summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/fs/user
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/sentry/fs/user')
-rw-r--r--pkg/sentry/fs/user/BUILD40
-rw-r--r--pkg/sentry/fs/user/user_state_autogen.go3
-rw-r--r--pkg/sentry/fs/user/user_test.go201
3 files changed, 3 insertions, 241 deletions
diff --git a/pkg/sentry/fs/user/BUILD b/pkg/sentry/fs/user/BUILD
deleted file mode 100644
index 23b5508fd..000000000
--- a/pkg/sentry/fs/user/BUILD
+++ /dev/null
@@ -1,40 +0,0 @@
-load("//tools:defs.bzl", "go_library", "go_test")
-
-package(licenses = ["notice"])
-
-go_library(
- name = "user",
- srcs = [
- "path.go",
- "user.go",
- ],
- visibility = ["//pkg/sentry:internal"],
- deps = [
- "//pkg/abi/linux",
- "//pkg/context",
- "//pkg/errors/linuxerr",
- "//pkg/fspath",
- "//pkg/log",
- "//pkg/sentry/fs",
- "//pkg/sentry/kernel",
- "//pkg/sentry/kernel/auth",
- "//pkg/sentry/vfs",
- "//pkg/usermem",
- ],
-)
-
-go_test(
- name = "user_test",
- size = "small",
- srcs = ["user_test.go"],
- library = ":user",
- deps = [
- "//pkg/abi/linux",
- "//pkg/context",
- "//pkg/sentry/fs",
- "//pkg/sentry/fs/tmpfs",
- "//pkg/sentry/kernel/auth",
- "//pkg/sentry/kernel/contexttest",
- "//pkg/usermem",
- ],
-)
diff --git a/pkg/sentry/fs/user/user_state_autogen.go b/pkg/sentry/fs/user/user_state_autogen.go
new file mode 100644
index 000000000..8083e036c
--- /dev/null
+++ b/pkg/sentry/fs/user/user_state_autogen.go
@@ -0,0 +1,3 @@
+// automatically generated by stateify.
+
+package user
diff --git a/pkg/sentry/fs/user/user_test.go b/pkg/sentry/fs/user/user_test.go
deleted file mode 100644
index 7f8fa8038..000000000
--- a/pkg/sentry/fs/user/user_test.go
+++ /dev/null
@@ -1,201 +0,0 @@
-// Copyright 2019 The gVisor Authors.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package user
-
-import (
- "fmt"
- "strings"
- "testing"
-
- "gvisor.dev/gvisor/pkg/abi/linux"
- "gvisor.dev/gvisor/pkg/context"
- "gvisor.dev/gvisor/pkg/sentry/fs"
- "gvisor.dev/gvisor/pkg/sentry/fs/tmpfs"
- "gvisor.dev/gvisor/pkg/sentry/kernel/auth"
- "gvisor.dev/gvisor/pkg/sentry/kernel/contexttest"
- "gvisor.dev/gvisor/pkg/usermem"
-)
-
-// createEtcPasswd creates /etc/passwd with the given contents and mode. If
-// mode is empty, then no file will be created. If mode is not a regular file
-// mode, then contents is ignored.
-func createEtcPasswd(ctx context.Context, root *fs.Dirent, contents string, mode linux.FileMode) error {
- if err := root.CreateDirectory(ctx, root, "etc", fs.FilePermsFromMode(0755)); err != nil {
- return err
- }
- etc, err := root.Walk(ctx, root, "etc")
- if err != nil {
- return err
- }
- defer etc.DecRef(ctx)
- switch mode.FileType() {
- case 0:
- // Don't create anything.
- return nil
- case linux.S_IFREG:
- passwd, err := etc.Create(ctx, root, "passwd", fs.FileFlags{Write: true}, fs.FilePermsFromMode(mode))
- if err != nil {
- return err
- }
- defer passwd.DecRef(ctx)
- if _, err := passwd.Writev(ctx, usermem.BytesIOSequence([]byte(contents))); err != nil {
- return err
- }
- return nil
- case linux.S_IFDIR:
- return etc.CreateDirectory(ctx, root, "passwd", fs.FilePermsFromMode(mode))
- case linux.S_IFIFO:
- return etc.CreateFifo(ctx, root, "passwd", fs.FilePermsFromMode(mode))
- default:
- return fmt.Errorf("unknown file type %x", mode.FileType())
- }
-}
-
-// TestGetExecUserHome tests the getExecUserHome function.
