From f686f7c0ffb2764fa56ecbec1934ea65be018099 Mon Sep 17 00:00:00 2001 From: John Johansen Date: Thu, 1 Aug 2024 04:36:20 +0000 Subject: [PATCH] Merge fix regression test failures for when /tmp is mounted as tmpfs MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1283 Approved-by: John Johansen Merged-by: John Johansen (cherry picked from commit 1fc944bb671c9c02a98213c848217a80d6ee956f) Signed-off-by: John Johansen --- tests/regression/apparmor/mount.inc | 30 ++++++++++++++++++++++ tests/regression/apparmor/mount.sh | 24 +++-------------- tests/regression/apparmor/pivot_root.sh | 26 +++---------------- tests/regression/apparmor/swap.sh | 34 ++++++++++++++++++++----- 4 files changed, 64 insertions(+), 50 deletions(-) create mode 100644 tests/regression/apparmor/mount.inc diff --git a/tests/regression/apparmor/mount.inc b/tests/regression/apparmor/mount.inc new file mode 100644 index 000000000..a22b017c4 --- /dev/null +++ b/tests/regression/apparmor/mount.inc @@ -0,0 +1,30 @@ +root_was_shared="no" +root="/" + +# systemd mounts / and everything under it MS_SHARED. This breaks +# pivot_root and mount "move" operations entirely, so attempt to +# detect from which mount point the test is running from, and remount +# it MS_PRIVATE temporarily. +FINDMNT=/bin/findmnt +if [ -x "${FINDMNT}" ] && ${FINDMNT} -no TARGET,PROPAGATION -T $tmpdir > /dev/null 2>&1 ; then + output="$(${FINDMNT} -no TARGET,PROPAGATION -T $tmpdir)" + root="$(echo $output | cut -d' ' -f1)" + if [ "$(echo $output | cut -d' ' -f2)" == "shared" ] ; then + root_was_shared="yes" + fi +elif [ "$(ps hp1 -ocomm)" = "systemd" ] ; then + # no findmnt or findmnt doesn't know the PROPAGATION column, + # but init is systemd so assume rootfs is shared + root_was_shared="yes" +fi +if [ "${root_was_shared}" = "yes" ] ; then + [ -n "$VERBOSE" ] && echo "notice: re-mounting $root as private" + mount --make-private $root +fi + +prop_cleanup() { + if [ "${root_was_shared}" = "yes" ] ; then + [ -n "$VERBOSE" ] && echo "notice: re-mounting $root as shared" + mount --make-shared $root + fi +} diff --git a/tests/regression/apparmor/mount.sh b/tests/regression/apparmor/mount.sh index 022fc70e7..2c7f00a54 100755 --- a/tests/regression/apparmor/mount.sh +++ b/tests/regression/apparmor/mount.sh @@ -32,7 +32,8 @@ mount_point2=$tmpdir/mountpoint2 mount_bad=$tmpdir/mountbad loop_device="unset" fstype="ext2" -root_was_shared="no" + +. $bin/mount.inc setup_mnt() { /bin/mount -n -t${fstype} ${loop_device} ${mount_point} @@ -59,9 +60,7 @@ mount_cleanup() { then /sbin/losetup -d ${loop_device} &> /dev/null fi - if [ "${root_was_shared}" = "yes" ] ; then - mount --make-shared / - fi + prop_cleanup } do_onexit="mount_cleanup" @@ -81,23 +80,6 @@ fi loop_device=$(losetup -f) || fatalerror 'Unable to find a free loop device' /sbin/losetup "$loop_device" ${mount_file} > /dev/null 2> /dev/null -# systemd mounts / and everything under it MS_SHARED which does -# not work with "move", so attempt to detect it, and remount / -# MS_PRIVATE temporarily. snippet from pivot_root.sh -FINDMNT=/bin/findmnt -if [ -x "${FINDMNT}" ] && ${FINDMNT} -no PROPAGATION / > /dev/null 2>&1 ; then - if [ "$(${FINDMNT} -no PROPAGATION /)" == "shared" ] ; then - root_was_shared="yes" - fi -elif [ "$(ps hp1 -ocomm)" = "systemd" ] ; then - # no