diff options
Diffstat (limited to 'tools/testing/selftests/mount/unprivileged-remount-test.c')
| -rw-r--r-- | tools/testing/selftests/mount/unprivileged-remount-test.c | 204 |
1 files changed, 166 insertions, 38 deletions
diff --git a/tools/testing/selftests/mount/unprivileged-remount-test.c b/tools/testing/selftests/mount/unprivileged-remount-test.c index 1b3ff2fda4d0..517785052f1c 100644 --- a/tools/testing/selftests/mount/unprivileged-remount-test.c +++ b/tools/testing/selftests/mount/unprivileged-remount-test.c | |||
| @@ -6,6 +6,8 @@ | |||
| 6 | #include <sys/types.h> | 6 | #include <sys/types.h> |
| 7 | #include <sys/mount.h> | 7 | #include <sys/mount.h> |
| 8 | #include <sys/wait.h> | 8 | #include <sys/wait.h> |
| 9 | #include <sys/vfs.h> | ||
| 10 | #include <sys/statvfs.h> | ||
| 9 | #include <stdlib.h> | 11 | #include <stdlib.h> |
| 10 | #include <unistd.h> | 12 | #include <unistd.h> |
| 11 | #include <fcntl.h> | 13 | #include <fcntl.h> |
| @@ -32,11 +34,14 @@ | |||
| 32 | # define CLONE_NEWPID 0x20000000 | 34 | # define CLONE_NEWPID 0x20000000 |
| 33 | #endif | 35 | #endif |
| 34 | 36 | ||
| 37 | #ifndef MS_REC | ||
| 38 | # define MS_REC 16384 | ||
| 39 | #endif | ||
| 35 | #ifndef MS_RELATIME | 40 | #ifndef MS_RELATIME |
| 36 | #define MS_RELATIME (1 << 21) | 41 | # define MS_RELATIME (1 << 21) |
| 37 | #endif | 42 | #endif |
| 38 | #ifndef MS_STRICTATIME | 43 | #ifndef MS_STRICTATIME |
| 39 | #define MS_STRICTATIME (1 << 24) | 44 | # define MS_STRICTATIME (1 << 24) |
| 40 | #endif | 45 | #endif |
| 41 | 46 | ||
| 42 | static void die(char *fmt, ...) | 47 | static void die(char *fmt, ...) |
| @@ -48,17 +53,14 @@ static void die(char *fmt, ...) | |||
| 48 | exit(EXIT_FAILURE); | 53 | exit(EXIT_FAILURE); |
| 49 | } | 54 | } |
| 50 | 55 | ||
| 51 | static void write_file(char *filename, char *fmt, ...) | 56 | static void vmaybe_write_file(bool enoent_ok, char *filename, char *fmt, va_list ap) |
| 52 | { | 57 | { |
| 53 | char buf[4096]; | 58 | char buf[4096]; |
| 54 | int fd; | 59 | int fd; |
| 55 | ssize_t written; | 60 | ssize_t written; |
| 56 | int buf_len; | 61 | int buf_len; |
| 57 | va_list ap; | ||
| 58 | 62 | ||
| 59 | va_start(ap, fmt); | ||
| 60 | buf_len = vsnprintf(buf, sizeof(buf), fmt, ap); | 63 | buf_len = vsnprintf(buf, sizeof(buf), fmt, ap); |
| 61 | va_end(ap); | ||
| 62 | if (buf_len < 0) { | 64 | if (buf_len < 0) { |
| 63 | die("vsnprintf failed: %s\n", | 65 | die("vsnprintf failed: %s\n", |
| 64 | strerror(errno)); | 66 | strerror(errno)); |
| @@ -69,6 +71,8 @@ static void write_file(char *filename, char *fmt, ...) | |||
| 69 | 71 | ||
| 70 | fd = open(filename, O_WRONLY); | 72 | fd = open(filename, O_WRONLY); |
| 71 | if (fd < 0) { | 73 | if (fd < 0) { |
