]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/test/test-mount-util.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #26038 from lilyinstarlight/fix/fstab-generator-sysroot-without...
[thirdparty/systemd.git] / src / test / test-mount-util.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <sys/mount.h>
4 #include <sys/statvfs.h>
5
6 #include "alloc-util.h"
7 #include "capability-util.h"
8 #include "fd-util.h"
9 #include "fileio.h"
10 #include "fs-util.h"
11 #include "missing_magic.h"
12 #include "missing_mount.h"
13 #include "mkdir.h"
14 #include "mount-util.h"
15 #include "mountpoint-util.h"
16 #include "namespace-util.h"
17 #include "path-util.h"
18 #include "process-util.h"
19 #include "rm-rf.h"
20 #include "stat-util.h"
21 #include "string-util.h"
22 #include "strv.h"
23 #include "tests.h"
24 #include "tmpfile-util.h"
25
26 TEST(remount_and_move_sub_mounts) {
27 int r;
28
29 if (geteuid() != 0 || have_effective_cap(CAP_SYS_ADMIN) <= 0)
30 return (void) log_tests_skipped("not running privileged");
31
32 r = safe_fork("(remount-and-move-sub-mounts)",
33 FORK_RESET_SIGNALS |
34 FORK_CLOSE_ALL_FDS |
35 FORK_DEATHSIG |
36 FORK_WAIT |
37 FORK_REOPEN_LOG |
38 FORK_LOG |
39 FORK_NEW_MOUNTNS |
40 FORK_MOUNTNS_SLAVE,
41 NULL);
42 assert_se(r >= 0);
43 if (r == 0) {
44 _cleanup_free_ char *d = NULL, *fn = NULL;
45
46 assert_se(mkdtemp_malloc(NULL, &d) >= 0);
47
48 assert_se(mount_nofollow_verbose(LOG_DEBUG, "tmpfs", d, "tmpfs", MS_NOSUID|MS_NODEV, NULL) >= 0);
49
50 assert_se(fn = path_join(d, "memo"));
51 assert_se(write_string_file(fn, d, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_AVOID_NEWLINE) >= 0);
52 assert_se(access(fn, F_OK) >= 0);
53
54 /* Create fs tree */
55 FOREACH_STRING(p, "sub1", "sub1/hoge", "sub1/foo", "sub2", "sub2/aaa", "sub2/bbb") {
56 _cleanup_free_ char *where = NULL, *filename = NULL;
57
58 assert_se(where = path_join(d, p));
59 assert_se(mkdir_p(where, 0755) >= 0);
60 assert_se(mount_nofollow_verbose(LOG_DEBUG, "tmpfs", where, "tmpfs", MS_NOSUID|MS_NODEV, NULL) >= 0);
61
62 assert_se(filename = path_join(where, "memo"));
63 assert_se(write_string_file(filename, where, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_AVOID_NEWLINE) >= 0);
64 assert_se(access(filename, F_OK) >= 0);
65 }
66
67 /* Hide sub1. */
68 FOREACH_STRING(p, "sub1", "sub1/hogehoge", "sub1/foofoo") {
69 _cleanup_free_ char *where = NULL, *filename = NULL;
70
71 assert_se(where = path_join(d, p));
72 assert_se(mkdir_p(where, 0755) >= 0);
73 assert_se(mount_nofollow_verbose(LOG_DEBUG, "tmpfs", where, "tmpfs", MS_NOSUID|MS_NODEV, NULL) >= 0);
74
75 assert_se(filename = path_join(where, "memo"));
76 assert_se(write_string_file(filename, where, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_AVOID_NEWLINE) >= 0);
77 assert_se(access(filename, F_OK) >= 0);
78 }
79
80 /* Remount the main fs. */
81 r = remount_and_move_sub_mounts("tmpfs", d, "tmpfs", MS_NOSUID|MS_NODEV, NULL);
82 if (r == -EINVAL || (r < 0 && ERRNO_IS_NOT_SUPPORTED(r))) {
83 log_tests_skipped_errno(r, "The kernel seems too old: %m");
84 _exit(EXIT_SUCCESS);
85 }
86
87 /* Check the file in the main fs does not exist. */
