From bd347dbbc31fd5f9d985b953bf21f0c1b771b039 Mon Sep 17 00:00:00 2001 From: Richard Guy Briggs Date: Wed, 11 Sep 2019 17:37:15 -0400 Subject: [PATCH] tests: contid: add test for capcontid Signed-off-by: Richard Guy Briggs --- tests/containerid/test | 44 +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 43 insertions(+), 1 deletion(-) diff --git a/tests/containerid/test b/tests/containerid/test index 1a9e5b6..f405be7 100755 --- a/tests/containerid/test +++ b/tests/containerid/test @@ -4,7 +4,9 @@ use strict; use File::Temp qw/ tempdir tempfile /; use Test; use IO::Handle; -BEGIN { plan tests => 34 } +use Sys::Syscall; #perl-Sys-Syscall.noarch +require 'syscall.ph'; +BEGIN { plan tests => 37 } ### # functions @@ -67,6 +69,7 @@ my $contid2 = int( rand( 1 << 63 ) ); my $contid3 = int( rand( 1 << 63 ) ); my $contid4 = int( rand( 1 << 63 ) ); my $contid5 = int( rand( 1 << 63 ) ); +my $contid6 = int( rand( 1 << 63 ) ); ### # tests @@ -372,6 +375,45 @@ while ( $line = <$fh_out> ) { ok( $contid4_found, 1 ); # Was the contid4 message well-formed? ok( $contid5_found, 1 ); # Was the contid5 message well-formed? +# Test capcontid set +# Start sleep to provide target task +my $taskcap_pid = fork(); +my $resultcap; +if ( not $taskcap_pid ) { + $! = 0; + $result = syscall( &SYS_unshare, 0x10000000 ); #CLONE_NEWUSER + if ( $result == -1 && $1 == 0 ) { + print "syscall SYS_unshare failed with errno:" . $! . "\n"; + } + sleep 2; + my $taskcapchild_pid = fork(); + if ( not $taskcapchild_pid ) { + sleep 2; + exit; + } + open( my $contidfd, '>', "/proc/$taskcapchild_pid/audit_containerid" ); + $contidfd->autoflush(1); + $resultcap = print $contidfd $contid6; + close($contidfd); + if ( not $resultcap ) { + $resultcap = $!; + } + close($contidfd); + exit $resultcap; +} +sleep 1; + +# Test set +open( $contidfd, '>', "/proc/$taskcap_pid/audit_capcontainerid" ); +$contidfd->autoflush(1); +$result = print $contidfd "1\n"; +close($contidfd); +ok($result); # Did set capchild without init cap fail? +ok( $taskcap_pid > 0 ); # Did taskcap start ok? +my $wait_cap = wait(); +$resultcap = $? >> 8; +ok( $resultcap != 1 ); # Did set fail with capcontid? + if ( defined $ENV{ATS_DEBUG} && $ENV{ATS_DEBUG} == 1 ) { print "\ndebug: start\n"; if ( !$contidself_found || !$resultself ) {