* [LTP] [PATCH] userns/userns08.c: Enable userns in max_user_namespaces file
@ 2021-08-05 6:27 Yang Xu
2021-08-18 9:57 ` xuyang2018.jy
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Yang Xu @ 2021-08-05 6:27 UTC (permalink / raw)
To: ltp
On old distros ie centos7, the default value of max_user_namespaces is set to 0.
Enable it by increasing this value.
Signed-off-by: Yang Xu <xuyang2018.jy@fujitsu.com>
---
testcases/kernel/containers/userns/userns08.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/testcases/kernel/containers/userns/userns08.c b/testcases/kernel/containers/userns/userns08.c
index aedfc6c4e..0910ea7d4 100644
--- a/testcases/kernel/containers/userns/userns08.c
+++ b/testcases/kernel/containers/userns/userns08.c
@@ -120,6 +120,11 @@ static void setup(void)
SAFE_WRITE(fd, 1, "\n", 1);
SAFE_CLOSE(fd);
+
+ /* The default value of max_user_namespaces is set to 0 on some distros,
+ * We need to change the default value to call clone().
+ */
+ SAFE_FILE_PRINTF("/proc/sys/user/max_user_namespaces", "%d", 10);
}
static struct tst_test test = {
@@ -133,6 +138,10 @@ static struct tst_test test = {
"CONFIG_USER_NS",
NULL
},
+ .save_restore = (const char * const[]) {
+ "?/proc/sys/user/max_user_namespaces",
+ NULL,
+ },
.tags = (const struct tst_tag[]) {
{"linux-git", "d2f007dbe7e4"},
{"CVE", "CVE-2018-18955"},
--
2.23.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [LTP] [PATCH] userns/userns08.c: Enable userns in max_user_namespaces file
2021-08-05 6:27 [LTP] [PATCH] userns/userns08.c: Enable userns in max_user_namespaces file Yang Xu
@ 2021-08-18 9:57 ` xuyang2018.jy
2021-08-27 10:19 ` [LTP] [PATCH v2] testcases: " Yang Xu
2021-08-27 10:35 ` [LTP] [PATCH] userns/userns08.c: " Richard Palethorpe
2 siblings, 0 replies; 5+ messages in thread
From: xuyang2018.jy @ 2021-08-18 9:57 UTC (permalink / raw)
To: ltp
Hi!
My machine's time is wrong, so I sent this patch today but the email's
date is 8.5(It may lose your attention).
Best Regards
Yang Xu
> On old distros ie centos7, the default value of max_user_namespaces is set to 0.
> Enable it by increasing this value.
>
> Signed-off-by: Yang Xu<xuyang2018.jy@fujitsu.com>
> ---
> testcases/kernel/containers/userns/userns08.c | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> diff --git a/testcases/kernel/containers/userns/userns08.c b/testcases/kernel/containers/userns/userns08.c
> index aedfc6c4e..0910ea7d4 100644
> --- a/testcases/kernel/containers/userns/userns08.c
> +++ b/testcases/kernel/containers/userns/userns08.c
> @@ -120,6 +120,11 @@ static void setup(void)
>
> SAFE_WRITE(fd, 1, "\n", 1);
> SAFE_CLOSE(fd);
> +
> + /* The default value of max_user_namespaces is set to 0 on some distros,
> + * We need to change the default value to call clone().
> + */
> + SAFE_FILE_PRINTF("/proc/sys/user/max_user_namespaces", "%d", 10);
> }
>
> static struct tst_test test = {
> @@ -133,6 +138,10 @@ static struct tst_test test = {
> "CONFIG_USER_NS",
> NULL
> },
> + .save_restore = (const char * const[]) {
> + "?/proc/sys/user/max_user_namespaces",
> + NULL,
> + },
> .tags = (const struct tst_tag[]) {
> {"linux-git", "d2f007dbe7e4"},
> {"CVE", "CVE-2018-18955"},
^ permalink raw reply [flat|nested] 5+ messages in thread
* [LTP] [PATCH v2] testcases: Enable userns in max_user_namespaces file
2021-08-05 6:27 [LTP] [PATCH] userns/userns08.c: Enable userns in max_user_namespaces file Yang Xu
2021-08-18 9:57 ` xuyang2018.jy
@ 2021-08-27 10:19 ` Yang Xu
2021-08-27 10:35 ` [LTP] [PATCH] userns/userns08.c: " Richard Palethorpe
2 siblings, 0 replies; 5+ messages in thread
From: Yang Xu @ 2021-08-27 10:19 UTC (permalink / raw)
To: ltp
On old distros ie centos7, the default value of max_user_namespaces is set to 0.