88 assert_se(access(fn, F_OK) < 0 && errno == ENOENT);
89
90 /* Check the files in sub-mounts are kept. */
91 FOREACH_STRING(p, "sub1", "sub1/hogehoge", "sub1/foofoo", "sub2", "sub2/aaa", "sub2/bbb") {
92 _cleanup_free_ char *where = NULL, *filename = NULL, *content = NULL;
93
94 assert_se(where = path_join(d, p));
95 assert_se(filename = path_join(where, "memo"));
96 assert_se(read_full_file(filename, &content, NULL) >= 0);
97 assert_se(streq(content, where));
98 }
99
100 /* umount sub1, and check if the previously hidden sub-mounts are dropped. */
101 FOREACH_STRING(p, "sub1/hoge", "sub1/foo") {
102 _cleanup_free_ char *where = NULL;
103
104 assert_se(where = path_join(d, p));
105 assert_se(access(where, F_OK) < 0 && errno == ENOENT);
106 }
107
108 _exit(EXIT_SUCCESS);
109 }
110 }
111
112 TEST(remount_sysfs) {
113 int r;
114
115 if (geteuid() != 0 || have_effective_cap(CAP_SYS_ADMIN) <= 0)
116 return (void) log_tests_skipped("not running privileged");
117
118 if (path_is_fs_type("/sys", SYSFS_MAGIC) <= 0)
119 return (void) log_tests_skipped("sysfs is not mounted on /sys");
120
121 if (access("/sys/class/net/dummy-test-mnt", F_OK) < 0)
122 return (void) log_tests_skipped_errno(errno, "The network interface dummy-test-mnt does not exit");
123
124 r = safe_fork("(remount-sysfs)",
125 FORK_RESET_SIGNALS |
126 FORK_CLOSE_ALL_FDS |
127 FORK_DEATHSIG |
128 FORK_WAIT |
129 FORK_REOPEN_LOG |
130 FORK_LOG |
131 FORK_NEW_MOUNTNS |
132 FORK_MOUNTNS_SLAVE,
133 NULL);
134 assert_se(r >= 0);
135 if (r == 0) {
136 assert_se(unshare(CLONE_NEWNET) >= 0);
137
138 /* Even unshare()ed, the interfaces in the main namespace can be accessed through sysfs. */
139 assert_se(access("/sys/class/net/lo", F_OK) >= 0);
140 assert_se(access("/sys/class/net/dummy-test-mnt", F_OK) >= 0);
141
142 r = remount_sysfs("/sys");
143 if (r == -EINVAL || (r < 0 && ERRNO_IS_NOT_SUPPORTED(r))) {
144 log_tests_skipped_errno(r, "The kernel seems too old: %m");
145 _exit(EXIT_SUCCESS);
146 }
147
148 /* After remounting sysfs, the interfaces in the main namespace cannot be accessed. */
149 assert_se(access("/sys/class/net/lo", F_OK) >= 0);
150 assert_se(access("/sys/class/net/dummy-test-mnt", F_OK) < 0 && errno == ENOENT);
151
152 _exit(EXIT_SUCCESS);
153 }
154 }
155
156 TEST(mount_option_mangle) {
157 char *opts = NULL;
158 unsigned long f;
159
160 assert_se(mount_option_mangle(NULL, MS_RDONLY|MS_NOSUID, &f, &opts) == 0);
161 assert_se(f == (MS_RDONLY|MS_NOSUID));
162 assert_se(opts == NULL);
163
164 assert_se(mount_option_mangle("", MS_RDONLY|MS_NOSUID, &f, &opts) == 0);
165 assert_se(f == (MS_RDONLY|MS_NOSUID));
166 assert_se(opts == NULL);
167
168 assert_se(mount_option_mangle("ro,nosuid,nodev,noexec", 0, &f, &opts) == 0);
169 assert_se(f == (MS_RDONLY|MS_NOSUID|MS_NODEV|MS_NOEXEC));
170 assert_se(opts == NULL);
171
172 assert_se(mount_option_mangle("ro,nosuid,nodev,noexec,mode=0755", 0, &f, &opts) == 0);
173 assert_se(f == (MS_RDONLY|MS_NOSUID|MS_NODEV|MS_NOEXEC));
174 assert_se(streq(opts, "mode=0755"));
175 opts = mfree(opts);
176
177 assert_se(mount_option_mangle("rw,nosuid,foo,hogehoge,nodev,mode=0755", 0, &f, &opts) == 0);
