1f08c3bdfSopenharmony_ci// SPDX-License-Identifier: GPL-2.0-or-later 2f08c3bdfSopenharmony_ci/* 3f08c3bdfSopenharmony_ci * Copyright (C) 2023 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com> 4f08c3bdfSopenharmony_ci */ 5f08c3bdfSopenharmony_ci 6f08c3bdfSopenharmony_ci/*\ 7f08c3bdfSopenharmony_ci * [Description] 8f08c3bdfSopenharmony_ci * 9f08c3bdfSopenharmony_ci * Drop root privileges, create a container with CLONE_NEWUTS and verify that 10f08c3bdfSopenharmony_ci * we receive a permission error. 11f08c3bdfSopenharmony_ci */ 12f08c3bdfSopenharmony_ci 13f08c3bdfSopenharmony_ci#define _GNU_SOURCE 14f08c3bdfSopenharmony_ci 15f08c3bdfSopenharmony_ci#include <pwd.h> 16f08c3bdfSopenharmony_ci#include "tst_test.h" 17f08c3bdfSopenharmony_ci#include "lapi/sched.h" 18f08c3bdfSopenharmony_ci 19f08c3bdfSopenharmony_cistatic char *str_op; 20f08c3bdfSopenharmony_ci 21f08c3bdfSopenharmony_cistatic void run(void) 22f08c3bdfSopenharmony_ci{ 23f08c3bdfSopenharmony_ci const struct tst_clone_args cargs = { 24f08c3bdfSopenharmony_ci .flags = CLONE_NEWUTS, 25f08c3bdfSopenharmony_ci .exit_signal = SIGCHLD, 26f08c3bdfSopenharmony_ci }; 27f08c3bdfSopenharmony_ci struct passwd *pw; 28f08c3bdfSopenharmony_ci 29f08c3bdfSopenharmony_ci tst_res(TINFO, "Dropping root privileges"); 30f08c3bdfSopenharmony_ci 31f08c3bdfSopenharmony_ci pw = SAFE_GETPWNAM("nobody"); 32f08c3bdfSopenharmony_ci SAFE_SETRESUID(pw->pw_uid, pw->pw_uid, pw->pw_uid); 33f08c3bdfSopenharmony_ci 34f08c3bdfSopenharmony_ci if (!str_op || !strcmp(str_op, "clone")) { 35f08c3bdfSopenharmony_ci TEST(tst_clone(&cargs)); 36f08c3bdfSopenharmony_ci 37f08c3bdfSopenharmony_ci if (TST_RET == -1) 38f08c3bdfSopenharmony_ci tst_res(TPASS, "clone3() fails as expected"); 39f08c3bdfSopenharmony_ci else if (TST_RET == -2) 40f08c3bdfSopenharmony_ci tst_res(TPASS, "clone() fails as expected"); 41f08c3bdfSopenharmony_ci else 42f08c3bdfSopenharmony_ci tst_res(TFAIL, "tst_clone returns %ld", TST_RET); 43f08c3bdfSopenharmony_ci 44f08c3bdfSopenharmony_ci TST_EXP_PASS(errno == EPERM); 45f08c3bdfSopenharmony_ci } else { 46f08c3bdfSopenharmony_ci if (!SAFE_FORK()) { 47f08c3bdfSopenharmony_ci TST_EXP_EQ_LI(unshare(CLONE_NEWUTS), -1); 48f08c3bdfSopenharmony_ci TST_EXP_PASS(errno == EPERM); 49f08c3bdfSopenharmony_ci return; 50f08c3bdfSopenharmony_ci } 51f08c3bdfSopenharmony_ci } 52f08c3bdfSopenharmony_ci} 53f08c3bdfSopenharmony_ci 54f08c3bdfSopenharmony_cistatic struct tst_test test = { 55f08c3bdfSopenharmony_ci .test_all = run, 56f08c3bdfSopenharmony_ci .needs_root = 1, 57f08c3bdfSopenharmony_ci .forks_child = 1, 58f08c3bdfSopenharmony_ci .needs_checkpoints = 1, 59f08c3bdfSopenharmony_ci .options = (struct tst_option[]) { 60f08c3bdfSopenharmony_ci { "m:", &str_op, "Test execution mode <clone|unshare>" }, 61f08c3bdfSopenharmony_ci {}, 62f08c3bdfSopenharmony_ci }, 63f08c3bdfSopenharmony_ci}; 64