0; } /* @@ -67,97 +51,95 @@ static int child_fn1(void) */ static int child_fn2(void) { - int exit_val = 0; int uid, gid; - char *const args[] = { "userns06_capcheck", "unprivileged", NULL }; + char *const args[] = { TEST_APP, "unprivileged", NULL }; - TST_SAFE_CHECKPOINT_WAIT(NULL, 1); + TST_CHECKPOINT_WAIT(1); uid = geteuid(); gid = getegid(); if (uid != CHILD2UID || gid != CHILD2GID) { - printf("unexpected uid=%d gid=%d\n", uid, gid); - exit_val = 1; + tst_res(TFAIL, "unexpected uid=%d gid=%d", uid, gid); + return 1; } - if (execve(args[0], args, NULL) == -1) { - printf("execvp unexpected error: (%d) %s\n", - errno, strerror(errno)); - exit_val = 1; - } + tst_res(TPASS, "expected uid and gid"); - return exit_val; -} + /* execv will replace the main function and it will end this child + * accordingly. + */ + execv(args[0], args); -static void cleanup(void) -{ - tst_rmdir(); + return 0; } static void setup(void) { check_newuser(); - tst_tmpdir(); - TST_CHECKPOINT_INIT(NULL); - TST_RESOURCE_COPY(cleanup, "userns06_capcheck", NULL); } -int main(int argc, char *argv[]) +static void run(void) { + pid_t cpid1; pid_t cpid2; + int parentuid; + int parentgid; char path[BUFSIZ]; - int lc; int fd; - tst_parse_opts(argc, argv, NULL, NULL); -#ifndef HAVE_LIBCAP - tst_brkm(TCONF, NULL, "System is missing libcap."); -#endif - setup(); - - for (lc = 0; TEST_LOOPING(lc); lc++) { - tst_count = 0; + parentuid = geteuid(); + parentgid = getegid(); - parentuid = geteuid(); - parentgid = getegid(); + cpid1 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD, (void *)child_fn1, NULL); + if (cpid1 < 0) + tst_brk(TBROK | TTERRNO, "cpid1 clone failed"); - cpid1 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD, - (void *)child_fn1, NULL); - if (cpid1 < 0) - tst_brkm(TBROK | TERRNO, cleanup, - "cpid1 clone failed"); + cpid2 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD, (void *)child_fn2, NULL); + if (cpid2 < 0) + tst_brk(TBROK | TTERRNO, "cpid2 clone failed"); - cpid2 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD, - (void *)child_fn2, NULL); - if (cpid2 < 0) - tst_brkm(TBROK | TERRNO, cleanup, - "cpid2 clone failed"); + if (access("/proc/self/setgroups", F_OK) == 0) { + sprintf(path, "/proc/%d/setgroups", cpid1); - if (access("/proc/self/setgroups", F_OK) == 0) { - sprintf(path, "/proc/%d/setgroups", cpid1); - fd = SAFE_OPEN(cleanup, path, O_WRONLY, 0644); - SAFE_WRITE(cleanup, 1, fd, "deny", 4); - SAFE_CLOSE(cleanup, fd); + fd = SAFE_OPEN(path, O_WRONLY, 0644); + SAFE_WRITE(1, fd, "deny", 4); + SAFE_CLOSE(fd); - sprintf(path, "/proc/%d/setgroups", cpid2); - fd = SAFE_OPEN(cleanup, path, O_WRONLY, 0644); - SAFE_WRITE(cleanup, 1, fd, "deny", 4); - SAFE_CLOSE(cleanup, fd); - } + sprintf(path, "/proc/%d/setgroups", cpid2); - updatemap(cpid1, UID_MAP, CHILD1UID, parentuid, cleanup); - updatemap(cpid2, UID_MAP, CHILD2UID, parentuid, cleanup); + fd = SAFE_OPEN(path, O_WRONLY, 0644); + SAFE_WRITE(1, fd, "deny", 4); + SAFE_CLOSE(fd); + } - updatemap(cpid1, GID_MAP, CHILD1GID, parentgid, cleanup); - updatemap(cpid2, GID_MAP, CHILD2GID, parentgid, cleanup); + updatemap(cpid1, UID_MAP, CHILD1UID, parentuid); + updatemap(cpid2, UID_MAP, CHILD2UID, parentuid); - TST_SAFE_CHECKPOINT_WAKE(cleanup, 0); - TST_SAFE_CHECKPOINT_WAKE(cleanup, 