]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/test/test-mount-util.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #19986 from keszybz/test-mount-util-more
[thirdparty/systemd.git] / src / test / test-mount-util.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <sys/mount.h>
4 #include <sys/statvfs.h>
5
6 #include "alloc-util.h"
7 #include "capability-util.h"
8 #include "fd-util.h"
9 #include "fileio.h"
10 #include "missing_mount.h"
11 #include "mount-util.h"
12 #include "namespace-util.h"
13 #include "path-util.h"
14 #include "process-util.h"
15 #include "rm-rf.h"
16 #include "string-util.h"
17 #include "strv.h"
18 #include "tests.h"
19 #include "tmpfile-util.h"
20
21 static void test_mount_option_mangle(void) {
22 char *opts = NULL;
23 unsigned long f;
24
25 log_info("/* %s */", __func__);
26
27 assert_se(mount_option_mangle(NULL, MS_RDONLY|MS_NOSUID, &f, &opts) == 0);
28 assert_se(f == (MS_RDONLY|MS_NOSUID));
29 assert_se(opts == NULL);
30
31 assert_se(mount_option_mangle("", MS_RDONLY|MS_NOSUID, &f, &opts) == 0);
32 assert_se(f == (MS_RDONLY|MS_NOSUID));
33 assert_se(opts == NULL);
34
35 assert_se(mount_option_mangle("ro,nosuid,nodev,noexec", 0, &f, &opts) == 0);
36 assert_se(f == (MS_RDONLY|MS_NOSUID|MS_NODEV|MS_NOEXEC));
37 assert_se(opts == NULL);
38
39 assert_se(mount_option_mangle("ro,nosuid,nodev,noexec,mode=755", 0, &f, &opts) == 0);
40 assert_se(f == (MS_RDONLY|MS_NOSUID|MS_NODEV|MS_NOEXEC));
41 assert_se(streq(opts, "mode=755"));
42 opts = mfree(opts);
43
44 assert_se(mount_option_mangle("rw,nosuid,foo,hogehoge,nodev,mode=755", 0, &f, &opts) == 0);
45 assert_se(f == (MS_NOSUID|MS_NODEV));
46 assert_se(streq(opts, "foo,hogehoge,mode=755"));
47 opts = mfree(opts);
48
49 assert_se(mount_option_mangle("rw,nosuid,nodev,noexec,relatime,net_cls,net_prio", MS_RDONLY, &f, &opts) == 0);
50 assert_se(f == (MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_RELATIME));
51 assert_se(streq(opts, "net_cls,net_prio"));
52 opts = mfree(opts);
53
54 assert_se(mount_option_mangle("rw,nosuid,nodev,relatime,size=1630748k,mode=700,uid=1000,gid=1000", MS_RDONLY, &f, &opts) == 0);
55 assert_se(f == (MS_NOSUID|MS_NODEV|MS_RELATIME));
56 assert_se(streq(opts, "size=1630748k,mode=700,uid=1000,gid=1000"));
57 opts = mfree(opts);
58
59 assert_se(mount_option_mangle("size=1630748k,rw,gid=1000,,,nodev,relatime,,mode=700,nosuid,uid=1000", MS_RDONLY, &f, &opts) == 0);
60 assert_se(f == (MS_NOSUID|MS_NODEV|MS_RELATIME));
61 assert_se(streq(opts, "size=1630748k,gid=1000,mode=700,uid=1000"));
62 opts = mfree(opts);
63
64 assert_se(mount_option_mangle("rw,exec,size=8143984k,nr_inodes=2035996,mode=755", MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV, &f, &opts) == 0);
65 assert_se(f == (MS_NOSUID|MS_NODEV));
66 assert_se(streq(opts, "size=8143984k,nr_inodes=2035996,mode=755"));
67 opts = mfree(opts);
68
69 assert_se(mount_option_mangle("rw,relatime,fmask=0022,,,dmask=0022", MS_RDONLY, &f, &opts) == 0);
70 assert_se(f == MS_RELATIME);
71 assert_se(streq(opts, "fmask=0022,dmask=0022"));
72 opts = mfree(opts);
73
74 assert_se(mount_option_mangle("rw,relatime,fmask=0022,dmask=0022,\"hogehoge", MS_RDONLY, &f, &opts) < 0);
75
76 assert_se(mount_option_mangle("mode=1777,size=10%,nr_inodes=400k,uid=496107520,gid=496107520,context=\"system_u:object_r:svirt_sandbox_file_t:s0:c0,c1\"", 0, &f, &opts) == 0);
77 assert_se(f == 0);
78 assert_se(streq(opts, "mode=1777,size=10%,nr_inodes=400k,uid=496107520,gid=496107520,context=\"system_u:object_r:svirt_sandbox_file_t:s0:c0,c1\""));
79 opts = mfree(opts);
80 }
81
82 static void test_mount_flags_to_string_one(unsigned long flags, const char *expected) {
83 _cleanup_free_ char *x = NULL;
84 int r;
85
86 r = mount_flags_to_string(flags, &x);
87 log_info("flags: %#lX → %d/\"%s\"", flags, r, strnull(x));
88 assert_se(r >= 0);
89 assert_se(streq(x, expected));
90 }
91
92 static void test_mount_flags_to_string(void) {
93 log_info("/* %s */", __func__);
94
95 test_mount_flags_to_string_one(0, "0");
96 test_mount_flags_to_string_one(MS_RDONLY, "MS_RDONLY");
97 test_mount_flags_to_string_one(MS_NOSUID, "MS_NOSUID");
98 test_mount_flags_to_string_one(MS_NODEV, "MS_NODEV");
99 test_mount_flags_to_string_one(MS_NOEXEC, "MS_NOEXEC");
100 test_mount_flags_to_string_one(MS_SYNCHRONOUS, "MS_SYNCHRONOUS");
101 test_mount_flags_to_string_one(MS_REMOUNT, "MS_REMOUNT");
102 test_mount_flags_to_string_one(MS_MANDLOCK, "MS_MANDLOCK");
103 test_mount_flags_to_string_one(MS_DIRSYNC, "MS_DIRSYNC");
104 test_mount_flags_to_string_one(MS_NOSYMFOLLOW, "MS_NOSYMFOLLOW");
105 test_mount_flags_to_string_one(MS_NOATIME, "MS_NOATIME");
106 test_mount_flags_to_string_one(MS_NODIRATIME, "MS_NODIRATIME");
107 test_mount_flags_to_string_one(MS_BIND, "MS_BIND");
108 test_mount_flags_to_string_one(MS_MOVE, "MS_MOVE");
109 test_mount_flags_to_string_one(MS_REC, "MS_REC");
110 test_mount_flags_to_string_one(MS_SILENT, "MS_SILENT");
111 test_mount_flags_to_string_one(MS_POSIXACL, "MS_POSIXACL");
112 test_mount_flags_to_string_one(MS_UNBINDABLE, "MS_UNBINDABLE");
113 test_mount_flags_to_string_one(MS_PRIVATE, "MS_PRIVATE");
114 test_mount_flags_to_string_one(MS_SLAVE, "MS_SLAVE");
115 test_mount_flags_to_string_one(MS_SHARED, "MS_SHARED");
116 test_mount_flags_to_string_one(MS_RELATIME, "MS_RELATIME");
117 test_mount_flags_to_string_one(MS_KERNMOUNT, "MS_KERNMOUNT");
118 test_mount_flags_to_string_one(MS_I_VERSION, "MS_I_VERSION");
119 test_mount_flags_to_string_one(MS_STRICTATIME, "MS_STRICTATIME");
120 test_mount_flags_to_string_one(MS_LAZYTIME, "MS_LAZYTIME");
121 test_mount_flags_to_string_one(MS_LAZYTIME|MS_STRICTATIME, "MS_STRICTATIME|MS_LAZYTIME");
122 test_mount_flags_to_string_one(UINT_MAX,
123 "MS_RDONLY|MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|"
124 "MS_MANDLOCK|MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_NODIRATIME|"
125 "MS_BIND|MS_MOVE|MS_REC|MS_SILENT|MS_POSIXACL|MS_UNBINDABLE|"
126 "MS_PRIVATE|MS_SLAVE|MS_SHARED|MS_RELATIME|MS_KERNMOUNT|"
127 "MS_I_VERSION|MS_STRICTATIME|MS_LAZYTIME|fc000200");
128 }
129
130 static void test_bind_remount_recursive(void) {
131 _cleanup_(rm_rf_physical_and_freep) char *tmp = NULL;
132 _cleanup_free_ char *subdir = NULL;
133 const char *p;
134
135 log_info("/* %s */", __func__);
136
137 if (geteuid() != 0 || have_effective_cap(CAP_SYS_ADMIN) <= 0) {
138 (void) log_tests_skipped("not running privileged");
139 return;
140 }
141
142 assert_se(mkdtemp_malloc("/tmp/XXXXXX", &tmp) >= 0);
143 subdir = path_join(tmp, "subdir");
144 assert_se(subdir);
145 assert_se(mkdir(subdir, 0755) >= 0);
146
147 FOREACH_STRING(p, "/usr", "/sys", "/", tmp) {
148 pid_t pid;
149
150 pid = fork();
151 assert_se(pid >= 0);
152
153 if (pid == 0) {
154 struct statvfs svfs;
155 /* child */
156 assert_se(detach_mount_namespace() >= 0);
157
158 /* Check that the subdir is writable (it must be because it's in /tmp) */
159 assert_se(statvfs(subdir, &svfs) >= 0);
160 assert_se(!FLAGS_SET(svfs.f_flag, ST_RDONLY));
161
162 /* Make the subdir a bind mount */
163 assert_se(mount_nofollow(subdir, subdir, NULL, MS_BIND|MS_REC, NULL) >= 0);
164
165 /* Ensure it's still writable */
166 assert_se(statvfs(subdir, &svfs) >= 0);
167 assert_se(!FLAGS_SET(svfs.f_flag, ST_RDONLY));
168
169 /* Now mark the path we currently run for read-only */
170 assert_se(bind_remount_recursive(p, MS_RDONLY, MS_RDONLY, STRV_MAKE("/sys/kernel")) >= 0);
171
172 /* Ensure that this worked on the top-level */
173 assert_se(statvfs(p, &svfs) >= 0);
174 assert_se(FLAGS_SET(svfs.f_flag, ST_RDONLY));
175
176 /* And ensure this had an effect on the subdir exactly if we are talking about a path above the subdir */
177 assert_se(statvfs(subdir, &svfs) >= 0);
178 assert_se(FLAGS_SET(svfs.f_flag, ST_RDONLY) == !!path_startswith(subdir, p));
179
180 _exit(EXIT_SUCCESS);
181 }
182
183 assert_se(wait_for_terminate_and_check("test-remount-rec", pid, WAIT_LOG) == EXIT_SUCCESS);
184 }
185 }
186
187 static void test_bind_remount_one(void) {
188 pid_t pid;
189
190 log_info("/* %s */", __func__);
191
192 if (geteuid() != 0 || have_effective_cap(CAP_SYS_ADMIN) <= 0) {
193 (void) log_tests_skipped("not running privileged");
194 return;
195 }
196
197 pid = fork();
198 assert_se(pid >= 0);
199
200 if (pid == 0) {
201 /* child */
202
203 _cleanup_fclose_ FILE *proc_self_mountinfo = NULL;
204
205 assert_se(detach_mount_namespace() >= 0);
206
207 assert_se(fopen_unlocked("/proc/self/mountinfo", "re", &proc_self_mountinfo) >= 0);
208
209 assert_se(bind_remount_one_with_mountinfo("/run", MS_RDONLY, MS_RDONLY, proc_self_mountinfo) >= 0);
210 assert_se(bind_remount_one_with_mountinfo("/proc/idontexist", MS_RDONLY, MS_RDONLY, proc_self_mountinfo) == -ENOENT);
211 assert_se(bind_remount_one_with_mountinfo("/proc/self", MS_RDONLY, MS_RDONLY, proc_self_mountinfo) == -EINVAL);
212 assert_se(bind_remount_one_with_mountinfo("/", MS_RDONLY, MS_RDONLY, proc_self_mountinfo) >= 0);
213
214 _exit(EXIT_SUCCESS);
215 }
216
217 assert_se(wait_for_terminate_and_check("test-remount-one", pid, WAIT_LOG) == EXIT_SUCCESS);
218 }
219
220 int main(int argc, char *argv[]) {
221 test_setup_logging(LOG_DEBUG);
222
223 test_mount_option_mangle();
224 test_mount_flags_to_string();
225 test_bind_remount_recursive();
226 test_bind_remount_one();
227
228 return 0;
229 }
Unnamed repository; edit this file 'description' to name the repository.