1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
4 #include <sys/statvfs.h>
6 #include "alloc-util.h"
7 #include "capability-util.h"
11 #include "libmount-util.h"
12 #include "missing_magic.h"
13 #include "missing_mount.h"
15 #include "mount-util.h"
16 #include "mountpoint-util.h"
17 #include "namespace-util.h"
18 #include "path-util.h"
19 #include "process-util.h"
20 #include "random-util.h"
22 #include "stat-util.h"
23 #include "string-util.h"
26 #include "tmpfile-util.h"
28 TEST(remount_and_move_sub_mounts
) {
31 if (geteuid() != 0 || have_effective_cap(CAP_SYS_ADMIN
) <= 0)
32 return (void) log_tests_skipped("not running privileged");
34 r
= safe_fork("(remount-and-move-sub-mounts)",
46 _cleanup_free_
char *d
= NULL
, *fn
= NULL
;
48 assert_se(mkdtemp_malloc(NULL
, &d
) >= 0);
50 assert_se(mount_nofollow_verbose(LOG_DEBUG
, "tmpfs", d
, "tmpfs", MS_NOSUID
|MS_NODEV
, NULL
) >= 0);
52 assert_se(fn
= path_join(d
, "memo"));
53 assert_se(write_string_file(fn
, d
, WRITE_STRING_FILE_CREATE
|WRITE_STRING_FILE_AVOID_NEWLINE
) >= 0);
54 assert_se(access(fn
, F_OK
) >= 0);
57 FOREACH_STRING(p
, "sub1", "sub1/hoge", "sub1/foo", "sub2", "sub2/aaa", "sub2/bbb") {
58 _cleanup_free_
char *where
= NULL
, *filename
= NULL
;
60 assert_se(where
= path_join(d
, p
));
61 assert_se(mkdir_p(where
, 0755) >= 0);
62 assert_se(mount_nofollow_verbose(LOG_DEBUG
, "tmpfs", where
, "tmpfs", MS_NOSUID
|MS_NODEV
, NULL
) >= 0);
64 assert_se(filename
= path_join(where
, "memo"));
65 assert_se(write_string_file(filename
, where
, WRITE_STRING_FILE_CREATE
|WRITE_STRING_FILE_AVOID_NEWLINE
) >= 0);
66 assert_se(access(filename
, F_OK
) >= 0);
70 FOREACH_STRING(p
, "sub1", "sub1/hogehoge", "sub1/foofoo") {
71 _cleanup_free_
char *where
= NULL
, *filename
= NULL
;
73 assert_se(where
= path_join(d
, p
));
74 assert_se(mkdir_p(where
, 0755) >= 0);
75 assert_se(mount_nofollow_verbose(LOG_DEBUG
, "tmpfs", where
, "tmpfs", MS_NOSUID
|MS_NODEV
, NULL
) >= 0);
77 assert_se(filename
= path_join(where
, "memo"));
78 assert_se(write_string_file(filename
, where
, WRITE_STRING_FILE_CREATE
|WRITE_STRING_FILE_AVOID_NEWLINE
) >= 0);
79 assert_se(access(filename
, F_OK
) >= 0);
82 /* Remount the main fs. */
83 r
= remount_and_move_sub_mounts("tmpfs", d
, "tmpfs", MS_NOSUID
|MS_NODEV
, NULL
);
84 if (r
== -EINVAL
|| (r
< 0 && ERRNO_IS_NOT_SUPPORTED(r
))) {
85 log_tests_skipped_errno(r
, "The kernel seems too old: %m");
89 /* Check the file in the main fs does not exist. */
90 assert_se(access(fn
, F_OK
) < 0 && errno
== ENOENT
);
92 /* Check the files in sub-mounts are kept. */
93 FOREACH_STRING(p
, "sub1", "sub1/hogehoge", "sub1/foofoo", "sub2", "sub2/aaa", "sub2/bbb") {
94 _cleanup_free_
char *where
= NULL
, *filename
= NULL
, *content
= NULL
;
96 assert_se(where
= path_join(d
, p
));
97 assert_se(filename
= path_join(where
, "memo"));
98 assert_se(read_full_file(filename
, &content
, NULL
) >= 0);
99 assert_se(streq(content
, where
));
102 /* umount sub1, and check if the previously hidden sub-mounts are dropped. */
103 FOREACH_STRING(p
, "sub1/hoge", "sub1/foo") {
104 _cleanup_free_
char *where
= NULL
;
106 assert_se(where
= path_join(d
, p
));
107 assert_se(access(where
, F_OK
) < 0 && errno
== ENOENT
);
114 TEST(remount_sysfs
) {
117 if (geteuid() != 0 || have_effective_cap(CAP_SYS_ADMIN
) <= 0)
118 return (void) log_tests_skipped("not running privileged");
120 if (path_is_fs_type("/sys", SYSFS_MAGIC
) <= 0)
121 return (void) log_tests_skipped("sysfs is not mounted on /sys");
123 if (access("/sys/class/net/dummy-test-mnt", F_OK
) < 0)
124 return (void) log_tests_skipped_errno(errno
, "The network interface dummy-test-mnt does not exit");
126 r
= safe_fork("(remount-sysfs)",
138 assert_se(unshare(CLONE_NEWNET
) >= 0);
140 /* Even unshare()ed, the interfaces in the main namespace can be accessed through sysfs. */
141 assert_se(access("/sys/class/net/lo", F_OK
) >= 0);
142 assert_se(access("/sys/class/net/dummy-test-mnt", F_OK
) >= 0);
144 r
= remount_sysfs("/sys");
145 if (r
== -EINVAL
|| (r
< 0 && ERRNO_IS_NOT_SUPPORTED(r
))) {
146 log_tests_skipped_errno(r
, "The kernel seems too old: %m");
150 /* After remounting sysfs, the interfaces in the main namespace cannot be accessed. */
151 assert_se(access("/sys/class/net/lo", F_OK
) >= 0);
152 assert_se(access("/sys/class/net/dummy-test-mnt", F_OK
) < 0 && errno
== ENOENT
);
158 TEST(mount_option_mangle
) {
162 assert_se(mount_option_mangle(NULL
, MS_RDONLY
|MS_NOSUID
, &f
, &opts
) == 0);
163 assert_se(f
== (MS_RDONLY
|MS_NOSUID
));
164 assert_se(opts
== NULL
);
166 assert_se(mount_option_mangle("", MS_RDONLY
|MS_NOSUID
, &f
, &opts
) == 0);
167 assert_se(f
== (MS_RDONLY
|MS_NOSUID
));
168 assert_se(opts
== NULL
);
170 assert_se(mount_option_mangle("ro,nosuid,nodev,noexec", 0, &f
, &opts
) == 0);
171 assert_se(f
== (MS_RDONLY
|MS_NOSUID
|MS_NODEV
|MS_NOEXEC
));
172 assert_se(opts
== NULL
);
174 assert_se(mount_option_mangle("ro,nosuid,nodev,noexec,mode=0755", 0, &f
, &opts
) == 0);
175 assert_se(f
== (MS_RDONLY
|MS_NOSUID
|MS_NODEV
|MS_NOEXEC
));
176 assert_se(streq(opts
, "mode=0755"));
179 assert_se(mount_option_mangle("rw,nosuid,foo,hogehoge,nodev,mode=0755", 0, &f
, &opts
) == 0);
180 assert_se(f
== (MS_NOSUID
|MS_NODEV
));
181 assert_se(streq(opts
, "foo,hogehoge,mode=0755"));
184 assert_se(mount_option_mangle("rw,nosuid,nodev,noexec,relatime,net_cls,net_prio", MS_RDONLY
, &f
, &opts
) == 0);
185 assert_se(f
== (MS_NOSUID
|MS_NODEV
|MS_NOEXEC
|MS_RELATIME
));
186 assert_se(streq(opts
, "net_cls,net_prio"));
189 assert_se(mount_option_mangle("rw,nosuid,nodev,relatime,size=1630748k,mode=0700,uid=1000,gid=1000", MS_RDONLY
, &f
, &opts
) == 0);
190 assert_se(f
== (MS_NOSUID
|MS_NODEV
|MS_RELATIME
