[v3,02/33] zdtm: Add userns01 test

Submitted by Andrey Vagin on Feb. 22, 2017, 4:59 a.m.

Details

Message ID 20170222045917.GB14983@outlook.office365.com
State New
Series "Nested user namespaces support"
Headers show

Commit Message

Andrey Vagin Feb. 22, 2017, 4:59 a.m.
On Tue, Feb 21, 2017 at 05:05:56PM +0300, Kirill Tkhai wrote:
> On 21.02.2017 08:32, Andrei Vagin wrote:
> > On Thu, Feb 16, 2017 at 03:06:52PM +0300, Kirill Tkhai wrote:
> >> FIXME: use custom UID and GID, not 0 and 0.
> > Why are non-zero uid-s not supported now?
> 
> Because currently it's need to have uid/gid 0 mapped to use prctl's PR_SET_MM_MAP
> argument on restore. If I map custom UID to 0, then it's need a UID to map 0 to
> (for prctl), but this UID may not exists in parent environment. I'm going to extend
> this test to find an existing UID in parent environment, but it's not for now.
>  
> > Why do we need a second test to check uid and gid? Can we check them in
> > the first test?
> 
> As I see in criu's tests, every test is for testing one feature,
> and the main style is to do not create overloaded tests. It is
> good seen in socket tests. I just follow this trend.

I'm agree with this sentence, but I think setuid and getuid will not
overload the test. Maybe I'm wrong...

I modified a test, the patch is attached. Now test fails with c/r and
passes without c/r.

[root@fc24 criu]# python test/zdtm.py run -t zdtm/static/userns01 --iter 0
=== Run 1/1 ================ zdtm/static/userns01

======================= Run zdtm/static/userns01 in uns ========================
Start test
Test is SUID
./userns01 --pidfile=userns01.pid --outfile=userns01.out
Send the 15 signal to  37
Wait for zdtm/static/userns01(37) to die for 0.100000
Removing dump/zdtm/static/userns01/37
======================== Test zdtm/static/userns01 PASS ========================
[root@fc24 criu]# python test/zdtm.py run -t zdtm/static/userns01 --iter 1
=== Run 1/1 ================ zdtm/static/userns01

======================= Run zdtm/static/userns01 in uns ========================
Start test
Test is SUID
./userns01 --pidfile=userns01.pid --outfile=userns01.out
Run criu dump
Run criu restore
Send the 15 signal to  66
Wait for zdtm/static/userns01(66) to die for 0.100000
################ Test zdtm/static/userns01 FAIL at result check ################
Test output: ================================
04:57:51.880:     5: ERR: userns01.c:94: UID or GID is wrong: 50 41 (errno = 2 (No such file or directory))
04:57:51.881:     4: FAIL: userns01.c:139: pid: status=4
 (errno = 11 (Resource temporarily unavailable))

