summaryrefslogtreecommitdiffhomepage
path: root/test/syscalls/linux
diff options
context:
space:
mode:
authorKevin Krakauer <krakauer@google.com>2020-06-26 16:23:15 -0700
committergVisor bot <gvisor-bot@google.com>2020-06-26 16:24:39 -0700
commit9cfc15497581824f1c6ba2b9f9ee653d0be0bc5a (patch)
tree0d11a48c87597dc08188437f72733de9da0c9024 /test/syscalls/linux
parente6a90baef1e6921c560c939f4b591163004613b9 (diff)
Require CAP_SYS_ADMIN in the root user namespace for TTY theft
PiperOrigin-RevId: 318563543
Diffstat (limited to 'test/syscalls/linux')
-rw-r--r--test/syscalls/linux/pty_root.cc22
1 files changed, 16 insertions, 6 deletions
diff --git a/test/syscalls/linux/pty_root.cc b/test/syscalls/linux/pty_root.cc
index 14a4af980..1d7dbefdb 100644
--- a/test/syscalls/linux/pty_root.cc
+++ b/test/syscalls/linux/pty_root.cc
@@ -25,16 +25,26 @@
namespace gvisor {
namespace testing {
-// These tests should be run as root.
namespace {
+// StealTTY tests whether privileged processes can steal controlling terminals.
+// If the stealing process has CAP_SYS_ADMIN in the root user namespace, the
+// test ensures that stealing works. If it has non-root CAP_SYS_ADMIN, it
+// ensures stealing fails.
TEST(JobControlRootTest, StealTTY) {
SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(HaveCapability(CAP_SYS_ADMIN)));
- // Make this a session leader, which also drops the controlling terminal.
- // In the gVisor test environment, this test will be run as the session
- // leader already (as the sentry init process).
+ bool true_root = true;
if (!IsRunningOnGvisor()) {
+ // If running in Linux, we may only have CAP_SYS_ADMIN in a non-root user
+ // namespace (i.e. we are not truly root). We use init_module as a proxy for
+ // whether we are true root, as it returns EPERM immediately.
+ ASSERT_THAT(syscall(SYS_init_module, nullptr, 0, nullptr), SyscallFails());
+ true_root = errno != EPERM;
+
+ // Make this a session leader, which also drops the controlling terminal.
+ // In the gVisor test environment, this test will be run as the session
+ // leader already (as the sentry init process).
ASSERT_THAT(setsid(), SyscallSucceeds());
}
@@ -53,8 +63,8 @@ TEST(JobControlRootTest, StealTTY) {
ASSERT_THAT(setsid(), SyscallSucceeds());
// We shouldn't be able to steal the terminal with the wrong arg value.
TEST_PCHECK(ioctl(slave.get(), TIOCSCTTY, 0));
- // We should be able to steal it here.
- TEST_PCHECK(!ioctl(slave.get(), TIOCSCTTY, 1));
+ // We should be able to steal it if we are true root.
+ TEST_PCHECK(true_root == !ioctl(slave.get(), TIOCSCTTY, 1));
_exit(0);
}