162306a36Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0 262306a36Sopenharmony_ci#define _GNU_SOURCE 362306a36Sopenharmony_ci#include <errno.h> 462306a36Sopenharmony_ci#include <fcntl.h> 562306a36Sopenharmony_ci#include <limits.h> 662306a36Sopenharmony_ci#include <sched.h> 762306a36Sopenharmony_ci#include <stdarg.h> 862306a36Sopenharmony_ci#include <stdbool.h> 962306a36Sopenharmony_ci#include <stdio.h> 1062306a36Sopenharmony_ci#include <stdlib.h> 1162306a36Sopenharmony_ci#include <string.h> 1262306a36Sopenharmony_ci#include <sys/mount.h> 1362306a36Sopenharmony_ci#include <sys/stat.h> 1462306a36Sopenharmony_ci#include <sys/types.h> 1562306a36Sopenharmony_ci#include <sys/vfs.h> 1662306a36Sopenharmony_ci#include <unistd.h> 1762306a36Sopenharmony_ci 1862306a36Sopenharmony_ci#ifndef MS_NOSYMFOLLOW 1962306a36Sopenharmony_ci# define MS_NOSYMFOLLOW 256 /* Do not follow symlinks */ 2062306a36Sopenharmony_ci#endif 2162306a36Sopenharmony_ci 2262306a36Sopenharmony_ci#ifndef ST_NOSYMFOLLOW 2362306a36Sopenharmony_ci# define ST_NOSYMFOLLOW 0x2000 /* Do not follow symlinks */ 2462306a36Sopenharmony_ci#endif 2562306a36Sopenharmony_ci 2662306a36Sopenharmony_ci#define DATA "/tmp/data" 2762306a36Sopenharmony_ci#define LINK "/tmp/symlink" 2862306a36Sopenharmony_ci#define TMP "/tmp" 2962306a36Sopenharmony_ci 3062306a36Sopenharmony_cistatic void die(char *fmt, ...) 3162306a36Sopenharmony_ci{ 3262306a36Sopenharmony_ci va_list ap; 3362306a36Sopenharmony_ci 3462306a36Sopenharmony_ci va_start(ap, fmt); 3562306a36Sopenharmony_ci vfprintf(stderr, fmt, ap); 3662306a36Sopenharmony_ci va_end(ap); 3762306a36Sopenharmony_ci exit(EXIT_FAILURE); 3862306a36Sopenharmony_ci} 3962306a36Sopenharmony_ci 4062306a36Sopenharmony_cistatic void vmaybe_write_file(bool enoent_ok, char *filename, char *fmt, 4162306a36Sopenharmony_ci va_list ap) 4262306a36Sopenharmony_ci{ 4362306a36Sopenharmony_ci ssize_t written; 4462306a36Sopenharmony_ci char buf[4096]; 4562306a36Sopenharmony_ci int buf_len; 4662306a36Sopenharmony_ci int fd; 4762306a36Sopenharmony_ci 4862306a36Sopenharmony_ci buf_len = vsnprintf(buf, sizeof(buf), fmt, ap); 4962306a36Sopenharmony_ci if (buf_len < 0) 5062306a36Sopenharmony_ci die("vsnprintf failed: %s\n", strerror(errno)); 5162306a36Sopenharmony_ci 5262306a36Sopenharmony_ci if (buf_len >= sizeof(buf)) 5362306a36Sopenharmony_ci die("vsnprintf output truncated\n"); 5462306a36Sopenharmony_ci 5562306a36Sopenharmony_ci fd = open(filename, O_WRONLY); 5662306a36Sopenharmony_ci if (fd < 0) { 5762306a36Sopenharmony_ci if ((errno == ENOENT) && enoent_ok) 5862306a36Sopenharmony_ci return; 5962306a36Sopenharmony_ci die("open of %s failed: %s\n", filename, strerror(errno)); 6062306a36Sopenharmony_ci } 6162306a36Sopenharmony_ci 6262306a36Sopenharmony_ci written = write(fd, buf, buf_len); 6362306a36Sopenharmony_ci if (written != buf_len) { 6462306a36Sopenharmony_ci if (written >= 0) { 6562306a36Sopenharmony_ci die("short write to %s\n", filename); 6662306a36Sopenharmony_ci } else { 6762306a36Sopenharmony_ci die("write to %s failed: %s\n", 6862306a36Sopenharmony_ci filename, strerror(errno)); 6962306a36Sopenharmony_ci } 7062306a36Sopenharmony_ci } 7162306a36Sopenharmony_ci 7262306a36Sopenharmony_ci if (close(fd) != 0) 7362306a36Sopenharmony_ci die("close of %s failed: %s\n", filename, strerror(errno)); 7462306a36Sopenharmony_ci} 7562306a36Sopenharmony_ci 7662306a36Sopenharmony_cistatic void maybe_write_file(char *filename, char *fmt, ...) 