[v4,02/31] zdtm: Add userns01 test

Submitted by Kirill Tkhai on Feb. 22, 2017, 11:30 a.m.

Details

Message ID 148776304251.17334.13496967472327320975.stgit@localhost.localdomain
State New
Series "Nested user namespaces support"
Headers show

Commit Message

Kirill Tkhai Feb. 22, 2017, 11:30 a.m.
FIXME: use custom UID and GID, not 0 and 0.
Now we are using 0 and 0 to allow the test running
in any environment, and do not carry about CT mappings.

Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
---
 test/zdtm/static/Makefile      |    1 
 test/zdtm/static/userns01.c    |  150 ++++++++++++++++++++++++++++++++++++++++
 test/zdtm/static/userns01.desc |    1 
 3 files changed, 152 insertions(+)
 create mode 100644 test/zdtm/static/userns01.c
 create mode 100644 test/zdtm/static/userns01.desc

Patch hide | download patch | download mbox

diff --git a/test/zdtm/static/Makefile b/test/zdtm/static/Makefile
index f7c46da8c..b4d813420 100644
--- a/test/zdtm/static/Makefile
+++ b/test/zdtm/static/Makefile
@@ -176,6 +176,7 @@  TST_NOFILE	:=				\
 		uffd-events			\
 		netns_sub			\
 		userns00			\
+		userns01			\
 #		jobctl00			\
 
 ifneq ($(SRCARCH),arm)
diff --git a/test/zdtm/static/userns01.c b/test/zdtm/static/userns01.c
new file mode 100644
index 000000000..b4d8534f0
--- /dev/null
+++ b/test/zdtm/static/userns01.c
@@ -0,0 +1,150 @@ 
+#define _GNU_SOURCE
+#include <stdbool.h>
+#include <string.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <signal.h>
+#include <stdio.h>
+#include <sys/mount.h>
+#include <sys/stat.h>
+#include <sys/mman.h>
+#include <sched.h>
+#include <sys/wait.h>
+#include <stdlib.h>
+#include <limits.h>
+#include <dirent.h>
+
+#include "zdtmtst.h"
+#include "lock.h"
+
+const char *test_doc	= "Check UID and GID in unshared userns remains the same";
+const char *test_author	= "Kirill Tkhai <ktkhai@virtuozzo.com>";
+
+enum {
+	FUTEX_INITIALIZED = 0,
+	CHILD_CREATED,
+	MAP_WRITTEN,
+	XIDS_SET,
+	POST_RESTORE_CHECK,
+	EMERGENCY_ABORT,
+};
+
+#define CHILD_UID 0
+#define CHILD_GID 0
+#define UID_MAP "0 0 1\n"
+#define GID_MAP "0 0 1\n"
+
+futex_t *futex;
+
+int write_map(pid_t pid, char *file, char *map)
+{
+	char path[PATH_MAX];
+	int fd, ret;
+
+	sprintf(path, "/proc/%d/%s", pid, file);
+	fd = open(path, O_WRONLY);
+	if (fd < 0) {
+		fail("Can't open");
+		return -1;
+	}
+	ret = write(fd, map, strlen(map));
+	if (ret != strlen(map)) {
+		fail("Can't write");
+		close(fd);
+		return -1;
+	}
+	close(fd);
+
+	return 0;
+}
+
+int child(void)
+{
+	uid_t uid;
+	gid_t gid;
+	int ret;
+
+	ret = unshare(CLONE_NEWUSER);
+	if (ret < 0) {
+		pr_perror("unshare");
+		futex_set_and_wake(futex, EMERGENCY_ABORT);
+		return 1;
+	}
+
+	futex_set_and_wake(futex, CHILD_CREATED);
+	futex_wait_while_lt(futex, MAP_WRITTEN);
+
+	if (setuid(CHILD_UID) < 0) {
+		pr_perror("setuid");
+		futex_set_and_wake(futex, EMERGENCY_ABORT);
+		return 2;
+	}
+
+	if (setgid(CHILD_GID) < 0) {
+		pr_perror("setgid");
+		futex_set_and_wake(futex, EMERGENCY_ABORT);
+		return 3;
+	}
+
+	futex_set_and_wake(futex, XIDS_SET);
+	futex_wait_while_lt(futex, POST_RESTORE_CHECK);
+
+	uid = getuid();
+	gid = getgid();
+	if (uid != CHILD_UID || gid != CHILD_GID) {
+		pr_perror("UID or GID is wrong: %d %d", uid, gid);
+		futex_set_and_wake(futex, EMERGENCY_ABORT);
+		return 4;
+	}
+
+	return 0;
+}
+
+int main(int argc, char **argv)
+{
+	int status;
+	pid_t pid;
+
+	test_init(argc, argv);
+	futex = mmap(NULL, sizeof(*futex), PROT_WRITE | PROT_READ, MAP_SHARED | MAP_ANONYMOUS, -1, 0);
+	if (futex == MAP_FAILED) {
+		fail("mmap futex\n");
+		return 1;
+	}
+	futex_init(futex);
+
+	pid = fork();
+	if (pid == -1) {
+		fail("fork");
+		return 1;
+	} else if (pid == 0)
+		exit(child());
+
+	futex_wait_while_lt(futex, CHILD_CREATED);
+
+	if (write_map(pid, "uid_map", UID_MAP) < 0 ||
+	    write_map(pid, "gid_map", GID_MAP) < 0) {
+		fail("write map");
+		goto err;
+	}
+
+	futex_set_and_wake(futex, MAP_WRITTEN);
+	futex_wait_while_lt(futex, XIDS_SET);
+
+	test_daemon();
+	test_waitsig();
+
+	futex_set_and_wake(futex, POST_RESTORE_CHECK);
+
+	if (wait(&status) < 0 || WEXITSTATUS(status)) {
+		fail("pid: status=%d\n", WEXITSTATUS(status));
+		goto err;
+	}
+
+	pass();
+	return 0;
+err:
+	futex_set_and_wake(futex, EMERGENCY_ABORT);
+	wait(&status);
+	return 1;
+}
diff --git a/test/zdtm/static/userns01.desc b/test/zdtm/static/userns01.desc
new file mode 100644
index 000000000..1f8bec515
--- /dev/null
+++ b/test/zdtm/static/userns01.desc
@@ -0,0 +1 @@ 
+{'flavor': 'uns', 'flags': 'suid noauto'}