 <<< ================================
##################################### FAIL #####################################


> 
> The first test is to test hierarchy, the second is for xids. Up to me,
> it's easier to investigate a problem in one-feature test, them in
> a big "food processor". Especially, for foreign observer.
> 
> >>
> >> Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
> >> ---
> >>  test/zdtm/static/Makefile      |    1 
> >>  test/zdtm/static/userns01.c    |  149 ++++++++++++++++++++++++++++++++++++++++
> >>  test/zdtm/static/userns01.desc |    1 
> >>  3 files changed, 151 insertions(+)
> >>  create mode 100644 test/zdtm/static/userns01.c
> >>  create mode 100644 test/zdtm/static/userns01.desc
> >>
> >> diff --git a/test/zdtm/static/Makefile b/test/zdtm/static/Makefile
> >> index f7c46da8c..b4d813420 100644
> >> --- a/test/zdtm/static/Makefile
> >> +++ b/test/zdtm/static/Makefile
> >> @@ -176,6 +176,7 @@ TST_NOFILE	:=				\
> >>  		uffd-events			\
> >>  		netns_sub			\
> >>  		userns00			\
> >> +		userns01			\
> >>  #		jobctl00			\
> >>  
> >>  ifneq ($(SRCARCH),arm)
> >> diff --git a/test/zdtm/static/userns01.c b/test/zdtm/static/userns01.c
> >> new file mode 100644
> >> index 000000000..f7ebaa0fc
> >> --- /dev/null
> >> +++ b/test/zdtm/static/userns01.c
> >> @@ -0,0 +1,149 @@
> >> +#define _GNU_SOURCE
> >> +#include <stdbool.h>
> >> +#include <string.h>
> >> +#include <fcntl.h>
> >> +#include <unistd.h>
> >> +#include <signal.h>
> >> +#include <stdio.h>
> >> +#include <sys/mount.h>
> >> +#include <sys/stat.h>
> >> +#include <sys/mman.h>
> >> +#include <sched.h>
> >> +#include <sys/wait.h>
> >> +#include <stdlib.h>
> >> +#include <limits.h>
> >> +#include <dirent.h>
> >> +
> >> +#include "zdtmtst.h"
> >> +#include "lock.h"
> >> +
> >> +const char *test_doc	= "Check UID and GID in unshared userns remains the same";
> >> +const char *test_author	= "Kirill Tkhai <ktkhai@virtuozzo.com>";
> >> +
> >> +enum {
> >> +	FUTEX_INITIALIZED = 0,
> >> +	CHILD_CREATED,
> >> +	MAP_WRITTEN,
> >> +	XIDS_SET,
> >> +	POST_RESTORE_CHECK,
> >> +	EMERGENCY_ABORT,
> >> +};
> >> +
> >> +#define CHILD_UID 0
> >> +#define CHILD_GID 0
> >> +#define UID_MAP "0 0 1\n"
> >> +#define GID_MAP "0 0 1\n"
> >> +
> >> +futex_t *futex;
> >> +
> >> +int write_map(pid_t pid, char *file, char *map)
> >> +{
> >> +	char path[PATH_MAX];
> >> +	int fd, ret;
> >> +
> >> +	sprintf(path, "/proc/%d/%s", pid, file);
> >> +	fd = open(path, O_WRONLY);
> >> +	if (fd < 0) {
> >> +		fail("Can't open");
> >> +		return -1;
> >> +	}
> >> +	ret = write(fd, map, strlen(map));
> >> +	if (ret != strlen(map)) {
> >> +		fail("Can't write");
> >> +		return -1;
> >> +	}
> >> +	close(fd);
> >> +
> >> +	return 0;
> >> +}
> >> +
> >> +int child(void)
> >> +{
> >> +	uid_t uid;
> >> +	gid_t gid;
> >> +	int ret;
> >> +
> >> +	ret = unshare(CLONE_NEWUSER);
> >> +	if (ret < 0) {
> >> +		pr_perror("unshare");
> >> +		futex_set_and_wake(futex, EMERGENCY_ABORT);
> >> +		return 1;
> >> +	}
> >> +
> >> +	futex_set_and_wake(futex, CHILD_CREATED);
> >> +	futex_wait_while_lt(futex, MAP_WRITTEN);
> >> +
> >> +	if (setuid(CHILD_UID) < 0) {
> >> +		pr_perror("setuid");
> >> +		futex_set_and_wake(futex, EMERGENCY_ABORT);
> >> +		return 2;
> >> +	}
> >> +
> >> +	if (setgid(CHILD_GID) < 0) {
> >> +		pr_perror("setgid");
> >> +		futex_set_and_wake(futex, EMERGENCY_ABORT);
> >> +		return 3;
> >> +	}
> >> +
> >> +	futex_set_and_wake(futex, XIDS_SET);
> >> +	futex_wait_while_lt(futex, POST_RESTORE_CHECK);
> >> +
> >> +	uid = getuid();
> >> +	gid = getgid();
> >> +	if (uid != CHILD_UID || gid != CHILD_GID) {
> >> +		pr_perror("UID or GID is wrong: %d %d", uid, gid);
> >> +		futex_set_and_wake(futex, EMERGENCY_ABORT);
> >> +		return 4;
> >> +	}
> >> +
> >> +	return 0;
> >> +}
> >> +
> >> +int main(int argc, char **argv)
> >> +{
> >> +	int status;
> >> +	pid_t pid;
> >> +
> >> +	test_init(argc, argv);
> >> +	futex = mmap(NULL, sizeof(*futex), PROT_WRITE | PROT_READ, MAP_SHARED | MAP_ANONYMOUS, -1, 0);
> >> +	if (futex == MAP_FAILED) {
> >> +		fail("mmap futex\n");
> >> +		return 1;
> >> +	}
> >> +	futex_init(futex);
> >> +
> >> +	pid = fork();
> >> +	if (pid == -1) {
> >> +		fail("fork");
> >> +		return 1;
> >> +	} else if (pid == 0)
> >> +		exit(child());
> >> +
> >> +	futex_wait_while_lt(futex, CHILD_CREATED);
> >> +
> >> +	if (write_map(pid, "uid_map", UID_MAP) < 0 ||
> >> +	    write_map(pid, "gid_map", GID_MAP) < 0) {
> >> +		fail("write map");
> >> +		goto err;
> >> +	}
> >> +
> >> +	futex_set_and_wake(futex, MAP_WRITTEN);
> >> +	futex_wait_while_lt(futex, XIDS_SET);
> >> +
> >> +	test_daemon();
> >> +	test_waitsig();
> >> +
> >> +	futex_set_and_wake(futex, POST_RESTORE_CHECK);
> >> +
> >> +	if (wait(&status) < 0 || WEXITSTATUS(status)) {
> >> +		fail("pid: status=%d\n", WEXITSTATUS(status));
> >> +		goto err;
> >> +	}
> >> +
> >> +	pass();
> >> +	return 0;
> >> +err:
> >> +	futex_set_and_wake(futex, EMERGENCY_ABORT);
> >> +	wait(&status);
> >> +	return 1;
> >> +}
> >> diff --git a/test/zdtm/static/userns01.desc b/test/zdtm/static/userns01.desc
> >> new file mode 100644
> >> index 000000000..1f8bec515
> >> --- /dev/null
> >> +++ b/test/zdtm/static/userns01.desc
> >> @@ -0,0 +1 @@
> >> +{'flavor': 'uns', 'flags': 'suid noauto'}
> >>
> >> _______________________________________________
> >> CRIU mailing list
> >> CRIU@openvz.org
> >> https://lists.openvz.org/mailman/listinfo/criu

