[CRIU] [PATCH 2/2] test: add test for failing to dump different creds
Tycho Andersen
tycho.andersen at canonical.com
Fri Jun 26 16:29:56 PDT 2015
v2: use the test list instead of the file for telling zdtm.sh the test will
fail
Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
---
test/zdtm.sh | 3 ++
test/zdtm/.gitignore | 1 +
test/zdtm/live/static/Makefile | 2 +
test/zdtm/live/static/different_creds.c | 89 +++++++++++++++++++++++++++++++++
4 files changed, 95 insertions(+)
create mode 100644 test/zdtm/live/static/different_creds.c
diff --git a/test/zdtm.sh b/test/zdtm.sh
index 01b5cc7..6eb95f4 100755
--- a/test/zdtm.sh
+++ b/test/zdtm.sh
@@ -200,6 +200,7 @@ generate_test_list()
static/poll
static/apparmor
ns/static/apparmor
+ static/different_creds
"
TEST_CR_KERNEL="
@@ -334,9 +335,11 @@ sockets00
cow01
apparmor
seccomp_strict
+different_creds
"
TEST_EXPECTED_FAILURE="
+static/different_creds
"
CRIU_CPT=$CRIU
diff --git a/test/zdtm/.gitignore b/test/zdtm/.gitignore
index 36f9e75..77c2d15 100644
--- a/test/zdtm/.gitignore
+++ b/test/zdtm/.gitignore
@@ -21,6 +21,7 @@
/live/static/cwd02
/live/static/deleted_dev
/live/static/deleted_unix_sock
+/live/static/different_creds
/live/static/dumpable01
/live/static/dumpable02
/live/static/env00
diff --git a/test/zdtm/live/static/Makefile b/test/zdtm/live/static/Makefile
index 8ea8d82..b245e46 100644
--- a/test/zdtm/live/static/Makefile
+++ b/test/zdtm/live/static/Makefile
@@ -124,6 +124,7 @@ TST_NOFILE = \
fd \
apparmor \
seccomp_strict \
+ different_creds \
# jobctl00 \
TST_FILE = \
@@ -284,6 +285,7 @@ wait_stop:
$(TST): $(LIB)
aio00: override LDLIBS += -laio
+different_creds: override LDLIBS += -lcap
futex.o: override CFLAGS += -pthread
futex: override LDFLAGS += -pthread
futex-rl.o: override CFLAGS += -pthread
diff --git a/test/zdtm/live/static/different_creds.c b/test/zdtm/live/static/different_creds.c
new file mode 100644
index 0000000..3868a34
--- /dev/null
+++ b/test/zdtm/live/static/different_creds.c
@@ -0,0 +1,89 @@
+#define _GNU_SOURCE
+#include <alloca.h>
+#include <unistd.h>
+#include <stdbool.h>
+#include <signal.h>
+#include <sched.h>
+#include <sys/capability.h>
+#include <linux/seccomp.h>
+#include <linux/limits.h>
+
+#include "zdtmtst.h"
+
+const char *test_doc = "Check that threads with different creds aren't checkpointed";
+const char *test_author = "Tycho Andersen <tycho.andersen at canonical.com>";
+
+int drop_caps_and_wait(void *arg)
+{
+ cap_t caps;
+ int *pipe = arg;
+
+ caps = cap_get_proc();
+ if (!caps) {
+ err("cap_get_proc");
+ return 1;
+ }
+
+ if (cap_clear_flag(caps, CAP_EFFECTIVE) < 0) {
+ err("cap_clear_flag");
+ goto die;
+ }
+
+ if (cap_set_proc(caps) < 0) {
+ err("cap_set_proc");
+ goto die;
+ }
+
+ close(*pipe);
+
+ while(1)
+ sleep(1000);
+die:
+ cap_free(caps);
+ return 1;
+}
+
+int main(int argc, char ** argv)
+{
+ pid_t pid;
+ int ret, pipefd[2];
+ long clone_flags = CLONE_VM | CLONE_FILES | CLONE_SIGHAND |
+ CLONE_THREAD | CLONE_SYSVSEM;
+
+ size_t stack_size = sysconf(_SC_PAGESIZE);
+ void *stack = alloca(stack_size);
+ char buf;
+
+ test_init(argc, argv);
+
+ if (pipe(pipefd) < 0) {
+ err("pipe");
+ return -1;
+ }
+
+ pid = clone(drop_caps_and_wait, stack + stack_size, clone_flags, pipefd);
+ if (pid < 0) {
+ err("fork");
+ return -1;
+ }
+
+ close(pipefd[1]);
+
+ /*
+ * Wait for child to signal us that it has droped caps.
+ */
+ ret = read(pipefd[0], &buf, 1);
+ close(pipefd[0]);
+ if (ret < 0) {
+ err("read");
+ return 1;
+ }
+
+ test_daemon();
+ test_waitsig();
+
+ fail("shouldn't dump successfully");
+
+ kill(pid, SIGKILL);
+ return ret;
+}
--
2.1.4
More information about the CRIU
mailing list