* [LTP] [PATCH V2] containers: new testcase userns02 @ 2015-05-27 21:00 Yuan Sun 2015-05-28 12:33 ` Jan Stancek 0 siblings, 1 reply; 6+ messages in thread From: Yuan Sun @ 2015-05-27 21:00 UTC (permalink / raw) To: jstancek; +Cc: ltp-list, pleasuresun The user ID and group ID, which are inside a container, can be modified by its parent process. Signed-off-by: Yuan Sun <sunyuan3@huawei.com> --- runtest/containers | 1 + testcases/kernel/containers/.gitignore | 1 + testcases/kernel/containers/userns/userns02.c | 113 ++++++++++++++++++++++++++ 3 files changed, 115 insertions(+) create mode 100644 testcases/kernel/containers/userns/userns02.c diff --git a/runtest/containers b/runtest/containers index ca10372..bb1beb6 100644 --- a/runtest/containers +++ b/runtest/containers @@ -69,3 +69,4 @@ mountns03 mountns03 mountns04 mountns04 userns01 userns01 +userns02 userns02 diff --git a/testcases/kernel/containers/.gitignore b/testcases/kernel/containers/.gitignore index 4478b53..e3c92c9 100644 --- a/testcases/kernel/containers/.gitignore +++ b/testcases/kernel/containers/.gitignore @@ -4,3 +4,4 @@ mountns/mountns02 mountns/mountns03 mountns/mountns04 userns/userns01 +userns/userns02 diff --git a/testcases/kernel/containers/userns/userns02.c b/testcases/kernel/containers/userns/userns02.c new file mode 100644 index 0000000..6a4b36d --- /dev/null +++ b/testcases/kernel/containers/userns/userns02.c @@ -0,0 +1,113 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd., 2015 + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See + * the GNU General Public License for more details. + */ + +/* + * Verify that: + * The user ID and group ID, which are inside a container, can be modified + * by its parent process. + */ + +#define _GNU_SOURCE +#include <sys/wait.h> +#include <assert.h> +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> +#include <string.h> +#include <errno.h> +#include "test.h" +#include "userns_helper.h" + +char *TCID = "user_namespace2"; +int TST_TOTAL = 1; + +int childpid; +int parentuid; +int parentgid; +char path[BUFSIZ]; +char content[BUFSIZ]; +static int fd; +/* + * child_fn1() - Inside a new user namespace + */ +static int child_fn1(void) +{ + int exit_val; + int uid, gid; + + TST_SAFE_CHECKPOINT_WAIT(NULL, 0); + uid = geteuid(); + gid = getegid(); + + printf("USERNS test is running in a new user namespace.\n"); + if (uid == 100 && gid == 100) { + printf("Got expected uid and gid.\n"); + exit_val = 0; + } else { + printf("Got unexpected result of uid=%d gid=%d\n", uid, gid); + exit_val = 1; + } + + return exit_val; +} + +static void setup(void) +{ + TST_CHECKPOINT_INIT(NULL); + check_newuser(); +} + +int main(int argc, char *argv[]) +{ + int status; + int lc; + + tst_parse_opts(argc, argv, NULL, NULL); + setup(); + + for (lc = 0; TEST_LOOPING(lc); lc++) { + tst_count = 0; + childpid = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD, + (void *)child_fn1, NULL); + + if (childpid < 0) + tst_brkm(TFAIL | TERRNO, NULL, "clone failed"); + + parentuid = geteuid(); + parentgid = getegid(); + sprintf(path, "/proc/%d/uid_map", childpid); + sprintf(content, "100 %d 1", parentuid); + fd = SAFE_OPEN(NULL, path, O_WRONLY, 0644); + SAFE_WRITE(NULL, 1, fd, content, strlen(content)); + sprintf(path, "/proc/%d/gid_map", childpid); + sprintf(content, "100 %d 1", parentgid); + fd = SAFE_OPEN(NULL, path, O_WRONLY, 0644); + SAFE_WRITE(NULL, 1, fd, content, strlen(content)); + + TST_SAFE_CHECKPOINT_WAKE(NULL, 0); + + if (waitpid(childpid, &status, 0) < 0) + tst_resm(TBROK | TERRNO, "parent: waitpid failed."); + + if (WIFEXITED(status) && WEXITSTATUS(status) != 0) + tst_resm(TFAIL, "child exited abnormally"); + else if (WIFSIGNALED(status)) { + tst_resm(TFAIL, "child was killed with signal = %d", + WTERMSIG(status)); + } + + } + tst_resm(TPASS, "the uid and the gid are right inside the container"); + tst_exit(); +} + -- 1.9.1 ------------------------------------------------------------------------------ _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [LTP] [PATCH V2] containers: new testcase userns02 2015-05-27 21:00 [LTP] [PATCH V2] containers: new testcase userns02 Yuan Sun @ 2015-05-28 12:33 ` Jan Stancek 2015-05-29 10:23 ` Jiri Jaburek 2015-06-02 8:09 ` Jan Stancek 0 siblings, 2 replies; 6+ messages in thread From: Jan Stancek @ 2015-05-28 12:33 UTC (permalink / raw) To: Yuan Sun; +Cc: ltp-list, pleasuresun ----- Original Message ----- > From: "Yuan Sun" <sunyuan3@huawei.com> > To: jstancek@redhat.com > Cc: ltp-list@lists.sourceforge.net, pleasuresun@sina.com, sunyuan3@huawei.com > Sent: Wednesday, 27 May, 2015 11:00:21 PM > Subject: [PATCH V2] containers: new testcase userns02 > > The user ID and group ID, which are inside a container, can > be modified by its parent process. > > Signed-off-by: Yuan Sun <sunyuan3@huawei.com> Hi, couple comments inline, but overall it looks good to me. Unless someone points out other issues, I can fix these before commit. > --- > runtest/containers | 1 + > testcases/kernel/containers/.gitignore | 1 + > testcases/kernel/containers/userns/userns02.c | 113 > ++++++++++++++++++++++++++ > 3 files changed, 115 insertions(+) > create mode 100644 testcases/kernel/containers/userns/userns02.c > > diff --git a/runtest/containers b/runtest/containers > index ca10372..bb1beb6 100644 > --- a/runtest/containers > +++ b/runtest/containers > @@ -69,3 +69,4 @@ mountns03 mountns03 > mountns04 mountns04 > > userns01 userns01 > +userns02 userns02 > diff --git a/testcases/kernel/containers/.gitignore > b/testcases/kernel/containers/.gitignore > index 4478b53..e3c92c9 100644 > --- a/testcases/kernel/containers/.gitignore > +++ b/testcases/kernel/containers/.gitignore > @@ -4,3 +4,4 @@ mountns/mountns02 > mountns/mountns03 > mountns/mountns04 > userns/userns01 > +userns/userns02 > diff --git a/testcases/kernel/containers/userns/userns02.c > b/testcases/kernel/containers/userns/userns02.c > new file mode 100644 > index 0000000..6a4b36d > --- /dev/null > +++ b/testcases/kernel/containers/userns/userns02.c > @@ -0,0 +1,113 @@ > +/* > + * Copyright (c) Huawei Technologies Co., Ltd., 2015 > + * This program is free software; you can redistribute it and/or modify > + * it under the terms of the GNU General Public License as published by > + * the Free Software Foundation; either version 2 of the License, or > + * (at your option) any later version. > + * > + * This program is distributed in the hope that it will be useful, > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See > + * the GNU General Public License for more details. > + */ > + > +/* > + * Verify that: > + * The user ID and group ID, which are inside a container, can be modified > + * by its parent process. > + */ > + > +#define _GNU_SOURCE > +#include <sys/wait.h> > +#include <assert.h> > +#include <stdio.h> > +#include <stdlib.h> > +#include <unistd.h> > +#include <string.h> > +#include <errno.h> > +#include "test.h" > +#include "userns_helper.h" > + > +char *TCID = "user_namespace2"; > +int TST_TOTAL = 1; > + > +int childpid; > +int parentuid; > +int parentgid; > +char path[BUFSIZ]; > +char content[BUFSIZ]; > +static int fd; No need for these to be global, all can be in main. > +/* > + * child_fn1() - Inside a new user namespace > + */ > +static int child_fn1(void) > +{ > + int exit_val; > + int uid, gid; > + > + TST_SAFE_CHECKPOINT_WAIT(NULL, 0); > + uid = geteuid(); > + gid = getegid(); > + > + printf("USERNS test is running in a new user namespace.\n"); > + if (uid == 100 && gid == 100) { > + printf("Got expected uid and gid.