1); + updatemap(cpid1, GID_MAP, CHILD1GID, parentgid); + updatemap(cpid2, GID_MAP, CHILD2GID, parentgid); - tst_record_childstatus(cleanup, cpid1); - tst_record_childstatus(cleanup, cpid2); - } - cleanup(); - tst_exit(); + TST_CHECKPOINT_WAKE(0); + TST_CHECKPOINT_WAKE(1); } + +static const char *const resource_files[] = { + TEST_APP, + NULL, +}; + +static struct tst_test test = { + .setup = setup, + .test_all = run, + .needs_root = 1, + .needs_checkpoints = 1, + .resource_files = resource_files, + .needs_kconfigs = (const char *[]) { + "CONFIG_USER_NS", + NULL, + }, +}; + +#else +TST_TEST_TCONF("System is missing libcap"); +#endif diff --git a/testcases/kernel/containers/userns/userns06_capcheck.c b/testcases/kernel/containers/userns/userns06_capcheck.c index 31f7e0a25..d8e670fb1 100644 --- a/testcases/kernel/containers/userns/userns06_capcheck.c +++ b/testcases/kernel/containers/userns/userns06_capcheck.c @@ -1,62 +1,66 @@ +// SPDX-License-Identifier: GPL-2.0-or-later /* * Copyright (c) Huawei Technologies Co., Ltd., 2015 - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See - * the GNU General Public License for more details. + * Copyright (C) 2022 SUSE LLC Andrea Cervesato */ -/* - * Verify that: +/*\ + * [Description] + * * When a process with non-zero user IDs performs an execve(), the * process's capability sets are cleared. When a process with zero * user IDs performs an execve(), the process's capability sets * are set. */ -#define _GNU_SOURCE -#include -#include +#include "config.h" #include #include + +#ifdef HAVE_LIBCAP +#define _GNU_SOURCE + +#include #include #include #include -#include "libclone.h" -#include "test.h" -#include "config.h" -#if HAVE_SYS_CAPABILITY_H +#include #include -#endif - -char *TCID = "userns06_capcheck"; -int TST_TOTAL = 1; int main(int argc, char *argv[]) { -#ifdef HAVE_LIBCAP + FILE *f = NULL; cap_t caps; int i, last_cap; cap_flag_value_t flag_val; cap_flag_value_t expected_flag = 1; -#endif - tst_parse_opts(argc, argv, NULL, NULL); -#ifdef HAVE_LIBCAP + if (argc < 2) { + printf("userns06_capcheck \n"); + goto error; + } + + f = fopen("/proc/sys/kernel/cap_last_cap", "r"); + if (f == NULL) { + printf("fopen error: %s\n", strerror(errno)); + goto error; + } + + if (!fscanf(f, "%d", &last_cap)) { + printf("fscanf error: %s\n", strerror(errno)); + goto error; + } + if (strcmp("privileged", argv[1])) expected_flag = 0; caps = cap_get_proc(); - SAFE_FILE_SCANF(NULL, "/proc/sys/kernel/cap_last_cap", "%d", &last_cap); + for (i = 0; i <= last_cap; i++) { cap_get_flag(caps, i, CAP_EFFECTIVE, &flag_val); if (flag_val != expected_flag) break; + cap_get_flag(caps, i, CAP_PERMITTED, &flag_val); if (flag_val != expected_flag) break; @@ -64,11 +68,22 @@ int main(int argc, char *argv[]) if (flag_val != expected_flag) { printf("unexpected effective/permitted caps at %d\n", i); - exit(1); + goto error; } + exit(0); + +error: + if (f) + fclose(f); + + exit(1); +} + #else +int main(void) +{ printf("System is missing libcap.