]>
git.ipfire.org Git - thirdparty/systemd.git/blob - src/test/test-mount-util.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
4 #include <sys/statvfs.h>
6 #include "alloc-util.h"
7 #include "capability-util.h"
11 #include "missing_mount.h"
13 #include "mount-util.h"
14 #include "namespace-util.h"
15 #include "path-util.h"
16 #include "process-util.h"
18 #include "string-util.h"
21 #include "tmpfile-util.h"
23 static void test_mount_option_mangle(void) {
27 log_info("/* %s */", __func__
);
29 assert_se(mount_option_mangle(NULL
, MS_RDONLY
|MS_NOSUID
, &f
, &opts
) == 0);
30 assert_se(f
== (MS_RDONLY
|MS_NOSUID
));
31 assert_se(opts
== NULL
);
33 assert_se(mount_option_mangle("", MS_RDONLY
|MS_NOSUID
, &f
, &opts
) == 0);
34 assert_se(f
== (MS_RDONLY
|MS_NOSUID
));
35 assert_se(opts
== NULL
);
37 assert_se(mount_option_mangle("ro,nosuid,nodev,noexec", 0, &f
, &opts
) == 0);
38 assert_se(f
== (MS_RDONLY
|MS_NOSUID
|MS_NODEV
|MS_NOEXEC
));
39 assert_se(opts
== NULL
);
41 assert_se(mount_option_mangle("ro,nosuid,nodev,noexec,mode=755", 0, &f
, &opts
) == 0);
42 assert_se(f
== (MS_RDONLY
|MS_NOSUID
|MS_NODEV
|MS_NOEXEC
));
43 assert_se(streq(opts
, "mode=755"));
46 assert_se(mount_option_mangle("rw,nosuid,foo,hogehoge,nodev,mode=755", 0, &f
, &opts
) == 0);
47 assert_se(f
== (MS_NOSUID
|MS_NODEV
));
48 assert_se(streq(opts
, "foo,hogehoge,mode=755"));
51 assert_se(mount_option_mangle("rw,nosuid,nodev,noexec,relatime,net_cls,net_prio", MS_RDONLY
, &f
, &opts
) == 0);
52 assert_se(f
== (MS_NOSUID
|MS_NODEV
|MS_NOEXEC
|MS_RELATIME
));
53 assert_se(streq(opts
, "net_cls,net_prio"));
56 assert_se(mount_option_mangle("rw,nosuid,nodev,relatime,size=1630748k,mode=700,uid=1000,gid=1000", MS_RDONLY
, &f
, &opts
) == 0);
57 assert_se(f
== (MS_NOSUID
|MS_NODEV
|MS_RELATIME
));
58 assert_se(streq(opts
, "size=1630748k,mode=700,uid=1000,gid=1000"));
61 assert_se(mount_option_mangle("size=1630748k,rw,gid=1000,,,nodev,relatime,,mode=700,nosuid,uid=1000", MS_RDONLY
, &f
, &opts
) == 0);
62 assert_se(f
== (MS_NOSUID
|MS_NODEV
|MS_RELATIME
));
63 assert_se(streq(opts
, "size=1630748k,gid=1000,mode=700,uid=1000"));
66 assert_se(mount_option_mangle("rw,exec,size=8143984k,nr_inodes=2035996,mode=755", MS_RDONLY
|MS_NOSUID
|MS_NOEXEC
|MS_NODEV
, &f
, &opts
) == 0);
67 assert_se(f
== (MS_NOSUID
|MS_NODEV
));
68 assert_se(streq(opts
, "size=8143984k,nr_inodes=2035996,mode=755"));
71 assert_se(mount_option_mangle("rw,relatime,fmask=0022,,,dmask=0022", MS_RDONLY
, &f
, &opts
) == 0);
72 assert_se(f
== MS_RELATIME
);
73 assert_se(streq(opts
, "fmask=0022,dmask=0022"));
76 assert_se(mount_option_mangle("rw,relatime,fmask=0022,dmask=0022,\"hogehoge", MS_RDONLY
, &f
, &opts
) < 0);
78 assert_se(mount_option_mangle("mode=1777,size=10%,nr_inodes=400k,uid=496107520,gid=496107520,context=\"system_u:object_r:svirt_sandbox_file_t:s0:c0,c1\"", 0, &f
, &opts
) == 0);
80 assert_se(streq(opts
, "mode=1777,size=10%,nr_inodes=400k,uid=496107520,gid=496107520,context=\"system_u:object_r:svirt_sandbox_file_t:s0:c0,c1\""));
84 static void test_mount_flags_to_string_one(unsigned long flags
, const char *expected
) {
85 _cleanup_free_
char *x
= NULL
;
88 r
= mount_flags_to_string(flags
, &x
);
89 log_info("flags: %#lX → %d/\"%s\"", flags
, r
, strnull(x
));
91 assert_se(streq(x
, expected
));
