diff --git a/tests/regression/subdomain/clone.c b/tests/regression/subdomain/clone.c index 51ead5201..36ec1e78b 100644 --- a/tests/regression/subdomain/clone.c +++ b/tests/regression/subdomain/clone.c @@ -65,12 +65,12 @@ int main(int argc, char *argv[]) { int rc; int waitstatus; - int c, o; + int c; char buf[BUFSIZ]; void *child_stack = malloc(PAGE_SIZE << 4); int clone_flags = 0; - while ((c = getopt_long (argc, argv, "+hn", long_options, &o)) != -1) { + while ((c = getopt_long (argc, argv, "+hn", long_options, NULL)) != -1) { switch (c) { case 'n': clone_flags |= CLONE_NEWNS; diff --git a/tests/regression/subdomain/openat.c b/tests/regression/subdomain/openat.c index 0a8646833..45ef2355f 100644 --- a/tests/regression/subdomain/openat.c +++ b/tests/regression/subdomain/openat.c @@ -12,33 +12,80 @@ #define _GNU_SOURCE #include +#include #include #include #include #include #include #include +#include + +struct option long_options[] = { + {"delete", 0, 0, 'd'}, /* delete the directory after opening */ + {"rename", 1, 0, 'r'}, /* rename the directory to -- */ + {"help", 0, 0, 'h'}, +}; + +static void usage (char * program) +{ + fprintf(stderr, "usage: %s [--delete] dir file\n", program); + fprintf(stderr, "%s\n", "$Id$"); + exit(1); +} int main(int argc, char *argv[]) { int fd = -1, dirfd = -1; + int c; + int do_delete = 0; + int do_rename = 0; + char *dir, *file, *newdir = NULL; - if (argc != 3){ - fprintf(stderr, "usage: %s dir file\n", argv[0]); - return 1; + while ((c = getopt_long (argc, argv, "+hdr:", long_options, NULL)) != -1) { + switch (c) { + case 'd': + do_delete = 1; + break; + case 'r': + do_rename = 1; + newdir = optarg; + break; + case 'h': + /* fall through */ + default: + usage(argv[0]); + break; + } } - dirfd = open(argv[1], O_RDONLY | O_DIRECTORY); + if (argc - optind != 2) + usage(argv[0]); + + dir = argv[optind]; + file = argv[optind + 1]; + + dirfd = open(dir, O_RDONLY | O_DIRECTORY); if (dirfd == -1) { fprintf(stderr, "FAIL: open %s failed - %s\n", - argv[1], strerror(errno)); + dir, strerror(errno)); return 1; } - fd = openat(dirfd, argv[2], O_RDWR | O_CREAT, S_IWUSR | S_IRUSR); + if (do_delete && rmdir(dir) == -1) { + fprintf(stderr, "FAIL: rmdir %s failed - %s\n", + dir, strerror(errno)); + return 1; + } else if (do_rename && rename(dir, newdir) == -1) { + fprintf(stderr, "FAIL: rename %s, %s failed - %s\n", + dir, newdir, strerror(errno)); + return 1; + } + + fd = openat(dirfd, file, O_RDWR | O_CREAT, S_IWUSR | S_IRUSR); if (fd == -1) { fprintf(stderr, "FAIL: openat %s failed - %s\n", - argv[2], strerror(errno)); + file, strerror(errno)); close(dirfd); return 1; } diff --git a/tests/regression/subdomain/openat.sh b/tests/regression/subdomain/openat.sh index 05c60931b..71550dde2 100755 --- a/tests/regression/subdomain/openat.sh +++ b/tests/regression/subdomain/openat.sh @@ -11,8 +11,6 @@ #=NAME open #=DESCRIPTION # Verify that the openat syscall is correctly managed for confined profiles. -# FIXME: need to add tests that delete the directory after it is opened -# but before the openat() call occurs. #=END pwd=`dirname $0` @@ -22,43 +20,79 @@ bin=$pwd . $bin/prologue.inc +dir=${tmpdir} subdir=deleteme +otherdir=otherdir file=${subdir}/file -filepath=${tmpdir}/${file} +filepath=${dir}/${file} okperm=rw badperm1=r badperm2=w -mkdir ${tmpdir}/${subdir} +resettest () { + rm -rf ${dir}/${subdir} ${dir}/${otherdir} + mkdir ${dir}/${subdir} +} # PASS UNCONFINED -runchecktest "OPENAT unconfined RW (create) " pass $tmpdir $file +resettest +runchecktest "OPENAT unconfined RW (create) " pass $dir $file # PASS TEST (the file shouldn't exist, so open should create it -rm -f ${filepath} -genprofile ${tmpdir}:r ${filepath}:$okperm -runchecktest "OPENAT RW (create) " pass $tmpdir $file +resettest +genprofile ${dir}:r ${filepath}:$okperm +runchecktest "OPENAT RW (create) " pass $dir $file # PASS TEST -genprofile ${tmpdir}:r ${filepath}:$okperm -runchecktest "OPENAT RW" pass $tmpdir $file +resettest +touch ${filepath} +genprofile ${dir}:r ${filepath}:$okperm +runchecktest "OPENAT RW (exists)" pass $dir $file # FAILURE TEST (1) -genprofile ${tmpdir}:r ${filepath}:$badperm1 -runchecktest "OPENAT R" fail $tmpdir $file +resettest +touch ${filepath} +genprofile ${dir}:r ${filepath}:$badperm1 +runchecktest "OPENAT R" fail $dir $file # FAILURE TEST (2) -genprofile ${tmpdir}:r ${filepath}:$badperm2 -runchecktest "OPENAT W" fail $tmpdir $file +resettest +touch ${filepath} +genprofile ${dir}:r ${filepath}:$badperm2 +runchecktest "OPENAT W (exists)" fail $dir $file # FAILURE TEST (3) -genprofile ${tmpdir}:r ${filepath}:$badperm1 cap:dac_override -runchecktest "OPENAT R+dac_override" fail $tmpdir $file +resettest +genprofile ${dir}:r ${filepath}:$badperm1 cap:dac_override +runchecktest "OPENAT R+dac_override" fail $dir $file # FAILURE TEST (4) # This is testing for bug: https://bugs.wirex.com/show_bug.cgi?id=2885 # When we open O_CREAT|O_RDWR, we are (were?) allowing only write access # to be required. -rm -f ${filepath} -genprofile ${tmpdir}:r ${filepath}:$badperm2 -runchecktest "OPENAT W (create)" fail $tmpdir $file +resettest +genprofile ${dir}:r ${filepath}:$badperm2 +runchecktest "OPENAT W (create)" fail $dir $file + +# PASS rename of directory in between opendir/openat +resettest +genprofile ${dir}/${subdir}:rw ${dir}/otherdir:w ${dir}/otherdir/file:rw +runchecktest "OPENAT RW (rename/newpath)" pass --rename ${dir}/otherdir ${dir}/${subdir} file + +# PASS rename of directory in between opendir/openat - file exists +resettest +touch ${filepath} +genprofile ${dir}/${subdir}:rw ${dir}/otherdir:w ${dir}/otherdir/file:rw +runchecktest "OPENAT RW (rename/newpath)" pass --rename ${dir}/otherdir ${dir}/${subdir} file + +# FAIL rename of directory in between opendir/openat - use old name +resettest +genprofile ${dir}/${subdir}:rw ${dir}/otherdir:w ${dir}/${subdir}/file:rw +runchecktest "OPENAT RW (rename/newpath)" fail --rename ${dir}/otherdir ${dir}/${subdir} file +exit + +# FAIL rename of directory in between opendir/openat - use old name, file exists +resettest +touch ${filepath} +genprofile ${dir}/${subdir}:rw ${dir}/otherdir:w ${dir}/${subdir}/file:rw +runchecktest "OPENAT RW (rename/newpath)" fail --rename ${dir}/otherdir ${dir}/${subdir} file