From: CGEL <cgel.zte@gmail.com>
To: Christian Brauner <christian.brauner@ubuntu.com>
Cc: keescook@chromium.org, ktkhai@virtuozzo.com,
jamorris@linux.microsoft.com, varad.gautam@suse.com,
legion@kernel.org, dbueso@suse.de, linux-kernel@vger.kernel.org,
Ran Xiaokai <ran.xiaokai@zte.com.cn>
Subject: Re: [PATCH] ipc: add set_ownership() and permissions() callbacks for posix mqueue sysctl
Date: Wed, 11 Aug 2021 08:51:32 -0700 [thread overview]
Message-ID: <20210811155132.GA13845@www> (raw)
In-Reply-To: <20210803140133.vksebmgqhlbqipla@wittgenstein>
On Tue, Aug 03, 2021 at 04:01:33PM +0200, Christian Brauner wrote:
> - Create a new mount and ipc namespace and mount mqueue in there.
> Read and remember the /proc/sys/fs/mqueue/queues_max value.
> - Now create a new user + mount namespace pair in a child process.
> - Mount mqueue filesystem in there.
> - Set /proc/sys/fs/mqueue/queues_max to 1.
> - Call mq_open with O_CREAT in the child process the first time and
> expect success keeping the fd open.
> - Call mq_open with O_CREAT in the child process a second time and
> expect failure because of:
>
> if (ipc_ns->mq_queues_count >= ipc_ns->mq_queues_max &&
> !capable(CAP_SYS_RESOURCE)) {
> error = -ENOSPC;
> goto out_unlock;
> }
> ipc_ns->mq_queues_count++;
> spin_unlock(&mq_lock);
>
> - Reap the child in the parent expecting success.
> - Verify that the /proc/sys/fs/mqueue/queues_max value in the parent is
> identical to the value you read before creating the child.
Hi, Christian
Thanks for your patient explanation of the kselftest code.
Please give comments on this test code.
int get_mq_queues_max(void)
{
int fd;
char buf[16];
int val = -1;
fd = open("/proc/sys/fs/mqueue/queues_max", O_RDONLY);
if (fd >= 0) {
if (read(fd, buf, sizeof(buf)) > 0)
val = atoi(buf);
close(fd);
return val;
}
return val;
}
TEST(mqueue_sysctl)
{
pid_t pid;
int qmax1, qmax2;
/*
> - Create a new mount and ipc namespace and mount mqueue in there.
This test code is intended to run as non-root user,
so unshare(CLONE_NEWNS) is not allowed, so i skip this step.
*/
chdir(getenv("HOME"));
/* read and stash the original sysctl value */
qmax1 = get_mq_queues_max();
ASSERT_GE(qmax1, 0);
pid = fork();
ASSERT_GE(pid, 0);
if (pid == 0) {
ASSERT_EQ(prepare_unpriv_mountns(), 0);
/*
A new mqueue filesystem instance will be mounted by kernel internally
when a ipc namespace created. I don't quite get the point here why we should
mount mqueue manually?
*/
if (mkdir("./mqueue", 755) && errno != EEXIST)
SKIP(return, "mkdir /dev/mqueue failed");
ASSERT_EQ(mount("none", "./mqueue", "mqueue", MS_NOATIME, NULL), 0);
/* modify the sysctl value in new ipc namesapce */
ASSERT_EQ(write_file("/proc/sys/fs/mqueue/queues_max", "1", 1), 0);
ASSERT_GE(mq_open("/new_ns1", O_RDWR | O_CREAT, 0644, NULL), 0);
/* mq_open() should fail as exceeding of queues_max */
ASSERT_EQ(mq_open("/new_ns2", O_RDWR | O_CREAT, 0644, NULL), -1);
ASSERT_EQ(mq_unlink("/new_ns1"), 0);
ASSERT_EQ(umount("./mqueue"), 0);
exit(0);
}
ASSERT_EQ(wait_for_pid(pid), 0);
qmax2 = get_mq_queues_max();
ASSERT_EQ(qmax1, qmax2);
}
TEST_HARNESS_MAIN
for this test code ,i add a new file mq_sysctl_test.c, a makefile and a config file
with content
CONFIG_USER_NS=y
CONFIG_POSIX_MQUEUE_SYSCTL=y
but i am not sure which directory to place thess files,
for the original tools/testing/selftests/mqueue/
i think this directory don't need a config file, but for this test code,
this config file is needed,
do you have any suggestion on which directory this test code should place?
next prev parent reply other threads:[~2021-08-11 15:50 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-29 3:06 [PATCH] ipc: add set_ownership() and permissions() callbacks for posix mqueue sysctl cgel.zte
2021-07-29 14:53 ` Christian Brauner
2021-08-03 10:31 ` CGEL
2021-08-03 14:01 ` Christian Brauner
2021-08-11 15:51 ` CGEL [this message]
2021-08-23 3:29 ` [PATCH] tests: add mqueue sysctl tests for user namespace Ran Xiaokai
2021-08-23 15:26 ` Davidlohr Bueso
2021-08-24 12:05 ` Christian Brauner
2021-08-27 9:50 ` [PATCH V2] " CGEL
2021-08-27 10:12 ` [PATCH V2] ipc: add set_ownership() and permissions() callbacks for posix mqueue sysctl CGEL
2021-09-13 14:40 ` Christian Brauner
2021-09-13 19:42 ` Davidlohr Bueso
2021-09-16 1:49 ` CGEL
2021-10-04 10:53 ` Christian Brauner
2021-12-01 7:14 ` CGEL
2021-12-01 12:53 ` Christian Brauner
2022-04-06 7:59 ` cgel.zte
2021-07-30 15:09 ` [PATCH] " Davidlohr Bueso
2021-08-03 10:34 ` CGEL
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210811155132.GA13845@www \
--to=cgel.zte@gmail.com \
--cc=christian.brauner@ubuntu.com \
--cc=dbueso@suse.de \
--cc=jamorris@linux.microsoft.com \
--cc=keescook@chromium.org \
--cc=ktkhai@virtuozzo.com \
--cc=legion@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ran.xiaokai@zte.com.cn \
--cc=varad.gautam@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).