7762306a36Sopenharmony_ci{ 7862306a36Sopenharmony_ci va_list ap; 7962306a36Sopenharmony_ci 8062306a36Sopenharmony_ci va_start(ap, fmt); 8162306a36Sopenharmony_ci vmaybe_write_file(true, filename, fmt, ap); 8262306a36Sopenharmony_ci va_end(ap); 8362306a36Sopenharmony_ci} 8462306a36Sopenharmony_ci 8562306a36Sopenharmony_cistatic void write_file(char *filename, char *fmt, ...) 8662306a36Sopenharmony_ci{ 8762306a36Sopenharmony_ci va_list ap; 8862306a36Sopenharmony_ci 8962306a36Sopenharmony_ci va_start(ap, fmt); 9062306a36Sopenharmony_ci vmaybe_write_file(false, filename, fmt, ap); 9162306a36Sopenharmony_ci va_end(ap); 9262306a36Sopenharmony_ci} 9362306a36Sopenharmony_ci 9462306a36Sopenharmony_cistatic void create_and_enter_ns(void) 9562306a36Sopenharmony_ci{ 9662306a36Sopenharmony_ci uid_t uid = getuid(); 9762306a36Sopenharmony_ci gid_t gid = getgid(); 9862306a36Sopenharmony_ci 9962306a36Sopenharmony_ci if (unshare(CLONE_NEWUSER) != 0) 10062306a36Sopenharmony_ci die("unshare(CLONE_NEWUSER) failed: %s\n", strerror(errno)); 10162306a36Sopenharmony_ci 10262306a36Sopenharmony_ci maybe_write_file("/proc/self/setgroups", "deny"); 10362306a36Sopenharmony_ci write_file("/proc/self/uid_map", "0 %d 1", uid); 10462306a36Sopenharmony_ci write_file("/proc/self/gid_map", "0 %d 1", gid); 10562306a36Sopenharmony_ci 10662306a36Sopenharmony_ci if (setgid(0) != 0) 10762306a36Sopenharmony_ci die("setgid(0) failed %s\n", strerror(errno)); 10862306a36Sopenharmony_ci if (setuid(0) != 0) 10962306a36Sopenharmony_ci die("setuid(0) failed %s\n", strerror(errno)); 11062306a36Sopenharmony_ci 11162306a36Sopenharmony_ci if (unshare(CLONE_NEWNS) != 0) 11262306a36Sopenharmony_ci die("unshare(CLONE_NEWNS) failed: %s\n", strerror(errno)); 11362306a36Sopenharmony_ci} 11462306a36Sopenharmony_ci 11562306a36Sopenharmony_cistatic void setup_symlink(void) 11662306a36Sopenharmony_ci{ 11762306a36Sopenharmony_ci int data, err; 11862306a36Sopenharmony_ci 11962306a36Sopenharmony_ci data = creat(DATA, O_RDWR); 12062306a36Sopenharmony_ci if (data < 0) 12162306a36Sopenharmony_ci die("creat failed: %s\n", strerror(errno)); 12262306a36Sopenharmony_ci 12362306a36Sopenharmony_ci err = symlink(DATA, LINK); 12462306a36Sopenharmony_ci if (err < 0) 12562306a36Sopenharmony_ci die("symlink failed: %s\n", strerror(errno)); 12662306a36Sopenharmony_ci 12762306a36Sopenharmony_ci if (close(data) != 0) 12862306a36Sopenharmony_ci die("close of %s failed: %s\n", DATA, strerror(errno)); 12962306a36Sopenharmony_ci} 13062306a36Sopenharmony_ci 13162306a36Sopenharmony_cistatic void test_link_traversal(bool nosymfollow) 13262306a36Sopenharmony_ci{ 13362306a36Sopenharmony_ci int link; 13462306a36Sopenharmony_ci 13562306a36Sopenharmony_ci link = open(LINK, 0, O_RDWR); 13662306a36Sopenharmony_ci if (nosymfollow) { 13762306a36Sopenharmony_ci if ((link != -1 || errno != ELOOP)) { 13862306a36Sopenharmony_ci die("link traversal unexpected result: %d, %s\n", 13962306a36Sopenharmony_ci link, strerror(errno)); 14062306a36Sopenharmony_ci } 14162306a36Sopenharmony_ci } else { 14262306a36Sopenharmony_ci if (link < 0) 14362306a36Sopenharmony_ci die("link traversal failed: %s\n", strerror(errno)); 14462306a36Sopenharmony_ci 14562306a36Sopenharmony_ci if (close(link) != 0) 14662306a36Sopenharmony_ci die("close of link failed: %s\n", strerror(errno)); 14762306a36Sopenharmony_ci } 14862306a36Sopenharmony_ci} 14962306a36Sopenharmony_ci 15062306a36Sopenharmony_cistatic void test_readlink(void) 15162306a36Sopenharmony_ci{ 15262306a36Sopenharmony_ci char buf[4096]; 15362306a36Sopenharmony_ci ssize_t ret; 15462306a36Sopenharmony_ci 15562306a36Sopenharmony_ci bzero(buf, sizeof(buf)); 15662306a36Sopenharmony_ci 15762306a36Sopenharmony_ci ret = readlink(LINK, buf, sizeof(buf)); 15862306a36Sopenharmony_ci if (ret < 0) 15962306a36Sopenharmony_ci die("readlink failed: %s\n", strerror(errno)); 16062306a36Sopenharmony_ci if (strcmp(buf, DATA) != 0) 16162306a36Sopenharmony_ci die("readlink strcmp failed: '%s' '%s'\n", buf, DATA); 16262306a36Sopenharmony_ci} 16362306a36Sopenharmony_ci 16462306a36Sopenharmony_cistatic void test_realpath(void) 16562306a36Sopenharmony_ci{ 16662306a36Sopenharmony_ci char *path = realpath(LINK, NULL); 16762306a36Sopenharmony_ci 16862306a36Sopenharmony_ci if (!path) 16962306a36Sopenharmony_ci die("realpath failed: %s\n", strerror(errno)); 17062306a36Sopenharmony_ci if (strcmp(path, DATA) != 0) 17162306a36Sopenharmony_ci die("realpath strcmp failed\n"); 17262306a36Sopenharmony_ci 17362306a36Sopenharmony_ci free(path); 17462306a36Sopenharmony_ci} 17562306a36Sopenharmony_ci 17662306a36Sopenharmony_cistatic void test_statfs(bool nosymfollow) 17762306a36Sopenharmony_ci{ 17862306a36Sopenharmony_ci struct statfs buf; 17962306a36Sopenharmony_ci int ret; 18062306a36Sopenharmony_ci 18162306a36Sopenharmony_ci ret = statfs(TMP, &buf); 18262306a36Sopenharmony_ci if (ret) 18362306a36Sopenharmony_ci die("statfs failed: %s\n", strerror(errno)); 18462306a36Sopenharmony_ci 18562306a36Sopenharmony_ci if (nosymfollow) { 18662306a36Sopenharmony_ci if ((buf.f_flags & ST_NOSYMFOLLOW) == 0) 18762306a36Sopenharmony_ci die("ST_NOSYMFOLLOW not set on %s\n", TMP); 18862306a36Sopenharmony_ci } else { 18962306a36Sopenharmony_ci if ((buf.f_flags & ST_NOSYMFOLLOW) != 0) 19062306a36Sopenharmony_ci die("ST_NOSYMFOLLOW set on %s\n", TMP); 19162306a36Sopenharmony_ci } 19262306a36Sopenharmony_ci} 19362306a36Sopenharmony_ci 19462306a36Sopenharmony_cistatic void run_tests(bool nosymfollow) 19562306a36Sopenharmony_ci{ 19662306a36Sopenharmony_ci test_link_traversal(nosymfollow); 19762306a36Sopenharmony_ci test_readlink(); 19862306a36Sopenharmony_ci test_realpath(); 19962306a36Sopenharmony_ci test_statfs(nosymfollow); 20062306a36Sopenharmony_ci} 20162306a36Sopenharmony_ci 20262306a36Sopenharmony_ciint main(int argc, char **argv) 20362306a36Sopenharmony_ci{ 20462306a36Sopenharmony_ci create_and_enter_ns(); 20562306a36Sopenharmony_ci 20662306a36Sopenharmony_ci if (mount("testing", TMP, "ramfs", 0, NULL) != 0) 20762306a36Sopenharmony_ci die("mount failed: %s\n", strerror(errno)); 20862306a36Sopenharmony_ci 20962306a36Sopenharmony_ci setup_symlink(); 21062306a36Sopenharmony_ci run_tests(false); 21162306a36Sopenharmony_ci 21262306a36Sopenharmony_ci if (mount("testing", TMP, "ramfs", MS_REMOUNT|MS_NOSYMFOLLOW, NULL) != 0) 21362306a36Sopenharmony_ci die("remount failed: %s\n", strerror(errno)); 21462306a36Sopenharmony_ci 21562306a36Sopenharmony_ci run_tests(true); 21662306a36Sopenharmony_ci 21762306a36Sopenharmony_ci return EXIT_SUCCESS; 21862306a36Sopenharmony_ci} 219