diff options
author | Jamie Liu <jamieliu@google.com> | 2019-02-19 11:20:48 -0800 |
---|---|---|
committer | Shentubot <shentubot@google.com> | 2019-02-19 11:21:46 -0800 |
commit | 22d8b6eba1487d3f0d87a578e414e451d9aeb26d (patch) | |
tree | 458bec2b96a9f0f4219c261708ba4a019ae232be /test/syscalls | |
parent | c611dbc5a7399922588e3fd99b22bda19f684afe (diff) |
Break /proc/[pid]/{uid,gid}_map's dependence on seqfile.
In addition to simplifying the implementation, this fixes two bugs:
- seqfile.NewSeqFile unconditionally creates an inode with mode 0444,
but {uid,gid}_map have mode 0644.
- idMapSeqFile.Write implements fs.FileOperations.Write ... but it
doesn't implement any other fs.FileOperations methods and is never
used as fs.FileOperations. idMapSeqFile.GetFile() =>
seqfile.SeqFile.GetFile() uses seqfile.seqFileOperations instead,
which rejects all writes.
PiperOrigin-RevId: 234638212
Change-Id: I4568f741ab07929273a009d7e468c8205a8541bc
Diffstat (limited to 'test/syscalls')
-rw-r--r-- | test/syscalls/BUILD | 2 | ||||
-rw-r--r-- | test/syscalls/linux/BUILD | 19 | ||||
-rw-r--r-- | test/syscalls/linux/proc_pid_uid_gid_map.cc | 204 |
3 files changed, 225 insertions, 0 deletions
diff --git a/test/syscalls/BUILD b/test/syscalls/BUILD index ca69f3309..1be7a9bd4 100644 --- a/test/syscalls/BUILD +++ b/test/syscalls/BUILD @@ -214,6 +214,8 @@ syscall_test( test = "//test/syscalls/linux:proc_test", ) +syscall_test(test = "//test/syscalls/linux:proc_pid_uid_gid_map_test") + syscall_test( size = "medium", test = "//test/syscalls/linux:pselect_test", diff --git a/test/syscalls/linux/BUILD b/test/syscalls/linux/BUILD index 75fa52a57..3c61c48ef 100644 --- a/test/syscalls/linux/BUILD +++ b/test/syscalls/linux/BUILD @@ -1445,6 +1445,25 @@ cc_binary( ) cc_binary( + name = "proc_pid_uid_gid_map_test", + testonly = 1, + srcs = ["proc_pid_uid_gid_map.cc"], + linkstatic = 1, + deps = [ + "//test/util:capability_util", + "//test/util:fs_util", + "//test/util:logging", + "//test/util:multiprocess_util", + "//test/util:posix_error", + "//test/util:save_util", + "//test/util:test_main", + "//test/util:test_util", + "@com_google_absl//absl/strings", + "@com_google_googletest//:gtest", + ], +) + +cc_binary( name = "pselect_test", testonly = 1, srcs = ["pselect.cc"], diff --git a/test/syscalls/linux/proc_pid_uid_gid_map.cc b/test/syscalls/linux/proc_pid_uid_gid_map.cc new file mode 100644 index 000000000..bf0f8b2bb --- /dev/null +++ b/test/syscalls/linux/proc_pid_uid_gid_map.cc @@ -0,0 +1,204 @@ +// Copyright 2019 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include <fcntl.h> +#include <sched.h> +#include <sys/stat.h> +#include <sys/types.h> +#include <unistd.h> + +#include <functional> +#include <string> +#include <vector> + +#include "gtest/gtest.h" +#include "absl/strings/str_cat.h" +#include "absl/strings/str_split.h" +#include "test/util/capability_util.h" +#include "test/util/fs_util.h" +#include "test/util/logging.h" +#include "test/util/multiprocess_util.h" +#include "test/util/posix_error.h" +#include "test/util/save_util.h" +#include "test/util/test_util.h" + +namespace gvisor { +namespace testing { + +PosixErrorOr<int> InNewUserNamespace(const std::function<void()>& fn) { + return InForkedProcess([&] { + TEST_PCHECK(unshare(CLONE_NEWUSER) == 0); + MaybeSave(); + fn(); + }); +} + +// TEST_CHECK-fails on error, since this function is used in contexts that +// require async-signal-safety. +void DenySelfSetgroups() { + int fd = open("/proc/self/setgroups", O_WRONLY); + if (fd < 0 && errno == ENOENT) { + // On kernels where this file doesn't exist, writing "deny" to it isn't + // necessary to write to gid_map. + return; + } + TEST_PCHECK(fd >= 0); + MaybeSave(); + char deny[] = "deny"; + TEST_PCHECK(write(fd, deny, sizeof(deny)) == sizeof(deny)); + MaybeSave(); + TEST_PCHECK(close(fd) == 0); +} + +// Returns a valid UID/GID that isn't id. +uint32_t another_id(uint32_t id) { return (id + 1) % 65535; } + +struct TestParam { + std::string desc; + std::string map_filename; + int cap; + std::function<uint32_t()> get_current_id; +}; + +std::string DescribeTestParam(const ::testing::TestParamInfo<TestParam>& info) { + return info.param.desc; +} + +class ProcSelfUidGidMapTest : public ::testing::TestWithParam<TestParam> { + protected: + PosixErrorOr<int> InNewUserNamespaceWithMapFD( + const std::function<void(int)>& fn) { + std::string