From: Yang Xu <xuyang2018.jy@fujitsu.com>
To: <ltp@lists.linux.it>
Subject: [LTP] [PATCH v4 3/3] cgroup_core01: copy from kernel selftest test_cgcore_lesser_euid_open
Date: Fri, 26 Aug 2022 11:59:25 +0800 [thread overview]
Message-ID: <1661486365-2361-3-git-send-email-xuyang2018.jy@fujitsu.com> (raw)
In-Reply-To: <1661486365-2361-1-git-send-email-xuyang2018.jy@fujitsu.com>
Reviewed-by: Richard Palethorpe <rpalethorpe@suse.com>
Signed-off-by: Yang Xu <xuyang2018.jy@fujitsu.com>
---
runtest/controllers | 1 +
.../kernel/controllers/cgroup/.gitignore | 1 +
.../kernel/controllers/cgroup/cgroup_core01.c | 107 ++++++++++++++++++
3 files changed, 109 insertions(+)
create mode 100644 testcases/kernel/controllers/cgroup/cgroup_core01.c
diff --git a/runtest/controllers b/runtest/controllers
index 22d482050..41f8367e4 100644
--- a/runtest/controllers
+++ b/runtest/controllers
@@ -1,4 +1,5 @@
#DESCRIPTION:Resource Management testing
+cgroup_core01 cgroup_core01
cgroup cgroup_regression_test.sh
memcg_regression memcg_regression_test.sh
memcg_test_3 memcg_test_3
diff --git a/testcases/kernel/controllers/cgroup/.gitignore b/testcases/kernel/controllers/cgroup/.gitignore
index eb91cc4e1..382f2d9f2 100644
--- a/testcases/kernel/controllers/cgroup/.gitignore
+++ b/testcases/kernel/controllers/cgroup/.gitignore
@@ -1,3 +1,4 @@
/cgroup_regression_fork_processes
/cgroup_regression_getdelays
/cgroup_regression_6_2
+/cgroup_core01
diff --git a/testcases/kernel/controllers/cgroup/cgroup_core01.c b/testcases/kernel/controllers/cgroup/cgroup_core01.c
new file mode 100644
index 000000000..fc60ae5aa
--- /dev/null
+++ b/testcases/kernel/controllers/cgroup/cgroup_core01.c
@@ -0,0 +1,107 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (c) 2022 FUJITSU LIMITED. All rights reserved.
+ * Author: Yang Xu <xuyang2018.jy@cn.fujitsu.com>
+ */
+
+/*\
+ * [Description]
+ *
+ * When a task is writing to an fd opened by a different task, the perm check
+ * should use the credentials of the latter task.
+ *
+ * It is copy from kernel selftests cgroup test_core test_cgcore_lesser_euid_open
+ * subcase. The difference is that kernel selftest only supports cgroup v2 but
+ * here we also support cgroup v1 and v2.
+ *
+ * It is a regression test for
+ *
+ * commit e57457641613fef0d147ede8bd6a3047df588b95
+ * Author: Tejun Heo <tj@kernel.org>
+ * Date: Thu Jan 6 11:02:29 2022 -1000
+ *
+ * cgroup: Use open-time cgroup namespace for process migration perm checks
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include "tst_test.h"
+#include "tst_safe_file_at.h"
+
+static struct tst_cg_group *cg_child_a, *cg_child_b;
+static uid_t nobody_uid, save_uid;
+
+static void test_lesser_euid_open(void)
+{
+ int fds[TST_CG_ROOTS_MAX] = {-1};
+ int i, loops;
+
+ cg_child_a = tst_cg_group_mk(tst_cg, "child_a");
+ cg_child_b = tst_cg_group_mk(tst_cg, "child_b");
+
+ if (!SAFE_FORK()) {
+ SAFE_CG_PRINT(cg_child_a, "cgroup.procs", "0");
+ SAFE_CG_FCHOWN(cg_child_a, "cgroup.procs", nobody_uid, -1);
+ SAFE_CG_FCHOWN(cg_child_b, "cgroup.procs", nobody_uid, -1);
+ SAFE_SETEUID(nobody_uid);
+
+ loops = SAFE_CG_OPEN(cg_child_b, "cgroup.procs", O_RDWR, fds);
