JakeHillion/ocaml-cgroups2
Archived
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

wip: mount namespaces

Browse Source
This commit is contained in:
Jake Hillion 2022-01-01 01:08:48 +00:00
parent 2c5d354bcd
commit 56b4deeb64
2 changed files with 154 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
assertions/Makefile
View File

@ -9,29 +9,36 @@ CFLAGS = -std=c17
INC_DIRS=-I$(UNITY_ROOT)/src
SRC_NAMESPACES_FS_UNSHARE=$(UNITY_ROOT)/src/unity.c namespaces/fs/TestUnshare.c test_runners/namespaces_fs_TestUnshare_Runner.c
SRC_NAMESPACES_FS_CLONE=$(UNITY_ROOT)/src/unity.c namespaces/fs/TestClone.c test_runners/namespaces_fs_TestClone_Runner.c
TARGET_NAMESPACES_FS_UNSHARE=target/test_namespaces_fs_unshare
SRC_NAMESPACES_FS_CLONE=$(UNITY_ROOT)/src/unity.c namespaces/fs/TestClone.c test_runners/namespaces_fs_TestClone_Runner.c
TARGET_NAMESPACES_FS_CLONE=target/test_namespaces_fs_clone
SRC_NAMESPACES_FILES_CLONE=$(UNITY_ROOT)/src/unity.c namespaces/files/TestClone.c test_runners/namespaces_files_TestClone_Runner.c
TARGET_NAMESPACES_FILES_CLONE=target/test_namespaces_files_clone
SRC_NAMESPACES_MOUNT_CLONE=$(UNITY_ROOT)/src/unity.c namespaces/mount/TestClone.c test_runners/namespaces_mount_TestClone_Runner.c
TARGET_NAMESPACES_MOUNT_CLONE=target/test_namespaces_mount_clone
all: clean default
default: $(SRC_NAMESPACES_FS_UNSHARE) $(SRC_NAMESPACES_FS_CLONE) $(SRC_NAMESPACES_FILES_CLONE)
default: $(SRC_NAMESPACES_FS_UNSHARE) $(SRC_NAMESPACES_FS_CLONE) $(SRC_NAMESPACES_FILES_CLONE) $(SRC_NAMESPACES_MOUNT_CLONE)
$(C_COMPILER) $(CFLAGS) $(INC_DIRS) $(SYMBOLS) $(SRC_NAMESPACES_FS_UNSHARE) -o $(TARGET_NAMESPACES_FS_UNSHARE)
$(C_COMPILER) $(CFLAGS) $(INC_DIRS) $(SYMBOLS) $(SRC_NAMESPACES_FS_CLONE) -o $(TARGET_NAMESPACES_FS_CLONE)
$(C_COMPILER) $(CFLAGS) $(INC_DIRS) $(SYMBOLS) $(SRC_NAMESPACES_FILES_CLONE) -o $(TARGET_NAMESPACES_FILES_CLONE)
$(C_COMPILER) $(CFLAGS) $(INC_DIRS) $(SYMBOLS) $(SRC_NAMESPACES_MOUNT_CLONE) -o $(TARGET_NAMESPACES_MOUNT_CLONE)
@echo
@echo Finished preparing tests, running now.
@echo
sudo setcap cap_sys_admin+eip $(TARGET_NAMESPACES_MOUNT_CLONE)
- ./$(TARGET_NAMESPACES_FS_UNSHARE)
- ./$(TARGET_NAMESPACES_FS_CLONE)
- ./$(TARGET_NAMESPACES_FILES_CLONE)
- ./$(TARGET_NAMESPACES_MOUNT_CLONE)
test_runners/namespaces_fs_TestUnshare_Runner.c: namespaces/fs/TestUnshare.c
ruby $(UNITY_ROOT)/auto/generate_test_runner.rb namespaces/fs/TestUnshare.c test_runners/namespaces_fs_TestUnshare_Runner.c
@ -42,6 +49,9 @@ test_runners/namespaces_fs_TestClone_Runner.c: namespaces/fs/TestClone.c
test_runners/namespaces_files_TestClone_Runner.c: namespaces/files/TestClone.c
ruby $(UNITY_ROOT)/auto/generate_test_runner.rb namespaces/files/TestClone.c test_runners/namespaces_files_TestClone_Runner.c
test_runners/namespaces_mount_TestClone_Runner.c: namespaces/mount/TestClone.c
ruby $(UNITY_ROOT)/auto/generate_test_runner.rb namespaces/mount/TestClone.c test_runners/namespaces_mount_TestClone_Runner.c
clean:
$(CLEANUP) $(TARGET_NAMESPACES_FS_UNSHARE) $(TARGET_NAMESPACES_FS_CLONE) $(TARGET_NAMESPACES_FILES_CLONE)
mkdir -p test_runners/ target/