));
191 assert_se(streq(opts
, "size=1630748k,mode=0700,uid=1000,gid=1000"));
194 assert_se(mount_option_mangle("size=1630748k,rw,gid=1000,,,nodev,relatime,,mode=0700,nosuid,uid=1000", MS_RDONLY
, &f
, &opts
) == 0);
195 assert_se(f
== (MS_NOSUID
|MS_NODEV
|MS_RELATIME
));
196 assert_se(streq(opts
, "size=1630748k,gid=1000,mode=0700,uid=1000"));
199 assert_se(mount_option_mangle("rw,exec,size=8143984k,nr_inodes=2035996,mode=0755", MS_RDONLY
|MS_NOSUID
|MS_NOEXEC
|MS_NODEV
, &f
, &opts
) == 0);
200 assert_se(f
== (MS_NOSUID
|MS_NODEV
));
201 assert_se(streq(opts
, "size=8143984k,nr_inodes=2035996,mode=0755"));
204 assert_se(mount_option_mangle("rw,relatime,fmask=0022,,,dmask=0022", MS_RDONLY
, &f
, &opts
) == 0);
205 assert_se(f
== MS_RELATIME
);
206 assert_se(streq(opts
, "fmask=0022,dmask=0022"));
209 assert_se(mount_option_mangle("rw,relatime,fmask=0022,dmask=0022,\"hogehoge", MS_RDONLY
, &f
, &opts
) < 0);
211 assert_se(mount_option_mangle("mode=01777,size=10%,nr_inodes=400k,uid=496107520,gid=496107520,context=\"system_u:object_r:svirt_sandbox_file_t:s0:c0,c1\"", 0, &f
, &opts
) == 0);
213 assert_se(streq(opts
, "mode=01777,size=10%,nr_inodes=400k,uid=496107520,gid=496107520,context=\"system_u:object_r:svirt_sandbox_file_t:s0:c0,c1\""));
217 static void test_mount_flags_to_string_one(unsigned long flags
, const char *expected
) {
218 _cleanup_free_
char *x
= NULL
;
221 r
= mount_flags_to_string(flags
, &x
);
222 log_info("flags: %#lX → %d/\"%s\"", flags
, r
, strnull(x
));
224 assert_se(streq(x
, expected
));
227 TEST(mount_flags_to_string
) {
228 test_mount_flags_to_string_one(0, "0");
229 test_mount_flags_to_string_one(MS_RDONLY
, "MS_RDONLY");
230 test_mount_flags_to_string_one(MS_NOSUID
, "MS_NOSUID");
231 test_mount_flags_to_string_one(MS_NODEV
, "MS_NODEV");
232 test_mount_flags_to_string_one(MS_NOEXEC
, "MS_NOEXEC");
233 test_mount_flags_to_string_one(MS_SYNCHRONOUS
, "MS_SYNCHRONOUS");
234 test_mount_flags_to_string_one(MS_REMOUNT
, "MS_REMOUNT");
235 test_mount_flags_to_string_one(MS_MANDLOCK
, "MS_MANDLOCK");
236 test_mount_flags_to_string_one(MS_DIRSYNC
, "MS_DIRSYNC");
237 test_mount_flags_to_string_one(MS_NOSYMFOLLOW
, "MS_NOSYMFOLLOW");
238 test_mount_flags_to_string_one(MS_NOATIME
, "MS_NOATIME");
239 test_mount_flags_to_string_one(MS_NODIRATIME
, "MS_NODIRATIME");
240 test_mount_flags_to_string_one(MS_BIND
, "MS_BIND");
241 test_mount_flags_to_string_one(MS_MOVE
, "MS_MOVE");
242 test_mount_flags_to_string_one(MS_REC
, "MS_REC");
243 test_mount_flags_to_string_one(MS_SILENT
, "MS_SILENT");
244 test_mount_flags_to_string_one(MS_POSIXACL
, "MS_POSIXACL");
245 test_mount_flags_to_string_one(MS_UNBINDABLE
, "MS_UNBINDABLE");
246 test_mount_flags_to_string_one(MS_PRIVATE
, "MS_PRIVATE");
247 test_mount_flags_to_string_one(MS_SLAVE
, "MS_SLAVE");
248 test_mount_flags_to_string_one(MS_SHARED
