[LTP] [PATCH v4] Rewrite userns06.c using new LTP API

[LTP] [PATCH v4] Rewrite userns06.c using new LTP API

[Andrea Cervesato]

Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.de>
---
Using LTP API in the userns06_capcheck.c to propagate test result
After this update it's possible to send also latest v3 patches.

 testcases/kernel/containers/userns/userns06.c | 187 ++++++++----------
 .../containers/userns/userns06_capcheck.c     |  67 +++----
 2 files changed, 117 insertions(+), 137 deletions(-)

diff --git a/testcases/kernel/containers/userns/userns06.c b/testcases/kernel/containers/userns/userns06.c
index 29f635de5..576d3b1af 100644
--- a/testcases/kernel/containers/userns/userns06.c
+++ b/testcases/kernel/containers/userns/userns06.c
@@ -1,65 +1,52 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * Copyright (c) Huawei Technologies Co., Ltd., 2015
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version. This program is distributed in the hope that it will be
- * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
- * Public License for more details. You should have received a copy of the GNU
- * General Public License along with this program.
+ * Copyright (C) 2022 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
  */
 
-/*
- * Verify that:
- * When a process with non-zero user IDs performs an execve(), the process's
- * capability sets are cleared.
+/*\
+ * [Description]
+ *
+ * Verify that when a process with non-zero user IDs performs an execve(),
+ * the process's capability sets are cleared.
  * When a process with zero user IDs performs an execve(), the process's
  * capability sets are set.
- *
  */
 
+#include "tst_test.h"
+#include "config.h"
+
+#ifdef HAVE_LIBCAP
 #define _GNU_SOURCE
-#include <sys/wait.h>
-#include <assert.h>
+
 #include <stdio.h>
-#include <stdlib.h>
-#include <stdbool.h>
-#include <unistd.h>
-#include <string.h>
-#include <errno.h>
-#include "libclone.h"
-#include "test.h"
-#include "config.h"
-#include "userns_helper.h"
+#include "common.h"
+
+#define TEST_APP "userns06_capcheck"
 
 #define CHILD1UID 0
 #define CHILD1GID 0
 #define CHILD2UID 200
 #define CHILD2GID 200
 
-char *TCID = "user_namespace6";
-int TST_TOTAL = 1;
-
-static int cpid1, parentuid, parentgid;
-
 /*
  * child_fn1() - Inside a new user namespace
  */
 static int child_fn1(void)
 {
-	int exit_val = 0;
-	char *const args[] = { "userns06_capcheck", "privileged", NULL };
+	char *const args[] = { TEST_APP, "privileged", NULL };
+	int ret;
 
-	TST_SAFE_CHECKPOINT_WAIT(NULL, 0);
+	TST_CHECKPOINT_WAIT(0);
 
-	if (execve(args[0], args, NULL) == -1) {
-		printf("execvp unexpected error: (%d) %s\n",
-			errno, strerror(errno));
-		exit_val = 1;
-	}
+	/* execv will replace the main function and it will end this child
+	 * accordingly.
+	 */
+	ret = execv(args[0], args);
+	if (ret == -1)
+		tst_brk(TBROK | TERRNO, "execv: unexpected error");
 
-	return exit_val;
+	return 0;
 }
 
 /*
@@ -67,97 +54,97 @@ static int child_fn1(void)
  */
 static int child_fn2(void)
 {
-	int exit_val = 0;
-	int uid, gid;
-	char *const args[] = { "userns06_capcheck", "unprivileged", NULL };
+	int uid, gid, ret;
+	char *const args[] = { TEST_APP, "unprivileged", NULL };
 
-	TST_SAFE_CHECKPOINT_WAIT(NULL, 1);
+	TST_CHECKPOINT_WAIT(1);
 
 	uid = geteuid();
 	gid = getegid();
 
 	if (uid != CHILD2UID || gid != CHILD2GID) {
-		printf("unexpected uid=%d gid=%d\n", uid, gid);
-		exit_val = 1;
+		tst_res(TFAIL, "unexpected uid=%d gid=%d", uid, gid);
+		return 1;
 	}
 
-	if (execve(args[0], args, NULL) == -1) {
-		printf("execvp unexpected error: (%d) %s\n",
-			errno, strerror(errno));
-		exit_val = 1;
-	}
+	tst_res(TPASS, "expected uid and gid");
 
-	return exit_val;
-}
+	/* execv will replace the main function and it will end this child
+	 * accordingly.
+	 */
+	ret = execv(args[0], args);
+	if (ret == -1)
+		tst_brk(TBROK | TERRNO, "execv: unexpected error");
 
-static void cleanup(void)
-{
-	tst_rmdir();
+	return 0;
 }
 
 static void setup(void)
 {
 	check_newuser();
-	tst_tmpdir();
-	TST_CHECKPOINT_INIT(NULL);
-	TST_RESOURCE_COPY(cleanup, "userns06_capcheck", NULL);
 }
 
-int main(int argc, char *argv[])
+static void run(void)
 {
+	pid_t cpid1;
 	pid_t cpid2;
+	int parentuid;
+	int parentgid;
 	char path[BUFSIZ];
-	int lc;
 	int fd;
 
-	tst_parse_opts(argc, argv, NULL, NULL);
-#ifndef HAVE_LIBCAP
-	tst_brkm(TCONF, NULL, "System is missing libcap.");
-#endif
-	setup();
-
-	for (lc = 0; TEST_LOOPING(lc); lc++) {
-		tst_count = 0;
+	parentuid = geteuid();
+	parentgid = getegid();
 
-		parentuid = geteuid();
-		parentgid = getegid();
+	cpid1 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD, (void *)child_fn1, NULL);
+	if (cpid1 < 0)
+		tst_brk(TBROK | TTERRNO, "cpid1 clone failed");
 
-		cpid1 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD,
-			(void *)child_fn1, NULL);
-		if (cpid1 < 0)
-			tst_brkm(TBROK | TERRNO, cleanup,
-				"cpid1 clone failed");
+	cpid2 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD, (void *)child_fn2, NULL);
+	if (cpid2 < 0)
+		tst_brk(TBROK | TTERRNO, "cpid2 clone failed");
 
-		cpid2 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD,
-			(void *)child_fn2, NULL);
-		if (cpid2 < 0)
-			tst_brkm(TBROK | TERRNO, cleanup,
-				"cpid2 clone failed");
+	if (access("/proc/self/setgroups", F_OK) == 0) {
+		sprintf(path, "/proc/%d/setgroups", cpid1);
 
