[CRIU] [PATCH v4 02/31] zdtm: Add userns01 test

Kirill Tkhai ktkhai at virtuozzo.com
Thu Feb 23 01:31:28 PST 2017 

On 23.02.2017 00:19, Andrei Vagin wrote:
> On Wed, Feb 22, 2017 at 02:30:42PM +0300, Kirill Tkhai wrote:
>> FIXME: use custom UID and GID, not 0 and 0.
>> Now we are using 0 and 0 to allow the test running
>> in any environment, and do not carry about CT mappings.
>>
> 
> I don't understand this statement. Pls, look at test/zdtm/lib/ns.c,
> there are test mappings for uid-s and gid-s.

Yeah, I asked exactly this in v3.

> #define UID_MAP "0 100000 100000\n100000 200000 50000"
> #define GID_MAP "0 400000 50000\n50000 500000 100000"
> 
> 
> Why have you decided to not add my changes?

I thought, you sent it for debug purpose. No problem, I can apply them.
 
>> Signed-off-by: Kirill Tkhai <ktkhai at virtuozzo.com>
>> ---
>>  test/zdtm/static/Makefile      |    1 
>>  test/zdtm/static/userns01.c    |  150 ++++++++++++++++++++++++++++++++++++++++
>>  test/zdtm/static/userns01.desc |    1 
>>  3 files changed, 152 insertions(+)
>>  create mode 100644 test/zdtm/static/userns01.c
>>  create mode 100644 test/zdtm/static/userns01.desc
>>
>> diff --git a/test/zdtm/static/Makefile b/test/zdtm/static/Makefile
>> index f7c46da8c..b4d813420 100644
>> --- a/test/zdtm/static/Makefile
>> +++ b/test/zdtm/static/Makefile
>> @@ -176,6 +176,7 @@ TST_NOFILE	:=				\
>>  		uffd-events			\
>>  		netns_sub			\
>>  		userns00			\
>> +		userns01			\
>>  #		jobctl00			\
>>  
>>  ifneq ($(SRCARCH),arm)
>> diff --git a/test/zdtm/static/userns01.c b/test/zdtm/static/userns01.c
>> new file mode 100644
>> index 000000000..b4d8534f0
>> --- /dev/null
>> +++ b/test/zdtm/static/userns01.c
>> @@ -0,0 +1,150 @@
>> +#define _GNU_SOURCE
>> +#include <stdbool.h>
>> +#include <string.h>
>> +#include <fcntl.h>
>> +#include <unistd.h>
>> +#include <signal.h>
>> +#include <stdio.h>
>> +#include <sys/mount.h>
>> +#include <sys/stat.h>
>> +#include <sys/mman.h>
>> +#include <sched.h>
>> +#include <sys/wait.h>
>> +#include <stdlib.h>
>> +#include <limits.h>
>> +#include <dirent.h>
>> +
>> +#include "zdtmtst.h"
>> +#include "lock.h"
>> +
>> +const char *test_doc	= "Check UID and GID in unshared userns remains the same";
>> +const char *test_author	= "Kirill Tkhai <ktkhai at virtuozzo.com>";
>> +
>> +enum {
>> +	FUTEX_INITIALIZED = 0,
>> +	CHILD_CREATED,
>> +	MAP_WRITTEN,
>> +	XIDS_SET,
>> +	POST_RESTORE_CHECK,
>> +	EMERGENCY_ABORT,
>> +};
>> +
>> +#define CHILD_UID 0
>> +#define CHILD_GID 0
>> +#define UID_MAP "0 0 1\n"
>> +#define GID_MAP "0 0 1\n"
>> +
>> +futex_t *futex;
>> +
>> +int write_map(pid_t pid, char *file, char *map)
>> +{
>> +	char path[PATH_MAX];
>> +	int fd, ret;
>> +