\n"); -#endif - tst_exit(); + exit(1); } +#endif From patchwork Fri Mar 25 09:36:24 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrea Cervesato X-Patchwork-Id: 1609317 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa header.b=MJ6EzH0a; dkim=fail reason="signature verification failed" header.d=suse.de header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=SuENLZ08; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.linux.it (client-ip=2001:1418:10:5::2; helo=picard.linux.it; envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it; receiver=) Received: from picard.linux.it (picard.linux.it [IPv6:2001:1418:10:5::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4KPxp16FYSz9s75 for ; Fri, 25 Mar 2022 20:37:29 +1100 (AEDT) Received: from picard.linux.it (localhost [IPv6:::1]) by picard.linux.it (Postfix) with ESMTP id 5C8783C8813 for ; Fri, 25 Mar 2022 10:37:26 +0100 (CET) X-Original-To: ltp@lists.linux.it Delivered-To: ltp@picard.linux.it Received: from in-4.smtp.seeweb.it (in-4.smtp.seeweb.it [IPv6:2001:4b78:1:20::4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by picard.linux.it (Postfix) with ESMTPS id DCE2B3C0595 for ; Fri, 25 Mar 2022 10:36:30 +0100 (CET) Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by in-4.smtp.seeweb.it (Postfix) with ESMTPS id 6128F1001273 for ; Fri, 25 Mar 2022 10:36:30 +0100 (CET) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 0D6A721100; Fri, 25 Mar 2022 09:36:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1648200990; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ckBfSdSkZ7kP4c48kKe135eRsjgzU2c6zakR5dxbpq0=; b=MJ6EzH0aR1ieirLwR2L0eoDJ1SHCeKKWTrSUD+BoyOchQrtLMAyFASRAySjFGhsAK27Ze/ KSY52mMxSndxjwUjqJ2uaNtC8dZAXnvWwranaGHRjp4nNEllp6zpy/Ab7XhAItdpdCOx4i O7Y461iReWznsPFbBLwVE1wgJZi4k1Q= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1648200990; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ckBfSdSkZ7kP4c48kKe135eRsjgzU2c6zakR5dxbpq0=; b=SuENLZ08SjIf/uNBQwPqWH4fkshmZq7zEkRJjeVvjFJBsvJZKzthtIpvr3XQr2WLpvho/2 6DaybznWdMBUrBAg== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id BEFE1132E9; Fri, 25 Mar 2022 09:36:29 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id 0NlSKx2NPWI1BQAAMHmgww (envelope-from ); Fri, 25 Mar 2022 09:36:29 +0000 From: Andrea Cervesato To: ltp@lists.linux.it Date: Fri, 25 Mar 2022 10:36:24 +0100 Message-Id: <20220325093626.11114-8-andrea.cervesato@suse.de> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220325093626.11114-1-andrea.cervesato@suse.de> References: <20220325093626.11114-1-andrea.cervesato@suse.de> MIME-Version: 1.0 X-Virus-Scanned: clamav-milter 0.102.4 at in-4.smtp.seeweb.it X-Virus-Status: Clean X-Spam-Status: No, score=0.1 required=7.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=disabled version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on in-4.smtp.seeweb.it Subject: [LTP] [PATCH v3 7/9] Rewrite userns07.c using new LTP API X-BeenThere: ltp@lists.linux.it X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux Test Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" Signed-off-by: Andrea Cervesato Reviewed-by: Petr Vorel --- testcases/kernel/containers/userns/userns07.c | 126 +++++++----------- 1 file changed, 50 insertions(+), 76 deletions(-) diff --git a/testcases/kernel/containers/userns/userns07.c b/testcases/kernel/containers/userns/userns07.c index 49915969e..454abedae 100644 --- a/testcases/kernel/containers/userns/userns07.c +++ b/testcases/kernel/containers/userns/userns07.c @@ -1,47 +1,28 @@ +// SPDX-License-Identifier: GPL-2.0-or-later /* * Copyright (c) Huawei Technologies Co., Ltd., 2015 - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See - * the GNU General Public License