* [LTP] [PATCH v4] Rewrite userns06.c using new LTP API
@ 2022-04-01 5:08 Andrea Cervesato
2022-04-04 10:33 ` Petr Vorel
2022-04-19 12:16 ` Cyril Hrubis
0 siblings, 2 replies; 9+ messages in thread
From: Andrea Cervesato @ 2022-04-01 5:08 UTC (permalink / raw)
To: ltp
Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.de>
---
Using LTP API in the userns06_capcheck.c to propagate test result
After this update it's possible to send also latest v3 patches.
testcases/kernel/containers/userns/userns06.c | 187 ++++++++----------
.../containers/userns/userns06_capcheck.c | 67 +++----
2 files changed, 117 insertions(+), 137 deletions(-)
diff --git a/testcases/kernel/containers/userns/userns06.c b/testcases/kernel/containers/userns/userns06.c
index 29f635de5..576d3b1af 100644
--- a/testcases/kernel/containers/userns/userns06.c
+++ b/testcases/kernel/containers/userns/userns06.c
@@ -1,65 +1,52 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Copyright (c) Huawei Technologies Co., Ltd., 2015
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version. This program is distributed in the hope that it will be
- * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
- * Public License for more details. You should have received a copy of the GNU
- * General Public License along with this program.
+ * Copyright (C) 2022 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
*/
-/*
- * Verify that:
- * When a process with non-zero user IDs performs an execve(), the process's
- * capability sets are cleared.
+/*\
+ * [Description]
+ *
+ * Verify that when a process with non-zero user IDs performs an execve(),
+ * the process's capability sets are cleared.
* When a process with zero user IDs performs an execve(), the process's
* capability sets are set.
- *
*/
+#include "tst_test.h"
+#include "config.h"
+
+#ifdef HAVE_LIBCAP
#define _GNU_SOURCE
-#include <sys/wait.h>
-#include <assert.h>
+
#include <stdio.h>
-#include <stdlib.h>
-#include <stdbool.h>
-#include <unistd.h>
-#include <string.h>
-#include <errno.h>
-#include "libclone.h"
-#include "test.h"
-#include "config.h"
-#include "userns_helper.h"
+#include "common.h"
+
+#define TEST_APP "userns06_capcheck"
#define CHILD1UID 0
#define CHILD1GID 0
#define CHILD2UID 200
#define CHILD2GID 200
-char *TCID = "user_namespace6";
-int TST_TOTAL = 1;
-
-static int cpid1, parentuid, parentgid;
-
/*
* child_fn1() - Inside a new user namespace
*/
static int child_fn1(void)
{
- int exit_val = 0;
- char *const args[] = { "userns06_capcheck", "privileged", NULL };
+ char *const args[] = { TEST_APP, "privileged", NULL };
+ int ret;
- TST_SAFE_CHECKPOINT_WAIT(NULL, 0);
+ TST_CHECKPOINT_WAIT(0);
- if (execve(args[0], args, NULL) == -1) {
- printf("execvp unexpected error: (%d) %s\n",
- errno, strerror(errno));
- exit_val = 1;
- }
+ /* execv will replace the main function and it will end this child
+ * accordingly.
+ */
+ ret = execv(args[0], args);
+ if (ret == -1)
+ tst_brk(TBROK | TERRNO, "execv: unexpected error");
- return exit_val;
+ return 0;
}
/*
@@ -67,97 +54,97 @@ static int child_fn1(void)
*/
static int child_fn2(void)
{
- int exit_val = 0;
- int uid, gid;
- char *const args[] = { "userns06_capcheck", "unprivileged", NULL };
+ int uid, gid, ret;
+ char *const args[] = { TEST_APP, "unprivileged", NULL };
- TST_SAFE_CHECKPOINT_WAIT(NULL, 1);
+ TST_CHECKPOINT_WAIT(1);
uid = geteuid();
gid = getegid();
if (uid != CHILD2UID || gid != CHILD2GID) {
- printf("unexpected uid=%d gid=%d\n", uid, gid);
- exit_val = 1;
+ tst_res(TFAIL, "unexpected uid=%d gid=%d", uid, gid);
+ return 1;
}
- if (execve(args[0], args, NULL) == -1) {
- printf("execvp unexpected error: (%d) %s\n",
- errno, strerror(errno));
- exit_val = 1;
- }
+ tst_res(TPASS, "expected uid and gid");
- return exit_val;
-}
+ /* execv will replace the main function and it will end this child
+ * accordingly.
+ */
+ ret = execv(args[0], args);
+ if (ret == -1)
+ tst_brk(TBROK | TERRNO, "execv: unexpected error");
-static void cleanup(void)
-{
- tst_rmdir();
+ return 0;
}
static void setup(void)
{
check_newuser();
- tst_tmpdir();
- TST_CHECKPOINT_INIT(NULL);
- TST_RESOURCE_COPY(cleanup, "userns06_capcheck", NULL);
}
-int main(int argc, char *argv[])
+static void run(void)
{
+ pid_t cpid1;
pid_t cpid2;
+ int parentuid;
+ int parentgid;
char path[BUFSIZ];
- int lc;
int fd;
- tst_parse_opts(argc, argv, NULL, NULL);
-#ifndef HAVE_LIBCAP
- tst_brkm(TCONF, NULL, "System is missing libcap.");
-#endif
- setup();
-
- for (lc = 0; TEST_LOOPING(lc); lc++) {
- tst_count = 0;
+ parentuid = geteuid();
+ parentgid = getegid();
- parentuid = geteuid();
- parentgid = getegid();
+ cpid1 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD, (void *)child_fn1, NULL);
+ if (cpid1 < 0)
+ tst_brk(TBROK | TTERRNO, "cpid1 clone failed");
- cpid1 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD,
- (void *)child_fn1, NULL);
- if (cpid1 < 0)
- tst_brkm(TBROK | TERRNO, cleanup,
- "cpid1 clone failed");
+ cpid2 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD, (void *)child_fn2, NULL);
+ if (cpid2 < 0)
+ tst_brk(TBROK | TTERRNO, "cpid2 clone failed");