Comments

Andrey Vagin Feb. 22, 2017, 9:19 p.m.
On Wed, Feb 22, 2017 at 02:30:42PM +0300, Kirill Tkhai wrote:
> FIXME: use custom UID and GID, not 0 and 0.
> Now we are using 0 and 0 to allow the test running
> in any environment, and do not carry about CT mappings.
>

I don't understand this statement. Pls, look at test/zdtm/lib/ns.c,
there are test mappings for uid-s and gid-s.

#define UID_MAP "0 100000 100000\n100000 200000 50000"
#define GID_MAP "0 400000 50000\n50000 500000 100000"


Why have you decided to not add my changes?


> Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
> ---
>  test/zdtm/static/Makefile      |    1 
>  test/zdtm/static/userns01.c    |  150 ++++++++++++++++++++++++++++++++++++++++
>  test/zdtm/static/userns01.desc |    1 
>  3 files changed, 152 insertions(+)
>  create mode 100644 test/zdtm/static/userns01.c
>  create mode 100644 test/zdtm/static/userns01.desc
> 
> diff --git a/test/zdtm/static/Makefile b/test/zdtm/static/Makefile
> index f7c46da8c..b4d813420 100644
> --- a/test/zdtm/static/Makefile
> +++ b/test/zdtm/static/Makefile
> @@ -176,6 +176,7 @@ TST_NOFILE	:=				\
>  		uffd-events			\
>  		netns_sub			\
>  		userns00			\
> +		userns01			\
>  #		jobctl00			\
>  
>  ifneq ($(SRCARCH),arm)
> diff --git a/test/zdtm/static/userns01.c b/test/zdtm/static/userns01.c
> new file mode 100644
> index 000000000..b4d8534f0
> --- /dev/null
> +++ b/test/zdtm/static/userns01.c
> @@ -0,0 +1,150 @@
> +#define _GNU_SOURCE
> +#include <stdbool.h>
> +#include <string.h>
> +#include <fcntl.h>
> +#include <unistd.h>
> +#include <signal.h>
> +#include <stdio.h>
> +#include <sys/mount.h>
> +#include <sys/stat.h>
> +#include <sys/mman.h>
> +#include <sched.h>
> +#include <sys/wait.h>
> +#include <stdlib.h>
> +#include <limits.h>
> +#include <dirent.h>
> +
> +#include "zdtmtst.h"
> +#include "lock.h"
> +
> +const char *test_doc	= "Check UID and GID in unshared userns remains the same";
> +const char *test_author	= "Kirill Tkhai <ktkhai@virtuozzo.com>";
> +
> +enum {
> +	FUTEX_INITIALIZED = 0,
> +	CHILD_CREATED,
> +	MAP_WRITTEN,
> +	XIDS_SET,
> +	POST_RESTORE_CHECK,
> +	EMERGENCY_ABORT,
> +};
> +
> +#define CHILD_UID 0
> +#define CHILD_GID 0
> +#define UID_MAP "0 0 1\n"
> +#define GID_MAP "0 0 1\n"
> +
> +futex_t *futex;
> +
> +int write_map(pid_t pid, char *file, char *map)
> +{
> +	char path[PATH_MAX];
> +	int fd, ret;
> +
> +	sprintf(path, "/proc/%d/%s", pid, file);
> +	fd = open(path, O_WRONLY);
> +	if (fd < 0) {
> +		fail("Can't open");
> +		return -1;
> +	}
> +	ret = write(fd, map, strlen(map));
> +	if (ret != strlen(map)) {
> +		fail("Can't write");
> +		close(fd);
> +		return -1;
> +	}
> +	close(fd);
> +