, "MS_SHARED");
249 test_mount_flags_to_string_one(MS_RELATIME
, "MS_RELATIME");
250 test_mount_flags_to_string_one(MS_KERNMOUNT
, "MS_KERNMOUNT");
251 test_mount_flags_to_string_one(MS_I_VERSION
, "MS_I_VERSION");
252 test_mount_flags_to_string_one(MS_STRICTATIME
, "MS_STRICTATIME");
253 test_mount_flags_to_string_one(MS_LAZYTIME
, "MS_LAZYTIME");
254 test_mount_flags_to_string_one(MS_LAZYTIME
|MS_STRICTATIME
, "MS_STRICTATIME|MS_LAZYTIME");
255 test_mount_flags_to_string_one(UINT_MAX
,
256 "MS_RDONLY|MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|"
257 "MS_MANDLOCK|MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_NODIRATIME|"
258 "MS_BIND|MS_MOVE|MS_REC|MS_SILENT|MS_POSIXACL|MS_UNBINDABLE|"
259 "MS_PRIVATE|MS_SLAVE|MS_SHARED|MS_RELATIME|MS_KERNMOUNT|"
260 "MS_I_VERSION|MS_STRICTATIME|MS_LAZYTIME|fc000200");
263 TEST(bind_remount_recursive
) {
264 _cleanup_(rm_rf_physical_and_freep
) char *tmp
= NULL
;
265 _cleanup_free_
char *subdir
= NULL
;
267 if (geteuid() != 0 || have_effective_cap(CAP_SYS_ADMIN
) <= 0) {
268 (void) log_tests_skipped("not running privileged");
272 assert_se(mkdtemp_malloc("/tmp/XXXXXX", &tmp
) >= 0);
273 subdir
= path_join(tmp
, "subdir");
275 assert_se(mkdir(subdir
, 0755) >= 0);
277 FOREACH_STRING(p
, "/usr", "/sys", "/", tmp
) {
286 assert_se(detach_mount_namespace() >= 0);
288 /* Check that the subdir is writable (it must be because it's in /tmp) */
289 assert_se(statvfs(subdir
, &svfs
) >= 0);
290 assert_se(!FLAGS_SET(svfs
.f_flag
, ST_RDONLY
));
292 /* Make the subdir a bind mount */
293 assert_se(mount_nofollow(subdir
, subdir
, NULL
, MS_BIND
|MS_REC
, NULL
) >= 0);
295 /* Ensure it's still writable */
296 assert_se(statvfs(subdir
, &svfs
) >= 0);
297 assert_se(!FLAGS_SET(svfs
.f_flag
, ST_RDONLY
));
299 /* Now mark the path we currently run for read-only */
300 assert_se(bind_remount_recursive(p
, MS_RDONLY
, MS_RDONLY
, path_equal(p
, "/sys") ? STRV_MAKE("/sys/kernel") : NULL
) >= 0);
302 /* Ensure that this worked on the top-level */
303 assert_se(statvfs(p
, &svfs
) >= 0);
304 assert_se(FLAGS_SET(svfs
.f_flag
, ST_RDONLY
));
306 /* And ensure this had an effect on the subdir exactly if we are talking about a path above the subdir */
307 assert_se(statvfs(subdir
, &svfs
) >= 0);
308 assert_se(FLAGS_SET(svfs
.f_flag
, ST_RDONLY
) == !!path_startswith(subdir
, p
));
313 assert_se(wait_for_terminate_and_check("test-remount-rec", pid
, WAIT_LOG
) == EXIT_SUCCESS
);
317 TEST(bind_remount_one
) {
320 if (geteuid() != 0 || have_effective_cap(CAP_SYS_ADMIN
) <= 0) {
321 (void) log_tests_skipped("not running privileged");
331 _cleanup_fclose_
FILE *proc_self_mountinfo
= NULL
;
333 assert_se(detach_mount_namespace() >= 0);
335 assert_se(fopen_unlocked("/proc/self/mountinfo", "re", &proc_self_mountinfo
) >= 0);
337 assert_se(bind_remount_one_with_mountinfo("/run", MS_RDONLY