+ SAFE_SETEUID(save_uid);
+
+ for (i = 0; i < loops; i++) {
+ if (fds[i] < 1) {
+ tst_res(TFAIL, "unexpected negative fd %d", fds[i]);
+ exit(1);
+ }
+
+ TEST(write(fds[i], "0", 1));
+ if (TST_RET >= 0 || TST_ERR != EACCES)
+ tst_res(TFAIL, "%s failed", __func__);
+ else
+ tst_res(TPASS | TTERRNO, "%s passed", __func__);
+
+ SAFE_CLOSE(fds[i]);
+ }
+ exit(0);
+ }
+
+ tst_reap_children();
+ cg_child_b = tst_cg_group_rm(cg_child_b);
+ cg_child_a = tst_cg_group_rm(cg_child_a);
+}
+
+static void setup(void)
+{
+ struct passwd *pw;
+
+ pw = SAFE_GETPWNAM("nobody");
+ nobody_uid = pw->pw_uid;
+ save_uid = geteuid();
+}
+
+static void cleanup(void)
+{
+ if (cg_child_a) {
+ SAFE_CG_PRINTF(tst_cg_drain, "cgroup.procs", "%d", getpid());
+ cg_child_a = tst_cg_group_rm(cg_child_a);
+ }
+ if (cg_child_b) {
+ SAFE_CG_PRINTF(tst_cg_drain, "cgroup.procs", "%d", getpid());
+ cg_child_b = tst_cg_group_rm(cg_child_b);
+ }
+}
+
+static struct tst_test test = {
+ .setup = setup,
+ .cleanup = cleanup,
+ .test_all = test_lesser_euid_open,
+ .forks_child = 1,
+ .needs_root = 1,
+ .needs_cgroup_ctrls = (const char *const[]){"memory", NULL},
+ .tags = (const struct tst_tag[]) {
+ {"linux-git", "e57457641613"},
+ {}
+ },
+};
--
2.27.0
--
Mailing list info: https://lists.linux.it/listinfo/ltp
next prev parent reply other threads:[~2022-08-26 2:59 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-03 10:19 [LTP] [PATCH v1 1/3] tst_safe_file_at: Add SAFE_FCHOWNAT macro Yang Xu
2022-08-03 10:19 ` [LTP] [PATCH v1 2/3] tst_cgroup: Add safe_cg_open and safe_cg_fchown functions Yang Xu
2022-08-04 10:24 ` Richard Palethorpe
2022-08-16 6:19 ` xuyang2018.jy
2022-08-16 8:18 ` Richard Palethorpe
2022-08-18 8:05 ` xuyang2018.jy
2022-08-18 9:03 ` Richard Palethorpe
2022-08-23 7:10 ` xuyang2018.jy
2022-08-23 9:55 ` xuyang2018.jy
2022-08-18 9:00 ` [LTP] [RFC v2 1/3] tst_safe_file_at: Add SAFE_FCHOWNAT macro Yang Xu
2022-08-18 9:00 ` [LTP] [RFC v2 2/3] tst_cgroup: Add safe_cg_open and safe_cg_fchown functions Yang Xu
2022-08-18 9:00 ` [LTP] [RFC v2 3/3] memcontrol05: copy from kernel selftest test_cgcore_lesser_euid_open Yang Xu
2022-08-23 11:01 ` [LTP] [PATCH v3 1/3] tst_safe_file_at: Add SAFE_FCHOWNAT macro Yang Xu
2022-08-23 11:01 ` [LTP] [PATCH v3 2/3] tst_cgroup: Add safe_cg_open and safe_cg_fchown functions Yang Xu
2022-08-25 14:57 ` Richard Palethorpe
2022-08-25 16:08 ` Richard Palethorpe
2022-08-26 2:04 ` xuyang2018.jy
2022-08-26 3:59 ` [LTP] [PATCH v4 1/3] tst_safe_file_at: Add SAFE_FCHOWNAT macro Yang Xu
2022-08-26 3:59 ` [LTP] [PATCH v4 2/3] tst_cgroup: Add safe_cg_open and safe_cg_fchown functions Yang Xu
2022-08-26 5:54 ` Richard Palethorpe
2022-08-26 6:33 ` xuyang2018.jy
2022-08-26 3:59 ` Yang Xu [this message]
2022-08-23 11:01 ` [LTP] [PATCH v3 3/3] core01: copy from kernel selftest test_cgcore_lesser_euid_open Yang Xu
2022-08-03 10:19 ` [LTP] [PATCH v1 3/3] memcontrol05: " Yang Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1661486365-2361-3-git-send-email-xuyang2018.jy@fujitsu.com \
--to=xuyang2018.jy@fujitsu.com \
--cc=ltp@lists.linux.it \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.