Add some basic tests for openat(). Need to add tests that delete the

opened directory before the openat() call occurs.
2025-08-29 13:28:19 +00:00 · 2007-03-13 11:57:36 +00:00 · 2007-03-13 11:57:36 +00:00 · 30a2252adf
commit 30a2252adf
parent 3f32351793
3 changed files with 120 additions and 1 deletions
--- a/tests/regression/subdomain/Makefile
+++ b/tests/regression/subdomain/Makefile
@ -38,6 +38,7 @@ SRC=access.c \
    named_pipe.c \
    net_raw.c \
    open.c \
+    openat.c \
    pipe.c \
    ptrace.c \
    ptrace_helper.c \
@ -119,7 +120,9 @@ TESTS=access \
      mult_mount \
      named_pipe \
      net_raw \
-      open pipe \
+      open \
+      openat \
+      pipe \
      ptrace \
      pwrite \
      regex \
--- a/tests/regression/subdomain/openat.c
+++ b/tests/regression/subdomain/openat.c
@ -0,0 +1,52 @@
+/* $Id$ */
+
+/*
+ *	Copyright (C) 2002-2007 Novell/SUSE
+ *
+ *	This program is free software; you can redistribute it and/or
+ *	modify it under the terms of the GNU General Public License as
+ *	published by the Free Software Foundation, version 2 of the
+ *	License.
+ */
+
+#define _GNU_SOURCE
+
+#include <stdio.h>
+#include <unistd.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <string.h>
+
+int main(int argc, char *argv[])
+{
+	int fd = -1, dirfd = -1;
+
+	if (argc != 3){
+		fprintf(stderr, "usage: %s dir file\n", argv[0]);
+		return 1;
+	}
+
+	dirfd = open(argv[1], O_RDONLY | O_DIRECTORY);
+	if (dirfd == -1) {
+		fprintf(stderr, "FAIL: open %s failed - %s\n",
+			argv[1], strerror(errno));
+		return 1;
+	}
+
+	fd = openat(dirfd, argv[2], O_RDWR | O_CREAT, S_IWUSR | S_IRUSR);
+	if (fd == -1) {
+		fprintf(stderr, "FAIL: openat %s failed - %s\n",
+			argv[2], strerror(errno));
+		close(dirfd);
+		return 1;
+	}
+
+	close(fd);
+	close(dirfd);
+
+	printf("PASS\n");
+
+	return 0;
+}
--- a/tests/regression/subdomain/openat.sh
+++ b/tests/regression/subdomain/openat.sh
@ -0,0 +1,64 @@
+#! /bin/bash
+# $Id$
+
+#	Copyright (C) 2002-2007 Novell/SUSE
+#
+#	This program is free software; you can redistribute it and/or
+#	modify it under the terms of the GNU General Public License as
+#	published by the Free Software Foundation, version 2 of the
+#	License.
+
+#=NAME open
+#=DESCRIPTION
+# Verify that the openat syscall is correctly managed for confined profiles.
+# FIXME: need to add tests that delete the directory after it is opened
+# but before the openat() call occurs.
+#=END
+
+pwd=`dirname $0`
+pwd=`cd $pwd ; /bin/pwd`
+
+bin=$pwd
+
+. $bin/prologue.inc
+
+subdir=deleteme
+file=${subdir}/file
+filepath=${tmpdir}/${file}
+okperm=rw
+badperm1=r
+badperm2=w
+
+mkdir ${tmpdir}/${subdir}
+
+# PASS UNCONFINED
+runchecktest "OPENAT unconfined RW (create) " pass $tmpdir $file
+
+# PASS TEST (the file shouldn't exist, so open should create it
+rm -f ${filepath}
+genprofile ${tmpdir}:r ${filepath}:$okperm
+runchecktest "OPENAT RW (create) " pass $tmpdir $file
+
+# PASS TEST
+genprofile ${tmpdir}:r ${filepath}:$okperm
+runchecktest "OPENAT RW" pass $tmpdir $file
+
+# FAILURE TEST (1)
+genprofile ${tmpdir}:r ${filepath}:$badperm1
+runchecktest "OPENAT R" fail $tmpdir $file
+
+# FAILURE TEST (2)
+genprofile ${tmpdir}:r ${filepath}:$badperm2
+runchecktest "OPENAT W" fail $tmpdir $file
+
+# FAILURE TEST (3)
+genprofile ${tmpdir}:r ${filepath}:$badperm1 cap:dac_override
+runchecktest "OPENAT R+dac_override" fail $tmpdir $file
+
+# FAILURE TEST (4)
+# This is testing for bug: https://bugs.wirex.com/show_bug.cgi?id=2885
+# When we open O_CREAT|O_RDWR, we are (were?) allowing only write access
+# to be required.
+rm -f ${filepath}
+genprofile ${tmpdir}:r ${filepath}:$badperm2
+runchecktest "OPENAT W (create)" fail $tmpdir $file