- cpid2 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD,
- (void *)child_fn2, NULL);
- if (cpid2 < 0)
- tst_brkm(TBROK | TERRNO, cleanup,
- "cpid2 clone failed");
+ if (access("/proc/self/setgroups", F_OK) == 0) {
+ sprintf(path, "/proc/%d/setgroups", cpid1);
- if (access("/proc/self/setgroups", F_OK) == 0) {
- sprintf(path, "/proc/%d/setgroups", cpid1);
- fd = SAFE_OPEN(cleanup, path, O_WRONLY, 0644);
- SAFE_WRITE(cleanup, 1, fd, "deny", 4);
- SAFE_CLOSE(cleanup, fd);
+ fd = SAFE_OPEN(path, O_WRONLY, 0644);
+ SAFE_WRITE(1, fd, "deny", 4);
+ SAFE_CLOSE(fd);
- sprintf(path, "/proc/%d/setgroups", cpid2);
- fd = SAFE_OPEN(cleanup, path, O_WRONLY, 0644);
- SAFE_WRITE(cleanup, 1, fd, "deny", 4);
- SAFE_CLOSE(cleanup, fd);
- }
+ sprintf(path, "/proc/%d/setgroups", cpid2);
- updatemap(cpid1, UID_MAP, CHILD1UID, parentuid, cleanup);
- updatemap(cpid2, UID_MAP, CHILD2UID, parentuid, cleanup);
+ fd = SAFE_OPEN(path, O_WRONLY, 0644);
+ SAFE_WRITE(1, fd, "deny", 4);
+ SAFE_CLOSE(fd);
+ }
- updatemap(cpid1, GID_MAP, CHILD1GID, parentgid, cleanup);
- updatemap(cpid2, GID_MAP, CHILD2GID, parentgid, cleanup);
+ updatemap(cpid1, UID_MAP, CHILD1UID, parentuid);
+ updatemap(cpid2, UID_MAP, CHILD2UID, parentuid);
- TST_SAFE_CHECKPOINT_WAKE(cleanup, 0);
- TST_SAFE_CHECKPOINT_WAKE(cleanup, 1);
+ updatemap(cpid1, GID_MAP, CHILD1GID, parentgid);
+ updatemap(cpid2, GID_MAP, CHILD2GID, parentgid);
- tst_record_childstatus(cleanup, cpid1);
- tst_record_childstatus(cleanup, cpid2);
- }
- cleanup();
- tst_exit();
+ TST_CHECKPOINT_WAKE(0);
+ TST_CHECKPOINT_WAKE(1);
}
+
+static const char *const resource_files[] = {
+ TEST_APP,
+ NULL,
+};
+
+static struct tst_test test = {
+ .setup = setup,
+ .test_all = run,
+ .needs_root = 1,
+ .needs_checkpoints = 1,
+ .resource_files = resource_files,
+ .needs_kconfigs = (const char *[]) {
+ "CONFIG_USER_NS",
+ NULL,
+ },
+};
+
+#else
+TST_TEST_TCONF("System is missing libcap");
+#endif
diff --git a/testcases/kernel/containers/userns/userns06_capcheck.c b/testcases/kernel/containers/userns/userns06_capcheck.c
index 31f7e0a25..86e223aec 100644
--- a/testcases/kernel/containers/userns/userns06_capcheck.c
+++ b/testcases/kernel/containers/userns/userns06_capcheck.c
@@ -1,74 +1,67 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Copyright (c) Huawei Technologies Co., Ltd., 2015
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
- * the GNU General Public License for more details.
+ * Copyright (C) 2022 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
*/
-/*
- * Verify that:
+/*\
+ * [Description]
+ *
* When a process with non-zero user IDs performs an execve(), the
* process's capability sets are cleared. When a process with zero
* user IDs performs an execve(), the process's capability sets
* are set.
*/
+#define TST_NO_DEFAULT_MAIN
+#include "tst_test.h"
+#include "config.h"
+
+#ifdef HAVE_LIBCAP
#define _GNU_SOURCE
-#include <sys/wait.h>
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
+
#include <string.h>
-#include <errno.h>
-#include "libclone.h"
-#include "test.h"
-#include "config.h"
-#if HAVE_SYS_CAPABILITY_H
+#include <sys/wait.h>
#include <sys/capability.h>
-#endif
-
-char *TCID = "userns06_capcheck";
-int TST_TOTAL = 1;
int main(int argc, char *argv[])
{
-#ifdef HAVE_LIBCAP
cap_t caps;
int i, last_cap;
cap_flag_value_t flag_val;
cap_flag_value_t expected_flag = 1;
-#endif
- tst_parse_opts(argc, argv, NULL, NULL);
-#ifdef HAVE_LIBCAP
+ if (argc < 2)
+ tst_brk(TBROK, "userns06_capcheck <privileged|unprivileged>");
+
+ tst_reinit();
+
+ SAFE_FILE_SCANF("/proc/sys/kernel/cap_last_cap", "%d", &last_cap);
+
if (strcmp("privileged", argv[1]))
expected_flag = 0;
caps = cap_get_proc();
- SAFE_FILE_SCANF(NULL, "/proc/sys/kernel/cap_last_cap", "%d", &last_cap);
+
for (i = 0; i <= last_cap; i++) {
cap_get_flag(caps, i, CAP_EFFECTIVE, &flag_val);
if (flag_val != expected_flag)
break;
+
cap_get_flag(caps, i, CAP_PERMITTED, &flag_val);
if (flag_val != expected_flag)
break;
}
- if (flag_val != expected_flag) {
- printf("unexpected effective/permitted caps at %d\n", i);
- exit(1);
- }
+ if (flag_val != expected_flag)
+ tst_res(TFAIL, "unexpected effective/permitted caps at %d", i);
+ else
+ tst_res(TPASS, "expected caps at %d", i);
+}
#else
- printf("System is missing libcap.\n");
-#endif
- tst_exit();
+int main(void)
+{
+ tst_brk(TBROK, "System is missing libcap");
}
+#endif
--
2.35.1
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [LTP] [PATCH v4] Rewrite userns06.c using new LTP API
2022-04-01 5:08 [LTP] [PATCH v4] Rewrite userns06.c using new LTP API Andrea Cervesato
@ 2022-04-04 10:33 ` Petr Vorel
2022-04-04 10:52 ` Andrea Cervesato via ltp
2022-04-19 12:16 ` Cyril Hrubis
1 sibling, 1 reply; 9+ messages in thread
From: Petr Vorel @ 2022-04-04 10:33 UTC (permalink / raw)
To: Andrea Cervesato; +Cc: ltp
Hi Andrea,
BTW it'd help reviewers a bit if you include a changelog.
Reviewed-by: Petr Vorel <pvorel@suse.cz>
TL;DR: TST_TEST_TCONF() in userns06_capcheck.c
> diff --git a/testcases/kernel/containers/userns/userns06_capcheck.c b/testcases/kernel/containers/userns/userns06_capcheck.c
...