> +	return 0;
> +}
> +
> +int child(void)
> +{
> +	uid_t uid;
> +	gid_t gid;
> +	int ret;
> +
> +	ret = unshare(CLONE_NEWUSER);
> +	if (ret < 0) {
> +		pr_perror("unshare");
> +		futex_set_and_wake(futex, EMERGENCY_ABORT);
> +		return 1;
> +	}
> +
> +	futex_set_and_wake(futex, CHILD_CREATED);
> +	futex_wait_while_lt(futex, MAP_WRITTEN);
> +
> +	if (setuid(CHILD_UID) < 0) {
> +		pr_perror("setuid");
> +		futex_set_and_wake(futex, EMERGENCY_ABORT);
> +		return 2;
> +	}
> +
> +	if (setgid(CHILD_GID) < 0) {
> +		pr_perror("setgid");
> +		futex_set_and_wake(futex, EMERGENCY_ABORT);
> +		return 3;
> +	}
> +
> +	futex_set_and_wake(futex, XIDS_SET);
> +	futex_wait_while_lt(futex, POST_RESTORE_CHECK);
> +
> +	uid = getuid();
> +	gid = getgid();
> +	if (uid != CHILD_UID || gid != CHILD_GID) {
> +		pr_perror("UID or GID is wrong: %d %d", uid, gid);
> +		futex_set_and_wake(futex, EMERGENCY_ABORT);
> +		return 4;
> +	}
> +
> +	return 0;
> +}
> +
> +int main(int argc, char **argv)
> +{
> +	int status;
> +	pid_t pid;
> +
> +	test_init(argc, argv);
> +	futex = mmap(NULL, sizeof(*futex), PROT_WRITE | PROT_READ, MAP_SHARED | MAP_ANONYMOUS, -1, 0);
> +	if (futex == MAP_FAILED) {
> +		fail("mmap futex\n");
> +		return 1;
> +	}
> +	futex_init(futex);
> +
> +	pid = fork();
> +	if (pid == -1) {
> +		fail("fork");
> +		return 1;
> +	} else if (pid == 0)
> +		exit(child());
> +
> +	futex_wait_while_lt(futex, CHILD_CREATED);
> +
> +	if (write_map(pid, "uid_map", UID_MAP) < 0 ||
> +	    write_map(pid, "gid_map", GID_MAP) < 0) {
> +		fail("write map");
> +		goto err;
> +	}
> +
> +	futex_set_and_wake(futex, MAP_WRITTEN);
> +	futex_wait_while_lt(futex, XIDS_SET);
> +
> +	test_daemon();
> +	test_waitsig();
> +
> +	futex_set_and_wake(futex, POST_RESTORE_CHECK);
> +
> +	if (wait(&status) < 0 || WEXITSTATUS(status)) {
> +		fail("pid: status=%d\n", WEXITSTATUS(status));
> +		goto err;
> +	}
> +
> +	pass();
> +	return 0;
> +err:
> +	futex_set_and_wake(futex, EMERGENCY_ABORT);
> +	wait(&status);
> +	return 1;
> +}
> diff --git a/test/zdtm/static/userns01.desc b/test/zdtm/static/userns01.desc
> new file mode 100644
> index 000000000..1f8bec515
> --- /dev/null
> +++ b/test/zdtm/static/userns01.desc
> @@ -0,0 +1 @@
> +{'flavor': 'uns', 'flags': 'suid noauto'}
>
Kirill Tkhai Feb. 23, 2017, 9:31 a.m.
On 23.02.2017 00:19, Andrei Vagin wrote:
> On Wed, Feb 22, 2017 at 02:30:42PM +0300, Kirill Tkhai wrote:
>> FIXME: use custom UID and GID, not 0 and 0.
>> Now we are using 0 and 0 to allow the test running
>> in any environment, and do not carry about CT mappings.
>>
> 
> I don't understand this statement. Pls, look at test/zdtm/lib/ns.c,
> there are test mappings for uid-s and gid-s.

