summaryrefslogtreecommitdiffhomepage
path: root/test/syscalls
diff options
context:
space:
mode:
authorJamie Liu <jamieliu@google.com>2019-02-19 11:20:48 -0800
committerShentubot <shentubot@google.com>2019-02-19 11:21:46 -0800
commit22d8b6eba1487d3f0d87a578e414e451d9aeb26d (patch)
tree458bec2b96a9f0f4219c261708ba4a019ae232be /test/syscalls
parentc611dbc5a7399922588e3fd99b22bda19f684afe (diff)
Break /proc/[pid]/{uid,gid}_map's dependence on seqfile.
In addition to simplifying the implementation, this fixes two bugs: - seqfile.NewSeqFile unconditionally creates an inode with mode 0444, but {uid,gid}_map have mode 0644. - idMapSeqFile.Write implements fs.FileOperations.Write ... but it doesn't implement any other fs.FileOperations methods and is never used as fs.FileOperations. idMapSeqFile.GetFile() => seqfile.SeqFile.GetFile() uses seqfile.seqFileOperations instead, which rejects all writes. PiperOrigin-RevId: 234638212 Change-Id: I4568f741ab07929273a009d7e468c8205a8541bc
Diffstat (limited to 'test/syscalls')
-rw-r--r--test/syscalls/BUILD2
-rw-r--r--test/syscalls/linux/BUILD19
-rw-r--r--test/syscalls/linux/proc_pid_uid_gid_map.cc204
3 files changed, 225 insertions, 0 deletions
diff --git a/test/syscalls/BUILD b/test/syscalls/BUILD
index ca69f3309..1be7a9bd4 100644
--- a/test/syscalls/BUILD
+++ b/test/syscalls/BUILD
@@ -214,6 +214,8 @@ syscall_test(
test = "//test/syscalls/linux:proc_test",
)
+syscall_test(test = "//test/syscalls/linux:proc_pid_uid_gid_map_test")
+
syscall_test(
size = "medium",
test = "//test/syscalls/linux:pselect_test",
diff --git a/test/syscalls/linux/BUILD b/test/syscalls/linux/BUILD
index 75fa52a57..3c61c48ef 100644
--- a/test/syscalls/linux/BUILD
+++ b/test/syscalls/linux/BUILD
@@ -1445,6 +1445,25 @@ cc_binary(
)
cc_binary(
+ name = "proc_pid_uid_gid_map_test",
+ testonly = 1,
+ srcs = ["proc_pid_uid_gid_map.cc"],
+ linkstatic = 1,
+ deps = [
+ "//test/util:capability_util",
+ "//test/util:fs_util",
+ "//test/util:logging",
+ "//test/util:multiprocess_util",
+ "//test/util:posix_error",
+ "//test/util:save_util",
+ "//test/util:test_main",
+ "//test/util:test_util",
+ "@com_google_absl//absl/strings",
+ "@com_google_googletest//:gtest",
+ ],
+)
+
+cc_binary(
name = "pselect_test",
testonly = 1,
srcs = ["pselect.cc"],
diff --git a/test/syscalls/linux/proc_pid_uid_gid_map.cc b/test/syscalls/linux/proc_pid_uid_gid_map.cc
new file mode 100644
index 000000000..bf0f8b2bb
--- /dev/null
+++ b/test/syscalls/linux/proc_pid_uid_gid_map.cc
@@ -0,0 +1,204 @@
+// Copyright 2019 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include <fcntl.h>
+#include <sched.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#include <functional>
+#include <string>
+#include <vector>
+
+#include "gtest/gtest.h"
+#include "absl/strings/str_cat.h"
+#include "absl/strings/str_split.h"
+#include "test/util/capability_util.h"
+#include "test/util/fs_util.h"
+#include "test/util/logging.h"
+#include "test/util/multiprocess_util.h"
+#include "test/util/posix_error.h"
+#include "test/util/save_util.h"
+#include "test/util/test_util.h"
+
+namespace gvisor {
+namespace testing {
+
+PosixErrorOr<int> InNewUserNamespace(const std::function<void()>& fn) {
+ return InForkedProcess([&] {
+ TEST_PCHECK(unshare(CLONE_NEWUSER) == 0);
+ MaybeSave();
+ fn();
+ });
+}
+
+// TEST_CHECK-fails on error, since this function is used in contexts that
+// require async-signal-safety.
+void DenySelfSetgroups() {
+ int fd = open("/proc/self/setgroups", O_WRONLY);
+ if (fd < 0 && errno == ENOENT) {
+ // On kernels where this file doesn't exist, writing "deny" to it isn't
+ // necessary to write to gid_map.
+ return;
+ }
+ TEST_PCHECK(fd >= 0);
+ MaybeSave();
+ char deny[] = "deny";
+ TEST_PCHECK(write(fd, deny, sizeof(deny)) == sizeof(deny));
+ MaybeSave();
+ TEST_PCHECK(close(fd) == 0);
+}
+
+// Returns a valid UID/GID that isn't id.