for more details. + * Copyright (C) 2022 SUSE LLC Andrea Cervesato */ -/* - * Verify that: - * The kernel imposes a limit of at least 32 nested levels on user namespaces. +/*\ + * [Description] + * + * Verify that the kernel imposes a limit of at least 32 nested levels on + * user namespaces. */ #define _GNU_SOURCE -#include -#include + #include -#include -#include -#include -#include -#include "userns_helper.h" -#include "test.h" +#include +#include "common.h" +#include "tst_test.h" #define MAXNEST 32 -char *TCID = "userns07"; -int TST_TOTAL = 1; - static void setup(void) { check_newuser(); - tst_tmpdir(); - TST_CHECKPOINT_INIT(NULL); -} - -static void cleanup(void) -{ - tst_rmdir(); } static int child_fn1(void *arg) @@ -52,40 +33,40 @@ static int child_fn1(void *arg) int parentuid; int parentgid; - TST_SAFE_CHECKPOINT_WAIT(NULL, 0); + TST_CHECKPOINT_WAIT(0); - if (level == MAXNEST) + if (level == MAXNEST) { + tst_res(TPASS, "nested all children"); return 0; - cpid1 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD, - (void *)child_fn1, (void *)(level + 1)); - if (cpid1 < 0) { - printf("level %ld:unexpected error: (%d) %s\n", - level, errno, strerror(errno)); + } + + TEST(ltp_clone_quick(CLONE_NEWUSER | SIGCHLD, (void *)child_fn1, (void *)(level + 1))); + if (TST_RET < 0) { + tst_res(TFAIL | TERRNO, "level %ld, unexpected error", level); return 1; } + cpid1 = (int)TST_RET; + parentuid = geteuid(); parentgid = getegid(); - updatemap(cpid1, UID_MAP, 0, parentuid, NULL); - updatemap(cpid1, GID_MAP, 0, parentgid, NULL); + updatemap(cpid1, UID_MAP, 0, parentuid); + updatemap(cpid1, GID_MAP, 0, parentgid); - TST_SAFE_CHECKPOINT_WAKE(cleanup, 0); + TST_CHECKPOINT_WAKE(0); - if (waitpid(cpid1, &status, 0) == -1) - return 1; + SAFE_WAITPID(cpid1, &status, 0); + + if (WIFEXITED(status) && WEXITSTATUS(status) != 0) + tst_brk(TBROK | TERRNO, "child exited abnormally %s", tst_strstatus(status)); + else if (WIFSIGNALED(status)) + tst_brk(TBROK | TERRNO, "child was killed with signal = %d", WTERMSIG(status)); - if (WIFEXITED(status) && WEXITSTATUS(status) != 0) { - printf("child exited abnormally\n"); - return 1; - } else if (WIFSIGNALED(status)) { - printf("child was killed with signal = %d", WTERMSIG(status)); - return 1; - } return 0; } -static void test_max_nest(void) +static void run(void) { pid_t cpid1; int parentuid; @@ -93,41 +74,34 @@ static void test_max_nest(void) int fd; char path[BUFSIZ]; - cpid1 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD, - (void *)child_fn1, (void *)0); + cpid1 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD, (void *)child_fn1, (void *)0); if (cpid1 < 0) - tst_brkm(TBROK | TERRNO, cleanup, "clone failed"); + tst_brk(TBROK | TTERRNO, "clone failed"); parentuid = geteuid(); parentgid = getegid(); if (access("/proc/self/setgroups", F_OK) == 0) { sprintf(path, "/proc/%d/setgroups", cpid1); - fd = SAFE_OPEN(cleanup, path, O_WRONLY, 0644); - SAFE_WRITE(cleanup, 1, fd, "deny", 4); - SAFE_CLOSE(cleanup, fd); - } - - updatemap(cpid1, UID_MAP, 0, parentuid, cleanup); - updatemap(cpid1, GID_MAP, 0, parentgid, cleanup); - TST_SAFE_CHECKPOINT_WAKE(cleanup, 0); - tst_record_childstatus(cleanup, cpid1); -} - -int main(int argc, char *argv[]) -{ - int lc; - - setup(); - tst_parse_opts(argc, argv, NULL, NULL); - - for (lc = 0; TEST_LOOPING(lc); lc++) { - tst_count = 0; - test_max_nest(); + fd = SAFE_OPEN(path, O_WRONLY, 0644); + SAFE_WRITE(1, fd, "deny", 4); + SAFE_CLOSE(fd); } - cleanup(); - tst_exit(); + updatemap(cpid1, UID_MAP, 0, parentuid); + updatemap(cpid1, GID_MAP, 0, parentgid); + + TST_CHECKPOINT_WAKE(0); } +static struct tst_test test = { + .setup = setup, + .test_all = run, + .needs_root = 1, + .needs_checkpoints = 1, + .needs_kconfigs = (const char *[]) { + "CONFIG_USER_NS", + NULL, + }, +}; From patchwork Fri Mar 25 09:36:25 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrea Cervesato X-Patchwork-Id: 1609318 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa header.b=eCebDj0Z; dkim=fail reason="signature verification failed" header.d=suse.de header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=D5P5BCK8; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.linux.it (client-ip=2001:1418:10:5::2; helo=picard.linux.it; envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it; receiver=) Received: from picard.linux.it (picard.linux.it [IPv6:2001:1418:10:5::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4KPxpJ14BNz9s75 for ; Fri, 25 Mar 2022 20:37:44 +1100 (AEDT) Received: from picard.linux.it (localhost [IPv6:::1]) by picard.linux.it (Postfix) with ESMTP id 9F4BB3C61C4 for ; Fri, 25 Mar 2022 10:37:41 +0100 (CET) X-Original-To: ltp@lists.linux.it Delivered-To: ltp@picard.linux.it Received: from in-7.smtp.seeweb.it (in-7.smtp.seeweb.it [IPv6:2001:4b78:1:20::7]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by picard.linux.it (Postfix) with ESMTPS id 5BCF73C0595 for ; Fri, 25 Mar 2022 10:36:31 +0100 (CET) Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by in-7.smtp.seeweb.it (Postfix) with ESMTPS id 9BE58200DC9 for ; Fri, 25 Mar 2022 10:36:30 +0100 (CET) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 4DF4D210FD; Fri, 25 Mar 2022 09:36:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1648200990; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=bV1bPdjdiU5V7L8xVkjhNHqRNcqiEx8b05/Ma4Ju76U=; b=eCebDj0ZTqQo6PB4suhHs8VsTffcawEz0Xa6WLQAMhmcnZ4cHQq0jZp2wLKXwUHyyxM7XD P+ESyqkAMTVj3e8THeUGNaWdG26njavdC9Z3xVk+MOY8hdf9ChmoREXLreX/3jnCnBTz/7 8LFLRFB6ARd9z9GraDUGP3Jy3yAslTY= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1648200990; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=bV1bPdjdiU5V7L8xVkjhNHqRNcqiEx8b05/Ma4Ju76U=; b=D5P5BCK8uI5rylS7goyHdzwg1sDbhQpPfmnpiUqES2GLyBXPHRaTITuTl8/S5eAgBM+4pE AVVcdD3RqAao0eAQ== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 226BA132E9; Fri, 25 Mar 2022 09:36:30 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id WFoWBR6NPWI1BQAAMHmgww (envelope-from ); Fri, 25 Mar 2022 09:36:30 +0000 From: Andrea Cervesato To: ltp@lists.linux.it Date: Fri, 25 Mar 2022 10:36:25 +0100 Message-Id: <20220325093626.11114-9-andrea.cervesato@suse.de> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220325093626.11114-1-andrea.cervesato@suse.de> References: <20220325093626.11114-1-andrea.cervesato@suse.de> MIME-Version: 1.0 X-Virus-Scanned: clamav-milter 0.102.4 at in-7.smtp.seeweb.it X-Virus-Status: Clean X-Spam-Status: No, score=0.1 required=7.