178 assert_se(f == (MS_NOSUID|MS_NODEV));
179 assert_se(streq(opts, "foo,hogehoge,mode=0755"));
180 opts = mfree(opts);
181
182 assert_se(mount_option_mangle("rw,nosuid,nodev,noexec,relatime,net_cls,net_prio", MS_RDONLY, &f, &opts) == 0);
183 assert_se(f == (MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_RELATIME));
184 assert_se(streq(opts, "net_cls,net_prio"));
185 opts = mfree(opts);
186
187 assert_se(mount_option_mangle("rw,nosuid,nodev,relatime,size=1630748k,mode=0700,uid=1000,gid=1000", MS_RDONLY, &f, &opts) == 0);
188 assert_se(f == (MS_NOSUID|MS_NODEV|MS_RELATIME));
189 assert_se(streq(opts, "size=1630748k,mode=0700,uid=1000,gid=1000"));
190 opts = mfree(opts);
191
192 assert_se(mount_option_mangle("size=1630748k,rw,gid=1000,,,nodev,relatime,,mode=0700,nosuid,uid=1000", MS_RDONLY, &f, &opts) == 0);
193 assert_se(f == (MS_NOSUID|MS_NODEV|MS_RELATIME));
194 assert_se(streq(opts, "size=1630748k,gid=1000,mode=0700,uid=1000"));
195 opts = mfree(opts);
196
197 assert_se(mount_option_mangle("rw,exec,size=8143984k,nr_inodes=2035996,mode=0755", MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV, &f, &opts) == 0);
198 assert_se(f == (MS_NOSUID|MS_NODEV));
199 assert_se(streq(opts, "size=8143984k,nr_inodes=2035996,mode=0755"));
200 opts = mfree(opts);
201
202 assert_se(mount_option_mangle("rw,relatime,fmask=0022,,,dmask=0022", MS_RDONLY, &f, &opts) == 0);
203 assert_se(f == MS_RELATIME);
204 assert_se(streq(opts, "fmask=0022,dmask=0022"));
205 opts = mfree(opts);
206
207 assert_se(mount_option_mangle("rw,relatime,fmask=0022,dmask=0022,\"hogehoge", MS_RDONLY, &f, &opts) < 0);
208
209 assert_se(mount_option_mangle("mode=01777,size=10%,nr_inodes=400k,uid=496107520,gid=496107520,context=\"system_u:object_r:svirt_sandbox_file_t:s0:c0,c1\"", 0, &f, &opts) == 0);
210 assert_se(f == 0);
211 assert_se(streq(opts, "mode=01777,size=10%,nr_inodes=400k,uid=496107520,gid=496107520,context=\"system_u:object_r:svirt_sandbox_file_t:s0:c0,c1\""));
212 opts = mfree(opts);
213 }
214
215 static void test_mount_flags_to_string_one(unsigned long flags, const char *expected) {
216 _cleanup_free_ char *x = NULL;
217 int r;
218
219 r = mount_flags_to_string(flags, &x);
220 log_info("flags: %#lX → %d/\"%s\"", flags, r, strnull(x));
221 assert_se(r >= 0);
222 assert_se(streq(x, expected));
223 }
224
225 TEST(mount_flags_to_string) {
226 test_mount_flags_to_string_one(0, "0");
227 test_mount_flags_to_string_one(MS_RDONLY, "MS_RDONLY");
228 test_mount_flags_to_string_one(MS_NOSUID, "MS_NOSUID");
229 test_mount_flags_to_string_one(MS_NODEV, "MS_NODEV");
230 test_mount_flags_to_string_one(MS_NOEXEC, "MS_NOEXEC");
231 test_mount_flags_to_string_one(MS_SYNCHRONOUS, "MS_SYNCHRONOUS");
232 test_mount_flags_to_string_one(MS_REMOUNT, "MS_REMOUNT");
233 test_mount_flags_to_string_one(MS_MANDLOCK, "MS_MANDLOCK");
234 test_mount_flags_to_string_one(MS_DIRSYNC, "MS_DIRSYNC");
235 test_mount_flags_to_string_one(MS_NOSYMFOLLOW, "MS_NOSYMFOLLOW");
236 test_mount_flags_to_string_one(MS_NOATIME, "MS_NOATIME");
237 test_mount_flags_to_string_one(MS_NODIRATIME, "MS_NODIRATIME");
238 test_mount_flags_to_string_one(MS_BIND, "MS_BIND");
