1f08c3bdfSopenharmony_ci// SPDX-License-Identifier: GPL-2.0-or-later 2f08c3bdfSopenharmony_ci// 3f08c3bdfSopenharmony_ci// Copyright (c) 2019 Google, Inc. 4f08c3bdfSopenharmony_ci 5f08c3bdfSopenharmony_ci#define _GNU_SOURCE 6f08c3bdfSopenharmony_ci 7f08c3bdfSopenharmony_ci#include "config.h" 8f08c3bdfSopenharmony_ci 9f08c3bdfSopenharmony_ci#include <errno.h> 10f08c3bdfSopenharmony_ci#include <lapi/syscalls.h> 11f08c3bdfSopenharmony_ci#include <sched.h> 12f08c3bdfSopenharmony_ci#include <stdlib.h> 13f08c3bdfSopenharmony_ci 14f08c3bdfSopenharmony_ci#include "tst_test.h" 15f08c3bdfSopenharmony_ci#include "lapi/mount.h" 16f08c3bdfSopenharmony_ci 17f08c3bdfSopenharmony_ci#ifdef HAVE_UNSHARE 18f08c3bdfSopenharmony_ci 19f08c3bdfSopenharmony_ci#ifdef HAVE_LIBCAP 20f08c3bdfSopenharmony_ci#include <sys/capability.h> 21f08c3bdfSopenharmony_ci#endif 22f08c3bdfSopenharmony_ci 23f08c3bdfSopenharmony_ci#define CHROOT_DIR "chroot" 24f08c3bdfSopenharmony_ci#define NEW_ROOT "/new_root" 25f08c3bdfSopenharmony_ci#define PUT_OLD "/new_root/put_old" 26f08c3bdfSopenharmony_ci#define PUT_OLD_FS "/put_old_fs" 27f08c3bdfSopenharmony_ci#define PUT_OLD_BAD "/put_old_fs/put_old" 28f08c3bdfSopenharmony_ci 29f08c3bdfSopenharmony_cienum { 30f08c3bdfSopenharmony_ci /* 31f08c3bdfSopenharmony_ci * Test consists of a series of steps that allow pivot_root to succeed, 32f08c3bdfSopenharmony_ci * which is run when param is NORMAL. All other values tweak one of the 33f08c3bdfSopenharmony_ci * steps to induce a failure, and check the errno is as expected. 34f08c3bdfSopenharmony_ci */ 35f08c3bdfSopenharmony_ci NORMAL, 36f08c3bdfSopenharmony_ci 37f08c3bdfSopenharmony_ci /* 38f08c3bdfSopenharmony_ci * EBUSY 39f08c3bdfSopenharmony_ci * new_root or put_old are on the current root file system 40f08c3bdfSopenharmony_ci */ 41f08c3bdfSopenharmony_ci NEW_ROOT_ON_CURRENT_ROOT, 42f08c3bdfSopenharmony_ci 43f08c3bdfSopenharmony_ci /* 44f08c3bdfSopenharmony_ci * EINVAL 45f08c3bdfSopenharmony_ci * put_old is not underneath new_root 46f08c3bdfSopenharmony_ci * Note: if put_old and new_root are on the same fs, 47f08c3bdfSopenharmony_ci * pivot_root fails with EBUSY before testing reachability 48f08c3bdfSopenharmony_ci */ 49f08c3bdfSopenharmony_ci PUT_OLD_NOT_UNDERNEATH_NEW_ROOT, 50f08c3bdfSopenharmony_ci 51f08c3bdfSopenharmony_ci /* 52f08c3bdfSopenharmony_ci * ENOTDIR 53f08c3bdfSopenharmony_ci * new_root or put_old is not a directory 54f08c3bdfSopenharmony_ci */ 55f08c3bdfSopenharmony_ci PUT_OLD_NOT_DIR, 56f08c3bdfSopenharmony_ci 57f08c3bdfSopenharmony_ci /* 58f08c3bdfSopenharmony_ci * EPERM 59f08c3bdfSopenharmony_ci * The calling process does not have the CAP_SYS_ADMIN capability. 