-		if (access("/proc/self/setgroups", F_OK) == 0) {
-			sprintf(path, "/proc/%d/setgroups", cpid1);
-			fd = SAFE_OPEN(cleanup, path, O_WRONLY, 0644);
-			SAFE_WRITE(cleanup, 1, fd, "deny", 4);
-			SAFE_CLOSE(cleanup, fd);
+		fd = SAFE_OPEN(path, O_WRONLY, 0644);
+		SAFE_WRITE(1, fd, "deny", 4);
+		SAFE_CLOSE(fd);
 
-			sprintf(path, "/proc/%d/setgroups", cpid2);
-			fd = SAFE_OPEN(cleanup, path, O_WRONLY, 0644);
-			SAFE_WRITE(cleanup, 1, fd, "deny", 4);
-			SAFE_CLOSE(cleanup, fd);
-		}
+		sprintf(path, "/proc/%d/setgroups", cpid2);
 
-		updatemap(cpid1, UID_MAP, CHILD1UID, parentuid, cleanup);
-		updatemap(cpid2, UID_MAP, CHILD2UID, parentuid, cleanup);
+		fd = SAFE_OPEN(path, O_WRONLY, 0644);
+		SAFE_WRITE(1, fd, "deny", 4);
+		SAFE_CLOSE(fd);
+	}
 
-		updatemap(cpid1, GID_MAP, CHILD1GID, parentgid, cleanup);
-		updatemap(cpid2, GID_MAP, CHILD2GID, parentgid, cleanup);
+	updatemap(cpid1, UID_MAP, CHILD1UID, parentuid);
+	updatemap(cpid2, UID_MAP, CHILD2UID, parentuid);
 
-		TST_SAFE_CHECKPOINT_WAKE(cleanup, 0);
-		TST_SAFE_CHECKPOINT_WAKE(cleanup, 1);
+	updatemap(cpid1, GID_MAP, CHILD1GID, parentgid);
+	updatemap(cpid2, GID_MAP, CHILD2GID, parentgid);
 
-		tst_record_childstatus(cleanup, cpid1);
-		tst_record_childstatus(cleanup, cpid2);
-	}
-	cleanup();
-	tst_exit();
+	TST_CHECKPOINT_WAKE(0);
+	TST_CHECKPOINT_WAKE(1);
 }
+
+static const char *const resource_files[] = {
+	TEST_APP,
+	NULL,
+};
+
+static struct tst_test test = {
+	.setup = setup,
+	.test_all = run,
+	.needs_root = 1,
+	.needs_checkpoints = 1,
+	.resource_files = resource_files,
+	.needs_kconfigs = (const char *[]) {
+		"CONFIG_USER_NS",
+		NULL,
+	},
+};
+
+#else
+TST_TEST_TCONF("System is missing libcap");
+#endif
diff --git a/testcases/kernel/containers/userns/userns06_capcheck.c b/testcases/kernel/containers/userns/userns06_capcheck.c
index 31f7e0a25..86e223aec 100644
--- a/testcases/kernel/containers/userns/userns06_capcheck.c
+++ b/testcases/kernel/containers/userns/userns06_capcheck.c
@@ -1,74 +1,67 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * Copyright (c) Huawei Technologies Co., Ltd., 2015
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
- * the GNU General Public License for more details.
+ * Copyright (C) 2022 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
  */
 
-/*
- * Verify that:
+/*\
+ * [Description]
+ *
  * When a process with non-zero user IDs performs an execve(), the
  * process's capability sets are cleared. When a process with zero
  * user IDs performs an execve(), the process's capability sets
  * are set.
  */
 
+#define TST_NO_DEFAULT_MAIN
+#include "tst_test.h"
+#include "config.h"
+
+#ifdef HAVE_LIBCAP
 #define _GNU_SOURCE
-#include <sys/wait.h>
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
+
 #include <string.h>
-#include <errno.h>
-#include "libclone.h"
-#include "test.h"
-#include "config.h"
-#if HAVE_SYS_CAPABILITY_H
+#include <sys/wait.h>
 #include <sys/capability.h>
-#endif
-
-char *TCID = "userns06_capcheck";
-int TST_TOTAL = 1;
 
 int main(int argc, char *argv[])
 {
-#ifdef HAVE_LIBCAP
 	cap_t caps;
 	int i, last_cap;
 	cap_flag_value_t flag_val;
 	cap_flag_value_t expected_flag = 1;
-#endif
-	tst_parse_opts(argc, argv, NULL, NULL);
 
-#ifdef HAVE_LIBCAP
+	if (argc < 2)
+		tst_brk(TBROK, "userns06_capcheck <privileged|unprivileged>");
+
+	tst_reinit();
+
+	SAFE_FILE_SCANF("/proc/sys/kernel/cap_last_cap", "%d", &last_cap);
+
 	if (strcmp("privileged", argv[1]))
 		expected_flag = 0;
 
 	caps = cap_get_proc();
-	SAFE_FILE_SCANF(NULL, "/proc/sys/kernel/cap_last_cap", "%d", &last_cap);
+
 	for (i = 0; i <= last_cap; i++) {
 		cap_get_flag(caps, i, CAP_EFFECTIVE, &flag_val);
 		if (flag_val != expected_flag)
 			break;
+
 		cap_get_flag(caps, i, CAP_PERMITTED, &flag_val);
 		if (flag_val != expected_flag)
 			break;
 	}
 
-	if (flag_val != expected_flag) {
-		printf("unexpected effective/permitted caps at %d\n", i);
-		exit(1);
-	}
+	if (flag_val != expected_flag)
+		tst_res(TFAIL, "unexpected effective/permitted caps at %d", i);
+	else
+		tst_res(TPASS, "expected caps at %d", i);
+}
 
 #else
-	printf("System is missing libcap.\n");
-#endif
-	tst_exit();
+int main(void)
+{
+	tst_brk(TBROK, "System is missing libcap");
 }
+#endif
-- 
2.35.1


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH v4] Rewrite userns06.c using new LTP API

[Petr Vorel]

Hi Andrea,

BTW it'd help reviewers a bit if you include a changelog.