140
assertions/namespaces/mount/TestClone.c Normal file
View File

@ -0,0 +1,140 @@
#define _GNU_SOURCE
#include "unity.h"
#include <fcntl.h>
#include <linux/sched.h>
#include <sched.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/mman.h>
#include <sys/mount.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h>
#include <linux/wait.h>
static char *TMP_DIR = NULL;
void removeDirectory(char *dir) {
char cmd[256];
sprintf(cmd, "rm -r %s", dir);
TEST_ASSERT_EQUAL(0, system(cmd));
}
void setUp(void) {
const char tmp_dir[] = "/var/tmp/tmpdir-XXXXXX";
TMP_DIR = malloc(sizeof(tmp_dir));
strcpy(TMP_DIR, tmp_dir);
TEST_ASSERT_NOT_EQUAL_MESSAGE(NULL, mkdtemp(TMP_DIR), "tmpdir failed");
}
void tearDown(void) {
removeDirectory(TMP_DIR);
free(TMP_DIR);
TMP_DIR = NULL;
}
long clone3(struct clone_args *cl_args) {
return syscall(SYS_clone3, cl_args, sizeof(struct clone_args));
}
void test_cloneMount_mount_doesNotPropagate(void) {
// PREPARE
// ACT
pid_t forkedChildPid;
if ((forkedChildPid = fork()) == 0) {
// child process - act but do not assert
// all assertions will be on the return code
if (mount(TMP_DIR, TMP_DIR, NULL, MS_BIND | MS_PRIVATE, NULL) != 0) {
exit(12); // bind mount failed
}
char *tmpDirMount = malloc(64);
int clonedChildPidFd;
struct clone_args cl_args = {
.flags = CLONE_PIDFD | CLONE_NEWNS,
.pidfd = (uint64_t)(&clonedChildPidFd),
.child_tid = 0,
.parent_tid = 0,
.exit_signal = SIGCHLD,
.stack = 0,
.stack_size = 0,
.tls = 0,
.set_tid = 0,
.set_tid_size = 0,
.cgroup = 0,
};
long cloneResult = clone3(&cl_args);
if (cloneResult == 0) {
if (mount(NULL, TMP_DIR, "tmpfs", 0, NULL) != 0) {
exit(1); // mount failed
}
if (mount(NULL, TMP_DIR, NULL, MS_PRIVATE, NULL) != 0) {
exit(10); // mount permission change failed
}
int dirfd;
if ((dirfd = open(TMP_DIR, O_DIRECTORY)) < 0) {
exit(1); // dir open failed
}
int filefd;
if ((filefd = openat(dirfd, "touched", O_WRONLY | O_CREAT, 0700)) < 0) {
exit(1); // file open failed
}
if (close(filefd) != 0 || close(dirfd) != 0) {
exit(1); // close failed
}
exit(0);
} else if (cloneResult == -1) {
exit(2); // clone failed
}
siginfo_t status;
if (waitid(P_PIDFD, clonedChildPidFd, &status, WEXITED) == -1) {
exit(3); // wait failed
}
if (status.si_status != 0) {
exit(status.si_status); // return status
}
int dirfd;
if ((dirfd = open(TMP_DIR, O_DIRECTORY)) < 0) {
exit(1); // dir open failed
}
if (faccessat(dirfd, "touched", F_OK, 0) == 0) {
exit(9); // file in foreign namespace mount exists
}
if (umount(TMP_DIR) != 0) {
exit(11); // unmount failed
}
exit(0);
}
// ASSERT
TEST_ASSERT_GREATER_THAN_MESSAGE(0, forkedChildPid, "fork failed");
int status = 0;
TEST_ASSERT_EQUAL_MESSAGE(forkedChildPid, waitpid(forkedChildPid, &status, 0),
"wait failed");
TEST_ASSERT_EQUAL_MESSAGE(0, WEXITSTATUS(status), "return status non-zero");
}