>> +	sprintf(path, "/proc/%d/%s", pid, file);
>> +	fd = open(path, O_WRONLY);
>> +	if (fd < 0) {
>> +		fail("Can't open");
>> +		return -1;
>> +	}
>> +	ret = write(fd, map, strlen(map));
>> +	if (ret != strlen(map)) {
>> +		fail("Can't write");
>> +		close(fd);
>> +		return -1;
>> +	}
>> +	close(fd);
>> +
>> +	return 0;
>> +}
>> +
>> +int child(void)
>> +{
>> +	uid_t uid;
>> +	gid_t gid;
>> +	int ret;
>> +
>> +	ret = unshare(CLONE_NEWUSER);
>> +	if (ret < 0) {
>> +		pr_perror("unshare");
>> +		futex_set_and_wake(futex, EMERGENCY_ABORT);
>> +		return 1;
>> +	}
>> +
>> +	futex_set_and_wake(futex, CHILD_CREATED);
>> +	futex_wait_while_lt(futex, MAP_WRITTEN);
>> +
>> +	if (setuid(CHILD_UID) < 0) {
>> +		pr_perror("setuid");
>> +		futex_set_and_wake(futex, EMERGENCY_ABORT);
>> +		return 2;
>> +	}
>> +
>> +	if (setgid(CHILD_GID) < 0) {
>> +		pr_perror("setgid");
>> +		futex_set_and_wake(futex, EMERGENCY_ABORT);
>> +		return 3;
>> +	}
>> +
>> +	futex_set_and_wake(futex, XIDS_SET);
>> +	futex_wait_while_lt(futex, POST_RESTORE_CHECK);
>> +
>> +	uid = getuid();
>> +	gid = getgid();
>> +	if (uid != CHILD_UID || gid != CHILD_GID) {
>> +		pr_perror("UID or GID is wrong: %d %d", uid, gid);
>> +		futex_set_and_wake(futex, EMERGENCY_ABORT);
>> +		return 4;
>> +	}
>> +
>> +	return 0;
>> +}
>> +
>> +int main(int argc, char **argv)
>> +{
>> +	int status;
>> +	pid_t pid;
>> +
>> +	test_init(argc, argv);
>> +	futex = mmap(NULL, sizeof(*futex), PROT_WRITE | PROT_READ, MAP_SHARED | MAP_ANONYMOUS, -1, 0);
>> +	if (futex == MAP_FAILED) {
>> +		fail("mmap futex\n");
>> +		return 1;
>> +	}
>> +	futex_init(futex);
>> +
>> +	pid = fork();
>> +	if (pid == -1) {
>> +		fail("fork");
>> +		return 1;
>> +	} else if (pid == 0)
>> +		exit(child());
>> +
>> +	futex_wait_while_lt(futex, CHILD_CREATED);
>> +
>> +	if (write_map(pid, "uid_map", UID_MAP) < 0 ||
>> +	    write_map(pid, "gid_map", GID_MAP) < 0) {
>> +		fail("write map");
>> +		goto err;
>> +	}
>> +
>> +	futex_set_and_wake(futex, MAP_WRITTEN);
>> +	futex_wait_while_lt(futex, XIDS_SET);
>> +
>> +	test_daemon();
>> +	test_waitsig();
>> +
>> +	futex_set_and_wake(futex, POST_RESTORE_CHECK);
>> +
>> +	if (wait(&status) < 0 || WEXITSTATUS(status)) {
>> +		fail("pid: status=%d\n", WEXITSTATUS(status));
>> +		goto err;
>> +	}
>> +
>> +	pass();
>> +	return 0;
>> +err:
>> +	futex_set_and_wake(futex, EMERGENCY_ABORT);
>> +	wait(&status);
>> +	return 1;
>> +}
>> diff --git a/test/zdtm/static/userns01.desc b/test/zdtm/static/userns01.desc
>> new file mode 100644
>> index 000000000..1f8bec515
>> --- /dev/null
>> +++ b/test/zdtm/static/userns01.desc
>> @@ -0,0 +1 @@
>> +{'flavor': 'uns', 'flags': 'suid noauto'}
>>

More information about the CRIU mailing list