> -/*
> - * Verify that:
> +/*\
> + * [Description]
> + *
> * When a process with non-zero user IDs performs an execve(), the
> * process's capability sets are cleared. When a process with zero
> * user IDs performs an execve(), the process's capability sets
> * are set.
> */
nit: I wonder if we want to have docparse documentation in both userns06.c and
userns06_capcheck.c, they now look as 2 separate tests. Maybe describe
everything in userns06.c.
> +#define TST_NO_DEFAULT_MAIN
> +#include "tst_test.h"
> +#include "config.h"
> +
> +#ifdef HAVE_LIBCAP
...
> + if (argc < 2)
> + tst_brk(TBROK, "userns06_capcheck <privileged|unprivileged>");
> +
> + tst_reinit();
I'm not sure if tst_reinit() shouldn't be called even before tst_brk(TBROK, ...).
> +
> + SAFE_FILE_SCANF("/proc/sys/kernel/cap_last_cap", "%d", &last_cap);
> +
> if (strcmp("privileged", argv[1]))
> expected_flag = 0;
nit: It might help debugging to print argv[1] in TINF0.
> caps = cap_get_proc();
> - SAFE_FILE_SCANF(NULL, "/proc/sys/kernel/cap_last_cap", "%d", &last_cap);
> +
> for (i = 0; i <= last_cap; i++) {
> cap_get_flag(caps, i, CAP_EFFECTIVE, &flag_val);
> if (flag_val != expected_flag)
> break;
> +
> cap_get_flag(caps, i, CAP_PERMITTED, &flag_val);
> if (flag_val != expected_flag)
> break;
> }
> - if (flag_val != expected_flag) {
> - printf("unexpected effective/permitted caps at %d\n", i);
> - exit(1);
> - }
> + if (flag_val != expected_flag)
> + tst_res(TFAIL, "unexpected effective/permitted caps at %d", i);
The flags are CAP_EFFECTIVE and CAP_PERMITTED only here, right?
(i.e. no CAP_INHERITABLE). Not sure how helpful would be to print here which
flag was the failing one.
> + else
> + tst_res(TPASS, "expected caps at %d", i);
> +}
> #else
> - printf("System is missing libcap.\n");
> -#endif
> - tst_exit();
> +int main(void)
> +{
> + tst_brk(TBROK, "System is missing libcap");
> }
Why don't you also use TST_TEST_TCONF() here?
> +#endif
Kind regards,
Petr
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [LTP] [PATCH v4] Rewrite userns06.c using new LTP API
2022-04-04 10:33 ` Petr Vorel
@ 2022-04-04 10:52 ` Andrea Cervesato via ltp
2022-04-04 12:55 ` Petr Vorel
0 siblings, 1 reply; 9+ messages in thread
From: Andrea Cervesato via ltp @ 2022-04-04 10:52 UTC (permalink / raw)
To: Petr Vorel, Andrea Cervesato; +Cc: ltp
[-- Attachment #1.1: Type: text/plain, Size: 2530 bytes --]
Hi Petr,
can TST_TEST_CONF be used even if TST_NO_DEFAULT_MAIN is defined?
Andrea
On 4/4/22 12:33, Petr Vorel wrote:
> Hi Andrea,
>
> BTW it'd help reviewers a bit if you include a changelog.
>
> Reviewed-by: Petr Vorel<pvorel@suse.cz>
> TL;DR: TST_TEST_TCONF() in userns06_capcheck.c
>
>> diff --git a/testcases/kernel/containers/userns/userns06_capcheck.c b/testcases/kernel/containers/userns/userns06_capcheck.c
> ...
>> -/*
>> - * Verify that:
>> +/*\
>> + * [Description]
>> + *
>> * When a process with non-zero user IDs performs an execve(), the
>> * process's capability sets are cleared. When a process with zero
>> * user IDs performs an execve(), the process's capability sets
>> * are set.
>> */
> nit: I wonder if we want to have docparse documentation in both userns06.c and
> userns06_capcheck.c, they now look as 2 separate tests. Maybe describe
> everything in userns06.c.
>
>> +#define TST_NO_DEFAULT_MAIN
>> +#include "tst_test.h"
>> +#include "config.h"
>> +
>> +#ifdef HAVE_LIBCAP
> ...
>> + if (argc < 2)
>> + tst_brk(TBROK, "userns06_capcheck <privileged|unprivileged>");
>> +
>> + tst_reinit();
> I'm not sure if tst_reinit() shouldn't be called even before tst_brk(TBROK, ...).
>> +
>> + SAFE_FILE_SCANF("/proc/sys/kernel/cap_last_cap", "%d", &last_cap);
>> +
>> if (strcmp("privileged", argv[1]))
>> expected_flag = 0;
> nit: It might help debugging to print argv[1] in TINF0.
>
>> caps = cap_get_proc();
>> - SAFE_FILE_SCANF(NULL, "/proc/sys/kernel/cap_last_cap", "%d", &last_cap);
>> +
>> for (i = 0; i <= last_cap; i++) {
>> cap_get_flag(caps, i, CAP_EFFECTIVE, &flag_val);
>> if (flag_val != expected_flag)
>> break;
>> +
>> cap_get_flag(caps, i, CAP_PERMITTED, &flag_val);
>> if (flag_val != expected_flag)
>> break;
>> }
>> - if (flag_val != expected_flag) {
>> - printf("unexpected effective/permitted caps at %d\n", i);
>> - exit(1);
>> - }
>> + if (flag_val != expected_flag)
>> + tst_res(TFAIL, "unexpected effective/permitted caps at %d", i);
> The flags are CAP_EFFECTIVE and CAP_PERMITTED only here, right?
> (i.e. no CAP_INHERITABLE). Not sure how helpful would be to print here which
> flag was the failing one.
>
>> + else
>> + tst_res(TPASS, "expected caps at %d", i);
>> +}
>> #else
>> - printf("System is missing libcap.\n");
>> -#endif
>> - tst_exit();
>> +int main(void)
>> +{
>> + tst_brk(TBROK, "System is missing libcap");
>> }
> Why don't you also use TST_TEST_TCONF() here?
>> +#endif
> Kind regards,
> Petr
>
[-- Attachment #1.2: Type: text/html, Size: 4424 bytes --]
[-- Attachment #2: Type: text/plain, Size: 60 bytes --]
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [LTP] [PATCH v4] Rewrite userns06.c using new LTP API
2022-04-04 10:52 ` Andrea Cervesato via ltp
@ 2022-04-04 12:55 ` Petr Vorel
2022-04-19 7:22 ` Petr Vorel
0 siblings, 1 reply; 9+ messages in thread
From: Petr Vorel @ 2022-04-04 12:55 UTC (permalink / raw)
To: Andrea Cervesato; +Cc: ltp
Hi Andrea,
> Hi Petr,
> can TST_TEST_CONF be used even if TST_NO_DEFAULT_MAIN is defined?
