diff --git a/tests/regression/apparmor/userns.c b/tests/regression/apparmor/userns.c index a0959b60b..e00235acc 100644 --- a/tests/regression/apparmor/userns.c +++ b/tests/regression/apparmor/userns.c @@ -21,16 +21,33 @@ #include #include -static int child(void *arg) +static void usage(char *pname) { - printf("PASS\n"); - return EXIT_SUCCESS; + fprintf(stderr, "Usage: %s [options]\n", pname); + fprintf(stderr, "Options can be:\n"); + fprintf(stderr, " -c create user namespace using clone\n"); + fprintf(stderr, " -u create user namespace using unshare\n"); + exit(EXIT_FAILURE); } #define STACK_SIZE (1024 * 1024) static char child_stack[STACK_SIZE]; -int main(int argc, char *argv[]) +static int child(void *arg) +{ + return EXIT_SUCCESS; +} + +int userns_unshare() +{ + if (unshare(CLONE_NEWUSER) == -1) { + perror("FAIL - unshare"); + return EXIT_FAILURE; + } + return child(NULL); +} + +int userns_clone() { pid_t child_pid; int child_exit; @@ -54,6 +71,34 @@ int main(int argc, char *argv[]) } } - printf("PASS\n"); return EXIT_SUCCESS; } + +enum op { + CLONE, + UNSHARE, +}; + +int main(int argc, char *argv[]) +{ + int opt, ret = 0, op; + + while ((opt = getopt(argc, argv, "uc")) != -1) { + switch (opt) { + case 'c': op = CLONE; break; + case 'u': op = UNSHARE; break; + default: usage(argv[0]); + } + } + + if (op == CLONE) + ret = userns_clone(); + else if (op == UNSHARE) + ret = userns_unshare(); + else + fprintf(stderr, "FAIL - user namespace method not defined\n"); + + if (ret == EXIT_SUCCESS) + printf("PASS\n"); + return ret; +} diff --git a/tests/regression/apparmor/userns.sh b/tests/regression/apparmor/userns.sh index ac887a22d..417e0ba8d 100755 --- a/tests/regression/apparmor/userns.sh +++ b/tests/regression/apparmor/userns.sh @@ -49,11 +49,13 @@ do_test() settest userns $generate_profile # settest removes the profile, so load it here - runchecktest "$desc - root" $expect_root + runchecktest "$desc clone - root" $expect_root -c # clone + runchecktest "$desc unshare - root" $expect_root -u # unshare settest -u "foo" userns # run tests as user foo $generate_profile # settest removes the profile, so load it here - runchecktest "$desc - user" $expect_user + runchecktest "$desc clone - user" $expect_user -c # clone + runchecktest "$desc unshare - user" $expect_user -u # unshare } if [ $unprivileged_userns_clone -eq 0 ]; then