\n"); > + exit_val = 0; > + } else { > + printf("Got unexpected result of uid=%d gid=%d\n", uid, gid); > + exit_val = 1; > + } > + > + return exit_val; > +} > + > +static void setup(void) > +{ > + TST_CHECKPOINT_INIT(NULL); > + check_newuser(); > +} > + > +int main(int argc, char *argv[]) > +{ > + int status; > + int lc; > + > + tst_parse_opts(argc, argv, NULL, NULL); > + setup(); > + > + for (lc = 0; TEST_LOOPING(lc); lc++) { > + tst_count = 0; > + childpid = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD, > + (void *)child_fn1, NULL); > + > + if (childpid < 0) > + tst_brkm(TFAIL | TERRNO, NULL, "clone failed"); > + > + parentuid = geteuid(); > + parentgid = getegid(); > + sprintf(path, "/proc/%d/uid_map", childpid); > + sprintf(content, "100 %d 1", parentuid); > + fd = SAFE_OPEN(NULL, path, O_WRONLY, 0644); > + SAFE_WRITE(NULL, 1, fd, content, strlen(content)); > + sprintf(path, "/proc/%d/gid_map", childpid); > + sprintf(content, "100 %d 1", parentgid); > + fd = SAFE_OPEN(NULL, path, O_WRONLY, 0644); > + SAFE_WRITE(NULL, 1, fd, content, strlen(content)); > + > + TST_SAFE_CHECKPOINT_WAKE(NULL, 0); > + > + if (waitpid(childpid, &status, 0) < 0) > + tst_resm(TBROK | TERRNO, "parent: waitpid failed."); > + > + if (WIFEXITED(status) && WEXITSTATUS(status) != 0) > + tst_resm(TFAIL, "child exited abnormally"); > + else if (WIFSIGNALED(status)) { > + tst_resm(TFAIL, "child was killed with signal = %d", > + WTERMSIG(status)); > + } > + > + } > + tst_resm(TPASS, "the uid and the gid are right inside the container"); It will print TPASS even when it fails - not a big issue since T_exitval will carry any previous TFAIL. Regards, Jan > + tst_exit(); > +} > + > -- > 1.9.1 > > ------------------------------------------------------------------------------ _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [LTP] [PATCH V2] containers: new testcase userns02 2015-05-28 12:33 ` Jan Stancek @ 2015-05-29 10:23 ` Jiri Jaburek 2015-05-30 6:50 ` Yuan Sun 2015-06-02 8:09 ` Jan Stancek 1 sibling, 1 reply; 6+ messages in thread From: Jiri Jaburek @ 2015-05-29 10:23 UTC (permalink / raw) To: Yuan Sun; +Cc: ltp-list, pleasuresun On 05/28/15 14:33, Jan Stancek wrote: > ----- Original Message ----- >> From: "Yuan Sun" <sunyuan3@huawei.com> >> To: jstancek@redhat.com >> Cc: ltp-list@lists.sourceforge.net, pleasuresun@sina.com, sunyuan3@huawei.com >> Sent: Wednesday, 27 May, 2015 11:00:21 PM >> Subject: [PATCH V2] containers: new testcase userns02 >> >> The user ID and group ID, which are inside a container, can >> be modified by its parent process. >> >> Signed-off-by: Yuan Sun <sunyuan3@huawei.com> > > Hi, > > couple comments inline, but overall it looks good to me. > Unless someone points out other issues, I can fix these before commit. > As a FYI to the author - there's a "libclone" library in containers/ that can take care of the forking/cloning/unsharing, specifically the do_clone_tests function could be used (uses ltp_clone_quick). Given the simplicity of the function, though, I wouldn't see it as a major issue. ------------------------------------------------------------------------------ _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [LTP] [PATCH V2] containers: new testcase userns02 2015-05-29 10:23 ` Jiri Jaburek @ 2015-05-30 6:50 ` Yuan Sun 0 siblings, 0 replies; 6+ messages in thread From: Yuan Sun @ 2015-05-30 6:50 UTC (permalink / raw) To: Jiri Jaburek; +Cc: ltp-list, pleasuresun On 2015/5/29 18:23, Jiri Jaburek wrote: > On 05/28/15 14:33, Jan Stancek wrote: >> ----- Original Message ----- >>> From: "Yuan Sun" <sunyuan3@huawei.com> >>> To: jstancek@redhat.com >>> Cc: ltp-list@lists.sourceforge.net, pleasuresun@sina.com, sunyuan3@huawei.com >>> Sent: Wednesday, 