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=disabled version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on in-7.smtp.seeweb.it Subject: [LTP] [PATCH v3 8/9] Remove libclone dependency from userns suite X-BeenThere: ltp@lists.linux.it X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux Test Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" Signed-off-by: Andrea Cervesato Reviewed-by: Petr Vorel --- testcases/kernel/containers/userns/Makefile | 23 ++++----------------- 1 file changed, 4 insertions(+), 19 deletions(-) diff --git a/testcases/kernel/containers/userns/Makefile b/testcases/kernel/containers/userns/Makefile index 80681096d..c1f10de20 100644 --- a/testcases/kernel/containers/userns/Makefile +++ b/testcases/kernel/containers/userns/Makefile @@ -1,26 +1,11 @@ -############################################################################### -# ## -# Copyright (c) Huawei Technologies Co., Ltd., 2015 ## -# ## -# This program is free software; you can redistribute it and#or modify ## -# it under the terms of the GNU General Public License as published by ## -# the Free Software Foundation; either version 2 of the License, or ## -# (at your option) any later version. ## -# ## -# This program is distributed in the hope that it will be useful, but ## -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY ## -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ## -# for more details. ## -# ## -# You should have received a copy of the GNU General Public License ## -# along with this program. ## -############################################################################### +# SPDX-License-Identifier: GPL-2.0-or-later +# Copyright (c) Huawei Technologies Co., Ltd., 2015 +# Copyright (C) 2021 SUSE LLC Andrea Cervesato top_srcdir ?= ../../../.. include $(top_srcdir)/include/mk/testcases.mk -include $(abs_srcdir)/../Makefile.inc -LDLIBS := -lclone $(LDLIBS) $(CAP_LIBS) +LDLIBS := $(CAP_LIBS) $(LDLIBS) include $(top_srcdir)/include/mk/generic_leaf_target.mk From patchwork Fri Mar 25 09:36:26 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrea Cervesato X-Patchwork-Id: 1609319 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa header.b=Cne4aISw; dkim=fail reason="signature verification failed" header.d=suse.de header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=GSrYgyEc; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.linux.it (client-ip=2001:1418:10:5::2; helo=picard.linux.it; envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it; receiver=) Received: from picard.linux.it (picard.linux.it [IPv6:2001:1418:10:5::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4KPxpV1Mdlz9s75 for ; Fri, 25 Mar 2022 20:37:54 +1100 (AEDT) Received: from picard.linux.it (localhost [IPv6:::1]) by picard.linux.it (Postfix) with ESMTP id 941EC3C54E4 for ; Fri, 25 Mar 2022 10:37:51 +0100 (CET) X-Original-To: ltp@lists.linux.it Delivered-To: ltp@picard.linux.it Received: from in-4.smtp.seeweb.it (in-4.smtp.seeweb.it [IPv6:2001:4b78:1:20::4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by picard.linux.it (Postfix) with ESMTPS id 644A53C5A8A for ; Fri, 25 Mar 2022 10:36:31 +0100 (CET) Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by in-4.smtp.seeweb.it (Postfix) with ESMTPS id 016C31001268 for ; Fri, 25 Mar 2022 10:36:31 +0100 (CET) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 8ED1321110; Fri, 25 Mar 2022 