| 74 | if ((errno == ENOENT) && enoent_ok) | ||
| 75 | return; | ||
| 72 | die("open of %s failed: %s\n", | 76 | die("open of %s failed: %s\n", |
| 73 | filename, strerror(errno)); | 77 | filename, strerror(errno)); |
| 74 | } | 78 | } |
| @@ -87,6 +91,65 @@ static void write_file(char *filename, char *fmt, ...) | |||
| 87 | } | 91 | } |
| 88 | } | 92 | } |
| 89 | 93 | ||
| 94 | static void maybe_write_file(char *filename, char *fmt, ...) | ||
| 95 | { | ||
| 96 | va_list ap; | ||
| 97 | |||
| 98 | va_start(ap, fmt); | ||
| 99 | vmaybe_write_file(true, filename, fmt, ap); | ||
| 100 | va_end(ap); | ||
| 101 | |||
| 102 | } | ||
| 103 | |||
| 104 | static void write_file(char *filename, char *fmt, ...) | ||
| 105 | { | ||
| 106 | va_list ap; | ||
| 107 | |||
| 108 | va_start(ap, fmt); | ||
| 109 | vmaybe_write_file(false, filename, fmt, ap); | ||
| 110 | va_end(ap); | ||
| 111 | |||
| 112 | } | ||
| 113 | |||
| 114 | static int read_mnt_flags(const char *path) | ||
| 115 | { | ||
| 116 | int ret; | ||
| 117 | struct statvfs stat; | ||
| 118 | int mnt_flags; | ||
| 119 | |||
| 120 | ret = statvfs(path, &stat); | ||
| 121 | if (ret != 0) { | ||
| 122 | die("statvfs of %s failed: %s\n", | ||
| 123 | path, strerror(errno)); | ||
| 124 | } | ||
| 125 | if (stat.f_flag & ~(ST_RDONLY | ST_NOSUID | ST_NODEV | \ | ||
| 126 | ST_NOEXEC | ST_NOATIME | ST_NODIRATIME | ST_RELATIME | \ | ||
| 127 | ST_SYNCHRONOUS | ST_MANDLOCK)) { | ||
| 128 | die("Unrecognized mount flags\n"); | ||
| 129 | } | ||
| 130 | mnt_flags = 0; | ||
| 131 | if (stat.f_flag & ST_RDONLY) | ||
| 132 | mnt_flags |= MS_RDONLY; | ||
| 133 | if (stat.f_flag & ST_NOSUID) | ||
| 134 | mnt_flags |= MS_NOSUID; | ||
| 135 | if (stat.f_flag & ST_NODEV) | ||
| 136 | mnt_flags |= MS_NODEV; | ||
| 137 | if (stat.f_flag & ST_NOEXEC) | ||
| 138 | mnt_flags |= MS_NOEXEC; | ||
| 139 | if (stat.f_flag & ST_NOATIME) | ||
| 140 | mnt_flags |= MS_NOATIME; | ||
| 141 | if (stat.f_flag & ST_NODIRATIME) | ||
| 142 | mnt_flags |= MS_NODIRATIME; | ||
| 143 | if (stat.f_flag & ST_RELATIME) | ||
| 144 | mnt_flags |= MS_RELATIME; | ||
| 145 | if (stat.f_flag & ST_SYNCHRONOUS) | ||
| 146 | mnt_flags |= MS_SYNCHRONOUS; | ||
| 147 | if (stat.f_flag & ST_MANDLOCK) | ||
| 148 | mnt_flags |= ST_MANDLOCK; | ||
| 149 | |||
| 150 | return mnt_flags; | ||
| 151 | } | ||
| 152 | |||
| 90 | static void create_and_enter_userns(void) | 153 | static void create_and_enter_userns(void) |
| 91 | { | 154 | { |
| 92 | uid_t uid; | 155 | uid_t uid; |
| @@ -100,13 +163,10 @@ static void create_and_enter_userns(void) | |||
| 100 | strerror(errno)); | 163 | strerror(errno)); |
| 101 | } | 164 | } |
| 102 | 165 | ||
| 166 | maybe_write_file("/proc/self/setgroups", "deny"); | ||
