Skip to content

Commit 6e5ed65

Browse files
braunerbrauner
committed
selftests/ovl: add second selftest for "override_creds"
Add a simple test to verify that the new "override_creds" option works. Link: https://lore.kernel.org/r/20250219-work-overlayfs-v3-3-46af55e4ceda@kernel.org Reviewed-by: Amir Goldstein <amir73il@gmail.com> Signed-off-by: Christian Brauner <brauner@kernel.org>
1 parent c68946e commit 6e5ed65

1 file changed

Lines changed: 138 additions & 11 deletions

File tree

tools/testing/selftests/filesystems/overlayfs/set_layers_via_fds.c

Lines changed: 138 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -6,27 +6,35 @@
66
#include <sched.h>
77
#include <stdio.h>
88
#include <string.h>
9+
#include <sys/socket.h>
910
#include <sys/stat.h>
1011
#include <sys/mount.h>
1112
#include <unistd.h>
1213

1314
#include "../../kselftest_harness.h"
1415
#include "../../pidfd/pidfd.h"
1516
#include "log.h"
17+
#include "../utils.h"
1618
#include "wrappers.h"
1719

1820
FIXTURE(set_layers_via_fds) {
21+
int pidfd;
1922
};
2023

2124
FIXTURE_SETUP(set_layers_via_fds)
2225
{
23-
ASSERT_EQ(mkdir("/set_layers_via_fds", 0755), 0);
26+
self->pidfd = -EBADF;
27+
EXPECT_EQ(mkdir("/set_layers_via_fds", 0755), 0);
2428
}
2529

2630
FIXTURE_TEARDOWN(set_layers_via_fds)
2731
{
32+
if (self->pidfd >= 0) {
33+
EXPECT_EQ(sys_pidfd_send_signal(self->pidfd, SIGKILL, NULL, 0), 0);
34+
EXPECT_EQ(close(self->pidfd), 0);
35+
}
2836
umount2("/set_layers_via_fds", 0);
29-
ASSERT_EQ(rmdir("/set_layers_via_fds"), 0);
37+
EXPECT_EQ(rmdir("/set_layers_via_fds"), 0);
3038
}
3139

3240
TEST_F(set_layers_via_fds, set_layers_via_fds)
@@ -266,7 +274,7 @@ TEST_F(set_layers_via_fds, set_override_creds)
266274
ASSERT_EQ(sys_fsconfig(fd_context, FSCONFIG_SET_STRING, "metacopy", "on", 0), 0);
267275

268276
pid = create_child(&pidfd, 0);
269-
EXPECT_GE(pid, 0);
277+
ASSERT_GE(pid, 0);
270278
if (pid == 0) {
271279
if (sys_fsconfig(fd_context, FSCONFIG_SET_FLAG, "override_creds", NULL, 0)) {
272280
TH_LOG("sys_fsconfig should have succeeded");
@@ -275,11 +283,11 @@ TEST_F(set_layers_via_fds, set_override_creds)
275283

276284
_exit(EXIT_SUCCESS);
277285
}
278-
EXPECT_EQ(sys_waitid(P_PID, pid, NULL, WEXITED), 0);
279-
EXPECT_EQ(close(pidfd), 0);
286+
ASSERT_GE(sys_waitid(P_PID, pid, NULL, WEXITED), 0);
287+
ASSERT_GE(close(pidfd), 0);
280288

281289
pid = create_child(&pidfd, 0);
282-
EXPECT_GE(pid, 0);
290+
ASSERT_GE(pid, 0);
283291
if (pid == 0) {
284292
if (sys_fsconfig(fd_context, FSCONFIG_SET_FLAG, "nooverride_creds", NULL, 0)) {
285293
TH_LOG("sys_fsconfig should have succeeded");
@@ -288,11 +296,11 @@ TEST_F(set_layers_via_fds, set_override_creds)
288296

289297
_exit(EXIT_SUCCESS);
290298
}
291-
EXPECT_EQ(sys_waitid(P_PID, pid, NULL, WEXITED), 0);
292-
EXPECT_EQ(close(pidfd), 0);
299+
ASSERT_GE(sys_waitid(P_PID, pid, NULL, WEXITED), 0);
300+
ASSERT_GE(close(pidfd), 0);
293301