Enable it by increasing this value.
Signed-off-by: Yang Xu <xuyang2018.jy@fujitsu.com>
---
testcases/cve/icmp_rate_limit01.c | 9 +++++++++
testcases/kernel/containers/userns/userns08.c | 9 +++++++++
testcases/kernel/syscalls/bind/bind06.c | 9 +++++++++
testcases/kernel/syscalls/sendto/sendto03.c | 9 +++++++++
testcases/kernel/syscalls/setsockopt/setsockopt05.c | 9 +++++++++
testcases/kernel/syscalls/setsockopt/setsockopt06.c | 9 +++++++++
testcases/kernel/syscalls/setsockopt/setsockopt07.c | 9 +++++++++
testcases/kernel/syscalls/setsockopt/setsockopt08.c | 9 +++++++++
8 files changed, 72 insertions(+)
diff --git a/testcases/cve/icmp_rate_limit01.c b/testcases/cve/icmp_rate_limit01.c
index f24ea5bf9..f5ec77d6f 100644
--- a/testcases/cve/icmp_rate_limit01.c
+++ b/testcases/cve/icmp_rate_limit01.c
@@ -58,6 +58,11 @@ static void setup(void)
for (i = 0; i < SRCADDR_COUNT; i++)
fds[i] = -1;
+ /* The default value of max_user_namespaces is set to 0 on some distros,
+ * We need to change the default value to call clone().
+ */
+ SAFE_FILE_PRINTF("/proc/sys/user/max_user_namespaces", "%d", 10);
+
SAFE_UNSHARE(CLONE_NEWUSER);
SAFE_UNSHARE(CLONE_NEWNET);
SAFE_FILE_PRINTF("/proc/self/setgroups", "deny");
@@ -265,6 +270,10 @@ static struct tst_test test = {
"CONFIG_NET_NS=y",
NULL
},
+ .save_restore = (const char * const[]) {
+ "?/proc/sys/user/max_user_namespaces",
+ NULL,
+ },
.tags = (const struct tst_tag[]) {
{"linux-git", "b38e7819cae9"},
{"CVE", "2020-25705"},
diff --git a/testcases/kernel/containers/userns/userns08.c b/testcases/kernel/containers/userns/userns08.c
index aedfc6c4e..429fcf235 100644
--- a/testcases/kernel/containers/userns/userns08.c
+++ b/testcases/kernel/containers/userns/userns08.c
@@ -120,6 +120,11 @@ static void setup(void)
SAFE_WRITE(fd, 1, "\n", 1);
SAFE_CLOSE(fd);
+
+ /* The default value of max_user_namespaces is set to 0 on some distros,
+ * We need to change the default value to call clone().
+ */
+ SAFE_FILE_PRINTF("/proc/sys/user/max_user_namespaces", "%d", 10);
}
static struct tst_test test = {
@@ -133,6 +138,10 @@ static struct tst_test test = {
"CONFIG_USER_NS",
NULL
},
+ .save_restore = (const char * const[]) {
+ "?/proc/sys/user/max_user_namespaces",
+ NULL,
+ },
.tags = (const struct tst_tag[]) {
{"linux-git", "d2f007dbe7e4"},
{"CVE", "CVE-2018-18955"},
diff --git a/testcases/kernel/syscalls/bind/bind06.c b/testcases/kernel/syscalls/bind/bind06.c
index 017e0fc89..390af76a1 100644
--- a/testcases/kernel/syscalls/bind/bind06.c
+++ b/testcases/kernel/syscalls/bind/bind06.c
@@ -34,6 +34,11 @@ static void setup(void)
int real_gid = getgid();
struct ifreq ifr;
+ /* The default value of max_user_namespaces is set to 0 on some distros,
+ * We need to change the default value to call clone().
