147 lines
4.4 KiB
Diff
147 lines
4.4 KiB
Diff
commit b2e93de0ffedcfe2cfba100d47a4d4f6f85cea0b
|
||
Author: DJ Delorie <dj@redhat.com>
|
||
Date: Tue Dec 4 00:03:12 2018 -0500
|
||
|
||
test-container: add "su" command to run test as root, add unshare hints
|
||
|
||
* support/test-container.c (check_for_unshare_hints): New.
|
||
(main): Call it if unshare fails. Add support for "su" scriptlet
|
||
command.
|
||
|
||
diff --git a/support/test-container.c b/support/test-container.c
|
||
index fe0ebbd07df83da7..1d1aebeaf3412573 100644
|
||
--- a/support/test-container.c
|
||
+++ b/support/test-container.c
|
||
@@ -88,15 +88,22 @@ int verbose = 0;
|
||
* mytest.root/ is rsync'd into container
|
||
* mytest.root/preclean.req causes fresh rsync (with delete) before
|
||
test if present
|
||
- * mytest.root/mytset.script has a list of "commands" to run:
|
||
+ * mytest.root/mytest.script has a list of "commands" to run:
|
||
syntax:
|
||
# comment
|
||
+ su
|
||
mv FILE FILE
|
||
cp FILE FILE
|
||
rm FILE
|
||
FILE must start with $B/, $S/, $I/, $L/, or /
|
||
(expands to build dir, source dir, install dir, library dir
|
||
(in container), or container's root)
|
||
+ details:
|
||
+ - '#': A comment.
|
||
+ - 'su': Enables running test as root in the container.
|
||
+ - 'mv': A minimal move files command.
|
||
+ - 'cp': A minimal copy files command.
|
||
+ - 'rm': A minimal remove files command.
|
||
* mytest.root/postclean.req causes fresh rsync (with delete) after
|
||
test if present
|
||
|
||
@@ -349,6 +356,7 @@ recursive_remove (char *path)
|
||
|
||
switch (child) {
|
||
case -1:
|
||
+ perror("fork");
|
||
FAIL_EXIT1 ("Unable to fork");
|
||
case 0:
|
||
/* Child. */
|
||
@@ -610,6 +618,47 @@ rsync (char *src, char *dest, int and_delete)
|
||
}
|
||
|
||
|
||
+
|
||
+/* See if we can detect what the user needs to do to get unshare
|
||
+ support working for us. */
|
||
+void
|
||
+check_for_unshare_hints (void)
|
||
+{
|
||
+ FILE *f;
|
||
+ int i;
|
||
+
|
||
+ /* Default Debian Linux disables user namespaces, but allows a way
|
||
+ to enable them. */
|
||
+ f = fopen ("/proc/sys/kernel/unprivileged_userns_clone", "r");
|
||
+ if (f != NULL)
|
||
+ {
|
||
+ i = 99; /* Sentinel. */
|
||
+ fscanf (f, "%d", &i);
|
||
+ if (i == 0)
|
||
+ {
|
||
+ printf ("To enable test-container, please run this as root:\n");
|
||
+ printf (" echo 1 > /proc/sys/kernel/unprivileged_userns_clone\n");
|
||
+ }
|
||
+ fclose (f);
|
||
+ return;
|
||
+ }
|
||
+
|
||
+ /* ALT Linux has an alternate way of doing the same. */
|
||
+ f = fopen ("/proc/sys/kernel/userns_restrict", "r");
|
||
+ if (f != NULL)
|
||
+ {
|
||
+ i = 99; /* Sentinel. */
|
||
+ fscanf (f, "%d", &i);
|
||
+ if (i == 1)
|
||
+ {
|
||
+ printf ("To enable test-container, please run this as root:\n");
|
||
+ printf (" echo 0 > /proc/sys/kernel/userns_restrict\n");
|
||
+ }
|
||
+ fclose (f);
|
||
+ return;
|
||
+ }
|
||
+}
|
||
+
|
||
int
|
||
main (int argc, char **argv)
|
||
{
|
||
@@ -628,6 +677,8 @@ main (int argc, char **argv)
|
||
|
||
uid_t original_uid;
|
||
gid_t original_gid;
|
||
+ /* If set, the test runs as root instead of the user running the testsuite. */
|
||
+ int be_su = 0;
|
||
int UMAP;
|
||
int GMAP;
|
||
/* Used for "%lld %lld 1" so need not be large. */
|
||
@@ -857,6 +908,10 @@ main (int argc, char **argv)
|
||
{
|
||
maybe_xunlink (the_words[1]);
|
||
}
|
||
+ else if (nt == 1 && strcmp (the_words[0], "su") == 0)
|
||
+ {
|
||
+ be_su = 1;
|
||
+ }
|
||
else if (nt > 0 && the_words[0][0] != '#')
|
||
{
|
||
printf ("\033[31minvalid [%s]\033[0m\n", the_words[0]);
|
||
@@ -910,7 +965,12 @@ main (int argc, char **argv)
|
||
/* Older kernels may not support all the options, or security
|
||
policy may block this call. */
|
||
if (errno == EINVAL || errno == EPERM)
|
||
- FAIL_UNSUPPORTED ("unable to unshare user/fs: %s", strerror (errno));
|
||
+ {
|
||
+ int saved_errno = errno;
|
||
+ if (errno == EPERM)
|
||
+ check_for_unshare_hints ();
|
||
+ FAIL_UNSUPPORTED ("unable to unshare user/fs: %s", strerror (saved_errno));
|
||
+ }
|
||
else
|
||
FAIL_EXIT1 ("unable to unshare user/fs: %s", strerror (errno));
|
||
}
|
||
@@ -981,7 +1041,7 @@ main (int argc, char **argv)
|
||
FAIL_EXIT1 ("can't write to /proc/self/uid_map\n");
|
||
|
||
sprintf (tmp, "%lld %lld 1\n",
|
||
- (long long) original_uid, (long long) original_uid);
|
||
+ (long long) (be_su ? 0 : original_uid), (long long) original_uid);
|
||
write (UMAP, tmp, strlen (tmp));
|
||
xclose (UMAP);
|
||
|
||
@@ -1002,7 +1062,7 @@ main (int argc, char **argv)
|
||
FAIL_EXIT1 ("can't write to /proc/self/gid_map\n");
|
||
|
||
sprintf (tmp, "%lld %lld 1\n",
|
||
- (long long) original_gid, (long long) original_gid);
|
||
+ (long long) (be_su ? 0 : original_gid), (long long) original_gid);
|
||
write (GMAP, tmp, strlen (tmp));
|
||
xclose (GMAP);
|
||
|