, MS_RDONLY
, proc_self_mountinfo
) >= 0);
338 assert_se(bind_remount_one_with_mountinfo("/run", MS_NOEXEC
, MS_RDONLY
|MS_NOEXEC
, proc_self_mountinfo
) >= 0);
339 assert_se(bind_remount_one_with_mountinfo("/proc/idontexist", MS_RDONLY
, MS_RDONLY
, proc_self_mountinfo
) == -ENOENT
);
340 assert_se(bind_remount_one_with_mountinfo("/proc/self", MS_RDONLY
, MS_RDONLY
, proc_self_mountinfo
) == -EINVAL
);
341 assert_se(bind_remount_one_with_mountinfo("/", MS_RDONLY
, MS_RDONLY
, proc_self_mountinfo
) >= 0);
346 assert_se(wait_for_terminate_and_check("test-remount-one", pid
, WAIT_LOG
) == EXIT_SUCCESS
);
349 TEST(make_mount_point_inode
) {
350 _cleanup_(rm_rf_physical_and_freep
) char *d
= NULL
;
351 const char *src_file
, *src_dir
, *dst_file
, *dst_dir
;
354 assert_se(mkdtemp_malloc(NULL
, &d
) >= 0);
356 src_file
= strjoina(d
, "/src/file");
357 src_dir
= strjoina(d
, "/src/dir");
358 dst_file
= strjoina(d
, "/dst/file");
359 dst_dir
= strjoina(d
, "/dst/dir");
361 assert_se(mkdir_p(src_dir
, 0755) >= 0);
362 assert_se(mkdir_parents(dst_file
, 0755) >= 0);
363 assert_se(touch(src_file
) >= 0);
365 assert_se(make_mount_point_inode_from_path(src_file
, dst_file
, 0755) >= 0);
366 assert_se(make_mount_point_inode_from_path(src_dir
, dst_dir
, 0755) >= 0);
368 assert_se(stat(dst_dir
, &st
) == 0);
369 assert_se(S_ISDIR(st
.st_mode
));
370 assert_se(stat(dst_file
, &st
) == 0);
371 assert_se(S_ISREG(st
.st_mode
));
372 assert_se(!(S_IXUSR
& st
.st_mode
));
373 assert_se(!(S_IXGRP
& st
.st_mode
));
374 assert_se(!(S_IXOTH
& st
.st_mode
));
376 assert_se(unlink(dst_file
) == 0);
377 assert_se(rmdir(dst_dir
) == 0);
379 assert_se(stat(src_file
, &st
) == 0);
380 assert_se(make_mount_point_inode_from_stat(&st
, dst_file
, 0755) >= 0);
381 assert_se(stat(src_dir
, &st
) == 0);
382 assert_se(make_mount_point_inode_from_stat(&st
, dst_dir
, 0755) >= 0);
384 assert_se(stat(dst_dir
, &st
) == 0);
385 assert_se(S_ISDIR(st
.st_mode
));
386 assert_se(stat(dst_file
, &st
) == 0);
387 assert_se(S_ISREG(st
.st_mode
));
388 assert_se(!(S_IXUSR
& st
.st_mode
));
389 assert_se(!(S_IXGRP
& st
.st_mode
));
390 assert_se(!(S_IXOTH
& st
.st_mode
));
393 TEST(make_mount_switch_root
) {
394 _cleanup_(rm_rf_physical_and_freep
) char *t
= NULL
;
395 _cleanup_free_
char *s
= NULL
;
398 if (geteuid() != 0 || have_effective_cap(CAP_SYS_ADMIN
) <= 0) {
399 (void) log_tests_skipped("not running privileged");
403 assert_se(mkdtemp_malloc(NULL
, &t
) >= 0);
405 assert_se(asprintf(&s
, "%s/somerandomname%" PRIu64
, t
, random_u64()) >= 0);
407 assert_se(touch(s
) >= 0);
409 for (int force_ms_move
= 0; force_ms_move
< 2; force_ms_move
++) {
410 r
= safe_fork("(switch-root)",
423 assert_se(make_mount_point(t
) >= 0);
424 assert_se(mount_switch_root_full(t
, /* mount_propagation_flag= */ 0, force_ms_move
) >= 0);