+ */
+ SAFE_FILE_PRINTF("/proc/sys/user/max_user_namespaces", "%d", 10);
+
SAFE_UNSHARE(CLONE_NEWUSER);
SAFE_UNSHARE(CLONE_NEWNET);
SAFE_FILE_PRINTF("/proc/self/setgroups", "deny");
@@ -107,6 +112,10 @@ static struct tst_test test = {
"CONFIG_NET_NS=y",
NULL
},
+ .save_restore = (const char * const[]) {
+ "?/proc/sys/user/max_user_namespaces",
+ NULL,
+ },
.tags = (const struct tst_tag[]) {
{"linux-git", "15fe076edea7"},
{"CVE", "2018-18559"},
diff --git a/testcases/kernel/syscalls/sendto/sendto03.c b/testcases/kernel/syscalls/sendto/sendto03.c
index 3ecb574a1..700ad24ca 100644
--- a/testcases/kernel/syscalls/sendto/sendto03.c
+++ b/testcases/kernel/syscalls/sendto/sendto03.c
@@ -43,6 +43,11 @@ static void setup(void)
int real_gid = getgid();
struct ifreq ifr;
+ /* The default value of max_user_namespaces is set to 0 on some distros,
+ * We need to change the default value to call clone().
+ */
+ SAFE_FILE_PRINTF("/proc/sys/user/max_user_namespaces", "%d", 10);
+
SAFE_UNSHARE(CLONE_NEWUSER);
SAFE_UNSHARE(CLONE_NEWNET);
SAFE_FILE_PRINTF("/proc/self/setgroups", "deny");
@@ -215,6 +220,10 @@ static struct tst_test test = {
"CONFIG_NET_NS=y",
NULL
},
+ .save_restore = (const char * const[]) {
+ "?/proc/sys/user/max_user_namespaces",
+ NULL,
+ },
.tags = (const struct tst_tag[]) {
{"linux-git", "bcc5364bdcfe"},
{"linux-git", "acf69c946233"},
diff --git a/testcases/kernel/syscalls/setsockopt/setsockopt05.c b/testcases/kernel/syscalls/setsockopt/setsockopt05.c
index 0b7ff39d2..9adb2f0d2 100644
--- a/testcases/kernel/syscalls/setsockopt/setsockopt05.c
+++ b/testcases/kernel/syscalls/setsockopt/setsockopt05.c
@@ -40,6 +40,11 @@ static void setup(void)
struct ifreq ifr;
socklen_t addrlen = sizeof(addr);
+ /* The default value of max_user_namespaces is set to 0 on some distros,
+ * We need to change the default value to call clone().
+ */
+ SAFE_FILE_PRINTF("/proc/sys/user/max_user_namespaces", "%d", 10);
+
SAFE_UNSHARE(CLONE_NEWUSER);
SAFE_UNSHARE(CLONE_NEWNET);
SAFE_FILE_PRINTF("/proc/self/setgroups", "deny");
@@ -99,6 +104,10 @@ static struct tst_test test = {
"CONFIG_NET_NS=y",
NULL
},
+ .save_restore = (const char * const[]) {
+ "?/proc/sys/user/max_user_namespaces",
+ NULL,
+ },
.tags = (const struct tst_tag[]) {
{"linux-git", "85f1bd9a7b5a"},
{"CVE", "2017-1000112"},
diff --git a/testcases/kernel/syscalls/setsockopt/setsockopt06.c b/testcases/kernel/syscalls/setsockopt/setsockopt06.c
index 33284e5a6..9ea5985ba 100644
--- a/testcases/kernel/syscalls/setsockopt/setsockopt06.c
+++ b/testcases/kernel/syscalls/setsockopt/setsockopt06.c
@@ -35,6 +35,11 @@ static void setup(void)
int real_uid = getuid();
int real_gid = getgid();
+ /* The default value of max_user_namespaces is set to 0 on some distros,
+ * We need to change the default value to call clone().