I'm sorry, you're right it can't be used like that.
TST_NO_DEFAULT_MAIN could be defined only in #ifdef HAVE_LIBCAP:
#include "config.h"
#ifdef HAVE_LIBCAP
#define _GNU_SOURCE
#define TST_NO_DEFAULT_MAIN
#include "tst_test.h"
...
#else
#include "tst_test.h"
TST_TEST_TCONF("System is missing libcap");
But that's not much improvement indeed, thus lets ignore it.
Also, #define _GNU_SOURCE should be IMHO before any first include,
i.e. even before tst_test.h (it includes many system headers).
Kind regards,
Petr
> Andrea
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [LTP] [PATCH v4] Rewrite userns06.c using new LTP API
2022-04-04 12:55 ` Petr Vorel
@ 2022-04-19 7:22 ` Petr Vorel
2022-04-19 7:36 ` Andrea Cervesato via ltp
0 siblings, 1 reply; 9+ messages in thread
From: Petr Vorel @ 2022-04-19 7:22 UTC (permalink / raw)
To: Andrea Cervesato, ltp
Hi Andrea,
Reviewed-by: Petr Vorel <pvorel@suse.cz>
2 small things:
Actually adding one more #ifdef HAVE_LIBCAP
might be better than calling tst_brk() manually (this is better than my previous
suggestion):
#include "config.h"
#ifdef HAVE_LIBCAP
# define TST_NO_DEFAULT_MAIN
#endif
#include "tst_test.h"
#ifdef HAVE_LIBCAP
#include <string.h>
#include <sys/wait.h>
#include <sys/capability.h>
int main(int argc, char *argv[])
{
...
}
#else
TST_TEST_TCONF("System is missing libcap");
#endif
But if you prefer to original version (define main), then TCONF should be used.
Also #define _GNU_SOURCE is not needed, it should be dropped.
If you agree, I can merge it with proposed changes.
Kind regards,
Petr
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [LTP] [PATCH v4] Rewrite userns06.c using new LTP API
2022-04-19 7:22 ` Petr Vorel
@ 2022-04-19 7:36 ` Andrea Cervesato via ltp
0 siblings, 0 replies; 9+ messages in thread
From: Andrea Cervesato via ltp @ 2022-04-19 7:36 UTC (permalink / raw)
To: Petr Vorel, ltp
[-- Attachment #1.1: Type: text/plain, Size: 868 bytes --]
Hi Petr,
sure you can merge. Thanks!
Andrea
On 4/19/22 09:22, Petr Vorel wrote:
> Hi Andrea,
>
> Reviewed-by: Petr Vorel<pvorel@suse.cz>
>
> 2 small things:
>
> Actually adding one more #ifdef HAVE_LIBCAP
> might be better than calling tst_brk() manually (this is better than my previous
> suggestion):
>
> #include "config.h"
>
> #ifdef HAVE_LIBCAP
> # define TST_NO_DEFAULT_MAIN
> #endif
>
> #include "tst_test.h"
>
> #ifdef HAVE_LIBCAP
>
> #include <string.h>
> #include <sys/wait.h>
> #include <sys/capability.h>
>
> int main(int argc, char *argv[])
> {
> ...
> }
>
> #else
> TST_TEST_TCONF("System is missing libcap");
> #endif
>
> But if you prefer to original version (define main), then TCONF should be used.
>
> Also #define _GNU_SOURCE is not needed, it should be dropped.
>
> If you agree, I can merge it with proposed changes.
>
> Kind regards,
> Petr
>
[-- Attachment #1.2: Type: text/html, Size: 1321 bytes --]
[-- Attachment #2: Type: text/plain, Size: 60 bytes --]
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [LTP] [PATCH v4] Rewrite userns06.c using new LTP API
2022-04-01 5:08 [LTP] [PATCH v4] Rewrite userns06.c using new LTP API Andrea Cervesato
2022-04-04 10:33 ` Petr Vorel
@ 2022-04-19 12:16 ` Cyril Hrubis
1 sibling, 0 replies; 9+ messages in thread
From: Cyril Hrubis @ 2022-04-19 12:16 UTC (permalink / raw)
To: Andrea Cervesato; +Cc: ltp
Hi!
> diff --git a/testcases/kernel/containers/userns/userns06.c b/testcases/kernel/containers/userns/userns06.c
> index 29f635de5..576d3b1af 100644
> --- a/testcases/kernel/containers/userns/userns06.c
> +++ b/testcases/kernel/containers/userns/userns06.c
> @@ -1,65 +1,52 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> /*
> * Copyright (c) Huawei Technologies Co., Ltd., 2015
> - * This program is free software; you can redistribute it and/or modify it
> - * under the terms of the GNU General Public License as published by the Free
> - * Software Foundation; either version 2 of the License, or (at your option)
> - * any later version. This program is distributed in the hope that it will be
> - * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
> - * Public License for more details. You should have received a copy of the GNU
> - * General Public License along with this program.
> + * Copyright (C) 2022 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
> */
>
> -/*
> - * Verify that:
> - * When a process with non-zero user IDs performs an execve(), the process's
> - * capability sets are cleared.
> +/*\
> + * [Description]
> + *
> + * Verify that when a process with non-zero user IDs performs an execve(),
> + * the process's capability sets are cleared.
> * When a process with zero user IDs performs an execve(), the process's
> * capability sets are set.
> - *
> */
>
> +#include "tst_test.h"
> +#include "config.h"
> +
> +#ifdef HAVE_LIBCAP
> #define _GNU_SOURCE
> -#include <sys/wait.h>
> -#include <assert.h>
> +
> #include <stdio.h>
> -#include <stdlib.h>
> -#include <stdbool.h>
> -#include <unistd.h>
> -#include <string.h>
> -#include <errno.h>
> -#include "libclone.h"
> -#include "test.h"
> -#include "config.h"
> -#include "userns_helper.h"
> +#include "common.h"
> +
> +#define TEST_APP "userns06_capcheck"
>
> #define CHILD1UID 0
> #define CHILD1GID 0
> #define CHILD2UID 200
> #define CHILD2GID 200
>
> -char *TCID = "user_namespace6";
> -int TST_TOTAL = 1;
> -
> -static int cpid1, parentuid, parentgid;
> -
> /*
> * child_fn1() - Inside a new user namespace
> */
> static int child_fn1(void)
> {
> - int exit_val = 0;
> - char *const args[] = { "userns06_capcheck", "privileged", NULL };
> + char *const args[] = { TEST_APP, "privileged", NULL };
> + int ret;
>
> - TST_SAFE_CHECKPOINT_WAIT(NULL, 0);
> + TST_CHECKPOINT_WAIT(0);
>
> - if (execve(args[0], args, NULL) == -1) {
> - printf("execvp unexpected error: (%d) %s\n",
> - errno, strerror(errno));
> - exit_val = 1;
> - }
> + /* execv will replace the main function and it will end this child
> + * accordingly.