239 test_mount_flags_to_string_one(MS_MOVE, "MS_MOVE");
240 test_mount_flags_to_string_one(MS_REC, "MS_REC");
241 test_mount_flags_to_string_one(MS_SILENT, "MS_SILENT");
242 test_mount_flags_to_string_one(MS_POSIXACL, "MS_POSIXACL");
243 test_mount_flags_to_string_one(MS_UNBINDABLE, "MS_UNBINDABLE");
244 test_mount_flags_to_string_one(MS_PRIVATE, "MS_PRIVATE");
245 test_mount_flags_to_string_one(MS_SLAVE, "MS_SLAVE");
246 test_mount_flags_to_string_one(MS_SHARED, "MS_SHARED");
247 test_mount_flags_to_string_one(MS_RELATIME, "MS_RELATIME");
248 test_mount_flags_to_string_one(MS_KERNMOUNT, "MS_KERNMOUNT");
249 test_mount_flags_to_string_one(MS_I_VERSION, "MS_I_VERSION");
250 test_mount_flags_to_string_one(MS_STRICTATIME, "MS_STRICTATIME");
251 test_mount_flags_to_string_one(MS_LAZYTIME, "MS_LAZYTIME");
252 test_mount_flags_to_string_one(MS_LAZYTIME|MS_STRICTATIME, "MS_STRICTATIME|MS_LAZYTIME");
253 test_mount_flags_to_string_one(UINT_MAX,
254 "MS_RDONLY|MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|"
255 "MS_MANDLOCK|MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_NODIRATIME|"
256 "MS_BIND|MS_MOVE|MS_REC|MS_SILENT|MS_POSIXACL|MS_UNBINDABLE|"
257 "MS_PRIVATE|MS_SLAVE|MS_SHARED|MS_RELATIME|MS_KERNMOUNT|"
258 "MS_I_VERSION|MS_STRICTATIME|MS_LAZYTIME|fc000200");
259 }
260
261 TEST(bind_remount_recursive) {
262 _cleanup_(rm_rf_physical_and_freep) char *tmp = NULL;
263 _cleanup_free_ char *subdir = NULL;
264
265 if (geteuid() != 0 || have_effective_cap(CAP_SYS_ADMIN) <= 0) {
266 (void) log_tests_skipped("not running privileged");
267 return;
268 }
269
270 assert_se(mkdtemp_malloc("/tmp/XXXXXX", &tmp) >= 0);
271 subdir = path_join(tmp, "subdir");
272 assert_se(subdir);
273 assert_se(mkdir(subdir, 0755) >= 0);
274
275 FOREACH_STRING(p, "/usr", "/sys", "/", tmp) {
276 pid_t pid;
277
278 pid = fork();
279 assert_se(pid >= 0);
280
281 if (pid == 0) {
282 struct statvfs svfs;
283 /* child */
284 assert_se(detach_mount_namespace() >= 0);
285
286 /* Check that the subdir is writable (it must be because it's in /tmp) */
287 assert_se(statvfs(subdir, &svfs) >= 0);
288 assert_se(!FLAGS_SET(svfs.f_flag, ST_RDONLY));
289
290 /* Make the subdir a bind mount */
291 assert_se(mount_nofollow(subdir, subdir, NULL, MS_BIND|MS_REC, NULL) >= 0);
292
293 /* Ensure it's still writable */
294 assert_se(statvfs(subdir, &svfs) >= 0);
295 assert_se(!FLAGS_SET(svfs.f_flag, ST_RDONLY));
296
297 /* Now mark the path we currently run for read-only */
298 assert_se(bind_remount_recursive(p, MS_RDONLY, MS_RDONLY, path_equal(p, "/sys") ? STRV_MAKE("/sys/kernel") : NULL) >= 0);
299
300 /* Ensure that this worked on the top-level */
301 assert_se(statvfs(p, &svfs) >= 0);
302 assert_se(FLAGS_SET(svfs.f_flag, ST_RDONLY));
303
304 /* And ensure this had an effect on the subdir exactly if we are talking about a path above the subdir */
305 assert_se(statvfs(subdir, &svfs) >= 0);
306 assert_se(FLAGS_SET(svfs.f_flag, ST_RDONLY) == !!path_startswith(subdir, p));
307
308 _exit(EXIT_SUCCESS);
309 }
310
311 assert_se(wait_for_terminate_and_check("test-remount-rec", pid, WAIT_LOG) == EXIT_SUCCESS);
312 }
313 }
314