Reviewed-by: Petr Vorel <pvorel@suse.cz>
TL;DR: TST_TEST_TCONF() in userns06_capcheck.c

> diff --git a/testcases/kernel/containers/userns/userns06_capcheck.c b/testcases/kernel/containers/userns/userns06_capcheck.c
...
> -/*
> - * Verify that:
> +/*\
> + * [Description]
> + *
>   * When a process with non-zero user IDs performs an execve(), the
>   * process's capability sets are cleared. When a process with zero
>   * user IDs performs an execve(), the process's capability sets
>   * are set.
>   */
nit: I wonder if we want to have docparse documentation in both userns06.c and
userns06_capcheck.c, they now look as 2 separate tests. Maybe describe
everything in userns06.c.

> +#define TST_NO_DEFAULT_MAIN
> +#include "tst_test.h"
> +#include "config.h"
> +
> +#ifdef HAVE_LIBCAP
...
> +	if (argc < 2)
> +		tst_brk(TBROK, "userns06_capcheck <privileged|unprivileged>");
> +
> +	tst_reinit();
I'm not sure if tst_reinit() shouldn't be called even before tst_brk(TBROK, ...).
> +
> +	SAFE_FILE_SCANF("/proc/sys/kernel/cap_last_cap", "%d", &last_cap);
> +
>  	if (strcmp("privileged", argv[1]))
>  		expected_flag = 0;
nit: It might help debugging to print argv[1] in TINF0.

>  	caps = cap_get_proc();
> -	SAFE_FILE_SCANF(NULL, "/proc/sys/kernel/cap_last_cap", "%d", &last_cap);
> +
>  	for (i = 0; i <= last_cap; i++) {
>  		cap_get_flag(caps, i, CAP_EFFECTIVE, &flag_val);
>  		if (flag_val != expected_flag)
>  			break;
> +
>  		cap_get_flag(caps, i, CAP_PERMITTED, &flag_val);
>  		if (flag_val != expected_flag)
>  			break;
>  	}

> -	if (flag_val != expected_flag) {
> -		printf("unexpected effective/permitted caps at %d\n", i);
> -		exit(1);
> -	}
> +	if (flag_val != expected_flag)
> +		tst_res(TFAIL, "unexpected effective/permitted caps at %d", i);
The flags are CAP_EFFECTIVE and CAP_PERMITTED only here, right?
(i.e. no CAP_INHERITABLE). Not sure how helpful would be to print here which
flag was the failing one.

> +	else
> +		tst_res(TPASS, "expected caps at %d", i);
> +}

>  #else
> -	printf("System is missing libcap.\n");
> -#endif
> -	tst_exit();
> +int main(void)
> +{
> +	tst_brk(TBROK, "System is missing libcap");
>  }
Why don't you also use TST_TEST_TCONF() here?
> +#endif

Kind regards,
Petr

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH v4] Rewrite userns06.c using new LTP API

[Andrea Cervesato via ltp]

[-- Attachment #1.1: Type: text/plain, Size: 2530 bytes --]

Hi Petr,

can TST_TEST_CONF be used even if TST_NO_DEFAULT_MAIN is defined?

Andrea

On 4/4/22 12:33, Petr Vorel wrote:
> Hi Andrea,
>
> BTW it'd help reviewers a bit if you include a changelog.
>
> Reviewed-by: Petr Vorel<pvorel@suse.cz>
> TL;DR: TST_TEST_TCONF() in userns06_capcheck.c
>
>> diff --git a/testcases/kernel/containers/userns/userns06_capcheck.c b/testcases/kernel/containers/userns/userns06_capcheck.c
> ...
>> -/*
>> - * Verify that:
>> +/*\
>> + * [Description]
>> + *
>>    * When a process with non-zero user IDs performs an execve(), the
>>    * process's capability sets are cleared. When a process with zero
>>    * user IDs performs an execve(), the process's capability sets
>>    * are set.
>>    */
> nit: I wonder if we want to have docparse documentation in both userns06.c and
> userns06_capcheck.c, they now look as 2 separate tests. Maybe describe
> everything in userns06.c.
>
>> +#define TST_NO_DEFAULT_MAIN
>> +#include "tst_test.h"
>> +#include "config.h"
>> +
>> +#ifdef HAVE_LIBCAP
> ...
>> +	if (argc < 2)
>> +		tst_brk(TBROK, "userns06_capcheck <privileged|unprivileged>");
>> +
>> +	tst_reinit();
> I'm not sure if tst_reinit() shouldn't be called even before tst_brk(TBROK, ...).
>> +
>> +	SAFE_FILE_SCANF("/proc/sys/kernel/cap_last_cap", "%d", &last_cap);
>> +
>>   	if (strcmp("privileged", argv[1]))
>>   		expected_flag = 0;
> nit: It might help debugging to print argv[1] in TINF0.
>
>>   	caps = cap_get_proc();
>> -	SAFE_FILE_SCANF(NULL, "/proc/sys/kernel/cap_last_cap", "%d", &last_cap);
>> +
>>   	for (i = 0; i <= last_cap; i++) {
>>   		cap_get_flag(caps, i, CAP_EFFECTIVE, &flag_val);
>>   		if (flag_val != expected_flag)
>>   			break;
>> +
>>   		cap_get_flag(caps, i, CAP_PERMITTED, &flag_val);
>>   		if (flag_val != expected_flag)
>>   			break;
>>   	}
>> -	if (flag_val != expected_flag) {
>> -		printf("unexpected effective/permitted caps at %d\n", i);
>> -		exit(1);
>> -	}
>> +	if (flag_val != expected_flag)
>> +		tst_res(TFAIL, "unexpected effective/permitted caps at %d", i);
> The flags are CAP_EFFECTIVE and CAP_PERMITTED only here, right?
> (i.e. no CAP_INHERITABLE). Not sure how helpful would be to print here which
> flag was the failing one.
>
>> +	else
>> +		tst_res(TPASS, "expected caps at %d", i);
>> +}
>>   #else
>> -	printf("System is missing libcap.\n");
>> -#endif
>> -	tst_exit();
>> +int main(void)
>> +{
>> +	tst_brk(TBROK, "System is missing libcap");
>>   }
> Why don't you also use TST_TEST_TCONF() here?
>> +#endif
> Kind regards,
> Petr
>

[-- Attachment #1.2: Type: text/html, Size: 4424 bytes --]

[-- Attachment #2: Type: text/plain, Size: 60 bytes --]


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH v4] Rewrite userns06.c using new LTP API

[Petr Vorel]

Hi Andrea,

> Hi Petr,

> can TST_TEST_CONF be used even if TST_NO_DEFAULT_MAIN is defined?
I'm sorry, you're right it can't be used like that.

