1#!/bin/sh 2# 3# Copyright (c) 2017 FUJITSU LIMITED. All rights reserved. 4# Author: Xiao Yang <yangx.jy@cn.fujitsu.com> 5# 6# This program is free software; you can redistribute it and/or modify 7# it under the terms of the GNU General Public License as published by 8# the Free Software Foundation; either version 2 of the License, or 9# (at your option) any later version. 10# 11# This program is distributed in the hope that it will be useful, 12# but WITHOUT ANY WARRANTY; without even the implied warranty of 13# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See 14# the GNU General Public License for more details. 15# 16# Test unshare command with some basic options. 17# 1) If we run unshare with "--user", UID in the newly created user namespace 18# is set to 65534. 19# 2) If we run unshare with "--user", GID in the newly created user namespace 20# is set to 65534. 21# 3) If we run with "--user --map-root-user", UID in the newly created user 22# namespace is set to 0. 23# 4) If we run with "--user --map-root-user", GID in the newly created user 24# is set to 0. 25# 5) If we run with "--mount", mount and unmount events do not propagate to 26# its parent mount namespace. 27# 6) If we run with "--mount --propagation shared", mount and unmount events 28# propagate to its parent mount namespace. 29# 7) If we run with "--user --map-root-user --mount", mount and unmount events 30# do not propagate to its parent mount namespace. 31# 8) Even if we run with "--user --map-root-user --mount --propagation shared", 32# mount and unmount events do not propagate to its parent mount namespace 33# because the shared mount is reduced to a slave mount. 34# 35# Please see the following URL for detailed information: 36# http://man7.org/linux/man-pages/man7/user_namespaces.7.html 37# http://man7.org/linux/man-pages/man7/mount_namespaces.7.html 38# 39 40TST_CNT=8 41TST_SETUP=setup 42TST_CLEANUP=cleanup 43TST_TESTFUNC=do_test 44TST_NEEDS_ROOT=1 45TST_NEEDS_TMPDIR=1 46TST_NEEDS_CMDS="unshare id mount umount" 47. tst_test.sh 48 49max_userns_path="/proc/sys/user/max_user_namespaces" 50max_mntns_path="/proc/sys/user/max_mnt_namespaces" 51default_max_userns=-1 52default_max_mntns=-1 53 54setup() 55{ 56 # On some distributions(e.g RHEL7.4), the default value of 57 # max_user_namespaces or max_mnt_namespaces is set to 0. 58 # We need to change the default value to run unshare command. 59 if [ -f "${max_userns_path}" ]; then 60 default_max_userns=$(cat "${max_userns_path}") 61 echo 1024 > "${max_userns_path}" 62 fi 63 64 if [ -f "${max_mntns_path}" ]; then 65 default_max_mntns=$(cat "${max_mntns_path}") 66 echo 1024 > "${max_mntns_path}" 67 fi 68 69 mkdir -p dir_A dir_B 70 touch dir_A/A dir_B/B 71} 72 73cleanup() 74{ 75 # Restore the default value to 0. 76 [ ${default_max_userns} -ne -1 ] && \ 77 echo ${default_max_userns} > "${max_userns_path}" 78 [ ${default_max_mntns} -ne -1 ] && \ 79 echo ${default_max_mntns} > "${max_mntns_path}" 80} 81 82check_id() 83{ 84 local act_id=$1 85 local exp_id=$2 86 local cmd=$3 87 88 if [ ${act_id} -ne ${exp_id} ]; then 89 tst_res TFAIL "$cmd got wrong uid/gid" 90 else 91 tst_res TPASS "$cmd got correct uid/gid" 92 fi 93} 94 95check_mount() 96{ 97 local tst_dir=$1 98 local exp_stat=$2 99 local cmd=$3 100 101 case ${exp_stat} in 102 unmounted) 103 if ls "${tst_dir}" | grep -qw 'A'; then 104 tst_res TFAIL "$cmd got bind info" 105 umount ${tst_dir} 106 return 107 fi 108 ;; 109 mounted) 110 if ! ls "${tst_dir}" | grep -qw 'A'; then 111 tst_res TFAIL "$cmd did not get bind info" 112 return 113 fi 114 umount ${tst_dir} 115 ;; 116 esac 117 118 tst_res TPASS "$cmd got bind info as expected" 119} 120 121unshare_test() 122{ 123 local unshare_opts=$1 124 local verify_cmd=$2 125 local exp_result=$3 126 127 local unshare_cmd="unshare ${unshare_opts} ${verify_cmd}" 128 129 eval ${unshare_cmd} > temp 2>&1 130 if [ $? -ne 0 ]; then 131 # unrecognized option or invalid option is returned if the 132 # option is not supported by unshare command(e.g. RHEL6). 133 # Invalid argument or Operation not permitted is returned 134 # if the feature is not supported by kernel(e.g. RHEL7). 135 grep -q -E "unrecognized option|invalid option|Invalid argument|Operation not permitted" temp 136 if [ $? -eq 0 ]; then 137 tst_res TCONF "${unshare_cmd} not supported." 138 else 139 tst_res TFAIL "${unshare_cmd} failed." 140 fi 141 return 142 fi 143 144 case ${verify_cmd} in 145 id*) 146 check_id "$(cat temp)" "${exp_result}" "${unshare_cmd}" 147 ;; 148 mount*) 149 check_mount "dir_B" "${exp_result}" "${unshare_cmd}" 150 ;; 151 esac 152} 153 154do_test() 155{ 156 case $1 in 157 1) unshare_test "--user" "id -u" "65534";; 158 2) unshare_test "--user" "id -g" "65534";; 159 3) unshare_test "--user --map-root-user" "id -u" "0";; 160 4) unshare_test "--user --map-root-user" "id -g" "0";; 161 5) unshare_test "--mount" "mount --bind dir_A dir_B" "unmounted";; 162 6) unshare_test "--mount --propagation shared" \ 163 "mount --bind dir_A dir_B" "mounted";; 164 7) unshare_test "--user --map-root-user --mount" \ 165 "mount --bind dir_A dir_B" "unmounted";; 166 8) unshare_test "--user --map-root-user --mount --propagation shared" \ 167 "mount --bind dir_A dir_B" "unmounted";; 168 esac 169} 170 171tst_run 172