Yeah, I asked exactly this in v3.

> #define UID_MAP "0 100000 100000\n100000 200000 50000"
> #define GID_MAP "0 400000 50000\n50000 500000 100000"
> 
> 
> Why have you decided to not add my changes?

I thought, you sent it for debug purpose. No problem, I can apply them.
 
>> Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
>> ---
>>  test/zdtm/static/Makefile      |    1 
>>  test/zdtm/static/userns01.c    |  150 ++++++++++++++++++++++++++++++++++++++++
>>  test/zdtm/static/userns01.desc |    1 
>>  3 files changed, 152 insertions(+)
>>  create mode 100644 test/zdtm/static/userns01.c
>>  create mode 100644 test/zdtm/static/userns01.desc
>>
>> diff --git a/test/zdtm/static/Makefile b/test/zdtm/static/Makefile
>> index f7c46da8c..b4d813420 100644
>> --- a/test/zdtm/static/Makefile
>> +++ b/test/zdtm/static/Makefile
>> @@ -176,6 +176,7 @@ TST_NOFILE	:=				\
>>  		uffd-events			\
>>  		netns_sub			\
>>  		userns00			\
>> +		userns01			\
>>  #		jobctl00			\
>>  
>>  ifneq ($(SRCARCH),arm)
>> diff --git a/test/zdtm/static/userns01.c b/test/zdtm/static/userns01.c
>> new file mode 100644
>> index 000000000..b4d8534f0
>> --- /dev/null
>> +++ b/test/zdtm/static/userns01.c
>> @@ -0,0 +1,150 @@
>> +#define _GNU_SOURCE
>> +#include <stdbool.h>
>> +#include <string.h>
>> +#include <fcntl.h>
>> +#include <unistd.h>
>> +#include <signal.h>
>> +#include <stdio.h>
>> +#include <sys/mount.h>
>> +#include <sys/stat.h>
>> +#include <sys/mman.h>
>> +#include <sched.h>
>> +#include <sys/wait.h>
>> +#include <stdlib.h>
>> +#include <limits.h>
>> +#include <dirent.h>
>> +
>> +#include "zdtmtst.h"
>> +#include "lock.h"
>> +
>> +const char *test_doc	= "Check UID and GID in unshared userns remains the same";
>> +const char *test_author	= "Kirill Tkhai <ktkhai@virtuozzo.com>";
>> +
>> +enum {
>> +	FUTEX_INITIALIZED = 0,
>> +	CHILD_CREATED,
>> +	MAP_WRITTEN,
>> +	XIDS_SET,
>> +	POST_RESTORE_CHECK,
>> +	EMERGENCY_ABORT,
>> +};
>> +
>> +#define CHILD_UID 0
>> +#define CHILD_GID 0
>> +#define UID_MAP "0 0 1\n"
>> +#define GID_MAP "0 0 1\n"
>> +
>> +futex_t *futex;
>> +
>> +int write_map(pid_t pid, char *file, char *map)
>> +{
>> +	char path[PATH_MAX];
>> +	int fd, ret;
>> +
>> +	sprintf(path, "/proc/%d/%s", pid, file);
>> +	fd = open(path, O_WRONLY);
>> +	if (fd < 0) {
>> +		fail("Can't open");
>> +		return -1;
>> +	}
>> +	ret = write(fd, map, strlen(map));
>> +	if (ret != strlen(map)) {
>> +		fail("Can't write");