> + */
> + ret = execv(args[0], args);
> + if (ret == -1)
> + tst_brk(TBROK | TERRNO, "execv: unexpected error");
>
> - return exit_val;
> + return 0;
> }
>
> /*
> @@ -67,97 +54,97 @@ static int child_fn1(void)
> */
> static int child_fn2(void)
> {
> - int exit_val = 0;
> - int uid, gid;
> - char *const args[] = { "userns06_capcheck", "unprivileged", NULL };
> + int uid, gid, ret;
> + char *const args[] = { TEST_APP, "unprivileged", NULL };
>
> - TST_SAFE_CHECKPOINT_WAIT(NULL, 1);
> + TST_CHECKPOINT_WAIT(1);
>
> uid = geteuid();
> gid = getegid();
>
> if (uid != CHILD2UID || gid != CHILD2GID) {
> - printf("unexpected uid=%d gid=%d\n", uid, gid);
> - exit_val = 1;
> + tst_res(TFAIL, "unexpected uid=%d gid=%d", uid, gid);
> + return 1;
> }
>
> - if (execve(args[0], args, NULL) == -1) {
> - printf("execvp unexpected error: (%d) %s\n",
> - errno, strerror(errno));
> - exit_val = 1;
> - }
> + tst_res(TPASS, "expected uid and gid");
>
> - return exit_val;
> -}
> + /* execv will replace the main function and it will end this child
> + * accordingly.
> + */
> + ret = execv(args[0], args);
> + if (ret == -1)
> + tst_brk(TBROK | TERRNO, "execv: unexpected error");
>
> -static void cleanup(void)
> -{
> - tst_rmdir();
> + return 0;
> }
>
> static void setup(void)
> {
> check_newuser();
> - tst_tmpdir();
> - TST_CHECKPOINT_INIT(NULL);
> - TST_RESOURCE_COPY(cleanup, "userns06_capcheck", NULL);
> }
>
> -int main(int argc, char *argv[])
> +static void run(void)
> {
> + pid_t cpid1;
> pid_t cpid2;
> + int parentuid;
> + int parentgid;
> char path[BUFSIZ];
> - int lc;
> int fd;
>
> - tst_parse_opts(argc, argv, NULL, NULL);
> -#ifndef HAVE_LIBCAP
> - tst_brkm(TCONF, NULL, "System is missing libcap.");
> -#endif
> - setup();
> -
> - for (lc = 0; TEST_LOOPING(lc); lc++) {
> - tst_count = 0;
> + parentuid = geteuid();
> + parentgid = getegid();
>
> - parentuid = geteuid();
> - parentgid = getegid();
> + cpid1 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD, (void *)child_fn1, NULL);
> + if (cpid1 < 0)
> + tst_brk(TBROK | TTERRNO, "cpid1 clone failed");
>
> - cpid1 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD,
> - (void *)child_fn1, NULL);
> - if (cpid1 < 0)
> - tst_brkm(TBROK | TERRNO, cleanup,
> - "cpid1 clone failed");
> + cpid2 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD, (void *)child_fn2, NULL);
> + if (cpid2 < 0)
> + tst_brk(TBROK | TTERRNO, "cpid2 clone failed");
>
> - cpid2 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD,
> - (void *)child_fn2, NULL);
> - if (cpid2 < 0)
> - tst_brkm(TBROK | TERRNO, cleanup,
> - "cpid2 clone failed");
> + if (access("/proc/self/setgroups", F_OK) == 0) {
> + sprintf(path, "/proc/%d/setgroups", cpid1);
>
> - if (access("/proc/self/setgroups", F_OK) == 0) {
> - sprintf(path, "/proc/%d/setgroups", cpid1);
> - fd = SAFE_OPEN(cleanup, path, O_WRONLY, 0644);
> - SAFE_WRITE(cleanup, 1, fd, "deny", 4);
> - SAFE_CLOSE(cleanup, fd);
> + fd = SAFE_OPEN(path, O_WRONLY, 0644);
> + SAFE_WRITE(1, fd, "deny", 4);
> + SAFE_CLOSE(fd);
>
> - sprintf(path, "/proc/%d/setgroups", cpid2);
> - fd = SAFE_OPEN(cleanup, path, O_WRONLY, 0644);
> - SAFE_WRITE(cleanup, 1, fd, "deny", 4);
> - SAFE_CLOSE(cleanup, fd);
> - }
> + sprintf(path, "/proc/%d/setgroups", cpid2);
>
> - updatemap(cpid1, UID_MAP, CHILD1UID, parentuid, cleanup);
> - updatemap(cpid2, UID_MAP, CHILD2UID, parentuid, cleanup);
> + fd = SAFE_OPEN(path, O_WRONLY, 0644);
> + SAFE_WRITE(1, fd, "deny", 4);
> + SAFE_CLOSE(fd);
> + }
>
> - updatemap(cpid1, GID_MAP, CHILD1GID, parentgid, cleanup);
> - updatemap(cpid2, GID_MAP, CHILD2GID, parentgid, cleanup);
> + updatemap(cpid1, UID_MAP, CHILD1UID, parentuid);
> + updatemap(cpid2, UID_MAP, CHILD2UID, parentuid);
>
> - TST_SAFE_CHECKPOINT_WAKE(cleanup, 0);
> - TST_SAFE_CHECKPOINT_WAKE(cleanup, 1);
> + updatemap(cpid1, GID_MAP, CHILD1GID, parentgid);
> + updatemap(cpid2, GID_MAP, CHILD2GID, parentgid);
>
> - tst_record_childstatus(cleanup, cpid1);
> - tst_record_childstatus(cleanup, cpid2);
> - }
> - cleanup();
> - tst_exit();
> + TST_CHECKPOINT_WAKE(0);
> + TST_CHECKPOINT_WAKE(1);
> }
> +
> +static const char *const resource_files[] = {
> + TEST_APP,
> + NULL,
> +};
Can we please move this to be inlined in the tst_test structure?