+ */
+ SAFE_FILE_PRINTF("/proc/sys/user/max_user_namespaces", "%d", 10);
+
SAFE_UNSHARE(CLONE_NEWUSER);
SAFE_UNSHARE(CLONE_NEWNET);
SAFE_FILE_PRINTF("/proc/self/setgroups", "deny");
@@ -125,6 +130,10 @@ static struct tst_test test = {
"CONFIG_NET_NS=y",
NULL
},
+ .save_restore = (const char * const[]) {
+ "?/proc/sys/user/max_user_namespaces",
+ NULL,
+ },
.tags = (const struct tst_tag[]) {
{"linux-git", "84ac7260236a"},
{"CVE", "2016-8655"},
diff --git a/testcases/kernel/syscalls/setsockopt/setsockopt07.c b/testcases/kernel/syscalls/setsockopt/setsockopt07.c
index b00286989..051b1bb70 100644
--- a/testcases/kernel/syscalls/setsockopt/setsockopt07.c
+++ b/testcases/kernel/syscalls/setsockopt/setsockopt07.c
@@ -38,6 +38,11 @@ static void setup(void)
int real_uid = getuid();
int real_gid = getgid();
+ /* The default value of max_user_namespaces is set to 0 on some distros,
+ * We need to change the default value to call clone().
+ */
+ SAFE_FILE_PRINTF("/proc/sys/user/max_user_namespaces", "%d", 10);
+
SAFE_UNSHARE(CLONE_NEWUSER);
SAFE_UNSHARE(CLONE_NEWNET);
SAFE_FILE_PRINTF("/proc/self/setgroups", "deny");
@@ -137,6 +142,10 @@ static struct tst_test test = {
"CONFIG_NET_NS=y",
NULL
},
+ .save_restore = (const char * const[]) {
+ "?/proc/sys/user/max_user_namespaces",
+ NULL,
+ },
.tags = (const struct tst_tag[]) {
{"linux-git", "c27927e372f0"},
{"CVE", "2017-1000111"},
diff --git a/testcases/kernel/syscalls/setsockopt/setsockopt08.c b/testcases/kernel/syscalls/setsockopt/setsockopt08.c
index a7c0ace20..aef9bdcb6 100644
--- a/testcases/kernel/syscalls/setsockopt/setsockopt08.c
+++ b/testcases/kernel/syscalls/setsockopt/setsockopt08.c
@@ -95,6 +95,11 @@ void setup(void)
"The vulnerability was only present in 32-bit compat mode");
}
+ /* The default value of max_user_namespaces is set to 0 on some distros,
+ * We need to change the default value to call clone().
+ */
+ SAFE_FILE_PRINTF("/proc/sys/user/max_user_namespaces", "%d", 10);
+
SAFE_UNSHARE(CLONE_NEWUSER);
SAFE_UNSHARE(CLONE_NEWNET);
}
@@ -156,6 +161,10 @@ static struct tst_test test = {
"CONFIG_NET_NS=y",
NULL
},
+ .save_restore = (const char * const[]) {
+ "?/proc/sys/user/max_user_namespaces",
+ NULL,
+ },
.tags = (const struct tst_tag[]) {
{"linux-git", "b29c457a6511"},
{"CVE", "2021-22555"},
--
2.23.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [LTP] [PATCH] userns/userns08.c: Enable userns in max_user_namespaces file
2021-08-05 6:27 [LTP] [PATCH] userns/userns08.c: Enable userns in max_user_namespaces file Yang Xu
2021-08-18 9:57 ` xuyang2018.jy
2021-08-27 10:19 ` [LTP] [PATCH v2] testcases: " Yang Xu
@ 2021-08-27 10:35 ` Richard Palethorpe
2021-08-31 10:09 ` xuyang2018.jy
2 siblings, 1 reply; 5+ messages in thread
From: Richard Palethorpe @ 2021-08-27 10:35 UTC (permalink / raw)
To: ltp
Hello Yang,
Yang Xu <xuyang2018.jy@fujitsu.com> writes:
> On old distros ie centos7, the default value of max_user_namespaces is set to 0.
> Enable it by increasing this value.
>
> Signed-off-by: Yang Xu <xuyang2018.jy@fujitsu.com>
Looks good, except for very minor point below.
Reviewed-by: Richard Palethorpe <rpalethorpe@suse.com>
> ---
> testcases/kernel/containers/userns/userns08.c | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> diff --git a/testcases/kernel/containers/userns/userns08.c b/testcases/kernel/containers/userns/userns08.c
> index aedfc6c4e..0910ea7d4 100644
> --- a/testcases/kernel/containers/userns/userns08.c
> +++ b/testcases/kernel/containers/userns/userns08.c
> @@ -120,6 +120,11 @@ static void setup(void)
>
> SAFE_WRITE(fd, 1, "\n", 1);
> SAFE_CLOSE(fd);
> +
> + /* The default value of max_user_namespaces is set to 0 on some distros,
> + * We need to change the default value to call clone().
> + */
We don't need inline comments like this. In this case the commit message
and git-blame is fine. Other times the style guide requests it goes in
the comment at the top.
--
Thank you,
Richard.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [LTP] [PATCH] userns/userns08.c: Enable userns in max_user_namespaces file
2021-08-27 10:35 ` [LTP] [PATCH] userns/userns08.c: " Richard Palethorpe
@ 2021-08-31 10:09 ` xuyang2018.jy
0 siblings, 0 replies; 5+ messages in thread
From: xuyang2018.jy @ 2021-08-31 10:09 UTC (permalink / raw)
To: ltp
Hi Richard
> Hello Yang,
>
> Yang Xu<xuyang2018.jy@fujitsu.com> writes:
>
>> On old distros ie centos7, the default value of max_user_namespaces is set to 0.
>> Enable it by increasing this value.
>>
>> Signed-off-by: Yang Xu<xuyang2018.jy@fujitsu.com>
>
> Looks good, except for very minor point below.
>
> Reviewed-by: Richard Palethorpe<rpalethorpe@suse.com>
>
>> ---
>> testcases/kernel/containers/userns/userns08.c | 9 +++++++++
>> 1 file changed, 9 insertions(+)
>>
>> diff --git a/testcases/kernel/containers/userns/userns08.c b/testcases/kernel/containers/userns/userns08.c
>> index aedfc6c4e..0910ea7d4 100644
>> --- a/testcases/kernel/containers/userns/userns08.c
>> +++ b/testcases/kernel/containers/userns/userns08.c
>> @@ -120,6 +120,11 @@ static void setup(void)
>>
>> SAFE_WRITE(fd, 1, "\n", 1);
>> SAFE_CLOSE(fd);
>> +
>> + /* The default value of max_user_namespaces is set to 0 on some distros,
>> + * We need to change the default value to call clone().
>> + */
>
> We don't need inline comments like this. In this case the commit message
> and git-blame is fine. Other times the style guide requests it goes in
> the comment at the top.
Thanks for your review. I have pushed the v2 patch with your
reviewed-by(increase this value in more userns cases.)
Best Regards
Yang Xu
>
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-08-31 10:09 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-05 6:27 [LTP] [PATCH] userns/userns08.c: Enable userns in max_user_namespaces file Yang Xu
2021-08-18 9:57 ` xuyang2018.jy
2021-08-27 10:19 ` [LTP] [PATCH v2] testcases: " Yang Xu
2021-08-27 10:35 ` [LTP] [PATCH] userns/userns08.c: " Richard Palethorpe
2021-08-31 10:09 ` xuyang2018.jy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.