>> +		close(fd);
>> +		return -1;
>> +	}
>> +	close(fd);
>> +
>> +	return 0;
>> +}
>> +
>> +int child(void)
>> +{
>> +	uid_t uid;
>> +	gid_t gid;
>> +	int ret;
>> +
>> +	ret = unshare(CLONE_NEWUSER);
>> +	if (ret < 0) {
>> +		pr_perror("unshare");
>> +		futex_set_and_wake(futex, EMERGENCY_ABORT);
>> +		return 1;
>> +	}
>> +
>> +	futex_set_and_wake(futex, CHILD_CREATED);
>> +	futex_wait_while_lt(futex, MAP_WRITTEN);
>> +
>> +	if (setuid(CHILD_UID) < 0) {
>> +		pr_perror("setuid");
>> +		futex_set_and_wake(futex, EMERGENCY_ABORT);
>> +		return 2;
>> +	}
>> +
>> +	if (setgid(CHILD_GID) < 0) {
>> +		pr_perror("setgid");
>> +		futex_set_and_wake(futex, EMERGENCY_ABORT);
>> +		return 3;
>> +	}
>> +
>> +	futex_set_and_wake(futex, XIDS_SET);
>> +	futex_wait_while_lt(futex, POST_RESTORE_CHECK);
>> +
>> +	uid = getuid();
>> +	gid = getgid();
>> +	if (uid != CHILD_UID || gid != CHILD_GID) {
>> +		pr_perror("UID or GID is wrong: %d %d", uid, gid);
>> +		futex_set_and_wake(futex, EMERGENCY_ABORT);
>> +		return 4;
>> +	}
>> +
>> +	return 0;
>> +}
>> +
>> +int main(int argc, char **argv)
>> +{
>> +	int status;
>> +	pid_t pid;
>> +
>> +	test_init(argc, argv);
>> +	futex = mmap(NULL, sizeof(*futex), PROT_WRITE | PROT_READ, MAP_SHARED | MAP_ANONYMOUS, -1, 0);
>> +	if (futex == MAP_FAILED) {
>> +		fail("mmap futex\n");
>> +		return 1;
>> +	}
>> +	futex_init(futex);
>> +
>> +	pid = fork();
>> +	if (pid == -1) {
>> +		fail("fork");
>> +		return 1;
>> +	} else if (pid == 0)
>> +		exit(child());
>> +
>> +	futex_wait_while_lt(futex, CHILD_CREATED);
>> +
>> +	if (write_map(pid, "uid_map", UID_MAP) < 0 ||
>> +	    write_map(pid, "gid_map", GID_MAP) < 0) {
>> +		fail("write map");
>> +		goto err;
>> +	}
>> +
>> +	futex_set_and_wake(futex, MAP_WRITTEN);
>> +	futex_wait_while_lt(futex, XIDS_SET);
>> +
>> +	test_daemon();
>> +	test_waitsig();
>> +
>> +	futex_set_and_wake(futex, POST_RESTORE_CHECK);
>> +
>> +	if (wait(&status) < 0 || WEXITSTATUS(status)) {
>> +		fail("pid: status=%d\n", WEXITSTATUS(status));
>> +		goto err;
>> +	}
>> +
>> +	pass();
>> +	return 0;
>> +err:
>> +	futex_set_and_wake(futex, EMERGENCY_ABORT);
>> +	wait(&status);
>> +	return 1;
>> +}
>> diff --git a/test/zdtm/static/userns01.desc b/test/zdtm/static/userns01.desc
>> new file mode 100644
>> index 000000000..1f8bec515
>> --- /dev/null
>> +++ b/test/zdtm/static/userns01.desc
>> @@ -0,0 +1 @@
>> +{'flavor': 'uns', 'flags': 'suid noauto'}
>>