| 103 | write_file("/proc/self/uid_map", "0 %d 1", uid); | 167 | write_file("/proc/self/uid_map", "0 %d 1", uid); |
| 104 | write_file("/proc/self/gid_map", "0 %d 1", gid); | 168 | write_file("/proc/self/gid_map", "0 %d 1", gid); |
| 105 | 169 | ||
| 106 | if (setgroups(0, NULL) != 0) { | ||
| 107 | die("setgroups failed: %s\n", | ||
| 108 | strerror(errno)); | ||
| 109 | } | ||
| 110 | if (setgid(0) != 0) { | 170 | if (setgid(0) != 0) { |
| 111 | die ("setgid(0) failed %s\n", | 171 | die ("setgid(0) failed %s\n", |
| 112 | strerror(errno)); | 172 | strerror(errno)); |
| @@ -118,7 +178,8 @@ static void create_and_enter_userns(void) | |||
| 118 | } | 178 | } |
| 119 | 179 | ||
| 120 | static | 180 | static |
| 121 | bool test_unpriv_remount(int mount_flags, int remount_flags, int invalid_flags) | 181 | bool test_unpriv_remount(const char *fstype, const char *mount_options, |
| 182 | int mount_flags, int remount_flags, int invalid_flags) | ||
| 122 | { | 183 | { |
| 123 | pid_t child; | 184 | pid_t child; |
| 124 | 185 | ||
| @@ -151,9 +212,11 @@ bool test_unpriv_remount(int mount_flags, int remount_flags, int invalid_flags) | |||
| 151 | strerror(errno)); | 212 | strerror(errno)); |
| 152 | } | 213 | } |
| 153 | 214 | ||
| 154 | if (mount("testing", "/tmp", "ramfs", mount_flags, NULL) != 0) { | 215 | if (mount("testing", "/tmp", fstype, mount_flags, mount_options) != 0) { |
| 155 | die("mount of /tmp failed: %s\n", | 216 | die("mount of %s with options '%s' on /tmp failed: %s\n", |
| 156 | strerror(errno)); | 217 | fstype, |
| 218 | mount_options? mount_options : "", | ||
| 219 | strerror(errno)); | ||
| 157 | } | 220 | } |
| 158 | 221 | ||
| 159 | create_and_enter_userns(); | 222 | create_and_enter_userns(); |
| @@ -181,62 +244,127 @@ bool test_unpriv_remount(int mount_flags, int remount_flags, int invalid_flags) | |||
| 181 | 244 | ||
| 182 | static bool test_unpriv_remount_simple(int mount_flags) | 245 | static bool test_unpriv_remount_simple(int mount_flags) |
| 183 | { | 246 | { |
| 184 | return test_unpriv_remount(mount_flags, mount_flags, 0); | 247 | return test_unpriv_remount("ramfs", NULL, mount_flags, mount_flags, 0); |
| 185 | } | 248 | } |
| 186 | 249 | ||
| 187 | static bool test_unpriv_remount_atime(int mount_flags, int invalid_flags) | 250 | static bool test_unpriv_remount_atime(int mount_flags, int invalid_flags) |
| 188 | { | 251 | { |
| 189 | return test_unpriv_remount(mount_flags, mount_flags, invalid_flags); | 252 | return test_unpriv_remount("ramfs", NULL, mount_flags, mount_flags, |
| 253 | invalid_flags); | ||
| 254 | } | ||
| 255 | |||
| 256 | static bool test_priv_mount_unpriv_remount(void) | ||
| 257 | { | ||
| 258 | pid_t child; | ||
| 259 | int ret; | ||
| 260 | const char *orig_path = "/dev"; | ||
| 261 | const char *dest_path = "/tmp"; | ||