> +static struct tst_test test = {
> + .setup = setup,
> + .test_all = run,
> + .needs_root = 1,
> + .needs_checkpoints = 1,
> + .resource_files = resource_files,
> + .needs_kconfigs = (const char *[]) {
> + "CONFIG_USER_NS",
> + NULL,
> + },
> +};
> +
> +#else
> +TST_TEST_TCONF("System is missing libcap");
> +#endif
> diff --git a/testcases/kernel/containers/userns/userns06_capcheck.c b/testcases/kernel/containers/userns/userns06_capcheck.c
> index 31f7e0a25..86e223aec 100644
> --- a/testcases/kernel/containers/userns/userns06_capcheck.c
> +++ b/testcases/kernel/containers/userns/userns06_capcheck.c
> @@ -1,74 +1,67 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> /*
> * Copyright (c) Huawei Technologies Co., Ltd., 2015
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of the GNU General Public License as published by
> - * the Free Software Foundation; either version 2 of the License, or
> - * (at your option) any later version.
> - *
> - * This program is distributed in the hope that it will be useful,
> - * but WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
> - * the GNU General Public License for more details.
> + * Copyright (C) 2022 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
> */
>
> -/*
> - * Verify that:
> +/*\
> + * [Description]
> + *
This shouldn't be here since comments from helpe processes are not
picked up at all.
> * When a process with non-zero user IDs performs an execve(), the
> * process's capability sets are cleared. When a process with zero
> * user IDs performs an execve(), the process's capability sets
> * are set.
> */
>
> +#define TST_NO_DEFAULT_MAIN
> +#include "tst_test.h"
> +#include "config.h"
> +
> +#ifdef HAVE_LIBCAP
> #define _GNU_SOURCE
> -#include <sys/wait.h>
> -#include <assert.h>
> -#include <stdio.h>
> -#include <stdlib.h>
> -#include <unistd.h>
> +
> #include <string.h>
> -#include <errno.h>
> -#include "libclone.h"
> -#include "test.h"
> -#include "config.h"
> -#if HAVE_SYS_CAPABILITY_H
> +#include <sys/wait.h>
> #include <sys/capability.h>
> -#endif
> -
> -char *TCID = "userns06_capcheck";
> -int TST_TOTAL = 1;
>
> int main(int argc, char *argv[])
> {
> -#ifdef HAVE_LIBCAP
> cap_t caps;
> int i, last_cap;
> cap_flag_value_t flag_val;
> cap_flag_value_t expected_flag = 1;
> -#endif
> - tst_parse_opts(argc, argv, NULL, NULL);
>
> -#ifdef HAVE_LIBCAP
> + if (argc < 2)
> + tst_brk(TBROK, "userns06_capcheck <privileged|unprivileged>");
> +
> + tst_reinit();
This has to be called before the tst_brk() above otherwise the counters
in the test library will not be updated correctly.
> + SAFE_FILE_SCANF("/proc/sys/kernel/cap_last_cap", "%d", &last_cap);
> +
> if (strcmp("privileged", argv[1]))
> expected_flag = 0;
>
> caps = cap_get_proc();
> - SAFE_FILE_SCANF(NULL, "/proc/sys/kernel/cap_last_cap", "%d", &last_cap);
> +
> for (i = 0; i <= last_cap; i++) {
> cap_get_flag(caps, i, CAP_EFFECTIVE, &flag_val);
> if (flag_val != expected_flag)
> break;
> +
> cap_get_flag(caps, i, CAP_PERMITTED, &flag_val);
> if (flag_val != expected_flag)
> break;
> }
>
> - if (flag_val != expected_flag) {
> - printf("unexpected effective/permitted caps at %d\n", i);
> - exit(1);
> - }
> + if (flag_val != expected_flag)
> + tst_res(TFAIL, "unexpected effective/permitted caps at %d", i);
> + else
> + tst_res(TPASS, "expected caps at %d", i);
> +}
>
> #else
> - printf("System is missing libcap.\n");
> -#endif
> - tst_exit();
> +int main(void)
> +{
Here as well, we should call the tst_reinit() here so that the counters
are properly updated.
> + tst_brk(TBROK, "System is missing libcap");
> }
> +#endif
Other than these minor things, the rest looks fine.
With fixes from me and Peter applied:
Reviewed-by: Cyril Hrubis <chrubis@suse.cz>
--
Cyril Hrubis
chrubis@suse.cz
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [LTP] [PATCH v4] Rewrite userns06.c using new LTP API
2022-04-26 8:47 Andrea Cervesato
@ 2022-04-26 13:57 ` Cyril Hrubis
0 siblings, 0 replies; 9+ messages in thread
From: Cyril Hrubis @ 2022-04-26 13:57 UTC (permalink / raw)
To: Andrea Cervesato; +Cc: ltp
Hi!
Pushed with minor changes, thanks.
- removed some useless comments
- fixed the type for resource files
- changed the TBROK to TCONF in the helper when libcap is missing
diff --git a/testcases/kernel/containers/userns/userns06.c b/testcases/kernel/containers/userns/userns06.c
index 100ad8274..002c72907 100644
--- a/testcases/kernel/containers/userns/userns06.c
+++ b/testcases/kernel/containers/userns/userns06.c
@@ -29,9 +29,6 @@
#define CHILD2UID 200
#define CHILD2GID 200
-/*
- * child_fn1() - Inside a new user namespace
- */
static int child_fn1(void)
{
char *const args[] = { TEST_APP, "privileged", NULL };
@@ -39,9 +36,6 @@ static int child_fn1(void)
TST_CHECKPOINT_WAIT(0);
- /* execv will replace the main function and it will end this child
- * accordingly.
- */
ret = execv(args[0], args);
if (ret == -1)
tst_brk(TBROK | TERRNO, "execv: unexpected error");
@@ -49,9 +43,6 @@ static int child_fn1(void)
return 0;
}
-/*
- * child_fn2() - Inside a new user namespace
- */
static int child_fn2(void)
{
int uid, gid, ret;
@@ -69,9 +60,6 @@ static int child_fn2(void)
tst_res(TPASS, "expected uid and gid");
- /* execv will replace the main function and it will end this child
- * accordingly.