27 May, 2015 11:00:21 PM >>> Subject: [PATCH V2] containers: new testcase userns02 >>> >>> The user ID and group ID, which are inside a container, can >>> be modified by its parent process. >>> >>> Signed-off-by: Yuan Sun <sunyuan3@huawei.com> >> Hi, >> >> couple comments inline, but overall it looks good to me. >> Unless someone points out other issues, I can fix these before commit. >> > As a FYI to the author - there's a "libclone" library in containers/ > that can take care of the forking/cloning/unsharing, specifically the > do_clone_tests function could be used (uses ltp_clone_quick). > Given the simplicity of the function, though, I wouldn't see it as > a major issue. Hi Jan, Thanks for your comment. In general, I agree with you. But in this case I have different opinions. I tried replacing ltp_clone_quick with do_clone_tests. #childpid = do_clone_tests(CLONE_NEWUSER | SIGCHLD, (void *)child_fn1, NULL, NULL, NULL); However, I found "do_clone_tests" function can't return the child pid. In this case, the parent needs the child pid to modify /proc/$childpid/uid_map. Maybe ltp_clone_quick is more appropriate than do_clone_tests in this case. Of course, if you have different opinion please feel free to let me know. Regards. Yuan > > > . > ------------------------------------------------------------------------------ _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [LTP] [PATCH V2] containers: new testcase userns02 2015-05-28 12:33 ` Jan Stancek 2015-05-29 10:23 ` Jiri Jaburek @ 2015-06-02 8:09 ` Jan Stancek 2015-06-02 8:26 ` Yuan Sun 1 sibling, 1 reply; 6+ messages in thread From: Jan Stancek @ 2015-06-02 8:09 UTC (permalink / raw) To: Yuan Sun; +Cc: ltp-list, pleasuresun ----- Original Message ----- > From: "Jan Stancek" <jstancek@redhat.com> > To: "Yuan Sun" <sunyuan3@huawei.com> > Cc: ltp-list@lists.sourceforge.net, pleasuresun@sina.com > Sent: Thursday, 28 May, 2015 2:33:53 PM > Subject: Re: [LTP] [PATCH V2] containers: new testcase userns02 > > > > > > ----- Original Message ----- > > From: "Yuan Sun" <sunyuan3@huawei.com> > > To: jstancek@redhat.com > > Cc: ltp-list@lists.sourceforge.net, pleasuresun@sina.com, > > sunyuan3@huawei.com > > Sent: Wednesday, 27 May, 2015 11:00:21 PM > > Subject: [PATCH V2] containers: new testcase userns02 > > > > The user ID and group ID, which are inside a container, can > > be modified by its parent process. > > > > Signed-off-by: Yuan Sun <sunyuan3@huawei.com> Pushed with these changes: global variables moved to main() added cleanup() and tmp dir so we don't leave futex base file behind don't print TPASS unconditionally Regards, Jan > > Hi, > > couple comments inline, but overall it looks good to me. > Unless someone points out other issues, I can fix these before commit. > > > --- > > runtest/containers | 1 + > > testcases/kernel/containers/.gitignore | 1 + > > testcases/kernel/containers/userns/userns02.c | 113 > > ++++++++++++++++++++++++++ > > 3 files changed, 115 insertions(+) > > create mode 100644 testcases/kernel/containers/userns/userns02.c > > > > diff --git a/runtest/containers b/runtest/containers > > index ca10372..bb1beb6 100644 > > --- a/runtest/containers > > +++ b/runtest/containers > > @@ -69,3 +69,4 @@ mountns03 mountns03 > > mountns04 mountns04 > > > > userns01 userns01 > > +userns02 userns02 > > diff --git a/testcases/kernel/containers/.gitignore > > b/testcases/kernel/containers/.gitignore > > index 4478b53..e3c92c9 100644 > > --- a/testcases/kernel/containers/.gitignore > > +++ b/testcases/kernel/containers/.gitignore > > @@ -4,3 +4,4 @@ mountns/mountns02 > > mountns/mountns03 > > mountns/mountns04 > > userns/userns01 > > +userns/userns02 > > diff --git a/testcases/kernel/containers/userns/userns02.c > > b/testcases/kernel/containers/userns/userns02.c > > new file mode 100644 > > index 0000000..6a4b36d > > --- /dev/null > > +++ b/testcases/kernel/containers/userns/userns02.c > > @@ -0,0 +1,113 @@ > > +/* > > + * Copyright (c) Huawei Technologies Co., Ltd., 2015 > > + * This program is free software; you can redistribute it and/or modify > > + * it under the terms of the GNU General Public License as published by > > + * the Free Software Foundation; either version 2 of the License, or > > + * (at your option) any later version. > > + * > > + * This program is distributed in the hope that it will be useful, > > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See > > + * the GNU General Public License for more details. > > + */ > > + > > +/* > > + * Verify that: > > + * The user ID and group ID, which are inside a container, can be > > modified > > + * by its parent process. > > + */ > > + > > +#define _GNU_SOURCE > > +#include <sys/wait.h> > > +#include <assert.h> > > +#include <stdio.h> > > +#include <stdlib.h> > > +#include <unistd.h> > > +#include <string.h> > > +#include <errno.h> > > +#include "test.h" > > +#include "userns_helper.h" > > + > > +char *TCID = "user_namespace2"; > > +int TST_TOTAL = 1; > > + > > +int childpid; > > +int parentuid; > > +int parentgid; > > +char path[BUFSIZ]; > > +char content[BUFSIZ]; > > +static int fd; > > No need for these to be global, all can be in main. > > > +/* > > + * child_fn1() - Inside a new user namespace > > + */ > > +static int child_fn1(void) > > +{ > > + int exit_val; > > + int uid, gid; > > + > > + TST_SAFE_CHECKPOINT_WAIT(NULL, 0); > > + uid = geteuid(); > > + gid = getegid(); > > + > > + printf("USERNS test is running in a new user namespace.\n"); > > + if (uid == 100 && gid == 100) { > > + printf("Got expected uid and gid.\n"); > > + exit_val = 0; > > + } else { > > + printf("Got unexpected result of uid=%d gid=%d\n", uid, gid); > > + exit_val = 1; > > + } > > + > > + return exit_val; > > +} > > + > > +static void setup(void) > > +{ > > + TST_CHECKPOINT_INIT(NULL); > > + check_newuser(); > > +} > > + > > +int main(int argc, char *argv[]) > > +{ > > + int status; > > + int lc; > > + > > + tst_parse_opts(argc, argv, NULL, NULL); > > + setup(); > > + > > + for (lc = 0; TEST_LOOPING(lc); lc++) { > > + tst_count = 0; > > + childpid = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD, > > + (void *)child_fn1, NULL); > > + > > + if (childpid < 0) > > + tst_brkm(TFAIL | TERRNO, NULL, "clone failed"); > > + > > + parentuid = geteuid(); > > + parentgid = getegid(); > > + sprintf(path, "/proc/%d/uid_map", childpid); > > + sprintf(content, "100 %d 1", parentuid); > > + fd = SAFE_OPEN(NULL, path, O_WRONLY, 0644); > > + SAFE_WRITE(NULL, 1, fd, content, strlen(content)); > > + sprintf(path, "/proc/%d/gid_map", childpid); > > + sprintf(content, "100 %d 1", parentgid); > > + fd = SAFE_OPEN(NULL, path, O_WRONLY, 0644); > > + SAFE_WRITE(NULL, 1, fd, content, strlen(content)); > > + > > + TST_SAFE_CHECKPOINT_WAKE(NULL, 0); > > + > > + if (waitpid(childpid, &status, 0) < 0) > > + tst_resm(TBROK | TERRNO, "parent: waitpid failed."); > > + > > + if (WIFEXITED(status) && WEXITSTATUS(status) != 0) > > + tst_resm(TFAIL, "child exited abnormally"); > > + else if (WIFSIGNALED(status)) { > > + tst_resm(TFAIL, "child was killed with signal = %d", > > + WTERMSIG(status)); > > + } > > + > > + } > > + tst_resm(TPASS, "the uid and the gid are right inside the container"); > > It will print TPASS even when it fails - not a big issue since T_exitval > will carry any previous TFAIL. > > Regards, > Jan > > > + tst_exit(); > > +} > > + > > -- > > 1.9.1 > > > > > > ------------------------------------------------------------------------------ > _______________________________________________ > Ltp-list mailing list > Ltp-list@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/ltp-list > ------------------------------------------------------------------------------ _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [LTP] [PATCH V2] containers: new testcase userns02 2015-06-02 8:09 ` Jan Stancek @ 2015-06-02 8:26 ` Yuan Sun 0 siblings, 0 replies; 6+ messages in thread From: Yuan Sun @ 2015-06-02 8:26 UTC (permalink / raw) To: Jan Stancek; +Cc: ltp-list Hi Jan, Excellent. Many thanks for your help. I am creating a new testcase userns03 to cover the following. I will send the patch soon. (1) If the process opening the file is in the same user namespace as the process PID, then ID-outside-ns is defined with respect to the parent user namespace. (2) If the process opening the file is in a different user namespace, then ID-outside-ns is defined with respect to the user namespace of the process opening the file. Thanks. Regards. Yuan On 2015/6/2 16:09, Jan Stancek wrote: > > > ----- Original Message ----- >> From: "Jan Stancek" <jstancek@redhat.com> >> To: "Yuan Sun" <sunyuan3@huawei.com> >> Cc: ltp-list@lists.sourceforge.net, pleasuresun@sina.com >> Sent: Thursday, 28 May, 2015 2:33:53 PM >> Subject: Re: [LTP] [PATCH V2] containers: new testcase userns02 >> >> >> >> >> >> ----- Original Message ----- >>> From: "Yuan Sun" <sunyuan3@huawei.com> >>> To: jstancek@redhat.com >>> Cc: ltp-list@lists.sourceforge.net, pleasuresun@sina.com, >>> sunyuan3@huawei.com >>> Sent: Wednesday, 27 May, 2015 11:00:21 PM >>> Subject: [PATCH V2] containers: new testcase userns02 >>> >>> The user ID and group ID, which are inside a container, can >>> be modified by its parent process. >>> >>> Signed-off-by: Yuan Sun <sunyuan3@huawei.com> > Pushed with these changes: > global variables moved to main() > added cleanup() and tmp dir so we don't leave futex base file behind > don't print TPASS unconditionally > > Regards, > Jan > >> Hi, >> >> couple comments inline, but overall it looks good to me. >> Unless someone points out other issues, I can fix these before commit. >> >>> --- >>> runtest/containers | 1 + >>> testcases/kernel/containers/.gitignore | 1 + >>> testcases/kernel/containers/userns/userns02.c | 113 >>> ++++++++++++++++++++++++++ >>> 3 files changed, 115 insertions(+) >>> create mode 100644 testcases/kernel/containers/userns/userns02.c >>> >>> diff --git a/runtest/containers b/runtest/containers >>> index ca10372..bb1beb6 100644 >>> --- a/runtest/containers >>> +++ b/runtest/containers >>> @@ -69,3 +69,4 @@ mountns03 mountns03 >>> mountns04 mountns04 >>> >>> userns01 userns01 >>> +userns02 userns02 >>> diff --git a/testcases/kernel/containers/.gitignore >>> b/testcases/kernel/containers/.gitignore >>> index 4478b53..e3c92c9 100644 >>> --- a/testcases/kernel/containers/.gitignore >>> +++ b/testcases/kernel/containers/.gitignore >>> @@ -4,3 +4,4 @@ mountns/mountns02 >>> mountns/mountns03 >>> mountns/mountns04 >>> userns/userns01 >>> +userns/userns02 >>> diff --git a/testcases/kernel/containers/userns/userns02.c >>> b/testcases/kernel/containers/userns/userns02.c >>> new file mode 100644 >>> index 0000000..6a4b36d >>> --- /dev/null >>> +++ b/testcases/kernel/containers/userns/userns02.c >>> @@ -0,0 +1,113 @@ >>> +/* >>> + * Copyright (c) Huawei Technologies Co., Ltd., 2015 >>> + * This program is free software; you can redistribute it and/or modify >>> + * it under the terms of the GNU General Public License as published by >>> + * the Free Software Foundation; either version 2 of the License, or >>> + * (at your option) any later version. >>> + * >>> + * This program is distributed in the hope that it will be useful, >>> + * but WITHOUT ANY WARRANTY; without even the implied warranty of >>> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See >>> + * the GNU General Public License for more details. >>> + */ >>> + >>> +/* >>> + * Verify that: >>> + * The user ID and group ID, which are inside a container, can be >>> modified >>> + * by its parent process. >>> + */ >>> + >>> +#define _GNU_SOURCE >>> +#include <sys/wait.h> >>> +#include <assert.h> >>> +#include <stdio.h> >>> +#include <stdlib.h> >>> +#include <unistd.h> >>> +#include <string.h> >>> +#include <errno.h> >>> +#include "test.h" >>> +#include "userns_helper.h" >>> + >>> +char *TCID = "user_namespace2"; >>> +int TST_TOTAL = 1; >>> + >>> +int childpid; >>> +int parentuid; >>> +int parentgid; >>> +char path[BUFSIZ]; >>> +char content[BUFSIZ]; >>> +static int fd; >> No need for these to be global, all can be in main. >> >>> +/* >>> + * child_fn1() - Inside a new user namespace >>> + */ >>> +static int child_fn1(void) >>> +{ >>> + int exit_val; >>> + int uid, gid; >>> + >>> + TST_SAFE_CHECKPOINT_WAIT(NULL, 0); >>> + uid = geteuid(); >>> + gid = getegid(); >>> + >>> + printf("USERNS test is running in a new user namespace.\n"); >>> + if (uid == 100 && gid == 100) { >>> + printf("Got expected uid and gid.\n"); >>> + exit_val = 0; >>> + } else { >>> + printf("Got unexpected result of uid=%d gid=%d\n", uid, gid); >>> + exit_val = 1; >>> + } >>> + >>> + return exit_val; >>> +} >>> + >>> +static void setup(void) >>> +{ >>> + TST_CHECKPOINT_INIT(NULL); >>> + check_newuser(); >>> +} >>> + >>> +int main(int argc, char *argv[]) >>> +{ >>> + int status; >>> + int lc; >>> + >>> + tst_parse_opts(argc, argv, NULL, NULL); >>> + setup(); >>> + >>> + for (lc = 0; TEST_LOOPING(lc); lc++) { >>> + tst_count = 0; >>> + childpid = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD, >>> + (void *)child_fn1, NULL); >>> + >>> + if (childpid < 0) >>> + tst_brkm(TFAIL | TERRNO, NULL, "clone failed"); >>> + >>> + parentuid = geteuid(); >>> + parentgid = getegid(); >>> + sprintf(path, "/proc/%d/uid_map", childpid); >>> + sprintf(content, "100 %d 1", parentuid); >>> + fd = SAFE_OPEN(NULL, path, O_WRONLY, 0644); >>> + SAFE_WRITE(NULL, 1, fd, content, strlen(content)); >>> + sprintf(path, "/proc/%d/gid_map", childpid); >>> + sprintf(content, "100 %d 1", parentgid); >>> + fd = SAFE_OPEN(NULL, path, O_WRONLY, 0644); >>> + SAFE_WRITE(NULL, 1, fd, content, strlen(content)); >>> + >>> + TST_SAFE_CHECKPOINT_WAKE(NULL, 0); >>> + >>> + if (waitpid(childpid, &status, 0) < 0) >>> + tst_resm(TBROK | TERRNO, "parent: waitpid failed."); >>> + >>> + if (WIFEXITED(status) && WEXITSTATUS(status) != 0) >>> + tst_resm(TFAIL, "child exited abnormally"); >>> + else if (WIFSIGNALED(status)) { >>> + tst_resm(TFAIL, "child was killed with signal = %d", >>> + WTERMSIG(status)); >>> + } >>> + >>> + } >>> + tst_resm(TPASS, "the uid and the gid are right inside the container"); >> It will print TPASS even when it fails - not a big issue since T_exitval >> will carry any previous TFAIL. >> >> Regards, >> Jan >> >>> + tst_exit(); >>> +} >>> + >>> -- >>> 1.9.1 >>> >>> >> ------------------------------------------------------------------------------ >> _______________________________________________ >> Ltp-list mailing list >> Ltp-list@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/ltp-list >> > . > ------------------------------------------------------------------------------ _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2015-06-02 8:29 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2015-05-27 21:00 [LTP] [PATCH V2] containers: new testcase userns02 Yuan Sun 2015-05-28 12:33 ` Jan Stancek 2015-05-29 10:23 ` Jiri Jaburek 2015-05-30 6:50 ` Yuan Sun 2015-06-02 8:09 ` Jan Stancek 2015-06-02 8:26 ` Yuan Sun
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.