294302
pid = create_child(&pidfd, 0);
295-
EXPECT_GE(pid, 0);
303+
ASSERT_GE(pid, 0);
296304
if (pid == 0) {
297305
if (sys_fsconfig(fd_context, FSCONFIG_SET_FLAG, "override_creds", NULL, 0)) {
298306
TH_LOG("sys_fsconfig should have succeeded");
@@ -301,8 +309,125 @@ TEST_F(set_layers_via_fds, set_override_creds)
301309

302310
_exit(EXIT_SUCCESS);
303311
}
304-
EXPECT_EQ(sys_waitid(P_PID, pid, NULL, WEXITED), 0);
305-
EXPECT_EQ(close(pidfd), 0);
312+
ASSERT_GE(sys_waitid(P_PID, pid, NULL, WEXITED), 0);
313+
ASSERT_GE(close(pidfd), 0);
314+
315+
ASSERT_EQ(sys_fsconfig(fd_context, FSCONFIG_CMD_CREATE, NULL, NULL, 0), 0);
316+
317+
fd_overlay = sys_fsmount(fd_context, 0, 0);
318+
ASSERT_GE(fd_overlay, 0);
319+
320+
ASSERT_EQ(sys_move_mount(fd_overlay, "", -EBADF, "/set_layers_via_fds", MOVE_MOUNT_F_EMPTY_PATH), 0);
321+
322+
ASSERT_EQ(close(fd_context), 0);
323+
ASSERT_EQ(close(fd_overlay), 0);
324+
}
325+
326+
TEST_F(set_layers_via_fds, set_override_creds_invalid)
327+
{
328+
int fd_context, fd_tmpfs, fd_overlay, ret;
329+
int layer_fds[] = { [0 ... 3] = -EBADF };
330+
pid_t pid;
331+
int fd_userns1, fd_userns2;
332+
int ipc_sockets[2];
333+
char c;
334+
const unsigned int predictable_fd_context_nr = 123;
335+
336+
fd_userns1 = get_userns_fd(0, 0, 10000);
337+
ASSERT_GE(fd_userns1, 0);
338+
339+
fd_userns2 = get_userns_fd(0, 1234, 10000);
340+
ASSERT_GE(fd_userns2, 0);
341+
342+
ret = socketpair(AF_LOCAL, SOCK_STREAM | SOCK_CLOEXEC, 0, ipc_sockets);
343+
ASSERT_GE(ret, 0);
344+
345+
pid = create_child(&self->pidfd, 0);
346+
ASSERT_GE(pid, 0);
347+
if (pid == 0) {
348+
if (close(ipc_sockets[0])) {
349+
TH_LOG("close should have succeeded");
350+
_exit(EXIT_FAILURE);
351+
}
352+
353+
if (!switch_userns(fd_userns2, 0, 0, false)) {
354+
TH_LOG("switch_userns should have succeeded");
355+
_exit(EXIT_FAILURE);
356+
}
357+
358+
if (read_nointr(ipc_sockets[1], &c, 1) != 1) {
359+
TH_LOG("read_nointr should have succeeded");
360+
_exit(EXIT_FAILURE);
361+
}
362+
363+
if (close(ipc_sockets[1])) {
364+
TH_LOG("close should have succeeded");
365+
_exit(EXIT_FAILURE);
366+
}
367+
368+
if (!sys_fsconfig(predictable_fd_context_nr, FSCONFIG_SET_FLAG, "override_creds", NULL, 0)) {
369+
TH_LOG("sys_fsconfig should have failed");
370+
_exit(EXIT_FAILURE);
371+
}
372+
373+
_exit(EXIT_SUCCESS);
374+
}
375+
376+
ASSERT_EQ(close(ipc_sockets[1]), 0);
377+
ASSERT_EQ(switch_userns(fd_userns1, 0, 0, false), true);
378+
ASSERT_EQ(unshare(CLONE_NEWNS), 0);
379+
ASSERT_EQ(sys_mount(NULL, "/", NULL, MS_SLAVE | MS_REC, NULL), 0);