TST_NO_DEFAULT_MAIN could be defined only in #ifdef HAVE_LIBCAP:

#include "config.h"
#ifdef HAVE_LIBCAP

#define _GNU_SOURCE
#define TST_NO_DEFAULT_MAIN
#include "tst_test.h"
...
#else
#include "tst_test.h"
TST_TEST_TCONF("System is missing libcap");

But that's not much improvement indeed, thus lets ignore it.

Also, #define _GNU_SOURCE should be IMHO before any first include,
i.e. even before tst_test.h (it includes many system headers).

Kind regards,
Petr

> Andrea

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH v4] Rewrite userns06.c using new LTP API

[Petr Vorel]

Hi Andrea,

Reviewed-by: Petr Vorel <pvorel@suse.cz>

2 small things:

Actually adding one more #ifdef HAVE_LIBCAP
might be better than calling tst_brk() manually (this is better than my previous
suggestion):

#include "config.h"

#ifdef HAVE_LIBCAP
# define TST_NO_DEFAULT_MAIN
#endif

#include "tst_test.h"

#ifdef HAVE_LIBCAP

#include <string.h>
#include <sys/wait.h>
#include <sys/capability.h>

int main(int argc, char *argv[])
{
...
}

#else
TST_TEST_TCONF("System is missing libcap");
#endif

But if you prefer to original version (define main), then TCONF should be used.

Also #define _GNU_SOURCE is not needed, it should be dropped.

If you agree, I can merge it with proposed changes.

Kind regards,
Petr

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH v4] Rewrite userns06.c using new LTP API

[Andrea Cervesato via ltp]

[-- Attachment #1.1: Type: text/plain, Size: 868 bytes --]

Hi Petr,

sure you can merge. Thanks!

Andrea

On 4/19/22 09:22, Petr Vorel wrote:
> Hi Andrea,
>
> Reviewed-by: Petr Vorel<pvorel@suse.cz>
>
> 2 small things:
>
> Actually adding one more #ifdef HAVE_LIBCAP
> might be better than calling tst_brk() manually (this is better than my previous
> suggestion):
>
> #include "config.h"
>
> #ifdef HAVE_LIBCAP
> # define TST_NO_DEFAULT_MAIN
> #endif
>
> #include "tst_test.h"
>
> #ifdef HAVE_LIBCAP
>
> #include <string.h>
> #include <sys/wait.h>
> #include <sys/capability.h>
>
> int main(int argc, char *argv[])
> {
> ...
> }
>
> #else
> TST_TEST_TCONF("System is missing libcap");
> #endif
>
> But if you prefer to original version (define main), then TCONF should be used.
>
> Also #define _GNU_SOURCE is not needed, it should be dropped.
>
> If you agree, I can merge it with proposed changes.
>
> Kind regards,
> Petr
>

[-- Attachment #1.2: Type: text/html, Size: 1321 bytes --]

[-- Attachment #2: Type: text/plain, Size: 60 bytes --]


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH v4] Rewrite userns06.c using new LTP API

[Cyril Hrubis]