94 static void test_mount_flags_to_string(void) {
95 log_info("/* %s */", __func__
);
97 test_mount_flags_to_string_one(0, "0");
98 test_mount_flags_to_string_one(MS_RDONLY
, "MS_RDONLY");
99 test_mount_flags_to_string_one(MS_NOSUID
, "MS_NOSUID");
100 test_mount_flags_to_string_one(MS_NODEV
, "MS_NODEV");
101 test_mount_flags_to_string_one(MS_NOEXEC
, "MS_NOEXEC");
102 test_mount_flags_to_string_one(MS_SYNCHRONOUS
, "MS_SYNCHRONOUS");
103 test_mount_flags_to_string_one(MS_REMOUNT
, "MS_REMOUNT");
104 test_mount_flags_to_string_one(MS_MANDLOCK
, "MS_MANDLOCK");
105 test_mount_flags_to_string_one(MS_DIRSYNC
, "MS_DIRSYNC");
106 test_mount_flags_to_string_one(MS_NOSYMFOLLOW
, "MS_NOSYMFOLLOW");
107 test_mount_flags_to_string_one(MS_NOATIME
, "MS_NOATIME");
108 test_mount_flags_to_string_one(MS_NODIRATIME
, "MS_NODIRATIME");
109 test_mount_flags_to_string_one(MS_BIND
, "MS_BIND");
110 test_mount_flags_to_string_one(MS_MOVE
, "MS_MOVE");
111 test_mount_flags_to_string_one(MS_REC
, "MS_REC");
112 test_mount_flags_to_string_one(MS_SILENT
, "MS_SILENT");
113 test_mount_flags_to_string_one(MS_POSIXACL
, "MS_POSIXACL");
114 test_mount_flags_to_string_one(MS_UNBINDABLE
, "MS_UNBINDABLE");
115 test_mount_flags_to_string_one(MS_PRIVATE
, "MS_PRIVATE");
116 test_mount_flags_to_string_one(MS_SLAVE
, "MS_SLAVE");
117 test_mount_flags_to_string_one(MS_SHARED
, "MS_SHARED");
118 test_mount_flags_to_string_one(MS_RELATIME
, "MS_RELATIME");
119 test_mount_flags_to_string_one(MS_KERNMOUNT
, "MS_KERNMOUNT");
120 test_mount_flags_to_string_one(MS_I_VERSION
, "MS_I_VERSION");
121 test_mount_flags_to_string_one(MS_STRICTATIME
, "MS_STRICTATIME");
122 test_mount_flags_to_string_one(MS_LAZYTIME
, "MS_LAZYTIME");
123 test_mount_flags_to_string_one(MS_LAZYTIME
|MS_STRICTATIME
, "MS_STRICTATIME|MS_LAZYTIME");
124 test_mount_flags_to_string_one(UINT_MAX
,
125 "MS_RDONLY|MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|"
126 "MS_MANDLOCK|MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_NODIRATIME|"
127 "MS_BIND|MS_MOVE|MS_REC|MS_SILENT|MS_POSIXACL|MS_UNBINDABLE|"
128 "MS_PRIVATE|MS_SLAVE|MS_SHARED|MS_RELATIME|MS_KERNMOUNT|"
129 "MS_I_VERSION|MS_STRICTATIME|MS_LAZYTIME|fc000200");
132 static void test_bind_remount_recursive(void) {
133 _cleanup_(rm_rf_physical_and_freep
) char *tmp
= NULL
;
134 _cleanup_free_
char *subdir
= NULL
;
137 log_info("/* %s */", __func__
);
139 if (geteuid() != 0 || have_effective_cap(CAP_SYS_ADMIN
) <= 0) {
140 (void) log_tests_skipped("not running privileged");
144 assert_se(mkdtemp_malloc("/tmp/XXXXXX", &tmp
) >= 0);
145 subdir
= path_join(tmp
, "subdir");
147 assert_se(mkdir(subdir
, 0755) >= 0);
149 FOREACH_STRING(p
, "/usr", "/sys", "/", tmp
) {
158 assert_se(detach_mount_namespace() >= 0);
160 /* Check that the subdir is writable (it must be because it's in /tmp) */
161 assert_se(statvfs(subdir
, &svfs
) >= 0);
162 assert_se(!FLAGS_SET(svfs
.f_flag
, ST_RDONLY
));
164 /* Make the subdir a bind mount */
165 assert_se(mount_nofollow(subdir
, subdir
, NULL
, MS_BIND
|MS_REC
, NULL
) >= 0);
167 /* Ensure it's still writable */
168 assert_se(statvfs(subdir
, &svfs
) >= 0);
169 assert_se(!FLAGS_SET(svfs
.f_flag
, ST_RDONLY
));
171 /* Now mark the path we currently run for read-only */
172 assert_se(bind_remount_recursive(p
, MS_RDONLY
, MS_RDONLY
, STRV_MAKE("/sys/kernel")) >= 0);
174 /* Ensure that this worked on the top-level */
175 assert_se(statvfs(p
, &svfs
) >= 0);
176 assert_se(FLAGS_SET(svfs
.f_flag
, ST_RDONLY
));
178 /* And ensure this had an effect on the subdir exactly if we are talking about a path above the subdir */
179 assert_se(statvfs(subdir
, &svfs
) >= 0);
180 assert_se(FLAGS_SET(svfs
.f_flag
, ST_RDONLY
) == !!path_startswith(subdir
, p
));
185 assert_se(wait_for_terminate_and_check("test-remount-rec", pid
, WAIT_LOG
) == EXIT_SUCCESS
);
189 static void test_bind_remount_one(void) {
192 log_info("/* %s */", __func__
);
194 if (geteuid() != 0 || have_effective_cap(CAP_SYS_ADMIN
) <= 0) {
195 (void) log_tests_skipped("not running privileged");
205 _cleanup_fclose_
FILE *proc_self_mountinfo
= NULL
;
207 assert_se(detach_mount_namespace() >= 0);
209 assert_se(fopen_unlocked("/proc/self/mountinfo", "re", &proc_self_mountinfo
) >= 0);
211 assert_se(bind_remount_one_with_mountinfo("/run", MS_RDONLY
, MS_RDONLY
, proc_self_mountinfo
) >= 0);
212 assert_se(bind_remount_one_with_mountinfo("/proc/idontexist", MS_RDONLY
, MS_RDONLY
, proc_self_mountinfo
) == -ENOENT
);
213 assert_se(bind_remount_one_with_mountinfo("/proc/self", MS_RDONLY
, MS_RDONLY
, proc_self_mountinfo
) == -EINVAL
);
214 assert_se(bind_remount_one_with_mountinfo("/", MS_RDONLY
, MS_RDONLY
, proc_self_mountinfo
) >= 0);
219 assert_se(wait_for_terminate_and_check("test-remount-one", pid
, WAIT_LOG
) == EXIT_SUCCESS
);
222 static void test_make_mount_point_inode(void) {
223 _cleanup_(rm_rf_physical_and_freep
) char *d
= NULL
;
224 const char *src_file
, *src_dir
, *dst_file
, *dst_dir
;
227 log_info("/* %s */", __func__
);
229 assert_se(mkdtemp_malloc(NULL
, &d
) >= 0);
231 src_file
= strjoina(d
, "/src/file");
232 src_dir
= strjoina(d
, "/src/dir");
233 dst_file
= strjoina(d
, "/dst/file");
234 dst_dir
= strjoina(d
, "/dst/dir");
236 assert_se(mkdir_p(src_dir
, 0755) >= 0);
237 assert_se(mkdir_parents(dst_file
, 0755) >= 0);
238 assert_se(touch(src_file
) >= 0);
240 assert_se(make_mount_point_inode_from_path(src_file
, dst_file
, 0755) >= 0);
241 assert_se(make_mount_point_inode_from_path(src_dir
, dst_dir
, 0755) >= 0);
243 assert_se(stat(dst_dir
, &st
) == 0);
244 assert_se(S_ISDIR(st
.st_mode
));
245 assert_se(stat(dst_file
, &st
) == 0);
246 assert_se(S_ISREG(st
.st_mode
));
247 assert_se(!(S_IXUSR
& st
.st_mode
));
248 assert_se(!(S_IXGRP
& st
.st_mode
));
249 assert_se(!(S_IXOTH
& st
.st_mode
));
251 assert_se(unlink(dst_file
) == 0);
252 assert_se(rmdir(dst_dir
) == 0);
254 assert_se(stat(src_file
, &st
) == 0);
255 assert_se(make_mount_point_inode_from_stat(&st
, dst_file
, 0755) >= 0);
256 assert_se(stat(src_dir
, &st
) == 0);
257 assert_se(make_mount_point_inode_from_stat(&st
, dst_dir
, 0755) >= 0);
259 assert_se(stat(dst_dir
, &st
) == 0);
260 assert_se(S_ISDIR(st
.st_mode
));
261 assert_se(stat(dst_file
, &st
) == 0);
262 assert_se(S_ISREG(st
.st_mode
));
263 assert_se(!(S_IXUSR
& st
.st_mode
));
264 assert_se(!(S_IXGRP
& st
.st_mode
));
265 assert_se(!(S_IXOTH
& st
.st_mode
));
268 int main(int argc
, char *argv
[]) {
269 test_setup_logging(LOG_DEBUG
);
271 test_mount_option_mangle();
272 test_mount_flags_to_string();
273 test_bind_remount_recursive();
274 test_bind_remount_one();
275 test_make_mount_point_inode();