]>
git.ipfire.org Git - thirdparty/systemd.git/blob - src/test/test-mount-util.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
4 #include <sys/statvfs.h>
6 #include "alloc-util.h"
7 #include "capability-util.h"
10 #include "mount-util.h"
11 #include "namespace-util.h"
12 #include "path-util.h"
13 #include "process-util.h"
15 #include "string-util.h"
18 #include "tmpfile-util.h"
20 static void test_mount_option_mangle(void) {
24 log_info("/* %s */", __func__
);
26 assert_se(mount_option_mangle(NULL
, MS_RDONLY
|MS_NOSUID
, &f
, &opts
) == 0);
27 assert_se(f
== (MS_RDONLY
|MS_NOSUID
));
28 assert_se(opts
== NULL
);
30 assert_se(mount_option_mangle("", MS_RDONLY
|MS_NOSUID
, &f
, &opts
) == 0);
31 assert_se(f
== (MS_RDONLY
|MS_NOSUID
));
32 assert_se(opts
== NULL
);
34 assert_se(mount_option_mangle("ro,nosuid,nodev,noexec", 0, &f
, &opts
) == 0);
35 assert_se(f
== (MS_RDONLY
|MS_NOSUID
|MS_NODEV
|MS_NOEXEC
));
36 assert_se(opts
== NULL
);
38 assert_se(mount_option_mangle("ro,nosuid,nodev,noexec,mode=755", 0, &f
, &opts
) == 0);
39 assert_se(f
== (MS_RDONLY
|MS_NOSUID
|MS_NODEV
|MS_NOEXEC
));
40 assert_se(streq(opts
, "mode=755"));
43 assert_se(mount_option_mangle("rw,nosuid,foo,hogehoge,nodev,mode=755", 0, &f
, &opts
) == 0);
44 assert_se(f
== (MS_NOSUID
|MS_NODEV
));
45 assert_se(streq(opts
, "foo,hogehoge,mode=755"));
48 assert_se(mount_option_mangle("rw,nosuid,nodev,noexec,relatime,net_cls,net_prio", MS_RDONLY
, &f
, &opts
) == 0);
49 assert_se(f
== (MS_NOSUID
|MS_NODEV
|MS_NOEXEC
|MS_RELATIME
));
50 assert_se(streq(opts
, "net_cls,net_prio"));
53 assert_se(mount_option_mangle("rw,nosuid,nodev,relatime,size=1630748k,mode=700,uid=1000,gid=1000", MS_RDONLY
, &f
, &opts
) == 0);
54 assert_se(f
== (MS_NOSUID
|MS_NODEV
|MS_RELATIME
));
55 assert_se(streq(opts
, "size=1630748k,mode=700,uid=1000,gid=1000"));
58 assert_se(mount_option_mangle("size=1630748k,rw,gid=1000,,,nodev,relatime,,mode=700,nosuid,uid=1000", MS_RDONLY
, &f
, &opts
) == 0);
59 assert_se(f
== (MS_NOSUID
|MS_NODEV
|MS_RELATIME
));
60 assert_se(streq(opts
, "size=1630748k,gid=1000,mode=700,uid=1000"));
63 assert_se(mount_option_mangle("rw,exec,size=8143984k,nr_inodes=2035996,mode=755", MS_RDONLY
|MS_NOSUID
|MS_NOEXEC
|MS_NODEV
, &f
, &opts
) == 0);
64 assert_se(f
== (MS_NOSUID
|MS_NODEV
));
65 assert_se(streq(opts
, "size=8143984k,nr_inodes=2035996,mode=755"));
68 assert_se(mount_option_mangle("rw,relatime,fmask=0022,,,dmask=0022", MS_RDONLY
, &f
, &opts
) == 0);
69 assert_se(f
== MS_RELATIME
);
70 assert_se(streq(opts
, "fmask=0022,dmask=0022"));
73 assert_se(mount_option_mangle("rw,relatime,fmask=0022,dmask=0022,\"hogehoge", MS_RDONLY
, &f
, &opts
) < 0);
75 assert_se(mount_option_mangle("mode=1777,size=10%,nr_inodes=400k,uid=496107520,gid=496107520,context=\"system_u:object_r:svirt_sandbox_file_t:s0:c0,c1\"", 0, &f
, &opts
) == 0);
77 assert_se(streq(opts
