summaryrefslogtreecommitdiffhomepage
path: root/test
diff options
context:
space:
mode:
authorDean Deng <deandeng@google.com>2020-06-18 22:00:56 -0700
committergVisor bot <gvisor-bot@google.com>2020-06-18 22:02:07 -0700
commit408f3d2cd64cae6b2f76a940c76236e9841c095f (patch)
tree8307bea8b81bd29925aedade970b12e9707bcf12 /test
parent70c45e09cfd15abeebd640a9a2ddd214078db651 (diff)
Fix vfs2 tmpfs link permission checks.
Updates #2923. PiperOrigin-RevId: 317246916
Diffstat (limited to 'test')
-rw-r--r--test/syscalls/BUILD1
-rw-r--r--test/syscalls/linux/link.cc15
-rw-r--r--test/util/test_util.h1
3 files changed, 15 insertions, 2 deletions
diff --git a/test/syscalls/BUILD b/test/syscalls/BUILD
index 1638a11c7..65a6a7f37 100644
--- a/test/syscalls/BUILD
+++ b/test/syscalls/BUILD
@@ -305,6 +305,7 @@ syscall_test(
add_overlay = True,
test = "//test/syscalls/linux:link_test",
use_tmpfs = True, # gofer needs CAP_DAC_READ_SEARCH to use AT_EMPTY_PATH with linkat(2)
+ vfs2 = "True",
)
syscall_test(
diff --git a/test/syscalls/linux/link.cc b/test/syscalls/linux/link.cc
index e74fa2ed5..544681168 100644
--- a/test/syscalls/linux/link.cc
+++ b/test/syscalls/linux/link.cc
@@ -79,8 +79,13 @@ TEST(LinkTest, PermissionDenied) {
// Make the file "unsafe" to link by making it only readable, but not
// writable.
- const auto oldfile =
+ const auto unwriteable_file =
ASSERT_NO_ERRNO_AND_VALUE(TempPath::CreateFileMode(0400));
+ const std::string special_path = NewTempAbsPath();
+ ASSERT_THAT(mkfifo(special_path.c_str(), 0666), SyscallSucceeds());
+ const auto setuid_file =
+ ASSERT_NO_ERRNO_AND_VALUE(TempPath::CreateFileMode(0666 | S_ISUID));
+
const std::string newname = NewTempAbsPath();
// Do setuid in a separate thread so that after finishing this test, the
@@ -97,8 +102,14 @@ TEST(LinkTest, PermissionDenied) {
EXPECT_THAT(syscall(SYS_setuid, absl::GetFlag(FLAGS_scratch_uid)),
SyscallSucceeds());
- EXPECT_THAT(link(oldfile.path().c_str(), newname.c_str()),
+ EXPECT_THAT(link(unwriteable_file.path().c_str(), newname.c_str()),
+ SyscallFailsWithErrno(EPERM));
+ EXPECT_THAT(link(special_path.c_str(), newname.c_str()),
SyscallFailsWithErrno(EPERM));
+ if (!IsRunningWithVFS1()) {
+ EXPECT_THAT(link(setuid_file.path().c_str(), newname.c_str()),
+ SyscallFailsWithErrno(EPERM));
+ }
});
}
diff --git a/test/util/test_util.h b/test/util/test_util.h
index 8e3245b27..e635827e6 100644
--- a/test/util/test_util.h
+++ b/test/util/test_util.h
@@ -220,6 +220,7 @@ constexpr char kKVM[] = "kvm";
bool IsRunningOnGvisor();
const std::string GvisorPlatform();
bool IsRunningWithHostinet();
+// TODO(gvisor.dev/issue/1624): Delete once VFS1 is gone.
bool IsRunningWithVFS1();
#ifdef __linux__