[CRIU] [PATCH v3] zdtm: test that UNIX socket owner/group don't change
Pavel Tikhomirov
ptikhomirov at parallels.com
Fri Aug 22 02:46:08 PDT 2014
On 08/22/2014 01:27 PM, Andrey Vagin wrote:
> On Fri, Aug 22, 2014 at 11:27:01AM +0400, Pavel Tikhomirov wrote:
>> In container c/r(OVZ) if UNIX socket was created on tmpfs uid and gid
>> might have become corrupted.
> Could you explain why they are corrupted on tmpfs only?
Sorry, that's my mistake, tmpfs is not involved in this bug, i'll
correct, patch was wrong!
in bug: uid and gid in openvz were set to peer(connected) id's, instead
of real inode credentials.
>
>> To recreate this case in CRIU, need to mount tmpfs in mount namespace,
>> so it will be explictly restored.
>>
>> run: bash test/zdtm.sh ns/static/sockets00
> We want to execute sockets00 in a current set of namespaces.
>
> ns/* teests are not executed for OpenVZ.
So it was a mistake no mount-namespace needed.
>
>> https://jira.sw.ru/browse/PSBM-28427
> Pls, don't add internal links in CRIU patches.
>
> https://bugzilla.openvz.org/show_bug.cgi?id=2969
OK
>> changes:
>> v2 - cleanup headers, close socket, use err instead fail,
>> print id's on error.
>> v3 - move to sockets00, mount tmpfs and extend explanation.
>>
>> Signed-off-by: Pavel Tikhomirov <ptikhomirov at parallels.com>
>> ---
>> test/zdtm.sh | 1 +
>> test/zdtm/live/static/sockets00.c | 30 +++++++++++++++++++++++++++++-
>> 2 files changed, 30 insertions(+), 1 deletion(-)
>>
>> diff --git a/test/zdtm.sh b/test/zdtm.sh
>> index 1fd9015..b337b0f 100755
>> --- a/test/zdtm.sh
>> +++ b/test/zdtm.sh
>> @@ -225,6 +225,7 @@ mntns_open
>> mntns_link_remap
>> mntns_link_ghost
>> socket-uid-gid
>> +sockets00
>> "
>>
>> source $(readlink -f `dirname $0`/env.sh) || exit 1
>> diff --git a/test/zdtm/live/static/sockets00.c b/test/zdtm/live/static/sockets00.c
>> index 6ff93ab..1e98154 100644
>> --- a/test/zdtm/live/static/sockets00.c
>> +++ b/test/zdtm/live/static/sockets00.c
>> @@ -11,6 +11,7 @@
>> #include <sys/wait.h>
>> #include <sys/un.h>
>> #include <sys/stat.h>
>> +#include <sys/mount.h>
>> #include <limits.h>
>> #include <fcntl.h>
>>
>> @@ -36,6 +37,9 @@ int main(int argc, char *argv[])
>> char path[PATH_MAX];
>> char buf[64];
>> char *cwd;
>> + uid_t uid = 18943;
>> + gid_t gid = 58467;
>> + char *tmpfs_dir = "tmpfs";
>>
>> int ret;
>>
>> @@ -47,7 +51,19 @@ int main(int argc, char *argv[])
>> exit(1);
>> }
>>
>> - snprintf(path, sizeof(path), "%s/%s", cwd, filename);
>> + snprintf(path, sizeof(path), "%s/%s", cwd, tmpfs_dir);
>> + rmdir(path);
>> + if(mkdir(path, 0777)) {
>> + err("mkdir\n");
>> + exit(1);
>> + }
>> +
>> + if(mount("none", path, "tmpfs", 0, "mode=0755,uid=99")) {
>> + err("mount tmpfs\n");
>> + exit(1);
>> + }
>> +
>> + snprintf(path, sizeof(path), "%s/%s/%s", cwd, tmpfs_dir, filename);
>> unlink(path);
>>
>> addr.sun_family = AF_UNIX;
>> @@ -74,6 +90,12 @@ int main(int argc, char *argv[])
>> exit(1);
>> }
>>
>> + ret = chown(path, uid, gid);
>> + if (ret) {
>> + err("chown");
>> + exit(1);
>> + }
>> +
>> ret = listen(ssk_icon[0], 16);
>> if (ret) {
>> fail("bind\n");
>> @@ -119,6 +141,12 @@ int main(int argc, char *argv[])
>> exit(1);
>> }
>>
>> + if (st_b.st_uid != uid || st_b.st_gid != gid) {
>> + err("Owner user or group for %s corrupted, uid=%d, gid=%d",
>> + path, st_b.st_uid, st_b.st_gid);
>> + exit(1);
>> + }
>> +
>> ret = accept(ssk_icon[0], NULL, NULL);
>> if (ret < 0) {
>> fail("accept\n");
>> --
>> 1.9.3
>>
More information about the CRIU
mailing list