1f08c3bdfSopenharmony_ci// SPDX-License-Identifier: GPL-2.0-or-later 2f08c3bdfSopenharmony_ci/* 3f08c3bdfSopenharmony_ci * Copyright (c) Huawei Technologies Co., Ltd., 2015 4f08c3bdfSopenharmony_ci * Copyright (C) 2022 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com> 5f08c3bdfSopenharmony_ci */ 6f08c3bdfSopenharmony_ci 7f08c3bdfSopenharmony_ci/*\ 8f08c3bdfSopenharmony_ci * [Description] 9f08c3bdfSopenharmony_ci * 10f08c3bdfSopenharmony_ci * Verify that the kernel allows at least 32 nested levels of user namespaces. 11f08c3bdfSopenharmony_ci */ 12f08c3bdfSopenharmony_ci 13f08c3bdfSopenharmony_ci#define _GNU_SOURCE 14f08c3bdfSopenharmony_ci 15f08c3bdfSopenharmony_ci#include <stdio.h> 16f08c3bdfSopenharmony_ci#include <sys/wait.h> 17f08c3bdfSopenharmony_ci#include "common.h" 18f08c3bdfSopenharmony_ci#include "tst_test.h" 19f08c3bdfSopenharmony_ci#include "lapi/sched.h" 20f08c3bdfSopenharmony_ci 21f08c3bdfSopenharmony_ci#define MAXNEST 32 22f08c3bdfSopenharmony_ci 23f08c3bdfSopenharmony_cistatic void child_fn1(const int level) 24f08c3bdfSopenharmony_ci{ 25f08c3bdfSopenharmony_ci const struct tst_clone_args args = { 26f08c3bdfSopenharmony_ci .flags = CLONE_NEWUSER, 27f08c3bdfSopenharmony_ci .exit_signal = SIGCHLD, 28f08c3bdfSopenharmony_ci }; 29f08c3bdfSopenharmony_ci pid_t cpid; 30f08c3bdfSopenharmony_ci int parentuid; 31f08c3bdfSopenharmony_ci int parentgid; 32f08c3bdfSopenharmony_ci 33f08c3bdfSopenharmony_ci TST_CHECKPOINT_WAIT(0); 34f08c3bdfSopenharmony_ci 35f08c3bdfSopenharmony_ci if (level == MAXNEST) { 36f08c3bdfSopenharmony_ci tst_res(TPASS, "nested all children"); 37f08c3bdfSopenharmony_ci return; 38f08c3bdfSopenharmony_ci } 39f08c3bdfSopenharmony_ci 40f08c3bdfSopenharmony_ci cpid = SAFE_CLONE(&args); 41f08c3bdfSopenharmony_ci if (!cpid) { 42f08c3bdfSopenharmony_ci child_fn1(level + 1); 43f08c3bdfSopenharmony_ci return; 44f08c3bdfSopenharmony_ci } 45f08c3bdfSopenharmony_ci 46f08c3bdfSopenharmony_ci parentuid = geteuid(); 47f08c3bdfSopenharmony_ci parentgid = getegid(); 48f08c3bdfSopenharmony_ci 49f08c3bdfSopenharmony_ci updatemap(cpid, UID_MAP, 0, parentuid); 50f08c3bdfSopenharmony_ci updatemap(cpid, GID_MAP, 0, parentgid); 51f08c3bdfSopenharmony_ci 52f08c3bdfSopenharmony_ci TST_CHECKPOINT_WAKE(0); 53f08c3bdfSopenharmony_ci 54f08c3bdfSopenharmony_ci tst_reap_children(); 55f08c3bdfSopenharmony_ci} 56f08c3bdfSopenharmony_ci 57f08c3bdfSopenharmony_cistatic void run(void) 58f08c3bdfSopenharmony_ci{ 59f08c3bdfSopenharmony_ci const struct tst_clone_args args = { 60f08c3bdfSopenharmony_ci .flags = CLONE_NEWUSER, 61f08c3bdfSopenharmony_ci .exit_signal = SIGCHLD, 62f08c3bdfSopenharmony_ci }; 63f08c3bdfSopenharmony_ci pid_t cpid; 64f08c3bdfSopenharmony_ci int parentuid; 65f08c3bdfSopenharmony_ci int parentgid; 66f08c3bdfSopenharmony_ci char path[BUFSIZ]; 67f08c3bdfSopenharmony_ci 68f08c3bdfSopenharmony_ci cpid = SAFE_CLONE(&args); 69f08c3bdfSopenharmony_ci if (!cpid) { 70f08c3bdfSopenharmony_ci child_fn1(0); 71f08c3bdfSopenharmony_ci return; 72f08c3bdfSopenharmony_ci } 73f08c3bdfSopenharmony_ci 74f08c3bdfSopenharmony_ci parentuid = geteuid(); 75f08c3bdfSopenharmony_ci parentgid = getegid(); 76f08c3bdfSopenharmony_ci 77f08c3bdfSopenharmony_ci if (access("/proc/self/setgroups", F_OK) == 0) { 78f08c3bdfSopenharmony_ci sprintf(path, "/proc/%d/setgroups", cpid); 79f08c3bdfSopenharmony_ci SAFE_FILE_PRINTF(path, "deny"); 80f08c3bdfSopenharmony_ci } 81f08c3bdfSopenharmony_ci 82f08c3bdfSopenharmony_ci updatemap(cpid, UID_MAP, 0, parentuid); 83f08c3bdfSopenharmony_ci updatemap(cpid, GID_MAP, 0, parentgid); 84f08c3bdfSopenharmony_ci 85f08c3bdfSopenharmony_ci TST_CHECKPOINT_WAKE(0); 86f08c3bdfSopenharmony_ci} 87f08c3bdfSopenharmony_ci 88f08c3bdfSopenharmony_cistatic struct tst_test test = { 89f08c3bdfSopenharmony_ci .test_all = run, 90f08c3bdfSopenharmony_ci .needs_root = 1, 91f08c3bdfSopenharmony_ci .forks_child = 1, 92f08c3bdfSopenharmony_ci .needs_checkpoints = 1, 93f08c3bdfSopenharmony_ci .needs_kconfigs = (const char *[]) { 94f08c3bdfSopenharmony_ci "CONFIG_USER_NS", 95f08c3bdfSopenharmony_ci NULL, 96f08c3bdfSopenharmony_ci }, 97f08c3bdfSopenharmony_ci .save_restore = (const struct tst_path_val[]) { 98f08c3bdfSopenharmony_ci {"/proc/sys/kernel/unprivileged_userns_clone", "1", TST_SR_SKIP}, 99f08c3bdfSopenharmony_ci {} 100f08c3bdfSopenharmony_ci }, 101f08c3bdfSopenharmony_ci}; 102