Hi!
> diff --git a/testcases/kernel/containers/userns/userns06.c b/testcases/kernel/containers/userns/userns06.c
> index 29f635de5..576d3b1af 100644
> --- a/testcases/kernel/containers/userns/userns06.c
> +++ b/testcases/kernel/containers/userns/userns06.c
> @@ -1,65 +1,52 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
>  /*
>   * Copyright (c) Huawei Technologies Co., Ltd., 2015
> - * This program is free software; you can redistribute it and/or modify it
> - * under the terms of the GNU General Public License as published by the Free
> - * Software Foundation; either version 2 of the License, or (at your option)
> - * any later version. This program is distributed in the hope that it will be
> - * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
> - * Public License for more details. You should have received a copy of the GNU
> - * General Public License along with this program.
> + * Copyright (C) 2022 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
>   */
>  
> -/*
> - * Verify that:
> - * When a process with non-zero user IDs performs an execve(), the process's
> - * capability sets are cleared.
> +/*\
> + * [Description]
> + *
> + * Verify that when a process with non-zero user IDs performs an execve(),
> + * the process's capability sets are cleared.
>   * When a process with zero user IDs performs an execve(), the process's
>   * capability sets are set.
> - *
>   */
>  
> +#include "tst_test.h"
> +#include "config.h"
> +
> +#ifdef HAVE_LIBCAP
>  #define _GNU_SOURCE
> -#include <sys/wait.h>
> -#include <assert.h>
> +
>  #include <stdio.h>
> -#include <stdlib.h>
> -#include <stdbool.h>
> -#include <unistd.h>
> -#include <string.h>
> -#include <errno.h>
> -#include "libclone.h"
> -#include "test.h"
> -#include "config.h"
> -#include "userns_helper.h"
> +#include "common.h"
> +
> +#define TEST_APP "userns06_capcheck"
>  
>  #define CHILD1UID 0
>  #define CHILD1GID 0
>  #define CHILD2UID 200
>  #define CHILD2GID 200
>  
> -char *TCID = "user_namespace6";
> -int TST_TOTAL = 1;
> -
> -static int cpid1, parentuid, parentgid;
> -
>  /*
>   * child_fn1() - Inside a new user namespace
>   */
>  static int child_fn1(void)
>  {
> -	int exit_val = 0;
> -	char *const args[] = { "userns06_capcheck", "privileged", NULL };
> +	char *const args[] = { TEST_APP, "privileged", NULL };
> +	int ret;
>  
> -	TST_SAFE_CHECKPOINT_WAIT(NULL, 0);
> +	TST_CHECKPOINT_WAIT(0);
>  
> -	if (execve(args[0], args, NULL) == -1) {
> -		printf("execvp unexpected error: (%d) %s\n",
> -			errno, strerror(errno));
> -		exit_val = 1;
> -	}
> +	/* execv will replace the main function and it will end this child
> +	 * accordingly.
> +	 */
> +	ret = execv(args[0], args);
> +	if (ret == -1)
> +		tst_brk(TBROK | TERRNO, "execv: unexpected error");
>  
> -	return exit_val;
> +	return 0;
>  }
>  
>  /*
> @@ -67,97 +54,97 @@ static int child_fn1(void)
>   */
>  static int child_fn2(void)
>  {
> -	int exit_val = 0;
> -	int uid, gid;
> -	char *const args[] = { "userns06_capcheck", "unprivileged", NULL };
> +	int uid, gid, ret;
> +	char *const args[] = { TEST_APP, "unprivileged", NULL };
>  
> -	TST_SAFE_CHECKPOINT_WAIT(NULL, 1);
> +	TST_CHECKPOINT_WAIT(1);
>  
>  	uid = geteuid();
>  	gid = getegid();
>  
>  	if (uid != CHILD2UID || gid != CHILD2GID) {
> -		printf("unexpected uid=%d gid=%d\n", uid, gid);
> -		exit_val = 1;
> +		tst_res(TFAIL, "unexpected uid=%d gid=%d", uid, gid);
> +		return 1;
>  	}
>  
> -	if (execve(args[0], args, NULL) == -1) {
> -		printf("execvp unexpected error: (%d) %s\n",
> -			errno, strerror(errno));
> -		exit_val = 1;
> -	}
> +	tst_res(TPASS, "expected uid and gid");
>  
> -	return exit_val;
> -}
> +	/* execv will replace the main function and it will end this child
> +	 * accordingly.
> +	 */
> +	ret = execv(args[0], args);
> +	if (ret == -1)
> +		tst_brk(TBROK | TERRNO, "execv: unexpected error");
>  
> -static void cleanup(void)
> -{
> -	tst_rmdir();
> +	return 0;
>  }
>  
>  static void setup(void)
>  {
>  	check_newuser();
> -	tst_tmpdir();
> -	TST_CHECKPOINT_INIT(NULL);
> -	TST_RESOURCE_COPY(cleanup, "userns06_capcheck", NULL);
>  }
>  
> -int main(int argc, char *argv[])
> +static void run(void)
>  {
> +	pid_t cpid1;
>  	pid_t cpid2;
> +	int parentuid;
> +	int parentgid;
>  	char path[BUFSIZ];
> -	int lc;
>  	int fd;
>  
> -	tst_parse_opts(argc, argv, NULL, NULL);
> -#ifndef HAVE_LIBCAP
> -	tst_brkm(TCONF, NULL, "System is missing libcap.");
> -#endif
> -	setup();
> -
> -	for (lc = 0; TEST_LOOPING(lc); lc++) {
> -		tst_count = 0;
> +	parentuid = geteuid();
> +	parentgid = getegid();
>  
> -		parentuid = geteuid();
> -		parentgid = getegid();
> +	cpid1 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD, (void *)child_fn1, NULL);
> +	if (cpid1 < 0)
> +		tst_brk(TBROK | TTERRNO, "cpid1 clone failed");
>  
> -		cpid1 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD,
> -			(void *)child_fn1, NULL);
> -		if (cpid1 < 0)
> -			tst_brkm(TBROK | TERRNO, cleanup,
> -				"cpid1 clone failed");
> +	cpid2 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD, (void *)child_fn2, NULL);
> +	if (cpid2 < 0)
> +		tst_brk(TBROK | TTERRNO, "cpid2 clone failed");
>  
> -		cpid2 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD,
> -			(void *)child_fn2, NULL);
> -		if (cpid2 < 0)
> -			tst_brkm(TBROK | TERRNO, cleanup,
> -				"cpid2 clone failed");
> +	if (access("/proc/self/setgroups", F_OK) == 0) {
> +		sprintf(path, "/proc/%d/setgroups", cpid1);
>  
> -		if (access("/proc/self/setgroups", F_OK) == 0) {
> -			sprintf(path, "/proc/%d/setgroups", cpid1);
> -			fd = SAFE_OPEN(cleanup, path, O_WRONLY, 0644);
> -			SAFE_WRITE(cleanup, 1, fd, "deny", 4);
> -			SAFE_CLOSE(cleanup, fd);
> +		fd = SAFE_OPEN(path, O_WRONLY, 0644);
> +		SAFE_WRITE(1, fd, "deny", 4);
> +		SAFE_CLOSE(fd);
>  
> -			sprintf(path, "/proc/%d/setgroups", cpid2);
> -			fd = SAFE_OPEN(cleanup, path, O_WRONLY, 0644);
> -			SAFE_WRITE(cleanup, 1, fd, "deny", 4);
> -			SAFE_CLOSE(cleanup, fd);
> -		}
> +		sprintf(path, "/proc/%d/setgroups", cpid2);
>  
> -		updatemap(cpid1, UID_MAP, CHILD1UID, parentuid, cleanup);
> -		updatemap(cpid2, UID_MAP, CHILD2UID, parentuid, cleanup);
> +		fd = SAFE_OPEN(path, O_WRONLY, 0644);
> +		SAFE_WRITE(1, fd, "deny", 4);
> +		SAFE_CLOSE(fd);
> +	}
>  
> -		updatemap(cpid1, GID_MAP, CHILD1GID, parentgid, cleanup);
> -		updatemap(cpid2, GID_MAP, CHILD2GID, parentgid, cleanup);
> +	updatemap(cpid1, UID_MAP, CHILD1UID, parentuid);
> +	updatemap(cpid2, UID_MAP, CHILD2UID, parentuid);
>  
> -		TST_SAFE_CHECKPOINT_WAKE(cleanup, 0);
> -		TST_SAFE_CHECKPOINT_WAKE(cleanup, 1);
> +	updatemap(cpid1, GID_MAP, CHILD1GID, parentgid);
> +	updatemap(cpid2, GID_MAP, CHILD2GID, parentgid);
>  
> -		tst_record_childstatus(cleanup, cpid1);
> -		tst_record_childstatus(cleanup, cpid2);
> -	}
> -	cleanup();
> -	tst_exit();
> +	TST_CHECKPOINT_WAKE(0);
> +	TST_CHECKPOINT_WAKE(1);
>  }
> +
> +static const char *const resource_files[] = {
> +	TEST_APP,
> +	NULL,
> +};

Can we please move this to be inlined in the tst_test structure?