426 assert_se(access(ASSERT_PTR(strrchr(s
, '/')), F_OK
) >= 0); /* absolute */
427 assert_se(access(ASSERT_PTR(strrchr(s
, '/')) + 1, F_OK
) >= 0); /* relative */
428 assert_se(access(s
, F_OK
) < 0 && errno
== ENOENT
); /* doesn't exist in our new environment */
435 TEST(umount_recursive
) {
436 static const struct {
438 const char * const keep
[3];
450 .keep
= { "/dev/shm", NULL
},
454 .keep
= { "/dev/pts", "/dev/shm", NULL
},
460 FOREACH_ARRAY(t
, test_table
, ELEMENTSOF(test_table
)) {
462 r
= safe_fork("(umount-rec)",
473 if (r
< 0 && ERRNO_IS_PRIVILEGE(r
)) {
474 log_notice("Skipping umount_recursive() test, lacking privileges");
479 if (r
== 0) { /* child */
480 _cleanup_(mnt_free_tablep
) struct libmnt_table
*table
= NULL
;
481 _cleanup_(mnt_free_iterp
) struct libmnt_iter
*iter
= NULL
;
482 _cleanup_fclose_
FILE *f
= NULL
;
483 _cleanup_free_
char *k
= NULL
;
485 /* Open /p/s/m file before we unmount everything (which might include /proc/) */
486 f
= fopen("/proc/self/mountinfo", "re");
488 log_error_errno(errno
, "Failed to open /proc/self/mountinfo: %m");
492 assert_se(k
= strv_join((char**) t
->keep
, " "));
493 log_info("detaching just %s (keep: %s)", strna(t
->prefix
), strna(empty_to_null(k
)));
495 assert_se(umount_recursive_full(t
->prefix
, MNT_DETACH
, (char**) t
->keep
) >= 0);
497 r
= libmount_parse("/proc/self/mountinfo", f
, &table
, &iter
);
499 log_error_errno(r
, "Failed to parse /proc/self/mountinfo: %m");
504 struct libmnt_fs
*fs
;
506 r
= mnt_table_next_fs(table
, iter
, &fs
);
510 log_error_errno(r
, "Failed to get next entry from /proc/self/mountinfo: %m");
514 log_debug("left after complete umount: %s", mnt_fs_get_target(fs
));
522 TEST(fd_make_mount_point
) {
523 _cleanup_(rm_rf_physical_and_freep
) char *t
= NULL
;
524 _cleanup_free_
char *s
= NULL
;
527 if (geteuid() != 0 || have_effective_cap(CAP_SYS_ADMIN
) <= 0) {
528 (void) log_tests_skipped("not running privileged");
532 assert_se(mkdtemp_malloc(NULL
, &t
) >= 0);
534 assert_se(asprintf(&s
, "%s/somerandomname%" PRIu64
, t
, random_u64()) >= 0);
536 assert_se(mkdir(s
, 0700) >= 0);
538 r
= safe_fork("(make_mount-point)",
551 _cleanup_close_
int fd
= -EBADF
, fd2
= -EBADF
;
553 fd
= open(s
, O_PATH
|O_CLOEXEC
);
556 assert_se(fd_is_mount_point(fd
, NULL
, AT_SYMLINK_FOLLOW
) == 0);
558 assert_se(fd_make_mount_point(fd
) > 0);
560 /* Reopen the inode so that we end up on the new mount */
561 fd2
= open(s
, O_PATH
|O_CLOEXEC
);
563 assert_se(fd_is_mount_point(fd2
, NULL
, AT_SYMLINK_FOLLOW
) > 0);
565 assert_se(fd_make_mount_point(fd2
) == 0);
571 static int intro(void) {
572 /* Create a dummy network interface for testing remount_sysfs(). */
573 (void) system("ip link add dummy-test-mnt type dummy");
578 static int outro(void) {
579 (void) system("ip link del dummy-test-mnt");
584 DEFINE_TEST_MAIN_FULL(LOG_DEBUG
, intro
, outro
);