| 262 | int orig_mnt_flags, remount_mnt_flags; | ||
| 263 | |||
| 264 | child = fork(); | ||
| 265 | if (child == -1) { | ||
| 266 | die("fork failed: %s\n", | ||
| 267 | strerror(errno)); | ||
| 268 | } | ||
| 269 | if (child != 0) { /* parent */ | ||
| 270 | pid_t pid; | ||
| 271 | int status; | ||
| 272 | pid = waitpid(child, &status, 0); | ||
| 273 | if (pid == -1) { | ||
| 274 | die("waitpid failed: %s\n", | ||
| 275 | strerror(errno)); | ||
| 276 | } | ||
| 277 | if (pid != child) { | ||
| 278 | die("waited for %d got %d\n", | ||
| 279 | child, pid); | ||
| 280 | } | ||
| 281 | if (!WIFEXITED(status)) { | ||
| 282 | die("child did not terminate cleanly\n"); | ||
| 283 | } | ||
| 284 | return WEXITSTATUS(status) == EXIT_SUCCESS ? true : false; | ||
| 285 | } | ||
| 286 | |||
| 287 | orig_mnt_flags = read_mnt_flags(orig_path); | ||
| 288 | |||
| 289 | create_and_enter_userns(); | ||
| 290 | ret = unshare(CLONE_NEWNS); | ||
| 291 | if (ret != 0) { | ||
| 292 | die("unshare(CLONE_NEWNS) failed: %s\n", | ||
| 293 | strerror(errno)); | ||
| 294 | } | ||
| 295 | |||
| 296 | ret = mount(orig_path, dest_path, "bind", MS_BIND | MS_REC, NULL); | ||
| 297 | if (ret != 0) { | ||
| 298 | die("recursive bind mount of %s onto %s failed: %s\n", | ||
| 299 | orig_path, dest_path, strerror(errno)); | ||
| 300 | } | ||
| 301 | |||
| 302 | ret = mount(dest_path, dest_path, "none", | ||
| 303 | MS_REMOUNT | MS_BIND | orig_mnt_flags , NULL); | ||
| 304 | if (ret != 0) { | ||
| 305 | /* system("cat /proc/self/mounts"); */ | ||
| 306 | die("remount of /tmp failed: %s\n", | ||
| 307 | strerror(errno)); | ||
| 308 | } | ||
| 309 | |||
| 310 | remount_mnt_flags = read_mnt_flags(dest_path); | ||
| 311 | if (orig_mnt_flags != remount_mnt_flags) { | ||
| 312 | die("Mount flags unexpectedly changed during remount of %s originally mounted on %s\n", | ||
| 313 | dest_path, orig_path); | ||
| 314 | } | ||
| 315 | exit(EXIT_SUCCESS); | ||
| 190 | } | 316 | } |
| 191 | 317 | ||
| 192 | int main(int argc, char **argv) | 318 | int main(int argc, char **argv) |
| 193 | { | 319 | { |
| 194 | if (!test_unpriv_remount_simple(MS_RDONLY|MS_NODEV)) { | 320 | if (!test_unpriv_remount_simple(MS_RDONLY)) { |
| 195 | die("MS_RDONLY malfunctions\n"); | 321 | die("MS_RDONLY malfunctions\n"); |
| 196 | } | 322 | } |
| 197 | if (!test_unpriv_remount_simple(MS_NODEV)) { | 323 | if (!test_unpriv_remount("devpts", "newinstance", MS_NODEV, MS_NODEV, 0)) { |
| 198 | die("MS_NODEV malfunctions\n"); | 324 | die("MS_NODEV malfunctions\n"); |
| 199 | } | 325 | } |
| 200 | if (!test_unpriv_remount_simple(MS_NOSUID|MS_NODEV)) { | 326 | if (!test_unpriv_remount_simple(MS_NOSUID)) { |
| 201 | die("MS_NOSUID malfunctions\n"); | 327 | die("MS_NOSUID malfunctions\n"); |