315 TEST(bind_remount_one) {
316 pid_t pid;
317
318 if (geteuid() != 0 || have_effective_cap(CAP_SYS_ADMIN) <= 0) {
319 (void) log_tests_skipped("not running privileged");
320 return;
321 }
322
323 pid = fork();
324 assert_se(pid >= 0);
325
326 if (pid == 0) {
327 /* child */
328
329 _cleanup_fclose_ FILE *proc_self_mountinfo = NULL;
330
331 assert_se(detach_mount_namespace() >= 0);
332
333 assert_se(fopen_unlocked("/proc/self/mountinfo", "re", &proc_self_mountinfo) >= 0);
334
335 assert_se(bind_remount_one_with_mountinfo("/run", MS_RDONLY, MS_RDONLY, proc_self_mountinfo) >= 0);
336 assert_se(bind_remount_one_with_mountinfo("/run", MS_NOEXEC, MS_RDONLY|MS_NOEXEC, proc_self_mountinfo) >= 0);
337 assert_se(bind_remount_one_with_mountinfo("/proc/idontexist", MS_RDONLY, MS_RDONLY, proc_self_mountinfo) == -ENOENT);
338 assert_se(bind_remount_one_with_mountinfo("/proc/self", MS_RDONLY, MS_RDONLY, proc_self_mountinfo) == -EINVAL);
339 assert_se(bind_remount_one_with_mountinfo("/", MS_RDONLY, MS_RDONLY, proc_self_mountinfo) >= 0);
340
341 _exit(EXIT_SUCCESS);
342 }
343
344 assert_se(wait_for_terminate_and_check("test-remount-one", pid, WAIT_LOG) == EXIT_SUCCESS);
345 }
346
347 TEST(make_mount_point_inode) {
348 _cleanup_(rm_rf_physical_and_freep) char *d = NULL;
349 const char *src_file, *src_dir, *dst_file, *dst_dir;
350 struct stat st;
351
352 assert_se(mkdtemp_malloc(NULL, &d) >= 0);
353
354 src_file = strjoina(d, "/src/file");
355 src_dir = strjoina(d, "/src/dir");
356 dst_file = strjoina(d, "/dst/file");
357 dst_dir = strjoina(d, "/dst/dir");
358
359 assert_se(mkdir_p(src_dir, 0755) >= 0);
360 assert_se(mkdir_parents(dst_file, 0755) >= 0);
361 assert_se(touch(src_file) >= 0);
362
363 assert_se(make_mount_point_inode_from_path(src_file, dst_file, 0755) >= 0);
364 assert_se(make_mount_point_inode_from_path(src_dir, dst_dir, 0755) >= 0);
365
366 assert_se(stat(dst_dir, &st) == 0);
367 assert_se(S_ISDIR(st.st_mode));
368 assert_se(stat(dst_file, &st) == 0);
369 assert_se(S_ISREG(st.st_mode));
370 assert_se(!(S_IXUSR & st.st_mode));
371 assert_se(!(S_IXGRP & st.st_mode));
372 assert_se(!(S_IXOTH & st.st_mode));
373
374 assert_se(unlink(dst_file) == 0);
375 assert_se(rmdir(dst_dir) == 0);
376
377 assert_se(stat(src_file, &st) == 0);
378 assert_se(make_mount_point_inode_from_stat(&st, dst_file, 0755) >= 0);
379 assert_se(stat(src_dir, &st) == 0);
380 assert_se(make_mount_point_inode_from_stat(&st, dst_dir, 0755) >= 0);
381
382 assert_se(stat(dst_dir, &st) == 0);
383 assert_se(S_ISDIR(st.st_mode));
384 assert_se(stat(dst_file, &st) == 0);
385 assert_se(S_ISREG(st.st_mode));
386 assert_se(!(S_IXUSR & st.st_mode));
387 assert_se(!(S_IXGRP & st.st_mode));
388 assert_se(!(S_IXOTH & st.st_mode));
389 }
390
391 static int intro(void) {
392 /* Create a dummy network interface for testing remount_sysfs(). */
393 (void) system("ip link add dummy-test-mnt type dummy");
394
395 return 0;
396 }
397
398 static int outro(void) {
399 (void) system("ip link del dummy-test-mnt");
400
401 return 0;
402 }
403
404 DEFINE_TEST_MAIN_FULL(LOG_DEBUG, intro, outro);
Unnamed repository; edit this file 'description' to name the repository.