findmnt or findmnt doesn't know the PROPAGATION column, - # but init is systemd so assume rootfs is shared - root_was_shared="yes" -fi -if [ "${root_was_shared}" = "yes" ] ; then - mount --make-private / -fi - options=( # default and non-default options "rw,ro" diff --git a/tests/regression/apparmor/pivot_root.sh b/tests/regression/apparmor/pivot_root.sh index dd7104edc..062edfc2e 100755 --- a/tests/regression/apparmor/pivot_root.sh +++ b/tests/regression/apparmor/pivot_root.sh @@ -25,7 +25,8 @@ put_old=${new_root}put_old/ bad=$tmpdir/BAD/ proc=$new_root/proc fstype="ext2" -root_was_shared="no" + +. $bin/mount.inc pivot_root_cleanup() { mountpoint -q "$proc" @@ -38,10 +39,7 @@ pivot_root_cleanup() { umount "$new_root" fi - if [ "${root_was_shared}" = "yes" ] ; then - [ -n "$VERBOSE" ] && echo 'notice: re-mounting / as shared' - mount --make-shared / - fi + prop_cleanup } do_onexit="pivot_root_cleanup" @@ -50,24 +48,6 @@ if [ ! -b /dev/loop0 ] ; then modprobe loop fi -# systemd mounts / and everything under it MS_SHARED. This breaks -# pivot_root entirely, so attempt to detect it, and remount / -# MS_PRIVATE temporarily. -FINDMNT=/bin/findmnt -if [ -x "${FINDMNT}" ] && ${FINDMNT} -no PROPAGATION / > /dev/null 2>&1 ; then - if [ "$(${FINDMNT} -no PROPAGATION /)" = "shared" ] ; then - root_was_shared="yes" - fi -elif [ "$(ps hp1 -ocomm)" = "systemd" ] ; then - # no findmnt or findmnt doesn't know the PROPAGATION column, - # but init is systemd so assume rootfs is shared - root_was_shared="yes" -fi -if [ "${root_was_shared}" = "yes" ] ; then - [ -n "$VERBOSE" ] && echo 'notice: re-mounting / as private' - mount --make-private / -fi - # Create disk image since pivot_root doesn't allow old root and new root to be # on the same filesystem dd if=/dev/zero of="$disk_img" bs=1024 count=512 2> /dev/null diff --git a/tests/regression/apparmor/swap.sh b/tests/regression/apparmor/swap.sh index f8506eb6c..b535c8477 100755 --- a/tests/regression/apparmor/swap.sh +++ b/tests/regression/apparmor/swap.sh @@ -27,16 +27,38 @@ bin=$pwd ## A. SWAP ## -# check if we can run the test at all +swap_file=$tmpdir/swapfile + +# check if we can run the test in tmpdir fstype=$(stat -f --format '%T' "${tmpdir}") if [ "${fstype}" = "tmpfs" ] ; then - echo "ERROR: tmpdir '${tmpdir}' is of type tmpfs; can't mount a swapfile on it" 1>&2 - echo "ERROR: skipping swap tests" 1>&2 - num_testfailures=1 - exit + # create a mountpoint not tmpfs + mount_file=$tmpdir/mountfile + mount_point=$tmpdir/mountpoint + fstype="ext2" + dd if=/dev/zero of=${mount_file} bs=1024 count=900 2> /dev/null + /sbin/mkfs -t${fstype} -F ${mount_file} > /dev/null 2> /dev/null + /bin/mkdir ${mount_point} + + loop_device=$(losetup -f) || fatalerror 'Unable to find a free loop device' + /sbin/losetup "$loop_device" ${mount_file} > /dev/null 2> /dev/null + + /bin/mount -n -t${fstype} ${loop_device} ${mount_point} + + swap_file=$mount_point/swapfile fi -swap_file=$tmpdir/swapfile +remove_mnt() { + mountpoint -q "${mount_point}" + if [ $? -eq 0 ] ; then + /bin/umount -t${fstype} ${mount_point} + fi + if [ -n "$loop_device" ] + then + /sbin/losetup -d ${loop_device} &> /dev/null + fi +} +do_onexit="remove_mnt" # ppc64el wants this to be larger than 640KiB # arm/small machines want this as small as possible