[CRIU] [PATCH v3 02/33] zdtm: Add userns01 test
Andrei Vagin
avagin at virtuozzo.com
Tue Feb 21 20:59:18 PST 2017
On Tue, Feb 21, 2017 at 05:05:56PM +0300, Kirill Tkhai wrote:
> On 21.02.2017 08:32, Andrei Vagin wrote:
> > On Thu, Feb 16, 2017 at 03:06:52PM +0300, Kirill Tkhai wrote:
> >> FIXME: use custom UID and GID, not 0 and 0.
> > Why are non-zero uid-s not supported now?
>
> Because currently it's need to have uid/gid 0 mapped to use prctl's PR_SET_MM_MAP
> argument on restore. If I map custom UID to 0, then it's need a UID to map 0 to
> (for prctl), but this UID may not exists in parent environment. I'm going to extend
> this test to find an existing UID in parent environment, but it's not for now.
>
> > Why do we need a second test to check uid and gid? Can we check them in
> > the first test?
>
> As I see in criu's tests, every test is for testing one feature,
> and the main style is to do not create overloaded tests. It is
> good seen in socket tests. I just follow this trend.
I'm agree with this sentence, but I think setuid and getuid will not
overload the test. Maybe I'm wrong...
I modified a test, the patch is attached. Now test fails with c/r and
passes without c/r.
[root at fc24 criu]# python test/zdtm.py run -t zdtm/static/userns01 --iter 0
=== Run 1/1 ================ zdtm/static/userns01
======================= Run zdtm/static/userns01 in uns ========================
Start test
Test is SUID
./userns01 --pidfile=userns01.pid --outfile=userns01.out
Send the 15 signal to 37
Wait for zdtm/static/userns01(37) to die for 0.100000
Removing dump/zdtm/static/userns01/37
======================== Test zdtm/static/userns01 PASS ========================
[root at fc24 criu]# python test/zdtm.py run -t zdtm/static/userns01 --iter 1
=== Run 1/1 ================ zdtm/static/userns01
======================= Run zdtm/static/userns01 in uns ========================
Start test
Test is SUID
./userns01 --pidfile=userns01.pid --outfile=userns01.out
Run criu dump
Run criu restore
Send the 15 signal to 66
Wait for zdtm/static/userns01(66) to die for 0.100000
################ Test zdtm/static/userns01 FAIL at result check ################
Test output: ================================
04:57:51.880: 5: ERR: userns01.c:94: UID or GID is wrong: 50 41 (errno = 2 (No such file or directory))
04:57:51.881: 4: FAIL: userns01.c:139: pid: status=4
(errno = 11 (Resource temporarily unavailable))
<<< ================================
##################################### FAIL #####################################
>
> The first test is to test hierarchy, the second is for xids. Up to me,
> it's easier to investigate a problem in one-feature test, them in
> a big "food processor". Especially, for foreign observer.