map_filename = GetParam().map_filename; + return InNewUserNamespace([&] { + int fd = open(map_filename.c_str(), O_RDWR); + TEST_PCHECK(fd >= 0); + MaybeSave(); + fn(fd); + TEST_PCHECK(close(fd) == 0); + }); + } + + uint32_t CurrentID() { return GetParam().get_current_id(); } + + PosixErrorOr<bool> HaveSetIDCapability() { + return HaveCapability(GetParam().cap); + } + + // Returns true if the caller is running in a user namespace with all IDs + // mapped. This matters for tests that expect to successfully map arbitrary + // IDs into a child user namespace, since even with CAP_SET*ID this is only + // possible if those IDs are mapped into the current one. + PosixErrorOr<bool> AllIDsMapped() { + ASSIGN_OR_RETURN_ERRNO(std::string id_map, GetContents(GetParam().map_filename)); + std::vector<std::string> id_map_parts = + absl::StrSplit(id_map, ' ', absl::SkipEmpty()); + return id_map_parts == std::vector<std::string>({"0", "0", "4294967295"}); + } +}; + +TEST_P(ProcSelfUidGidMapTest, IsInitiallyEmpty) { + SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(CanCreateUserNamespace())); + EXPECT_THAT(InNewUserNamespaceWithMapFD([](int fd) { + char buf[64]; + TEST_PCHECK(read(fd, buf, sizeof(buf)) == 0); + }), + IsPosixErrorOkAndHolds(0)); +} + +TEST_P(ProcSelfUidGidMapTest, IdentityMapOwnID) { + // This is the only write permitted if the writer does not have CAP_SET*ID. + SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(CanCreateUserNamespace())); + uint32_t id = CurrentID(); + std::string line = absl::StrCat(id, " ", id, " 1"); + EXPECT_THAT( + InNewUserNamespaceWithMapFD([&](int fd) { + DenySelfSetgroups(); + TEST_PCHECK(write(fd, line.c_str(), line.size()) == line.size()); + }), + IsPosixErrorOkAndHolds(0)); +} + +TEST_P(ProcSelfUidGidMapTest, NonIdentityMapOwnID) { + SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(CanCreateUserNamespace())); + SKIP_IF(ASSERT_NO_ERRNO_AND_VALUE(HaveSetIDCapability())); + uint32_t id = CurrentID(); + uint32_t id2 = another_id(id); + std::string line = absl::StrCat(id2, " ", id, " 1"); + EXPECT_THAT( + InNewUserNamespaceWithMapFD([&](int fd) { + DenySelfSetgroups(); + TEST_PCHECK(write(fd, line.c_str(), line.size()) == line.size()); + }), + IsPosixErrorOkAndHolds(0)); +} + +TEST_P(ProcSelfUidGidMapTest, MapOtherIDUnprivileged) { + SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(CanCreateUserNamespace())); + SKIP_IF(ASSERT_NO_ERRNO_AND_VALUE(HaveSetIDCapability())); + uint32_t id = CurrentID(); + uint32_t id2 = another_id(id); + std::string line = absl::StrCat(id, " ", id2, " 1"); + EXPECT_THAT(InNewUserNamespaceWithMapFD([&](int fd) { + DenySelfSetgroups(); + TEST_PCHECK(write(fd, line.c_str(), line.size()) < 0); + TEST_CHECK(errno == EPERM); + }), + IsPosixErrorOkAndHolds(0)); +} + +TEST_P(ProcSelfUidGidMapTest, MapOtherIDPrivileged) { + SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(CanCreateUserNamespace())); + SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(HaveSetIDCapability())); + SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(AllIDsMapped())); + uint32_t id = CurrentID(); + uint32_t id2 = another_id(id); + std::string line = absl::StrCat(id, " ", id2, " 1"); + EXPECT_THAT( + InNewUserNamespaceWithMapFD([&](int fd) { + DenySelfSetgroups(); + TEST_PCHECK(write(fd, line.c_str(), line.size()) == line.size()); + }), + IsPosixErrorOkAndHolds(0)); +} + +TEST_P(ProcSelfUidGidMapTest, MapAnyIDsPrivileged) { + SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(CanCreateUserNamespace())); + SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(HaveSetIDCapability())); + SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(AllIDsMapped())); + // Test all of: + // + // - Mapping ranges of length > 1 + // + // - Mapping multiple ranges + // + // - Non-identity mappings + char entries[] = "2 0 2\n4 6 2"; + EXPECT_THAT( + InNewUserNamespaceWithMapFD([&](int fd) { + DenySelfSetgroups(); + TEST_PCHECK(write(fd, entries, sizeof(entries)) == sizeof(entries)); + }), + IsPosixErrorOkAndHolds(0)); +} + +INSTANTIATE_TEST_CASE_P( + All, ProcSelfUidGidMapTest, + ::testing::Values(TestParam{"UID", "/proc/self/uid_map", CAP_SETUID, + []() -> uint32_t { return getuid(); }}, + TestParam{"GID", "/proc/self/gid_map", CAP_SETGID, + []() -> uint32_t { return getgid(); }}), + DescribeTestParam); + +} // namespace testing +} // namespace gvisor |