- */
ret = execv(args[0], args);
if (ret == -1)
tst_brk(TBROK | TERRNO, "execv: unexpected error");
@@ -133,7 +121,7 @@ static struct tst_test test = {
.test_all = run,
.needs_root = 1,
.needs_checkpoints = 1,
- .resource_files = (char *const []) {
+ .resource_files = (const char *[]) {
TEST_APP,
NULL,
},
diff --git a/testcases/kernel/containers/userns/userns06_capcheck.c b/testcases/kernel/containers/userns/userns06_capcheck.c
index 589e8bb94..bae4e4e33 100644
--- a/testcases/kernel/containers/userns/userns06_capcheck.c
+++ b/testcases/kernel/containers/userns/userns06_capcheck.c
@@ -60,6 +60,6 @@ int main(void)
{
tst_reinit();
- tst_brk(TBROK, "System is missing libcap");
+ tst_brk(TCONF, "System is missing libcap");
}
--
Cyril Hrubis
chrubis@suse.cz
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [LTP] [PATCH v4] Rewrite userns06.c using new LTP API
@ 2022-04-26 8:47 Andrea Cervesato
2022-04-26 13:57 ` Cyril Hrubis
0 siblings, 1 reply; 9+ messages in thread
From: Andrea Cervesato @ 2022-04-26 8:47 UTC (permalink / raw)
To: ltp
Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.de>
---
testcases/kernel/containers/userns/userns06.c | 185 ++++++++----------
.../containers/userns/userns06_capcheck.c | 67 +++----
2 files changed, 114 insertions(+), 138 deletions(-)
diff --git a/testcases/kernel/containers/userns/userns06.c b/testcases/kernel/containers/userns/userns06.c
index 29f635de5..100ad8274 100644
--- a/testcases/kernel/containers/userns/userns06.c
+++ b/testcases/kernel/containers/userns/userns06.c
@@ -1,65 +1,52 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Copyright (c) Huawei Technologies Co., Ltd., 2015
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version. This program is distributed in the hope that it will be
- * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
- * Public License for more details. You should have received a copy of the GNU
- * General Public License along with this program.
+ * Copyright (C) 2022 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
*/
-/*
- * Verify that:
- * When a process with non-zero user IDs performs an execve(), the process's
- * capability sets are cleared.
+/*\
+ * [Description]
+ *
+ * Verify that when a process with non-zero user IDs performs an execve(),
+ * the process's capability sets are cleared.
* When a process with zero user IDs performs an execve(), the process's
* capability sets are set.
- *
*/
+#include "tst_test.h"
+#include "config.h"
+
+#ifdef HAVE_LIBCAP
#define _GNU_SOURCE
-#include <sys/wait.h>
-#include <assert.h>
+
#include <stdio.h>
-#include <stdlib.h>
-#include <stdbool.h>
-#include <unistd.h>
-#include <string.h>
-#include <errno.h>
-#include "libclone.h"
-#include "test.h"
-#include "config.h"
-#include "userns_helper.h"
+#include "common.h"
+
+#define TEST_APP "userns06_capcheck"
#define CHILD1UID 0
#define CHILD1GID 0
#define CHILD2UID 200
#define CHILD2GID 200
-char *TCID = "user_namespace6";
-int TST_TOTAL = 1;
-
-static int cpid1, parentuid, parentgid;
-
/*
* child_fn1() - Inside a new user namespace
*/
static int child_fn1(void)
{
- int exit_val = 0;
- char *const args[] = { "userns06_capcheck", "privileged", NULL };
+ char *const args[] = { TEST_APP, "privileged", NULL };
+ int ret;
- TST_SAFE_CHECKPOINT_WAIT(NULL, 0);
+ TST_CHECKPOINT_WAIT(0);
- if (execve(args[0], args, NULL) == -1) {
- printf("execvp unexpected error: (%d) %s\n",
- errno, strerror(errno));
- exit_val = 1;
- }
+ /* execv will replace the main function and it will end this child
+ * accordingly.
+ */
+ ret = execv(args[0], args);
+ if (ret == -1)
+ tst_brk(TBROK | TERRNO, "execv: unexpected error");
- return exit_val;
+ return 0;
}
/*
@@ -67,97 +54,95 @@ static int child_fn1(void)
*/
static int child_fn2(void)
{
- int exit_val = 0;
- int uid, gid;
- char *const args[] = { "userns06_capcheck", "unprivileged", NULL };
+ int uid, gid, ret;
+ char *const args[] = { TEST_APP, "unprivileged", NULL };
- TST_SAFE_CHECKPOINT_WAIT(NULL, 1);
+ TST_CHECKPOINT_WAIT(1);
uid = geteuid();
gid = getegid();
if (uid != CHILD2UID || gid != CHILD2GID) {
- printf("unexpected uid=%d gid=%d\n", uid, gid);
- exit_val = 1;
+ tst_res(TFAIL, "unexpected uid=%d gid=%d", uid, gid);
+ return 1;
}
- if (execve(args[0], args, NULL) == -1) {
- printf("execvp unexpected error: (%d) %s\n",
- errno, strerror(errno));
- exit_val = 1;
- }
+ tst_res(TPASS, "expected uid and gid");
- return exit_val;
-}
+ /* execv will replace the main function and it will end this child
+ * accordingly.