+uint32_t another_id(uint32_t id) { return (id + 1) % 65535; }
+
+struct TestParam {
+ std::string desc;
+ std::string map_filename;
+ int cap;
+ std::function<uint32_t()> get_current_id;
+};
+
+std::string DescribeTestParam(const ::testing::TestParamInfo<TestParam>& info) {
+ return info.param.desc;
+}
+
+class ProcSelfUidGidMapTest : public ::testing::TestWithParam<TestParam> {
+ protected:
+ PosixErrorOr<int> InNewUserNamespaceWithMapFD(
+ const std::function<void(int)>& fn) {
+ std::string map_filename = GetParam().map_filename;
+ return InNewUserNamespace([&] {
+ int fd = open(map_filename.c_str(), O_RDWR);
+ TEST_PCHECK(fd >= 0);
+ MaybeSave();
+ fn(fd);
+ TEST_PCHECK(close(fd) == 0);
+ });
+ }
+
+ uint32_t CurrentID() { return GetParam().get_current_id(); }
+
+ PosixErrorOr<bool> HaveSetIDCapability() {
+ return HaveCapability(GetParam().cap);
+ }
+
+ // Returns true if the caller is running in a user namespace with all IDs
+ // mapped. This matters for tests that expect to successfully map arbitrary
+ // IDs into a child user namespace, since even with CAP_SET*ID this is only
+ // possible if those IDs are mapped into the current one.
+ PosixErrorOr<bool> AllIDsMapped() {
+ ASSIGN_OR_RETURN_ERRNO(std::string id_map, GetContents(GetParam().map_filename));
+ std::vector<std::string> id_map_parts =
+ absl::StrSplit(id_map, ' ', absl::SkipEmpty());
+ return id_map_parts == std::vector<std::string>({"0", "0", "4294967295"});
+ }
+};
+
+TEST_P(ProcSelfUidGidMapTest, IsInitiallyEmpty) {
+ SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(CanCreateUserNamespace()));
+ EXPECT_THAT(InNewUserNamespaceWithMapFD([](int fd) {
+ char buf[64];
+ TEST_PCHECK(read(fd, buf, sizeof(buf)) == 0);
+ }),
+ IsPosixErrorOkAndHolds(0));
+}
+
+TEST_P(ProcSelfUidGidMapTest, IdentityMapOwnID) {
+ // This is the only write permitted if the writer does not have CAP_SET*ID.
+ SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(CanCreateUserNamespace()));
+ uint32_t id = CurrentID();
+ std::string line = absl::StrCat(id, " ", id, " 1");
+ EXPECT_THAT(
+ InNewUserNamespaceWithMapFD([&](int fd) {
+ DenySelfSetgroups();
+ TEST_PCHECK(write(fd, line.c_str(), line.size()) == line.size());
+ }),
+ IsPosixErrorOkAndHolds(0));
+}
+
+TEST_P(ProcSelfUidGidMapTest, NonIdentityMapOwnID) {
+ SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(CanCreateUserNamespace()));
+ SKIP_IF(ASSERT_NO_ERRNO_AND_VALUE(HaveSetIDCapability()));
+ uint32_t id = CurrentID();
+ uint32_t id2 = another_id(id);
+ std::string line = absl::StrCat(id2, " ", id, " 1");
+ EXPECT_THAT(
+ InNewUserNamespaceWithMapFD([&](int fd) {
+ DenySelfSetgroups();
+ TEST_PCHECK(write(fd, line.c_str(), line.size()) == line.size());
+ }),
+ IsPosixErrorOkAndHolds(0));
+}
+
+TEST_P(ProcSelfUidGidMapTest, MapOtherIDUnprivileged) {
+ SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(CanCreateUserNamespace()));
+ SKIP_IF(ASSERT_NO_ERRNO_AND_VALUE(HaveSetIDCapability()));
+ uint32_t id = CurrentID();
+ uint32_t id2 = another_id(id);
+ std::string line = absl::StrCat(id, " ", id2, " 1");
+ EXPECT_THAT(InNewUserNamespaceWithMapFD([&](int fd) {
+ DenySelfSetgroups();
+ TEST_PCHECK(write(fd, line.c_str(), line.size()) < 0);
+ TEST_CHECK(errno == EPERM);
+ }),
+ IsPosixErrorOkAndHolds(0));
+}
+
+TEST_P(ProcSelfUidGidMapTest, MapOtherIDPrivileged) {
+ SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(CanCreateUserNamespace()));
+ SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(HaveSetIDCapability()));
+ SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(AllIDsMapped()));
+ uint32_t id = CurrentID();
+ uint32_t id2 = another_id(id);
+ std::string line = absl::StrCat(id, " ", id2, " 1");
+ EXPECT_THAT(
+ InNewUserNamespaceWithMapFD([&](int fd) {
+ DenySelfSetgroups();
+ TEST_PCHECK(write(fd, line.c_str(), line.size()) == line.size());
+ }),
+ IsPosixErrorOkAndHolds(0));
+}
+
+TEST_P(ProcSelfUidGidMapTest, MapAnyIDsPrivileged) {
+ SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(CanCreateUserNamespace()));
+ SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(HaveSetIDCapability()));
+ SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(AllIDsMapped()));
+ // Test all of:
+ //
+ // - Mapping ranges of length > 1
+ //
+ // - Mapping multiple ranges
+ //
+ // - Non-identity mappings
+ char entries[] = "2 0 2\n4 6 2";
+ EXPECT_THAT(
+ InNewUserNamespaceWithMapFD([&](int fd) {
+ DenySelfSetgroups();
+ TEST_PCHECK(write(fd, entries, sizeof(entries)) == sizeof(entries));
+ }),
+ IsPosixErrorOkAndHolds(0));
+}
+
+INSTANTIATE_TEST_CASE_P(
+ All, ProcSelfUidGidMapTest,
+ ::testing::Values(TestParam{"UID", "/proc/self/uid_map", CAP_SETUID,
+ []() -> uint32_t { return getuid(); }},
+ TestParam{"GID", "/proc/self/gid_map", CAP_SETGID,
+ []() -> uint32_t { return getgid(); }}),
+ DescribeTestParam);
+
+} // namespace testing
+} // namespace gvisor