, "mode=1777,size=10%,nr_inodes=400k,uid=496107520,gid=496107520,context=\"system_u:object_r:svirt_sandbox_file_t:s0:c0,c1\""));
81 static void test_bind_remount_recursive(void) {
82 _cleanup_(rm_rf_physical_and_freep
) char *tmp
= NULL
;
83 _cleanup_free_
char *subdir
= NULL
;
86 log_info("/* %s */", __func__
);
88 if (geteuid() != 0 || have_effective_cap(CAP_SYS_ADMIN
) <= 0) {
89 (void) log_tests_skipped("not running privileged");
93 assert_se(mkdtemp_malloc("/tmp/XXXXXX", &tmp
) >= 0);
94 subdir
= path_join(tmp
, "subdir");
96 assert_se(mkdir(subdir
, 0755) >= 0);
98 FOREACH_STRING(p
, "/usr", "/sys", "/", tmp
) {
107 assert_se(detach_mount_namespace() >= 0);
109 /* Check that the subdir is writable (it must be because it's in /tmp) */
110 assert_se(statvfs(subdir
, &svfs
) >= 0);
111 assert_se(!FLAGS_SET(svfs
.f_flag
, ST_RDONLY
));
113 /* Make the subdir a bind mount */
114 assert_se(mount_nofollow(subdir
, subdir
, NULL
, MS_BIND
|MS_REC
, NULL
) >= 0);
116 /* Ensure it's still writable */
117 assert_se(statvfs(subdir
, &svfs
) >= 0);
118 assert_se(!FLAGS_SET(svfs
.f_flag
, ST_RDONLY
));
120 /* Now mark the path we currently run for read-only */
121 assert_se(bind_remount_recursive(p
, MS_RDONLY
, MS_RDONLY
, STRV_MAKE("/sys/kernel")) >= 0);
123 /* Ensure that this worked on the top-level */
124 assert_se(statvfs(p
, &svfs
) >= 0);
125 assert_se(FLAGS_SET(svfs
.f_flag
, ST_RDONLY
));
127 /* And ensure this had an effect on the subdir exactly if we are talking about a path above the subdir */
128 assert_se(statvfs(subdir
, &svfs
) >= 0);
129 assert_se(FLAGS_SET(svfs
.f_flag
, ST_RDONLY
) == !!path_startswith(subdir
, p
));
134 assert_se(wait_for_terminate_and_check("test-remount-rec", pid
, WAIT_LOG
) == EXIT_SUCCESS
);
138 static void test_bind_remount_one(void) {
141 log_info("/* %s */", __func__
);
143 if (geteuid() != 0 || have_effective_cap(CAP_SYS_ADMIN
) <= 0) {
144 (void) log_tests_skipped("not running privileged");
154 _cleanup_fclose_
FILE *proc_self_mountinfo
= NULL
;
156 assert_se(detach_mount_namespace() >= 0);
158 assert_se(fopen_unlocked("/proc/self/mountinfo", "re", &proc_self_mountinfo
) >= 0);
160 assert_se(bind_remount_one_with_mountinfo("/run", MS_RDONLY
, MS_RDONLY
, proc_self_mountinfo
) >= 0);
161 assert_se(bind_remount_one_with_mountinfo("/proc/idontexist", MS_RDONLY
, MS_RDONLY
, proc_self_mountinfo
) == -ENOENT
);
162 assert_se(bind_remount_one_with_mountinfo("/proc/self", MS_RDONLY
, MS_RDONLY
, proc_self_mountinfo
) == -EINVAL
);
163 assert_se(bind_remount_one_with_mountinfo("/", MS_RDONLY
, MS_RDONLY
, proc_self_mountinfo
) >= 0);
168 assert_se(wait_for_terminate_and_check("test-remount-one", pid
, WAIT_LOG
) == EXIT_SUCCESS
);
171 int main(int argc
, char *argv
[]) {
172 test_setup_logging(LOG_DEBUG
);
174 test_mount_option_mangle();
175 test_bind_remount_recursive();
176 test_bind_remount_one();