Patch hide | download patch | download mbox

diff --git a/test/zdtm/static/userns01.c b/test/zdtm/static/userns01.c
index f7ebaa0..0446297 100644
--- a/test/zdtm/static/userns01.c
+++ b/test/zdtm/static/userns01.c
@@ -29,10 +29,10 @@  enum {
 	EMERGENCY_ABORT,
 };
 
-#define CHILD_UID 0
-#define CHILD_GID 0
-#define UID_MAP "0 0 1\n"
-#define GID_MAP "0 0 1\n"
+#define CHILD_UID 50
+#define CHILD_GID 53
+#define UID_MAP "0 10 1\n1 100 100\n"
+#define GID_MAP "0 12 1\n1 112 100\n"
 
 futex_t *futex;
 
@@ -73,18 +73,18 @@  int child(void)
 	futex_set_and_wake(futex, CHILD_CREATED);
 	futex_wait_while_lt(futex, MAP_WRITTEN);
 
-	if (setuid(CHILD_UID) < 0) {
-		pr_perror("setuid");
-		futex_set_and_wake(futex, EMERGENCY_ABORT);
-		return 2;
-	}
-
 	if (setgid(CHILD_GID) < 0) {
 		pr_perror("setgid");
 		futex_set_and_wake(futex, EMERGENCY_ABORT);
 		return 3;
 	}
 
+	if (setuid(CHILD_UID) < 0) {
+		pr_perror("setuid");
+		futex_set_and_wake(futex, EMERGENCY_ABORT);
+		return 2;
+	}
+
 	futex_set_and_wake(futex, XIDS_SET);
 	futex_wait_while_lt(futex, POST_RESTORE_CHECK);