162306a36Sopenharmony_ci/* 262306a36Sopenharmony_ci * Copyright (c) 2021 Alexey Dobriyan <adobriyan@gmail.com> 362306a36Sopenharmony_ci * 462306a36Sopenharmony_ci * Permission to use, copy, modify, and distribute this software for any 562306a36Sopenharmony_ci * purpose with or without fee is hereby granted, provided that the above 662306a36Sopenharmony_ci * copyright notice and this permission notice appear in all copies. 762306a36Sopenharmony_ci * 862306a36Sopenharmony_ci * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 962306a36Sopenharmony_ci * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 1062306a36Sopenharmony_ci * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 1162306a36Sopenharmony_ci * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 1262306a36Sopenharmony_ci * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 1362306a36Sopenharmony_ci * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 1462306a36Sopenharmony_ci * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 1562306a36Sopenharmony_ci */ 1662306a36Sopenharmony_ci/* 1762306a36Sopenharmony_ci * Test that "mount -t proc -o subset=pid" hides everything but pids, 1862306a36Sopenharmony_ci * /proc/self and /proc/thread-self. 1962306a36Sopenharmony_ci */ 2062306a36Sopenharmony_ci#undef NDEBUG 2162306a36Sopenharmony_ci#include <assert.h> 2262306a36Sopenharmony_ci#include <errno.h> 2362306a36Sopenharmony_ci#include <sched.h> 2462306a36Sopenharmony_ci#include <stdbool.h> 2562306a36Sopenharmony_ci#include <stdlib.h> 2662306a36Sopenharmony_ci#include <string.h> 2762306a36Sopenharmony_ci#include <sys/mount.h> 2862306a36Sopenharmony_ci#include <sys/types.h> 2962306a36Sopenharmony_ci#include <sys/stat.h> 3062306a36Sopenharmony_ci#include <fcntl.h> 3162306a36Sopenharmony_ci#include <dirent.h> 3262306a36Sopenharmony_ci#include <unistd.h> 3362306a36Sopenharmony_ci#include <stdio.h> 3462306a36Sopenharmony_ci 3562306a36Sopenharmony_cistatic inline bool streq(const char *a, const char *b) 3662306a36Sopenharmony_ci{ 3762306a36Sopenharmony_ci return strcmp(a, b) == 0; 3862306a36Sopenharmony_ci} 3962306a36Sopenharmony_ci 4062306a36Sopenharmony_cistatic void make_private_proc(void) 4162306a36Sopenharmony_ci{ 4262306a36Sopenharmony_ci if (unshare(CLONE_NEWNS) == -1) { 4362306a36Sopenharmony_ci if (errno == ENOSYS || errno == EPERM) { 4462306a36Sopenharmony_ci exit(4); 4562306a36Sopenharmony_ci } 4662306a36Sopenharmony_ci exit(1); 4762306a36Sopenharmony_ci } 4862306a36Sopenharmony_ci if (mount(NULL, "/", NULL, MS_PRIVATE|MS_REC, NULL) == -1) { 4962306a36Sopenharmony_ci exit(1); 5062306a36Sopenharmony_ci } 5162306a36Sopenharmony_ci if (mount(NULL, "/proc", "proc", 0, "subset=pid") == -1) { 5262306a36Sopenharmony_ci exit(1); 5362306a36Sopenharmony_ci } 5462306a36Sopenharmony_ci} 5562306a36Sopenharmony_ci 5662306a36Sopenharmony_cistatic bool string_is_pid(const char *s) 5762306a36Sopenharmony_ci{ 5862306a36Sopenharmony_ci while (1) { 5962306a36Sopenharmony_ci switch (*s++) { 6062306a36Sopenharmony_ci case '0':case '1':case '2':case '3':case '4': 6162306a36Sopenharmony_ci case '5':case '6':case '7':case '8':case '9': 6262306a36Sopenharmony_ci continue; 6362306a36Sopenharmony_ci 6462306a36Sopenharmony_ci case '\0': 6562306a36Sopenharmony_ci return true; 6662306a36Sopenharmony_ci 6762306a36Sopenharmony_ci default: 6862306a36Sopenharmony_ci return false; 6962306a36Sopenharmony_ci } 7062306a36Sopenharmony_ci } 7162306a36Sopenharmony_ci} 7262306a36Sopenharmony_ci 7362306a36Sopenharmony_ciint main(void) 7462306a36Sopenharmony_ci{ 7562306a36Sopenharmony_ci make_private_proc(); 7662306a36Sopenharmony_ci 7762306a36Sopenharmony_ci DIR *d = opendir("/proc"); 7862306a36Sopenharmony_ci assert(d); 7962306a36Sopenharmony_ci 8062306a36Sopenharmony_ci struct dirent *de; 8162306a36Sopenharmony_ci 8262306a36Sopenharmony_ci bool dot = false; 8362306a36Sopenharmony_ci bool dot_dot = false; 8462306a36Sopenharmony_ci bool self = false; 8562306a36Sopenharmony_ci bool thread_self = false; 8662306a36Sopenharmony_ci 8762306a36Sopenharmony_ci while ((de = readdir(d))) { 8862306a36Sopenharmony_ci if (streq(de->d_name, ".")) { 8962306a36Sopenharmony_ci assert(!dot); 9062306a36Sopenharmony_ci dot = true; 9162306a36Sopenharmony_ci assert(de->d_type == DT_DIR); 9262306a36Sopenharmony_ci } else if (streq(de->d_name, "..")) { 9362306a36Sopenharmony_ci assert(!dot_dot); 9462306a36Sopenharmony_ci dot_dot = true; 9562306a36Sopenharmony_ci assert(de->d_type == DT_DIR); 9662306a36Sopenharmony_ci } else if (streq(de->d_name, "self")) { 9762306a36Sopenharmony_ci assert(!self); 9862306a36Sopenharmony_ci self = true; 9962306a36Sopenharmony_ci assert(de->d_type == DT_LNK); 10062306a36Sopenharmony_ci } else if (streq(de->d_name, "thread-self")) { 10162306a36Sopenharmony_ci assert(!thread_self); 10262306a36Sopenharmony_ci thread_self = true; 10362306a36Sopenharmony_ci assert(de->d_type == DT_LNK); 10462306a36Sopenharmony_ci } else { 10562306a36Sopenharmony_ci if (!string_is_pid(de->d_name)) { 10662306a36Sopenharmony_ci fprintf(stderr, "d_name '%s'\n", de->d_name); 10762306a36Sopenharmony_ci assert(0); 10862306a36Sopenharmony_ci } 10962306a36Sopenharmony_ci assert(de->d_type == DT_DIR); 11062306a36Sopenharmony_ci } 11162306a36Sopenharmony_ci } 11262306a36Sopenharmony_ci 11362306a36Sopenharmony_ci char c; 11462306a36Sopenharmony_ci int rv = readlink("/proc/cpuinfo", &c, 1); 11562306a36Sopenharmony_ci assert(rv == -1 && errno == ENOENT); 11662306a36Sopenharmony_ci 11762306a36Sopenharmony_ci int fd = open("/proc/cpuinfo", O_RDONLY); 11862306a36Sopenharmony_ci assert(fd == -1 && errno == ENOENT); 11962306a36Sopenharmony_ci 12062306a36Sopenharmony_ci return 0; 12162306a36Sopenharmony_ci} 122