[Libct] [PATCH 7/8] tests: check capabilities and process ids

Andrey Vagin avagin at openvz.org
Wed Nov 5 01:40:24 PST 2014


Signed-off-by: Andrey Vagin <avagin at openvz.org>
---
 test/Makefile    |  3 ++-
 test/ct_caps.c   | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 test/ct_create.c | 11 +++++++++++
 3 files changed, 70 insertions(+), 1 deletion(-)
 create mode 100644 test/ct_caps.c

diff --git a/test/Makefile b/test/Makefile
index 75ba96b..89b1547 100644
--- a/test/Makefile
+++ b/test/Makefile
@@ -2,7 +2,8 @@ TESTS =	ct_create ct_enter ct_proc ct_root ct_root_enter \
 	ct_create_exec ct_cgroup_basic ct_net_host \
 	ct_net_veth ct_private_subdir \
 	ct_ext_mount ct_private_subdir_ns \
-	ct_cgroup_sub ct_service ct_kill_nons ct_pid_enter ct_userns
+	ct_cgroup_sub ct_service ct_kill_nons ct_pid_enter \
+	ct_userns ct_caps
 
 PIGS  = file_piggy
 
diff --git a/test/ct_caps.c b/test/ct_caps.c
new file mode 100644
index 0000000..a23e771
--- /dev/null
+++ b/test/ct_caps.c
@@ -0,0 +1,57 @@
+/*
+ * Test empty "container" creation
+ */
+#include <libct.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/mman.h>
+#include <linux/capability.h>
+#include "test.h"
+
+#define TEST_CAPS 0x1234
+
+extern int capget(cap_user_header_t header, const cap_user_data_t data);
+extern int capset(cap_user_header_t header, const cap_user_data_t data);
+
+static int set_ct_alive(void *a)
+{
+	struct __user_cap_header_struct hdr = {_LINUX_CAPABILITY_VERSION_3, 0};
+	struct __user_cap_data_struct data[2];
+
+	memset(&data, 0, sizeof(data));
+
+	if (capget(&hdr, data))
+		return -1;
+
+	if (data[0].effective != TEST_CAPS)
+		return 1;
+
+	*(int *)a = 1;
+	return 0;
+}
+
+int main(int argc, char **argv)
+{
+	int *ct_alive;
+	libct_session_t s;
+	ct_handler_t ct;
+	ct_process_desc_t p;
+
+	ct_alive = mmap(NULL, 4096, PROT_READ | PROT_WRITE,
+			MAP_SHARED | MAP_ANON, 0, 0);
+	*ct_alive = 0;
+
+	s = libct_session_open_local();
+	ct = libct_container_create(s, "test");
+	p = libct_process_desc_create(s);
+	libct_process_desc_set_caps(p, TEST_CAPS, CAPS_ALLCAPS);
+	libct_container_spawn_cb(ct, p, set_ct_alive, ct_alive);
+	libct_container_wait(ct);
+	libct_container_destroy(ct);
+	libct_session_close(s);
+
+	if (!*ct_alive)
+		return fail("Container is not alive");
+	else
+		return pass("Container is alive");
+}
diff --git a/test/ct_create.c b/test/ct_create.c
index 1042ded..457aeb0 100644
--- a/test/ct_create.c
+++ b/test/ct_create.c
@@ -1,13 +1,22 @@
 /*
  * Test empty "container" creation
  */
+#include <unistd.h>
+#include <sys/types.h>
 #include <libct.h>
 #include <stdio.h>
 #include <sys/mman.h>
 #include "test.h"
 
+#define UID	31451
+#define GID	92653
+
 static int set_ct_alive(void *a)
 {
+	if (getuid() != UID)
+		return -1;
+	if (getgid() != GID)
+		return -1;
 	*(int *)a = 1;
 	return 0;
 }
@@ -26,6 +35,8 @@ int main(int argc, char **argv)
 	s = libct_session_open_local();
 	ct = libct_container_create(s, "test");
 	p = libct_process_desc_create(s);
+	libct_process_desc_setuid(p, UID);
+	libct_process_desc_setgid(p, GID);
 	libct_container_spawn_cb(ct, p, set_ct_alive, ct_alive);
 	libct_container_wait(ct);
 	libct_container_destroy(ct);
-- 
1.9.1



More information about the Libct mailing list