> +static struct tst_test test = {
> +	.setup = setup,
> +	.test_all = run,
> +	.needs_root = 1,
> +	.needs_checkpoints = 1,
> +	.resource_files = resource_files,
> +	.needs_kconfigs = (const char *[]) {
> +		"CONFIG_USER_NS",
> +		NULL,
> +	},
> +};
> +
> +#else
> +TST_TEST_TCONF("System is missing libcap");
> +#endif
> diff --git a/testcases/kernel/containers/userns/userns06_capcheck.c b/testcases/kernel/containers/userns/userns06_capcheck.c
> index 31f7e0a25..86e223aec 100644
> --- a/testcases/kernel/containers/userns/userns06_capcheck.c
> +++ b/testcases/kernel/containers/userns/userns06_capcheck.c
> @@ -1,74 +1,67 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
>  /*
>   * Copyright (c) Huawei Technologies Co., Ltd., 2015
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of the GNU General Public License as published by
> - * the Free Software Foundation; either version 2 of the License, or
> - *  (at your option) any later version.
> - *
> - * This program is distributed in the hope that it will be useful,
> - * but WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
> - * the GNU General Public License for more details.
> + * Copyright (C) 2022 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
>   */
>  
> -/*
> - * Verify that:
> +/*\
> + * [Description]
> + *

This shouldn't be here since comments from helpe processes are not
picked up at all.

>   * When a process with non-zero user IDs performs an execve(), the
>   * process's capability sets are cleared. When a process with zero
>   * user IDs performs an execve(), the process's capability sets
>   * are set.
>   */
>  
> +#define TST_NO_DEFAULT_MAIN
> +#include "tst_test.h"
> +#include "config.h"
> +
> +#ifdef HAVE_LIBCAP
>  #define _GNU_SOURCE
> -#include <sys/wait.h>
> -#include <assert.h>
> -#include <stdio.h>
> -#include <stdlib.h>
> -#include <unistd.h>
> +
>  #include <string.h>
> -#include <errno.h>
> -#include "libclone.h"
> -#include "test.h"
> -#include "config.h"
> -#if HAVE_SYS_CAPABILITY_H
> +#include <sys/wait.h>
>  #include <sys/capability.h>
> -#endif
> -
> -char *TCID = "userns06_capcheck";
> -int TST_TOTAL = 1;
>  
>  int main(int argc, char *argv[])
>  {
> -#ifdef HAVE_LIBCAP
>  	cap_t caps;
>  	int i, last_cap;
>  	cap_flag_value_t flag_val;
>  	cap_flag_value_t expected_flag = 1;
> -#endif
> -	tst_parse_opts(argc, argv, NULL, NULL);
>  
> -#ifdef HAVE_LIBCAP
> +	if (argc < 2)
> +		tst_brk(TBROK, "userns06_capcheck <privileged|unprivileged>");
> +
> +	tst_reinit();

This has to be called before the tst_brk() above otherwise the counters
in the test library will not be updated correctly.

> +	SAFE_FILE_SCANF("/proc/sys/kernel/cap_last_cap", "%d", &last_cap);
> +
>  	if (strcmp("privileged", argv[1]))
>  		expected_flag = 0;
>  
>  	caps = cap_get_proc();
> -	SAFE_FILE_SCANF(NULL, "/proc/sys/kernel/cap_last_cap", "%d", &last_cap);
> +
>  	for (i = 0; i <= last_cap; i++) {
>  		cap_get_flag(caps, i, CAP_EFFECTIVE, &flag_val);
>  		if (flag_val != expected_flag)
>  			break;
> +
>  		cap_get_flag(caps, i, CAP_PERMITTED, &flag_val);
>  		if (flag_val != expected_flag)
>  			break;
>  	}
>  
> -	if (flag_val != expected_flag) {
> -		printf("unexpected effective/permitted caps at %d\n", i);
> -		exit(1);
> -	}
> +	if (flag_val != expected_flag)
> +		tst_res(TFAIL, "unexpected effective/permitted caps at %d", i);
> +	else
> +		tst_res(TPASS, "expected caps at %d", i);
> +}
>  
>  #else
> -	printf("System is missing libcap.\n");
> -#endif
> -	tst_exit();
> +int main(void)
> +{

Here as well, we should call the tst_reinit() here so that the counters
are properly updated.

> +	tst_brk(TBROK, "System is missing libcap");
>  }
> +#endif

Other than these minor things, the rest looks fine.

With fixes from me and Peter applied:

Reviewed-by: Cyril Hrubis <chrubis@suse.cz>

-- 
Cyril Hrubis
chrubis@suse.cz

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH v4] Rewrite userns06.c using new LTP API

[Cyril Hrubis]

Hi!
Pushed with minor changes, thanks.

- removed some useless comments
- fixed the type for resource files
- changed the TBROK to TCONF in the helper when libcap is missing

diff --git a/testcases/kernel/containers/userns/userns06.c b/testcases/kernel/containers/userns/userns06.c
index 100ad8274..002c72907 100644
--- a/testcases/kernel/containers/userns/userns06.c
+++ b/testcases/kernel/containers/userns/userns06.c
@@ -29,9 +29,6 @@
 #define CHILD2UID 200
 #define CHILD2GID 200
 
-/*
- * child_fn1() - Inside a new user namespace
- */
 static int child_fn1(void)
 {
 	char *const args[] = { TEST_APP, "privileged", NULL };
@@ -39,9 +36,6 @@ static int child_fn1(void)
 
 	TST_CHECKPOINT_WAIT(0);
 
-	/* execv will replace the main function and it will end this child
-	 * accordingly.
-	 */
 	ret = execv(args[0], args);
 	if (ret == -1)
 		tst_brk(TBROK | TERRNO, "execv: unexpected error");
@@ -49,9 +43,6 @@ static int child_fn1(void)
 	return 0;
 }
 
-/*
- * child_fn2() - Inside a new user namespace
- */
 static int child_fn2(void)
 {
 	int uid, gid, ret;
@@ -69,9 +60,6 @@ static int child_fn2(void)
 
 	tst_res(TPASS, "expected uid and gid");
 
-	/* execv will replace the main function and it will end this child
-	 * accordingly.
-	 */
 	ret = execv(args[0], args);
 	if (ret == -1)
 		tst_brk(TBROK | TERRNO, "execv: unexpected error");
@@ -133,7 +121,7 @@ static struct tst_test test = {
 	.test_all = run,
 	.needs_root = 1,
 	.needs_checkpoints = 1,
-	.resource_files = (char *const []) {
+	.resource_files = (const char *[]) {
 		TEST_APP,
 		NULL,
 	},
diff --git a/testcases/kernel/containers/userns/userns06_capcheck.c b/testcases/kernel/containers/userns/userns06_capcheck.c
index 589e8bb94..bae4e4e33 100644
--- a/testcases/kernel/containers/userns/userns06_capcheck.c
+++ b/testcases/kernel/containers/userns/userns06_capcheck.c
@@ -60,6 +60,6 @@ int main(void)
 {
 	tst_reinit();
 
