mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
tests: add userns tests using unshare
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
This commit is contained in:
Georgia Garcia
parent
dd5a6c2e0a
commit
592a0743f0
2 changed files with 54 additions and 7 deletions
|
|
@ -21,16 +21,33 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
static int child(void *arg)
|
||||
static void usage(char *pname)
|
||||
{
|
||||
printf("PASS\n");
|
||||
return EXIT_SUCCESS;
|
||||
fprintf(stderr, "Usage: %s [options]\n", pname);
|
||||
fprintf(stderr, "Options can be:\n");
|
||||
fprintf(stderr, " -c create user namespace using clone\n");
|
||||
fprintf(stderr, " -u create user namespace using unshare\n");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
#define STACK_SIZE (1024 * 1024)
|
||||
static char child_stack[STACK_SIZE];
|
||||
|
||||
int main(int argc, char *argv[])
|
||||
static int child(void *arg)
|
||||
{
|
||||
return EXIT_SUCCESS;
|
||||
}
|
||||
|
||||
int userns_unshare()
|
||||
{
|
||||
if (unshare(CLONE_NEWUSER) == -1) {
|
||||
perror("FAIL - unshare");
|
||||
return EXIT_FAILURE;
|
||||
}
|
||||
return child(NULL);
|
||||
}
|
||||
|
||||
int userns_clone()
|
||||
{
|
||||
pid_t child_pid;
|
||||
int child_exit;
|
||||
|
|
@ -54,6 +71,34 @@ int main(int argc, char *argv[])
|
|||
}
|
||||
}
|
||||
|
||||
printf("PASS\n");
|
||||
return EXIT_SUCCESS;
|
||||
}
|
||||
|
||||
enum op {
|
||||
CLONE,
|
||||
UNSHARE,
|
||||
};
|
||||
|
||||
int main(int argc, char *argv[])
|
||||
{
|
||||
int opt, ret = 0, op;
|
||||
|
||||
while ((opt = getopt(argc, argv, "uc")) != -1) {
|
||||
switch (opt) {
|
||||
case 'c': op = CLONE; break;
|
||||
case 'u': op = UNSHARE; break;
|
||||
default: usage(argv[0]);
|
||||
}
|
||||
}
|
||||
|
||||
if (op == CLONE)
|
||||
ret = userns_clone();
|
||||
else if (op == UNSHARE)
|
||||
ret = userns_unshare();
|
||||
else
|
||||
fprintf(stderr, "FAIL - user namespace method not defined\n");
|
||||
|
||||
if (ret == EXIT_SUCCESS)
|
||||
printf("PASS\n");
|
||||
return ret;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -49,11 +49,13 @@ do_test()
|
|||
|
||||
settest userns
|
||||
$generate_profile # settest removes the profile, so load it here
|
||||
runchecktest "$desc - root" $expect_root
|
||||
runchecktest "$desc clone - root" $expect_root -c # clone
|
||||
runchecktest "$desc unshare - root" $expect_root -u # unshare
|
||||
|
||||
settest -u "foo" userns # run tests as user foo
|
||||
$generate_profile # settest removes the profile, so load it here
|
||||
runchecktest "$desc - user" $expect_user
|
||||
runchecktest "$desc clone - user" $expect_user -c # clone
|
||||
runchecktest "$desc unshare - user" $expect_user -u # unshare
|
||||
}
|
||||
|
||||
if [ $unprivileged_userns_clone -eq 0 ]; then
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue