[CRIU] ZDTM 'uns' Test for Privileged Operations
Abhishek Vijeev
abhishek.vijeev at gmail.com
Sun Sep 6 16:15:46 MSK 2020
Hi,
I have a question about the ZDTM test suite.
I have a test that invokes bpf_map_freeze(). Since this is a
privileged operation, I have set the SUID flag in ${test_name}.desc.
Test flavours 'h' and 'ns' pass. However, the user namespace test
fails with 'Operation not permitted'.
The code change only involves adding the following lines to the
bpf_array test(https://github.com/checkpoint-restore/criu/blob/criu-dev/test/zdtm/static/bpf_array.c#L97):
ret = bpf_map_freeze(map_fd);
if (ret) {
pr_perror("Could not freeze map");
goto err;
}
According to my understanding, the 'uns' flavour executes my test
program in a new user namespace, which has an effective UID of 0
within this namespace (along with all capabilities). Shouldn't it
therefore be able to invoke a privileged system call from within the
new user namespace?
Am I missing something? Is there any way by which I can get this to
work? If not, would it be acceptable to skip the 'uns' test by setting
bpf_array.desc to: {'flavour': 'h ns', 'flags': 'suid}?
Thank you,
Abhishek Vijeev.
More information about the CRIU
mailing list