-func TestGetExecUserHome(t *testing.T) {
- tests := map[string]struct {
- uid auth.KUID
- passwdContents string
- passwdMode linux.FileMode
- expected string
- }{
- "success": {
- uid: 1000,
- passwdContents: "adin::1000:1111::/home/adin:/bin/sh",
- passwdMode: linux.S_IFREG | 0666,
- expected: "/home/adin",
- },
- "no_perms": {
- uid: 1000,
- passwdContents: "adin::1000:1111::/home/adin:/bin/sh",
- passwdMode: linux.S_IFREG,
- expected: "/",
- },
- "no_passwd": {
- uid: 1000,
- expected: "/",
- },
- "directory": {
- uid: 1000,
- passwdMode: linux.S_IFDIR | 0666,
- expected: "/",
- },
- // Currently we don't allow named pipes.
- "named_pipe": {
- uid: 1000,
- passwdMode: linux.S_IFIFO | 0666,
- expected: "/",
- },
- }
-
- for name, tc := range tests {
- t.Run(name, func(t *testing.T) {
- ctx := contexttest.Context(t)
- msrc := fs.NewPseudoMountSource(ctx)
- rootInode, err := tmpfs.NewDir(ctx, nil, fs.RootOwner, fs.FilePermsFromMode(0777), msrc, nil /* parent */)
- if err != nil {
- t.Fatalf("tmpfs.NewDir failed: %v", err)
- }
-
- mns, err := fs.NewMountNamespace(ctx, rootInode)
- if err != nil {
- t.Fatalf("NewMountNamespace failed: %v", err)
- }
- defer mns.DecRef(ctx)
- root := mns.Root()
- defer root.DecRef(ctx)
- ctx = fs.WithRoot(ctx, root)
-
- if err := createEtcPasswd(ctx, root, tc.passwdContents, tc.passwdMode); err != nil {
- t.Fatalf("createEtcPasswd failed: %v", err)
- }
-
- got, err := getExecUserHome(ctx, mns, tc.uid)
- if err != nil {
- t.Fatalf("failed to get user home: %v", err)
- }
-
- if got != tc.expected {
- t.Fatalf("expected %v, got: %v", tc.expected, got)
- }
- })
- }
-}
-
-// TestFindHomeInPasswd tests the findHomeInPasswd function's passwd file parsing.
-func TestFindHomeInPasswd(t *testing.T) {
- tests := map[string]struct {
- uid uint32
- passwd string
- expected string
- def string
- }{
- "empty": {
- uid: 1000,
- passwd: "",
- expected: "/",
- def: "/",
- },
- "whitespace": {
- uid: 1000,
- passwd: " ",
- expected: "/",
- def: "/",
- },
- "full": {
- uid: 1000,
- passwd: "adin::1000:1111::/home/adin:/bin/sh",
- expected: "/home/adin",
- def: "/",
- },
- // For better or worse, this is how runc works.
- "partial": {
- uid: 1000,
- passwd: "adin::1000:1111:",
- expected: "",
- def: "/",
- },
- "multiple": {
- uid: 1001,
- passwd: "adin::1000:1111::/home/adin:/bin/sh\nian::1001:1111::/home/ian:/bin/sh",
- expected: "/home/ian",
- def: "/",
- },
- "duplicate": {
- uid: 1000,
- passwd: "adin::1000:1111::/home/adin:/bin/sh\nian::1000:1111::/home/ian:/bin/sh",
- expected: "/home/adin",
- def: "/",
- },
- "empty_lines": {
- uid: 1001,
- passwd: "adin::1000:1111::/home/adin:/bin/sh\n\n\nian::1001:1111::/home/ian:/bin/sh",
- expected: "/home/ian",
- def: "/",
- },
- }
-
- for name, tc := range tests {
- t.Run(name, func(t *testing.T) {
- got, err := findHomeInPasswd(tc.uid, strings.NewReader(tc.passwd), tc.def)
- if err != nil {
- t.Fatalf("error parsing passwd: %v", err)
- }
- if tc.expected != got {
- t.Fatalf("expected %v, got: %v", tc.expected, got)
- }
- })
- }
-}