| 202 | } | 328 | } |
| 203 | if (!test_unpriv_remount_simple(MS_NOEXEC|MS_NODEV)) { | 329 | if (!test_unpriv_remount_simple(MS_NOEXEC)) { |
| 204 | die("MS_NOEXEC malfunctions\n"); | 330 | die("MS_NOEXEC malfunctions\n"); |
| 205 | } | 331 | } |
| 206 | if (!test_unpriv_remount_atime(MS_RELATIME|MS_NODEV, | 332 | if (!test_unpriv_remount_atime(MS_RELATIME, |
| 207 | MS_NOATIME|MS_NODEV)) | 333 | MS_NOATIME)) |
| 208 | { | 334 | { |
| 209 | die("MS_RELATIME malfunctions\n"); | 335 | die("MS_RELATIME malfunctions\n"); |
| 210 | } | 336 | } |
| 211 | if (!test_unpriv_remount_atime(MS_STRICTATIME|MS_NODEV, | 337 | if (!test_unpriv_remount_atime(MS_STRICTATIME, |
| 212 | MS_NOATIME|MS_NODEV)) | 338 | MS_NOATIME)) |
| 213 | { | 339 | { |
| 214 | die("MS_STRICTATIME malfunctions\n"); | 340 | die("MS_STRICTATIME malfunctions\n"); |
| 215 | } | 341 | } |
| 216 | if (!test_unpriv_remount_atime(MS_NOATIME|MS_NODEV, | 342 | if (!test_unpriv_remount_atime(MS_NOATIME, |
| 217 | MS_STRICTATIME|MS_NODEV)) | 343 | MS_STRICTATIME)) |
| 218 | { | 344 | { |
| 219 | die("MS_RELATIME malfunctions\n"); | 345 | die("MS_NOATIME malfunctions\n"); |
| 220 | } | 346 | } |
| 221 | if (!test_unpriv_remount_atime(MS_RELATIME|MS_NODIRATIME|MS_NODEV, | 347 | if (!test_unpriv_remount_atime(MS_RELATIME|MS_NODIRATIME, |
| 222 | MS_NOATIME|MS_NODEV)) | 348 | MS_NOATIME)) |
| 223 | { | 349 | { |
| 224 | die("MS_RELATIME malfunctions\n"); | 350 | die("MS_RELATIME|MS_NODIRATIME malfunctions\n"); |
| 225 | } | 351 | } |
| 226 | if (!test_unpriv_remount_atime(MS_STRICTATIME|MS_NODIRATIME|MS_NODEV, | 352 | if (!test_unpriv_remount_atime(MS_STRICTATIME|MS_NODIRATIME, |
| 227 | MS_NOATIME|MS_NODEV)) | 353 | MS_NOATIME)) |
| 228 | { | 354 | { |
| 229 | die("MS_RELATIME malfunctions\n"); | 355 | die("MS_STRICTATIME|MS_NODIRATIME malfunctions\n"); |
| 230 | } | 356 | } |
| 231 | if (!test_unpriv_remount_atime(MS_NOATIME|MS_NODIRATIME|MS_NODEV, | 357 | if (!test_unpriv_remount_atime(MS_NOATIME|MS_NODIRATIME, |
| 232 | MS_STRICTATIME|MS_NODEV)) | 358 | MS_STRICTATIME)) |
| 233 | { | 359 | { |
| 234 | die("MS_RELATIME malfunctions\n"); | 360 | die("MS_NOATIME|MS_DIRATIME malfunctions\n"); |
| 235 | } | 361 | } |
| 236 | if (!test_unpriv_remount(MS_STRICTATIME|MS_NODEV, MS_NODEV, | 362 | if (!test_unpriv_remount("ramfs", NULL, MS_STRICTATIME, 0, MS_NOATIME)) |
| 237 | MS_NOATIME|MS_NODEV)) | ||
| 238 | { | 363 | { |
| 239 | die("Default atime malfunctions\n"); | 364 | die("Default atime malfunctions\n"); |
| 240 | } | 365 | } |
| 366 | if (!test_priv_mount_unpriv_remount()) { | ||
| 367 | die("Mount flags unexpectedly changed after remount\n"); | ||
| 368 | } | ||
| 241 | return EXIT_SUCCESS; | 369 | return EXIT_SUCCESS; |
| 242 | } | 370 | } |