>
> >>
> >> Signed-off-by: Kirill Tkhai <ktkhai at virtuozzo.com>
> >> ---
> >> test/zdtm/static/Makefile | 1
> >> test/zdtm/static/userns01.c | 149 ++++++++++++++++++++++++++++++++++++++++
> >> test/zdtm/static/userns01.desc | 1
> >> 3 files changed, 151 insertions(+)
> >> create mode 100644 test/zdtm/static/userns01.c
> >> create mode 100644 test/zdtm/static/userns01.desc
> >>
> >> diff --git a/test/zdtm/static/Makefile b/test/zdtm/static/Makefile
> >> index f7c46da8c..b4d813420 100644
> >> --- a/test/zdtm/static/Makefile
> >> +++ b/test/zdtm/static/Makefile
> >> @@ -176,6 +176,7 @@ TST_NOFILE := \
> >> uffd-events \
> >> netns_sub \
> >> userns00 \
> >> + userns01 \
> >> # jobctl00 \
> >>
> >> ifneq ($(SRCARCH),arm)
> >> diff --git a/test/zdtm/static/userns01.c b/test/zdtm/static/userns01.c
> >> new file mode 100644
> >> index 000000000..f7ebaa0fc
> >> --- /dev/null
> >> +++ b/test/zdtm/static/userns01.c
> >> @@ -0,0 +1,149 @@
> >> +#define _GNU_SOURCE
> >> +#include <stdbool.h>
> >> +#include <string.h>
> >> +#include <fcntl.h>
> >> +#include <unistd.h>
> >> +#include <signal.h>
> >> +#include <stdio.h>
> >> +#include <sys/mount.h>
> >> +#include <sys/stat.h>
> >> +#include <sys/mman.h>
> >> +#include <sched.h>
> >> +#include <sys/wait.h>
> >> +#include <stdlib.h>
> >> +#include <limits.h>
> >> +#include <dirent.h>
> >> +
> >> +#include "zdtmtst.h"
> >> +#include "lock.h"
> >> +
> >> +const char *test_doc = "Check UID and GID in unshared userns remains the same";
> >> +const char *test_author = "Kirill Tkhai <ktkhai at virtuozzo.com>";
> >> +
> >> +enum {
> >> + FUTEX_INITIALIZED = 0,
> >> + CHILD_CREATED,
> >> + MAP_WRITTEN,
> >> + XIDS_SET,
> >> + POST_RESTORE_CHECK,
> >> + EMERGENCY_ABORT,
> >> +};
> >> +
> >> +#define CHILD_UID 0
> >> +#define CHILD_GID 0
> >> +#define UID_MAP "0 0 1\n"
> >> +#define GID_MAP "0 0 1\n"
> >> +
> >> +futex_t *futex;
> >> +
> >> +int write_map(pid_t pid, char *file, char *map)
> >> +{
> >> + char path[PATH_MAX];
> >> + int fd, ret;
> >> +
> >> + sprintf(path, "/proc/%d/%s", pid, file);
> >> + fd = open(path, O_WRONLY);
> >> + if (fd < 0) {
> >> + fail("Can't open");
> >> + return -1;
> >> + }
> >> + ret = write(fd, map, strlen(map));
> >> + if (ret != strlen(map)) {
> >> + fail("Can't write");
> >> + return -1;
> >> + }
> >> + close(fd);
> >> +
> >> + return 0;
> >> +}
> >> +
> >> +int child(void)
> >> +{
> >> + uid_t uid;
> >> + gid_t gid;
> >> + int ret;
> >> +
> >> + ret = unshare(CLONE_NEWUSER);
> >> + if (ret < 0) {
> >> + pr_perror("unshare");
> >> + futex_set_and_wake(futex, EMERGENCY_ABORT);
> >> + return 1;
> >> + }
> >> +
> >> + futex_set_and_wake(futex, CHILD_CREATED);
> >> + futex_wait_while_lt(futex, MAP_WRITTEN);
> >> +
> >> + if (setuid(CHILD_UID) < 0) {
> >> + pr_perror("setuid");
> >> + futex_set_and_wake(futex, EMERGENCY_ABORT);
> >> + return 2;
> >> + }
> >> +
> >> + if (setgid(CHILD_GID) < 0) {
> >> + pr_perror("setgid");
> >> + futex_set_and_wake(futex, EMERGENCY_ABORT);
> >> + return 3;
> >> + }
> >> +
> >> + futex_set_and_wake(futex, XIDS_SET);