-	tst_brk(TBROK, "System is missing libcap");
+	tst_brk(TCONF, "System is missing libcap");
 }

-- 
Cyril Hrubis
chrubis@suse.cz

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH v4] Rewrite userns06.c using new LTP API

[Andrea Cervesato]

Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.de>
---
 testcases/kernel/containers/userns/userns06.c | 185 ++++++++----------
 .../containers/userns/userns06_capcheck.c     |  67 +++----
 2 files changed, 114 insertions(+), 138 deletions(-)

diff --git a/testcases/kernel/containers/userns/userns06.c b/testcases/kernel/containers/userns/userns06.c
index 29f635de5..100ad8274 100644
--- a/testcases/kernel/containers/userns/userns06.c
+++ b/testcases/kernel/containers/userns/userns06.c
@@ -1,65 +1,52 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * Copyright (c) Huawei Technologies Co., Ltd., 2015
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version. This program is distributed in the hope that it will be
- * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
- * Public License for more details. You should have received a copy of the GNU
- * General Public License along with this program.
+ * Copyright (C) 2022 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
  */
 
-/*
- * Verify that:
- * When a process with non-zero user IDs performs an execve(), the process's
- * capability sets are cleared.
+/*\
+ * [Description]
+ *
+ * Verify that when a process with non-zero user IDs performs an execve(),
+ * the process's capability sets are cleared.
  * When a process with zero user IDs performs an execve(), the process's
  * capability sets are set.
- *
  */
 
+#include "tst_test.h"
+#include "config.h"
+
+#ifdef HAVE_LIBCAP
 #define _GNU_SOURCE
-#include <sys/wait.h>
-#include <assert.h>
+
 #include <stdio.h>
-#include <stdlib.h>
-#include <stdbool.h>
-#include <unistd.h>
-#include <string.h>
-#include <errno.h>
-#include "libclone.h"
-#include "test.h"
-#include "config.h"
-#include "userns_helper.h"
+#include "common.h"
+
+#define TEST_APP "userns06_capcheck"
 
 #define CHILD1UID 0
 #define CHILD1GID 0
 #define CHILD2UID 200
 #define CHILD2GID 200
 
-char *TCID = "user_namespace6";
-int TST_TOTAL = 1;
-
-static int cpid1, parentuid, parentgid;
-
 /*
  * child_fn1() - Inside a new user namespace
  */
 static int child_fn1(void)
 {
-	int exit_val = 0;
-	char *const args[] = { "userns06_capcheck", "privileged", NULL };
+	char *const args[] = { TEST_APP, "privileged", NULL };
+	int ret;
 
-	TST_SAFE_CHECKPOINT_WAIT(NULL, 0);
+	TST_CHECKPOINT_WAIT(0);
 
-	if (execve(args[0], args, NULL) == -1) {
-		printf("execvp unexpected error: (%d) %s\n",
-			errno, strerror(errno));
-		exit_val = 1;
-	}
+	/* execv will replace the main function and it will end this child
+	 * accordingly.
+	 */
+	ret = execv(args[0], args);
+	if (ret == -1)
+		tst_brk(TBROK | TERRNO, "execv: unexpected error");
 
-	return exit_val;
+	return 0;
 }
 
 /*
@@ -67,97 +54,95 @@ static int child_fn1(void)
  */
 static int child_fn2(void)
 {
-	int exit_val = 0;
-	int uid, gid;
-	char *const args[] = { "userns06_capcheck", "unprivileged", NULL };
+	int uid, gid, ret;
+	char *const args[] = { TEST_APP, "unprivileged", NULL };
 
-	TST_SAFE_CHECKPOINT_WAIT(NULL, 1);
+	TST_CHECKPOINT_WAIT(1);
 
 	uid = geteuid();
 	gid = getegid();
 
 	if (uid != CHILD2UID || gid != CHILD2GID) {
-		printf("unexpected uid=%d gid=%d\n", uid, gid);
-		exit_val = 1;
+		tst_res(TFAIL, "unexpected uid=%d gid=%d", uid, gid);
+		return 1;
 	}
 
-	if (execve(args[0], args, NULL) == -1) {
-		printf("execvp unexpected error: (%d) %s\n",
-			errno, strerror(errno));
-		exit_val = 1;
-	}
+	tst_res(TPASS, "expected uid and gid");
 
-	return exit_val;
-}
+	/* execv will replace the main function and it will end this child
+	 * accordingly.
+	 */
+	ret = execv(args[0], args);
+	if (ret == -1)
+		tst_brk(TBROK | TERRNO, "execv: unexpected error");
 
-static void cleanup(void)
-{
-	tst_rmdir();
+	return 0;
 }
 
 static void setup(void)
 {
 	check_newuser();
-	tst_tmpdir();
-	TST_CHECKPOINT_INIT(NULL);
-	TST_RESOURCE_COPY(cleanup, "userns06_capcheck", NULL);
 }
 
-int main(int argc, char *argv[])
+static void run(void)
 {
+	pid_t cpid1;
 	pid_t cpid2;
+	int parentuid;
+	int parentgid;
 	char path[BUFSIZ];
-	int lc;
 	int fd;
 
-	tst_parse_opts(argc, argv, NULL, NULL);
-#ifndef HAVE_LIBCAP
-	tst_brkm(TCONF, NULL, "System is missing libcap.");
-#endif
-	setup();
-
-	for (lc = 0; TEST_LOOPING(lc); lc++) {
-		tst_count = 0;
+	parentuid = geteuid();
+	parentgid = getegid();
 
-		parentuid = geteuid();
-		parentgid = getegid();
+	cpid1 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD, (void *)child_fn1, NULL);
+	if (cpid1 < 0)
+		tst_brk(TBROK | TTERRNO, "cpid1 clone failed");
 
-		cpid1 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD,
-			(void *)child_fn1, NULL);
-		if (cpid1 < 0)
-			tst_brkm(TBROK | TERRNO, cleanup,
-				"cpid1 clone failed");
+	cpid2 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD, (void *)child_fn2, NULL);
+	if (cpid2 < 0)
+		tst_brk(TBROK | TTERRNO, "cpid2 clone failed");
 