09:36:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1648200990; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=OERBM4ZwfNVTtN7b6cNOEaDKCXhNarmeDAB9OWCClzA=; b=Cne4aISw+ONmeK/sqRZ0P2GSO7q0O54hrO8kxyP8ZuJzO8qFliqLo4l/pV7MLcbQQC3Lsy zJgCTpRYROQIeQ8bx2dIoh20+NVzqk5C0uID2+TsuR4DmrSWiYkQHMosSLmJWBJzoyi85O 2px+nHIvJ59F9m8p4ZtUlT9s9sx0yko= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1648200990; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=OERBM4ZwfNVTtN7b6cNOEaDKCXhNarmeDAB9OWCClzA=; b=GSrYgyEclv3e4PF1AwHPYjJ3HpUaxOdj6gOrjpj6INWLIAm4WflYPl4SAIbeEqYZbxqJkb dIdCUZjimTetESCw== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 594A2132E9; Fri, 25 Mar 2022 09:36:30 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id OPPUEx6NPWI1BQAAMHmgww (envelope-from ); Fri, 25 Mar 2022 09:36:30 +0000 From: Andrea Cervesato To: ltp@lists.linux.it Date: Fri, 25 Mar 2022 10:36:26 +0100 Message-Id: <20220325093626.11114-10-andrea.cervesato@suse.de> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220325093626.11114-1-andrea.cervesato@suse.de> References: <20220325093626.11114-1-andrea.cervesato@suse.de> MIME-Version: 1.0 X-Virus-Scanned: clamav-milter 0.102.4 at in-4.smtp.seeweb.it X-Virus-Status: Clean X-Spam-Status: No, score=0.1 required=7.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=disabled version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on in-4.smtp.seeweb.it Subject: [LTP] [PATCH v3 9/9] Remove obsolete userns_helper.h from userns suite X-BeenThere: ltp@lists.linux.it X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux Test Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" Signed-off-by: Andrea Cervesato Reviewed-by: Petr Vorel --- .../kernel/containers/userns/userns_helper.h | 62 ------------------- 1 file changed, 62 deletions(-) delete mode 100644 testcases/kernel/containers/userns/userns_helper.h diff --git a/testcases/kernel/containers/userns/userns_helper.h b/testcases/kernel/containers/userns/userns_helper.h deleted file mode 100644 index 12b491f62..000000000 --- a/testcases/kernel/containers/userns/userns_helper.h +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Copyright (c) Huawei Technologies Co., Ltd., 2015 - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See - * the GNU General Public License for more details. - */ - -#include "../libclone/libclone.h" -#include "test.h" -#include "safe_macros.h" -#include - -#define UID_MAP 0 -#define GID_MAP 1 - -static int dummy_child(void *v) -{ - (void) v; - return 0; -} - -static int check_newuser(void) -{ - int pid, status; - - if (tst_kvercmp(3, 8, 0) < 0) - tst_brkm(TCONF, NULL, "CLONE_NEWUSER not supported"); - - pid = do_clone_unshare_test(T_CLONE, CLONE_NEWUSER, dummy_child, NULL); - if (pid == -1) - tst_brkm(TCONF | TERRNO, NULL, "CLONE_NEWUSER not supported"); - SAFE_WAIT(NULL, &status); - - return 0; -} - -LTP_ATTRIBUTE_UNUSED static int updatemap(int cpid, bool type, int idnum, - int parentmappid, void (*cleanup)(void)) -{ - char path[BUFSIZ]; - char content[BUFSIZ]; - int fd; - - if (type == UID_MAP) - sprintf(path, "/proc/%d/uid_map", cpid); - else if (type == GID_MAP) - sprintf(path, "/proc/%d/gid_map", cpid); - else - tst_brkm(TBROK, cleanup, "invalid type parameter"); - - sprintf(content, "%d %d 1", idnum, parentmappid); - fd = SAFE_OPEN(cleanup, path, O_WRONLY, 0644); - SAFE_WRITE(cleanup, 1, fd, content, strlen(content)); - SAFE_CLOSE(cleanup, fd); - return 0; -}