> >> + futex_wait_while_lt(futex, POST_RESTORE_CHECK);
> >> +
> >> + uid = getuid();
> >> + gid = getgid();
> >> + if (uid != CHILD_UID || gid != CHILD_GID) {
> >> + pr_perror("UID or GID is wrong: %d %d", uid, gid);
> >> + futex_set_and_wake(futex, EMERGENCY_ABORT);
> >> + return 4;
> >> + }
> >> +
> >> + return 0;
> >> +}
> >> +
> >> +int main(int argc, char **argv)
> >> +{
> >> + int status;
> >> + pid_t pid;
> >> +
> >> + test_init(argc, argv);
> >> + futex = mmap(NULL, sizeof(*futex), PROT_WRITE | PROT_READ, MAP_SHARED | MAP_ANONYMOUS, -1, 0);
> >> + if (futex == MAP_FAILED) {
> >> + fail("mmap futex\n");
> >> + return 1;
> >> + }
> >> + futex_init(futex);
> >> +
> >> + pid = fork();
> >> + if (pid == -1) {
> >> + fail("fork");
> >> + return 1;
> >> + } else if (pid == 0)
> >> + exit(child());
> >> +
> >> + futex_wait_while_lt(futex, CHILD_CREATED);
> >> +
> >> + if (write_map(pid, "uid_map", UID_MAP) < 0 ||
> >> + write_map(pid, "gid_map", GID_MAP) < 0) {
> >> + fail("write map");
> >> + goto err;
> >> + }
> >> +
> >> + futex_set_and_wake(futex, MAP_WRITTEN);
> >> + futex_wait_while_lt(futex, XIDS_SET);
> >> +
> >> + test_daemon();
> >> + test_waitsig();
> >> +
> >> + futex_set_and_wake(futex, POST_RESTORE_CHECK);
> >> +
> >> + if (wait(&status) < 0 || WEXITSTATUS(status)) {
> >> + fail("pid: status=%d\n", WEXITSTATUS(status));
> >> + goto err;
> >> + }
> >> +
> >> + pass();
> >> + return 0;
> >> +err:
> >> + futex_set_and_wake(futex, EMERGENCY_ABORT);
> >> + wait(&status);
> >> + return 1;
> >> +}
> >> diff --git a/test/zdtm/static/userns01.desc b/test/zdtm/static/userns01.desc
> >> new file mode 100644
> >> index 000000000..1f8bec515
> >> --- /dev/null
> >> +++ b/test/zdtm/static/userns01.desc
> >> @@ -0,0 +1 @@
> >> +{'flavor': 'uns', 'flags': 'suid noauto'}
> >>
> >> _______________________________________________
> >> CRIU mailing list
> >> CRIU at openvz.org
> >> https://lists.openvz.org/mailman/listinfo/criu
-------------- next part --------------
diff --git a/test/zdtm/static/userns01.c b/test/zdtm/static/userns01.c
index f7ebaa0..0446297 100644
--- a/test/zdtm/static/userns01.c
+++ b/test/zdtm/static/userns01.c
@@ -29,10 +29,10 @@ enum {
EMERGENCY_ABORT,
};
-#define CHILD_UID 0
-#define CHILD_GID 0
-#define UID_MAP "0 0 1\n"
-#define GID_MAP "0 0 1\n"
+#define CHILD_UID 50
+#define CHILD_GID 53
+#define UID_MAP "0 10 1\n1 100 100\n"
+#define GID_MAP "0 12 1\n1 112 100\n"
futex_t *futex;
@@ -73,18 +73,18 @@ int child(void)
futex_set_and_wake(futex, CHILD_CREATED);
futex_wait_while_lt(futex, MAP_WRITTEN);
- if (setuid(CHILD_UID) < 0) {
- pr_perror("setuid");
- futex_set_and_wake(futex, EMERGENCY_ABORT);
- return 2;
- }
-
if (setgid(CHILD_GID) < 0) {
pr_perror("setgid");
futex_set_and_wake(futex, EMERGENCY_ABORT);
return 3;
}
+ if (setuid(CHILD_UID) < 0) {
+ pr_perror("setuid");
+ futex_set_and_wake(futex, EMERGENCY_ABORT);
+ return 2;
+ }
+
futex_set_and_wake(futex, XIDS_SET);
futex_wait_while_lt(futex, POST_RESTORE_CHECK);
More information about the CRIU
mailing list