-		cpid2 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD,
-			(void *)child_fn2, NULL);
-		if (cpid2 < 0)
-			tst_brkm(TBROK | TERRNO, cleanup,
-				"cpid2 clone failed");
+	if (access("/proc/self/setgroups", F_OK) == 0) {
+		sprintf(path, "/proc/%d/setgroups", cpid1);
 
-		if (access("/proc/self/setgroups", F_OK) == 0) {
-			sprintf(path, "/proc/%d/setgroups", cpid1);
-			fd = SAFE_OPEN(cleanup, path, O_WRONLY, 0644);
-			SAFE_WRITE(cleanup, 1, fd, "deny", 4);
-			SAFE_CLOSE(cleanup, fd);
+		fd = SAFE_OPEN(path, O_WRONLY, 0644);
+		SAFE_WRITE(1, fd, "deny", 4);
+		SAFE_CLOSE(fd);
 
-			sprintf(path, "/proc/%d/setgroups", cpid2);
-			fd = SAFE_OPEN(cleanup, path, O_WRONLY, 0644);
-			SAFE_WRITE(cleanup, 1, fd, "deny", 4);
-			SAFE_CLOSE(cleanup, fd);
-		}
+		sprintf(path, "/proc/%d/setgroups", cpid2);
 
-		updatemap(cpid1, UID_MAP, CHILD1UID, parentuid, cleanup);
-		updatemap(cpid2, UID_MAP, CHILD2UID, parentuid, cleanup);
+		fd = SAFE_OPEN(path, O_WRONLY, 0644);
+		SAFE_WRITE(1, fd, "deny", 4);
+		SAFE_CLOSE(fd);
+	}
 
-		updatemap(cpid1, GID_MAP, CHILD1GID, parentgid, cleanup);
-		updatemap(cpid2, GID_MAP, CHILD2GID, parentgid, cleanup);
+	updatemap(cpid1, UID_MAP, CHILD1UID, parentuid);
+	updatemap(cpid2, UID_MAP, CHILD2UID, parentuid);
 
-		TST_SAFE_CHECKPOINT_WAKE(cleanup, 0);
-		TST_SAFE_CHECKPOINT_WAKE(cleanup, 1);
+	updatemap(cpid1, GID_MAP, CHILD1GID, parentgid);
+	updatemap(cpid2, GID_MAP, CHILD2GID, parentgid);
 
-		tst_record_childstatus(cleanup, cpid1);
-		tst_record_childstatus(cleanup, cpid2);
-	}
-	cleanup();
-	tst_exit();
+	TST_CHECKPOINT_WAKE(0);
+	TST_CHECKPOINT_WAKE(1);
 }
+
+static struct tst_test test = {
+	.setup = setup,
+	.test_all = run,
+	.needs_root = 1,
+	.needs_checkpoints = 1,
+	.resource_files = (char *const []) {
+		TEST_APP,
+		NULL,
+	},
+	.needs_kconfigs = (const char *[]) {
+		"CONFIG_USER_NS",
+		NULL,
+	},
+};
+
+#else
+TST_TEST_TCONF("System is missing libcap");
+#endif
diff --git a/testcases/kernel/containers/userns/userns06_capcheck.c b/testcases/kernel/containers/userns/userns06_capcheck.c
index 31f7e0a25..589e8bb94 100644
--- a/testcases/kernel/containers/userns/userns06_capcheck.c
+++ b/testcases/kernel/containers/userns/userns06_capcheck.c
@@ -1,74 +1,65 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * Copyright (c) Huawei Technologies Co., Ltd., 2015
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
+ * Copyright (C) 2022 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
  *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
- * the GNU General Public License for more details.
- */
-
-/*
- * Verify that:
  * When a process with non-zero user IDs performs an execve(), the
  * process's capability sets are cleared. When a process with zero
  * user IDs performs an execve(), the process's capability sets
  * are set.
  */
 
+#define TST_NO_DEFAULT_MAIN
+#include "tst_test.h"
+#include "config.h"
+
+#ifdef HAVE_LIBCAP
 #define _GNU_SOURCE
-#include <sys/wait.h>
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
+
 #include <string.h>
-#include <errno.h>
-#include "libclone.h"
-#include "test.h"
-#include "config.h"
-#if HAVE_SYS_CAPABILITY_H
+#include <sys/wait.h>
 #include <sys/capability.h>
-#endif
-
-char *TCID = "userns06_capcheck";
-int TST_TOTAL = 1;
 
 int main(int argc, char *argv[])
 {
-#ifdef HAVE_LIBCAP
 	cap_t caps;
 	int i, last_cap;
 	cap_flag_value_t flag_val;
 	cap_flag_value_t expected_flag = 1;
-#endif
-	tst_parse_opts(argc, argv, NULL, NULL);
 
-#ifdef HAVE_LIBCAP
+	tst_reinit();
+
+	if (argc < 2)
+		tst_brk(TBROK, "userns06_capcheck <privileged|unprivileged>");
+
+	SAFE_FILE_SCANF("/proc/sys/kernel/cap_last_cap", "%d", &last_cap);
+
 	if (strcmp("privileged", argv[1]))
 		expected_flag = 0;
 
 	caps = cap_get_proc();
-	SAFE_FILE_SCANF(NULL, "/proc/sys/kernel/cap_last_cap", "%d", &last_cap);
+
 	for (i = 0; i <= last_cap; i++) {
 		cap_get_flag(caps, i, CAP_EFFECTIVE, &flag_val);
 		if (flag_val != expected_flag)
 			break;
+
 		cap_get_flag(caps, i, CAP_PERMITTED, &flag_val);
 		if (flag_val != expected_flag)
 			break;
 	}
 
-	if (flag_val != expected_flag) {
-		printf("unexpected effective/permitted caps at %d\n", i);
-		exit(1);
-	}
+	if (flag_val != expected_flag)
+		tst_res(TFAIL, "unexpected effective/permitted caps at %d", i);
+	else
+		tst_res(TPASS, "expected caps at %d", i);
+}
 
 #else
-	printf("System is missing libcap.\n");
-#endif
-	tst_exit();
+int main(void)
+{
+	tst_reinit();
+
+	tst_brk(TBROK, "System is missing libcap");
 }
+#endif
-- 
2.36.0


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp