]>
git.ipfire.org Git - thirdparty/systemd.git/blob - src/test/test-mount-util.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
4 #include <sys/statvfs.h>
6 #include "alloc-util.h"
7 #include "capability-util.h"
10 #include "mount-util.h"
11 #include "namespace-util.h"
12 #include "path-util.h"
13 #include "process-util.h"
15 #include "string-util.h"
18 #include "tmpfile-util.h"
20 static void test_mount_option_mangle(void) {
24 assert_se(mount_option_mangle(NULL
, MS_RDONLY
|MS_NOSUID
, &f
, &opts
) == 0);
25 assert_se(f
== (MS_RDONLY
|MS_NOSUID
));
26 assert_se(opts
== NULL
);
28 assert_se(mount_option_mangle("", MS_RDONLY
|MS_NOSUID
, &f
, &opts
) == 0);
29 assert_se(f
== (MS_RDONLY
|MS_NOSUID
));
30 assert_se(opts
== NULL
);
32 assert_se(mount_option_mangle("ro,nosuid,nodev,noexec", 0, &f
, &opts
) == 0);
33 assert_se(f
== (MS_RDONLY
|MS_NOSUID
|MS_NODEV
|MS_NOEXEC
));
34 assert_se(opts
== NULL
);
36 assert_se(mount_option_mangle("ro,nosuid,nodev,noexec,mode=755", 0, &f
, &opts
) == 0);
37 assert_se(f
== (MS_RDONLY
|MS_NOSUID
|MS_NODEV
|MS_NOEXEC
));
38 assert_se(streq(opts
, "mode=755"));
41 assert_se(mount_option_mangle("rw,nosuid,foo,hogehoge,nodev,mode=755", 0, &f
, &opts
) == 0);
42 assert_se(f
== (MS_NOSUID
|MS_NODEV
));
43 assert_se(streq(opts
, "foo,hogehoge,mode=755"));
46 assert_se(mount_option_mangle("rw,nosuid,nodev,noexec,relatime,net_cls,net_prio", MS_RDONLY
, &f
, &opts
) == 0);
47 assert_se(f
== (MS_NOSUID
|MS_NODEV
|MS_NOEXEC
|MS_RELATIME
));
48 assert_se(streq(opts
, "net_cls,net_prio"));
51 assert_se(mount_option_mangle("rw,nosuid,nodev,relatime,size=1630748k,mode=700,uid=1000,gid=1000", MS_RDONLY
, &f
, &opts
) == 0);
52 assert_se(f
== (MS_NOSUID
|MS_NODEV
|MS_RELATIME
));
53 assert_se(streq(opts
, "size=1630748k,mode=700,uid=1000,gid=1000"));
56 assert_se(mount_option_mangle("size=1630748k,rw,gid=1000,,,nodev,relatime,,mode=700,nosuid,uid=1000", MS_RDONLY
, &f
, &opts
) == 0);
57 assert_se(f
== (MS_NOSUID
|MS_NODEV
|MS_RELATIME
));
58 assert_se(streq(opts
, "size=1630748k,gid=1000,mode=700,uid=1000"));
61 assert_se(mount_option_mangle("rw,exec,size=8143984k,nr_inodes=2035996,mode=755", MS_RDONLY
|MS_NOSUID
|MS_NOEXEC
|MS_NODEV
, &f
, &opts
) == 0);
62 assert_se(f
== (MS_NOSUID
|MS_NODEV
));
63 assert_se(streq(opts
, "size=8143984k,nr_inodes=2035996,mode=755"));
66 assert_se(mount_option_mangle("rw,relatime,fmask=0022,,,dmask=0022", MS_RDONLY
, &f
, &opts
) == 0);
67 assert_se(f
== MS_RELATIME
);
68 assert_se(streq(opts
, "fmask=0022,dmask=0022"));
71 assert_se(mount_option_mangle("rw,relatime,fmask=0022,dmask=0022,\"hogehoge", MS_RDONLY
, &f
, &opts
) < 0);
73 assert_se(mount_option_mangle("mode=1777,size=10%,nr_inodes=400k,uid=496107520,gid=496107520,context=\"system_u:object_r:svirt_sandbox_file_t:s0:c0,c1\"", 0, &f
, &opts
) == 0);
75 assert_se(streq(opts
, "mode=1777,size=10%,nr_inodes=400k,uid=496107520,gid=496107520,context=\"system_u:object_r:svirt_sandbox_file_t:s0:c0,c1\""));
79 static void test_bind_remount_recursive(void) {
80 _cleanup_(rm_rf_physical_and_freep
) char *tmp
= NULL
;
81 _cleanup_free_
char *subdir
= NULL
;
84 if (geteuid() != 0 || have_effective_cap(CAP_SYS_ADMIN
) <= 0) {
85 (void) log_tests_skipped("not running privileged");
89 assert_se(mkdtemp_malloc("/tmp/XXXXXX", &tmp
) >= 0);
90 subdir
= path_join(tmp
, "subdir");
92 assert_se(mkdir(subdir
, 0755) >= 0);
94 FOREACH_STRING(p
, "/usr", "/sys", "/", tmp
) {
103 assert_se(detach_mount_namespace() >= 0);
105 /* Check that the subdir is writable (it must be because it's in /tmp) */
106 assert_se(statvfs(subdir
, &svfs
) >= 0);
107 assert_se(!FLAGS_SET(svfs
.f_flag
, ST_RDONLY
));
109 /* Make the subdir a bind mount */
110 assert_se(mount_nofollow(subdir
, subdir
, NULL
, MS_BIND
|MS_REC
, NULL
) >= 0);
112 /* Ensure it's still writable */
113 assert_se(statvfs(subdir
, &svfs
) >= 0);
114 assert_se(!FLAGS_SET(svfs
.f_flag
, ST_RDONLY
));
116 /* Now mark the path we currently run for read-only */
117 assert_se(bind_remount_recursive(p
, MS_RDONLY
, MS_RDONLY
, STRV_MAKE("/sys/kernel")) >= 0);
119 /* Ensure that this worked on the top-level */
120 assert_se(statvfs(p
, &svfs
) >= 0);
121 assert_se(FLAGS_SET(svfs
.f_flag
, ST_RDONLY
));
123 /* And ensure this had an effect on the subdir exactly if we are talking about a path above the subdir */
124 assert_se(statvfs(subdir
, &svfs
) >= 0);
125 assert_se(FLAGS_SET(svfs
.f_flag
, ST_RDONLY
) == !!path_startswith(subdir
, p
));
130 assert_se(wait_for_terminate_and_check("test-remount-rec", pid
, WAIT_LOG
) == EXIT_SUCCESS
);
134 static void test_bind_remount_one(void) {
137 if (geteuid() != 0 || have_effective_cap(CAP_SYS_ADMIN
) <= 0) {
138 (void) log_tests_skipped("not running privileged");
148 _cleanup_fclose_
FILE *proc_self_mountinfo
= NULL
;
150 assert_se(detach_mount_namespace() >= 0);
152 assert_se(fopen_unlocked("/proc/self/mountinfo", "re", &proc_self_mountinfo
) >= 0);
154 assert_se(bind_remount_one_with_mountinfo("/run", MS_RDONLY
, MS_RDONLY
, proc_self_mountinfo
) >= 0);
155 assert_se(bind_remount_one_with_mountinfo("/proc/idontexist", MS_RDONLY
, MS_RDONLY
, proc_self_mountinfo
) == -ENOENT
);
156 assert_se(bind_remount_one_with_mountinfo("/proc/self", MS_RDONLY
, MS_RDONLY
, proc_self_mountinfo
) == -EINVAL
);
157 assert_se(bind_remount_one_with_mountinfo("/", MS_RDONLY
, MS_RDONLY
, proc_self_mountinfo
) >= 0);
162 assert_se(wait_for_terminate_and_check("test-remount-one", pid
, WAIT_LOG
) == EXIT_SUCCESS
);
165 int main(int argc
, char *argv
[]) {
166 test_setup_logging(LOG_DEBUG
);
168 test_mount_option_mangle();
169 test_bind_remount_recursive();
170 test_bind_remount_one();