60f08c3bdfSopenharmony_ci */ 61f08c3bdfSopenharmony_ci NO_CAP_SYS_ADMIN, 62f08c3bdfSopenharmony_ci}; 63f08c3bdfSopenharmony_ci 64f08c3bdfSopenharmony_cistatic const struct test_case { 65f08c3bdfSopenharmony_ci int test_case; 66f08c3bdfSopenharmony_ci int expected_error; 67f08c3bdfSopenharmony_ci} test_cases[] = { 68f08c3bdfSopenharmony_ci {NORMAL, 0}, 69f08c3bdfSopenharmony_ci {NEW_ROOT_ON_CURRENT_ROOT, EBUSY}, 70f08c3bdfSopenharmony_ci {PUT_OLD_NOT_UNDERNEATH_NEW_ROOT, EINVAL}, 71f08c3bdfSopenharmony_ci {PUT_OLD_NOT_DIR, ENOTDIR}, 72f08c3bdfSopenharmony_ci {NO_CAP_SYS_ADMIN, EPERM}, 73f08c3bdfSopenharmony_ci}; 74f08c3bdfSopenharmony_ci 75f08c3bdfSopenharmony_ci#ifdef HAVE_LIBCAP 76f08c3bdfSopenharmony_cistatic void drop_cap_sys_admin(void) 77f08c3bdfSopenharmony_ci{ 78f08c3bdfSopenharmony_ci cap_value_t cap_value[] = { CAP_SYS_ADMIN }; 79f08c3bdfSopenharmony_ci cap_t cap = cap_get_proc(); 80f08c3bdfSopenharmony_ci if (!cap) 81f08c3bdfSopenharmony_ci tst_brk(TBROK | TERRNO, "cap_get_proc failed"); 82f08c3bdfSopenharmony_ci 83f08c3bdfSopenharmony_ci if (cap_set_flag(cap, CAP_EFFECTIVE, 1, cap_value, CAP_CLEAR)) 84f08c3bdfSopenharmony_ci tst_brk(TBROK | TERRNO, "cap_set_flag failed"); 85f08c3bdfSopenharmony_ci 86f08c3bdfSopenharmony_ci if (cap_set_proc(cap)) 87f08c3bdfSopenharmony_ci tst_brk(TBROK | TERRNO, "cap_set_proc failed"); 88f08c3bdfSopenharmony_ci} 89f08c3bdfSopenharmony_ci#endif 90f08c3bdfSopenharmony_ci 91f08c3bdfSopenharmony_cistatic void run(unsigned int test_case) 92f08c3bdfSopenharmony_ci{ 93f08c3bdfSopenharmony_ci /* Work in child process - needed to undo unshare and chroot */ 94f08c3bdfSopenharmony_ci if (SAFE_FORK()) { 95f08c3bdfSopenharmony_ci tst_reap_children(); 96f08c3bdfSopenharmony_ci return; 97f08c3bdfSopenharmony_ci } 98f08c3bdfSopenharmony_ci 99f08c3bdfSopenharmony_ci /* pivot_root requires no shared mounts exist in process namespace */ 100f08c3bdfSopenharmony_ci TEST(unshare(CLONE_NEWNS | CLONE_FS)); 101f08c3bdfSopenharmony_ci if (TST_RET == -1) 102f08c3bdfSopenharmony_ci tst_brk(TFAIL | TTERRNO, "unshare failed"); 103f08c3bdfSopenharmony_ci 104f08c3bdfSopenharmony_ci /* 105f08c3bdfSopenharmony_ci * Create an initial root dir. pivot_root doesn't work if the initial root 106f08c3bdfSopenharmony_ci * dir is a initramfs, so use chroot to create a safe environment 107f08c3bdfSopenharmony_ci */ 108f08c3bdfSopenharmony_ci SAFE_MOUNT("none", "/", NULL, MS_REC|MS_PRIVATE, NULL); 109f08c3bdfSopenharmony_ci SAFE_MOUNT("none", CHROOT_DIR, "tmpfs", 0, 0); 110f08c3bdfSopenharmony_ci SAFE_CHROOT(CHROOT_DIR); 111f08c3bdfSopenharmony_ci 112f08c3bdfSopenharmony_ci SAFE_MKDIR(NEW_ROOT, 0777); 113f08c3bdfSopenharmony_ci 114f08c3bdfSopenharmony_ci /* 115f08c3bdfSopenharmony_ci * pivot_root only works if new_root is a mount point, so mount a tmpfs 116f08c3bdfSopenharmony_ci * unless testing for that fail mode 117f08c3bdfSopenharmony_ci */ 118f08c3bdfSopenharmony_ci if (test_cases[test_case].test_case != NEW_ROOT_ON_CURRENT_ROOT) 119f08c3bdfSopenharmony_ci SAFE_MOUNT("none", NEW_ROOT, "tmpfs", 0, 0); 120f08c3bdfSopenharmony_ci 121f08c3bdfSopenharmony_ci /* 122f08c3bdfSopenharmony_ci * Create put_old under new_root, unless testing for that specific fail 123f08c3bdfSopenharmony_ci * mode 124f08c3bdfSopenharmony_ci */ 125f08c3bdfSopenharmony_ci const char* actual_put_old = NULL; 126f08c3bdfSopenharmony_ci if (test_cases[test_case].test_case == PUT_OLD_NOT_UNDERNEATH_NEW_ROOT) { 127f08c3bdfSopenharmony_ci actual_put_old = PUT_OLD_BAD; 128f08c3bdfSopenharmony_ci SAFE_MKDIR(PUT_OLD_FS, 0777); 129f08c3bdfSopenharmony_ci SAFE_MOUNT("none", PUT_OLD_FS, "tmpfs", 0, 0); 130f08c3bdfSopenharmony_ci SAFE_MKDIR(PUT_OLD_BAD, 0777); 131f08c3bdfSopenharmony_ci } else { 132f08c3bdfSopenharmony_ci actual_put_old = PUT_OLD; 133f08c3bdfSopenharmony_ci 134f08c3bdfSopenharmony_ci if (test_cases[test_case].test_case == PUT_OLD_NOT_DIR) 135f08c3bdfSopenharmony_ci SAFE_CREAT(PUT_OLD, 0777); 136f08c3bdfSopenharmony_ci else 137f08c3bdfSopenharmony_ci SAFE_MKDIR(PUT_OLD, 0777); 138f08c3bdfSopenharmony_ci } 139f08c3bdfSopenharmony_ci 140f08c3bdfSopenharmony_ci if (test_cases[test_case].test_case == NO_CAP_SYS_ADMIN) { 141f08c3bdfSopenharmony_ci#ifdef HAVE_LIBCAP 142f08c3bdfSopenharmony_ci drop_cap_sys_admin(); 143f08c3bdfSopenharmony_ci#else 144f08c3bdfSopenharmony_ci tst_res(TCONF, 145f08c3bdfSopenharmony_ci "System doesn't have POSIX capabilities support"); 146f08c3bdfSopenharmony_ci return; 147f08c3bdfSopenharmony_ci#endif 148f08c3bdfSopenharmony_ci } 149f08c3bdfSopenharmony_ci 150f08c3bdfSopenharmony_ci TEST(syscall(__NR_pivot_root, NEW_ROOT, actual_put_old)); 151f08c3bdfSopenharmony_ci 152f08c3bdfSopenharmony_ci if (test_cases[test_case].test_case == NORMAL) { 153f08c3bdfSopenharmony_ci if (TST_RET) 154f08c3bdfSopenharmony_ci tst_res(TFAIL | TTERRNO, "pivot_root failed"); 155f08c3bdfSopenharmony_ci else 156f08c3bdfSopenharmony_ci tst_res(TPASS, "pivot_root succeeded"); 157f08c3bdfSopenharmony_ci 158f08c3bdfSopenharmony_ci return; 159f08c3bdfSopenharmony_ci } 160f08c3bdfSopenharmony_ci 161f08c3bdfSopenharmony_ci if (TST_RET == 0) { 162f08c3bdfSopenharmony_ci tst_res(TFAIL, "pivot_root succeeded unexpectedly"); 163f08c3bdfSopenharmony_ci return; 164f08c3bdfSopenharmony_ci } 165f08c3bdfSopenharmony_ci 166f08c3bdfSopenharmony_ci if (errno != test_cases[test_case].expected_error) { 167f08c3bdfSopenharmony_ci tst_res(TFAIL | TERRNO, "pivot_root failed with wrong errno"); 168f08c3bdfSopenharmony_ci return; 169f08c3bdfSopenharmony_ci } 170f08c3bdfSopenharmony_ci 171f08c3bdfSopenharmony_ci tst_res(TPASS | TERRNO, "pivot_root failed as expectedly"); 172f08c3bdfSopenharmony_ci} 173f08c3bdfSopenharmony_ci 174f08c3bdfSopenharmony_cistatic void setup(void) 175f08c3bdfSopenharmony_ci{ 176f08c3bdfSopenharmony_ci SAFE_MKDIR(CHROOT_DIR, 0777); 177f08c3bdfSopenharmony_ci} 178f08c3bdfSopenharmony_ci 179f08c3bdfSopenharmony_cistatic struct tst_test test = { 180f08c3bdfSopenharmony_ci .test = run, 181f08c3bdfSopenharmony_ci .tcnt = ARRAY_SIZE(test_cases), 182f08c3bdfSopenharmony_ci .needs_tmpdir = 1, 183f08c3bdfSopenharmony_ci .needs_root = 1, 184f08c3bdfSopenharmony_ci .forks_child = 1, 185f08c3bdfSopenharmony_ci .setup = setup, 186f08c3bdfSopenharmony_ci}; 187f08c3bdfSopenharmony_ci 188f08c3bdfSopenharmony_ci#else 189f08c3bdfSopenharmony_ci TST_TEST_TCONF("unshare is undefined."); 190f08c3bdfSopenharmony_ci#endif 191