380+
381+
fd_context = sys_fsopen("tmpfs", 0);
382+
ASSERT_GE(fd_context, 0);
383+
384+
ASSERT_EQ(sys_fsconfig(fd_context, FSCONFIG_CMD_CREATE, NULL, NULL, 0), 0);
385+
fd_tmpfs = sys_fsmount(fd_context, 0, 0);
386+
ASSERT_GE(fd_tmpfs, 0);
387+
ASSERT_EQ(close(fd_context), 0);
388+
389+
ASSERT_EQ(mkdirat(fd_tmpfs, "w", 0755), 0);
390+
ASSERT_EQ(mkdirat(fd_tmpfs, "u", 0755), 0);
391+
ASSERT_EQ(mkdirat(fd_tmpfs, "l1", 0755), 0);
392+
ASSERT_EQ(mkdirat(fd_tmpfs, "l2", 0755), 0);
393+
394+
layer_fds[0] = openat(fd_tmpfs, "w", O_DIRECTORY);
395+
ASSERT_GE(layer_fds[0], 0);
396+
397+
layer_fds[1] = openat(fd_tmpfs, "u", O_DIRECTORY);
398+
ASSERT_GE(layer_fds[1], 0);
399+
400+
layer_fds[2] = openat(fd_tmpfs, "l1", O_DIRECTORY);
401+
ASSERT_GE(layer_fds[2], 0);
402+
403+
layer_fds[3] = openat(fd_tmpfs, "l2", O_DIRECTORY);
404+
ASSERT_GE(layer_fds[3], 0);
405+
406+
ASSERT_EQ(sys_move_mount(fd_tmpfs, "", -EBADF, "/tmp", MOVE_MOUNT_F_EMPTY_PATH), 0);
407+
ASSERT_EQ(close(fd_tmpfs), 0);
408+
409+
fd_context = sys_fsopen("overlay", 0);
410+
ASSERT_GE(fd_context, 0);
411+
ASSERT_EQ(dup3(fd_context, predictable_fd_context_nr, 0), predictable_fd_context_nr);
412+
ASSERT_EQ(close(fd_context), 0);
413+
fd_context = predictable_fd_context_nr;
414+
ASSERT_EQ(write_nointr(ipc_sockets[0], "1", 1), 1);
415+
ASSERT_EQ(close(ipc_sockets[0]), 0);
416+
417+
ASSERT_EQ(wait_for_pid(pid), 0);
418+
ASSERT_EQ(close(self->pidfd), 0);
419+
self->pidfd = -EBADF;
420+
421+
ASSERT_NE(sys_fsconfig(fd_context, FSCONFIG_SET_FD, "lowerdir", NULL, layer_fds[2]), 0);
422+
ASSERT_EQ(sys_fsconfig(fd_context, FSCONFIG_SET_FD, "workdir", NULL, layer_fds[0]), 0);
423+
ASSERT_EQ(sys_fsconfig(fd_context, FSCONFIG_SET_FD, "upperdir", NULL, layer_fds[1]), 0);
424+
ASSERT_EQ(sys_fsconfig(fd_context, FSCONFIG_SET_FD, "lowerdir+", NULL, layer_fds[2]), 0);
425+
ASSERT_EQ(sys_fsconfig(fd_context, FSCONFIG_SET_FD, "lowerdir+", NULL, layer_fds[3]), 0);
426+
427+
for (int i = 0; i < ARRAY_SIZE(layer_fds); i++)
428+
ASSERT_EQ(close(layer_fds[i]), 0);
429+
430+
ASSERT_EQ(sys_fsconfig(fd_context, FSCONFIG_SET_FLAG, "userxattr", NULL, 0), 0);
306431

307432
ASSERT_EQ(sys_fsconfig(fd_context, FSCONFIG_CMD_CREATE, NULL, NULL, 0), 0);
308433

@@ -313,6 +438,8 @@ TEST_F(set_layers_via_fds, set_override_creds)
313438

314439
ASSERT_EQ(close(fd_context), 0);
315440
ASSERT_EQ(close(fd_overlay), 0);
441+
ASSERT_EQ(close(fd_userns1), 0);
442+
ASSERT_EQ(close(fd_userns2), 0);
316443
}
317444

318445
TEST_HARNESS_MAIN

0 commit comments

Comments
 (0)