mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-03 07:45:50 +00:00
Code Issues Releases Wiki Activity

tests: add userns tests using unshare

Browse Source 
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
This commit is contained in:
Georgia Garcia
2022-11-22 13:16:17 +00:00
parent dd5a6c2e0a
commit 592a0743f0
2 changed files with 54 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
tests/regression/apparmor/userns.c
View File

@@ -21,16 +21,33 @@
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
static int child(void *arg) static void usage(char *pname)
{ {
printf("PASS\n"); fprintf(stderr, "Usage: %s [options]\n", pname);
return EXIT_SUCCESS; fprintf(stderr, "Options can be:\n");
fprintf(stderr, " -c create user namespace using clone\n");
fprintf(stderr, " -u create user namespace using unshare\n");
exit(EXIT_FAILURE);
} }
#define STACK_SIZE (1024 * 1024) #define STACK_SIZE (1024 * 1024)
static char child_stack[STACK_SIZE]; static char child_stack[STACK_SIZE];
int main(int argc, char *argv[]) static int child(void *arg)
{
return EXIT_SUCCESS;
}
int userns_unshare()
{
if (unshare(CLONE_NEWUSER) == -1) {
perror("FAIL - unshare");
return EXIT_FAILURE;
}
return child(NULL);
}
int userns_clone()
{ {
pid_t child_pid; pid_t child_pid;
int child_exit; int child_exit;
@@ -54,6 +71,34 @@ int main(int argc, char *argv[])
} }
} }
printf("PASS\n");
return EXIT_SUCCESS; return EXIT_SUCCESS;
} }
enum op {
CLONE,
UNSHARE,
};
int main(int argc, char *argv[])
{
int opt, ret = 0, op;
while ((opt = getopt(argc, argv, "uc")) != -1) {
switch (opt) {
case 'c': op = CLONE; break;
case 'u': op = UNSHARE; break;
default: usage(argv[0]);
}
}
if (op == CLONE)
ret = userns_clone();
else if (op == UNSHARE)
ret = userns_unshare();
else
fprintf(stderr, "FAIL - user namespace method not defined\n");
if (ret == EXIT_SUCCESS)
printf("PASS\n");
return ret;
}

6
tests/regression/apparmor/userns.sh
View File

@@ -49,11 +49,13 @@ do_test()
settest userns settest userns
$generate_profile # settest removes the profile, so load it here $generate_profile # settest removes the profile, so load it here
runchecktest "$desc - root" $expect_root runchecktest "$desc clone - root" $expect_root -c # clone
runchecktest "$desc unshare - root" $expect_root -u # unshare
settest -u "foo" userns # run tests as user foo settest -u "foo" userns # run tests as user foo
$generate_profile # settest removes the profile, so load it here $generate_profile # settest removes the profile, so load it here
runchecktest "$desc - user" $expect_user runchecktest "$desc clone - user" $expect_user -c # clone
runchecktest "$desc unshare - user" $expect_user -u # unshare
} }
if [ $unprivileged_userns_clone -eq 0 ]; then if [ $unprivileged_userns_clone -eq 0 ]; then