+ */
+ ret = execv(args[0], args);
+ if (ret == -1)
+ tst_brk(TBROK | TERRNO, "execv: unexpected error");
-static void cleanup(void)
-{
- tst_rmdir();
+ return 0;
}
static void setup(void)
{
check_newuser();
- tst_tmpdir();
- TST_CHECKPOINT_INIT(NULL);
- TST_RESOURCE_COPY(cleanup, "userns06_capcheck", NULL);
}
-int main(int argc, char *argv[])
+static void run(void)
{
+ pid_t cpid1;
pid_t cpid2;
+ int parentuid;
+ int parentgid;
char path[BUFSIZ];
- int lc;
int fd;
- tst_parse_opts(argc, argv, NULL, NULL);
-#ifndef HAVE_LIBCAP
- tst_brkm(TCONF, NULL, "System is missing libcap.");
-#endif
- setup();
-
- for (lc = 0; TEST_LOOPING(lc); lc++) {
- tst_count = 0;
+ parentuid = geteuid();
+ parentgid = getegid();
- parentuid = geteuid();
- parentgid = getegid();
+ cpid1 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD, (void *)child_fn1, NULL);
+ if (cpid1 < 0)
+ tst_brk(TBROK | TTERRNO, "cpid1 clone failed");
- cpid1 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD,
- (void *)child_fn1, NULL);
- if (cpid1 < 0)
- tst_brkm(TBROK | TERRNO, cleanup,
- "cpid1 clone failed");
+ cpid2 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD, (void *)child_fn2, NULL);
+ if (cpid2 < 0)
+ tst_brk(TBROK | TTERRNO, "cpid2 clone failed");
- cpid2 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD,
- (void *)child_fn2, NULL);
- if (cpid2 < 0)
- tst_brkm(TBROK | TERRNO, cleanup,
- "cpid2 clone failed");
+ if (access("/proc/self/setgroups", F_OK) == 0) {
+ sprintf(path, "/proc/%d/setgroups", cpid1);
- if (access("/proc/self/setgroups", F_OK) == 0) {
- sprintf(path, "/proc/%d/setgroups", cpid1);
- fd = SAFE_OPEN(cleanup, path, O_WRONLY, 0644);
- SAFE_WRITE(cleanup, 1, fd, "deny", 4);
- SAFE_CLOSE(cleanup, fd);
+ fd = SAFE_OPEN(path, O_WRONLY, 0644);
+ SAFE_WRITE(1, fd, "deny", 4);
+ SAFE_CLOSE(fd);
- sprintf(path, "/proc/%d/setgroups", cpid2);
- fd = SAFE_OPEN(cleanup, path, O_WRONLY, 0644);
- SAFE_WRITE(cleanup, 1, fd, "deny", 4);
- SAFE_CLOSE(cleanup, fd);
- }
+ sprintf(path, "/proc/%d/setgroups", cpid2);
- updatemap(cpid1, UID_MAP, CHILD1UID, parentuid, cleanup);
- updatemap(cpid2, UID_MAP, CHILD2UID, parentuid, cleanup);
+ fd = SAFE_OPEN(path, O_WRONLY, 0644);
+ SAFE_WRITE(1, fd, "deny", 4);
+ SAFE_CLOSE(fd);
+ }
- updatemap(cpid1, GID_MAP, CHILD1GID, parentgid, cleanup);
- updatemap(cpid2, GID_MAP, CHILD2GID, parentgid, cleanup);
+ updatemap(cpid1, UID_MAP, CHILD1UID, parentuid);
+ updatemap(cpid2, UID_MAP, CHILD2UID, parentuid);
- TST_SAFE_CHECKPOINT_WAKE(cleanup, 0);
- TST_SAFE_CHECKPOINT_WAKE(cleanup, 1);
+ updatemap(cpid1, GID_MAP, CHILD1GID, parentgid);
+ updatemap(cpid2, GID_MAP, CHILD2GID, parentgid);
- tst_record_childstatus(cleanup, cpid1);
- tst_record_childstatus(cleanup, cpid2);
- }
- cleanup();
- tst_exit();
+ TST_CHECKPOINT_WAKE(0);
+ TST_CHECKPOINT_WAKE(1);
}
+
+static struct tst_test test = {
+ .setup = setup,
+ .test_all = run,
+ .needs_root = 1,
+ .needs_checkpoints = 1,
+ .resource_files = (char *const []) {
+ TEST_APP,
+ NULL,
+ },
+ .needs_kconfigs = (const char *[]) {
+ "CONFIG_USER_NS",
+ NULL,
+ },
+};
+
+#else
+TST_TEST_TCONF("System is missing libcap");
+#endif
diff --git a/testcases/kernel/containers/userns/userns06_capcheck.c b/testcases/kernel/containers/userns/userns06_capcheck.c
index 31f7e0a25..589e8bb94 100644
--- a/testcases/kernel/containers/userns/userns06_capcheck.c
+++ b/testcases/kernel/containers/userns/userns06_capcheck.c
@@ -1,74 +1,65 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Copyright (c) Huawei Technologies Co., Ltd., 2015
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
+ * Copyright (C) 2022 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
*
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
- * the GNU General Public License for more details.
- */
-
-/*
- * Verify that:
* When a process with non-zero user IDs performs an execve(), the
* process's capability sets are cleared. When a process with zero
* user IDs performs an execve(), the process's capability sets
* are set.
*/
+#define TST_NO_DEFAULT_MAIN
+#include "tst_test.h"
+#include "config.h"
+
+#ifdef HAVE_LIBCAP
#define _GNU_SOURCE
-#include <sys/wait.h>
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
+
#include <string.h>
-#include <errno.h>
-#include "libclone.h"
-#include "test.h"
-#include "config.h"
-#if HAVE_SYS_CAPABILITY_H
+#include <sys/wait.h>
#include <sys/capability.h>
-#endif
-
-char *TCID = "userns06_capcheck";
-int TST_TOTAL = 1;
int main(int argc, char *argv[])
{
-#ifdef HAVE_LIBCAP
cap_t caps;
int i, last_cap;
cap_flag_value_t flag_val;
cap_flag_value_t expected_flag = 1;
-#endif
- tst_parse_opts(argc, argv, NULL, NULL);
-#ifdef HAVE_LIBCAP
+ tst_reinit();
+
+ if (argc < 2)
+ tst_brk(TBROK, "userns06_capcheck <privileged|unprivileged>");
+
+ SAFE_FILE_SCANF("/proc/sys/kernel/cap_last_cap", "%d", &last_cap);
+
if (strcmp("privileged", argv[1]))
expected_flag = 0;
caps = cap_get_proc();
- SAFE_FILE_SCANF(NULL, "/proc/sys/kernel/cap_last_cap", "%d", &last_cap);
+
for (i = 0; i <= last_cap; i++) {
cap_get_flag(caps, i, CAP_EFFECTIVE, &flag_val);
if (flag_val != expected_flag)
break;
+
cap_get_flag(caps, i, CAP_PERMITTED, &flag_val);
if (flag_val != expected_flag)
break;
}
- if (flag_val != expected_flag) {
- printf("unexpected effective/permitted caps at %d\n", i);
- exit(1);
- }
+ if (flag_val != expected_flag)
+ tst_res(TFAIL, "unexpected effective/permitted caps at %d", i);
+ else
+ tst_res(TPASS, "expected caps at %d", i);
+}
#else
- printf("System is missing libcap.\n");
-#endif
- tst_exit();
+int main(void)
+{
+ tst_reinit();
+
+ tst_brk(TBROK, "System is missing libcap");
}
+#endif
--
2.36.0
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply related [flat|nested] 9+ messages in thread
end of thread, other threads:[~2022-04-26 13:55 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-01 5:08 [LTP] [PATCH v4] Rewrite userns06.c using new LTP API Andrea Cervesato
2022-04-04 10:33 ` Petr Vorel
2022-04-04 10:52 ` Andrea Cervesato via ltp
2022-04-04 12:55 ` Petr Vorel
2022-04-19 7:22 ` Petr Vorel
2022-04-19 7:36 ` Andrea Cervesato via ltp
2022-04-19 12:16 ` Cyril Hrubis
2022-04-26 8:47 Andrea Cervesato
2022-04-26 13:57 ` Cyril Hrubis
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.