[thirdparty/systemd.git] / src / test / test-mount-util.c

/* SPDX-License-Identifier: LGPL-2.1-or-later */

#include <sys/mount.h>
#include <sys/statvfs.h>

#include "alloc-util.h"
#include "capability-util.h"
#include "fd-util.h"
#include "fileio.h"
#include "fs-util.h"
#include "missing_mount.h"
#include "mkdir.h"
#include "mount-util.h"
#include "mountpoint-util.h"
#include "namespace-util.h"
#include "path-util.h"
#include "process-util.h"
#include "rm-rf.h"
#include "string-util.h"
#include "strv.h"
#include "tests.h"
#include "tmpfile-util.h"

TEST(mount_option_mangle) {
        char *opts = NULL;
        unsigned long f;

        assert_se(mount_option_mangle(NULL, MS_RDONLY|MS_NOSUID, &f, &opts) == 0);
        assert_se(f == (MS_RDONLY|MS_NOSUID));
        assert_se(opts == NULL);

        assert_se(mount_option_mangle("", MS_RDONLY|MS_NOSUID, &f, &opts) == 0);
        assert_se(f == (MS_RDONLY|MS_NOSUID));
        assert_se(opts == NULL);

        assert_se(mount_option_mangle("ro,nosuid,nodev,noexec", 0, &f, &opts) == 0);
        assert_se(f == (MS_RDONLY|MS_NOSUID|MS_NODEV|MS_NOEXEC));
        assert_se(opts == NULL);

        assert_se(mount_option_mangle("ro,nosuid,nodev,noexec,mode=0755", 0, &f, &opts) == 0);
        assert_se(f == (MS_RDONLY|MS_NOSUID|MS_NODEV|MS_NOEXEC));
        assert_se(streq(opts, "mode=0755"));
        opts = mfree(opts);

        assert_se(mount_option_mangle("rw,nosuid,foo,hogehoge,nodev,mode=0755", 0, &f, &opts) == 0);
        assert_se(f == (MS_NOSUID|MS_NODEV));
        assert_se(streq(opts, "foo,hogehoge,mode=0755"));
        opts = mfree(opts);

        assert_se(mount_option_mangle("rw,nosuid,nodev,noexec,relatime,net_cls,net_prio", MS_RDONLY, &f, &opts) == 0);
        assert_se(f == (MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_RELATIME));
        assert_se(streq(opts, "net_cls,net_prio"));
        opts = mfree(opts);

        assert_se(mount_option_mangle("rw,nosuid,nodev,relatime,size=1630748k,mode=0700,uid=1000,gid=1000", MS_RDONLY, &f, &opts) == 0);
        assert_se(f == (MS_NOSUID|MS_NODEV|MS_RELATIME));
        assert_se(streq(opts, "size=1630748k,mode=0700,uid=1000,gid=1000"));
        opts = mfree(opts);

        assert_se(mount_option_mangle("size=1630748k,rw,gid=1000,,,nodev,relatime,,mode=0700,nosuid,uid=1000", MS_RDONLY, &f, &opts) == 0);
        assert_se(f == (MS_NOSUID|MS_NODEV|MS_RELATIME));
        assert_se(streq(opts, "size=1630748k,gid=1000,mode=0700,uid=1000"));
        opts = mfree(opts);

        assert_se(mount_option_mangle("rw,exec,size=8143984k,nr_inodes=2035996,mode=0755", MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV, &f, &opts) == 0);
        assert_se(f == (MS_NOSUID|MS_NODEV));
        assert_se(streq(opts, "size=8143984k,nr_inodes=2035996,mode=0755"));
        opts = mfree(opts);

        assert_se(mount_option_mangle("rw,relatime,fmask=0022,,,dmask=0022", MS_RDONLY, &f, &opts) == 0);
        assert_se(f == MS_RELATIME);
        assert_se(streq(opts, "fmask=0022,dmask=0022"));
        opts = mfree(opts);

        assert_se(mount_option_mangle("rw,relatime,fmask=0022,dmask=0022,\"hogehoge", MS_RDONLY, &f, &opts) < 0);

        assert_se(mount_option_mangle("mode=01777,size=10%,nr_inodes=400k,uid=496107520,gid=496107520,context=\"system_u:object_r:svirt_sandbox_file_t:s0:c0,c1\"", 0, &f, &opts) == 0);
        assert_se(f == 0);
        assert_se(streq(opts, "mode=01777,size=10%,nr_inodes=400k,uid=496107520,gid=496107520,context=\"system_u:object_r:svirt_sandbox_file_t:s0:c0,c1\""));
        opts = mfree(opts);
}

static void test_mount_flags_to_string_one(unsigned long flags, const char *expected) {
        _cleanup_free_ char *x = NULL;
        int r;

        r = mount_flags_to_string(flags, &x);
        log_info("flags: %#lX → %d/\"%s\"", flags, r, strnull(x));
        assert_se(r >= 0);
        assert_se(streq(x, expected));
}

TEST(mount_flags_to_string) {
        test_mount_flags_to_string_one(0, "0");
        test_mount_flags_to_string_one(MS_RDONLY, "MS_RDONLY");
        test_mount_flags_to_string_one(MS_NOSUID, "MS_NOSUID");
        test_mount_flags_to_string_one(MS_NODEV, "MS_NODEV");
        test_mount_flags_to_string_one(MS_NOEXEC, "MS_NOEXEC");
        test_mount_flags_to_string_one(MS_SYNCHRONOUS, "MS_SYNCHRONOUS");
        test_mount_flags_to_string_one(MS_REMOUNT, "MS_REMOUNT");
        test_mount_flags_to_string_one(MS_MANDLOCK, "MS_MANDLOCK");
        test_mount_flags_to_string_one(MS_DIRSYNC, "MS_DIRSYNC");
        test_mount_flags_to_string_one(MS_NOSYMFOLLOW, "MS_NOSYMFOLLOW");
        test_mount_flags_to_string_one(MS_NOATIME, "MS_NOATIME");
        test_mount_flags_to_string_one(MS_NODIRATIME, "MS_NODIRATIME");
        test_mount_flags_to_string_one(MS_BIND, "MS_BIND");
        test_mount_flags_to_string_one(MS_MOVE, "MS_MOVE");
        test_mount_flags_to_string_one(MS_REC, "MS_REC");
        test_mount_flags_to_string_one(MS_SILENT, "MS_SILENT");
        test_mount_flags_to_string_one(MS_POSIXACL, "MS_POSIXACL");
        test_mount_flags_to_string_one(MS_UNBINDABLE, "MS_UNBINDABLE");
        test_mount_flags_to_string_one(MS_PRIVATE, "MS_PRIVATE");
        test_mount_flags_to_string_one(MS_SLAVE, "MS_SLAVE");
        test_mount_flags_to_string_one(MS_SHARED, "MS_SHARED");
        test_mount_flags_to_string_one(MS_RELATIME, "MS_RELATIME");
        test_mount_flags_to_string_one(MS_KERNMOUNT, "MS_KERNMOUNT");
        test_mount_flags_to_string_one(MS_I_VERSION, "MS_I_VERSION");
        test_mount_flags_to_string_one(MS_STRICTATIME, "MS_STRICTATIME");
        test_mount_flags_to_string_one(MS_LAZYTIME, "MS_LAZYTIME");
        test_mount_flags_to_string_one(MS_LAZYTIME|MS_STRICTATIME, "MS_STRICTATIME|MS_LAZYTIME");
        test_mount_flags_to_string_one(UINT_MAX,
                                       "MS_RDONLY|MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|"
                                       "MS_MANDLOCK|MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_NODIRATIME|"
                                       "MS_BIND|MS_MOVE|MS_REC|MS_SILENT|MS_POSIXACL|MS_UNBINDABLE|"
                                       "MS_PRIVATE|MS_SLAVE|MS_SHARED|MS_RELATIME|MS_KERNMOUNT|"
                                       "MS_I_VERSION|MS_STRICTATIME|MS_LAZYTIME|fc000200");
}

TEST(bind_remount_recursive) {
        _cleanup_(rm_rf_physical_and_freep) char *tmp = NULL;
        _cleanup_free_ char *subdir = NULL;

        if (geteuid() != 0 || have_effective_cap(CAP_SYS_ADMIN) <= 0) {
                (void) log_tests_skipped("not running privileged");
                return;
        }

        assert_se(mkdtemp_malloc("/tmp/XXXXXX", &tmp) >= 0);
        subdir = path_join(tmp, "subdir");
        assert_se(subdir);
        assert_se(mkdir(subdir, 0755) >= 0);

        FOREACH_STRING(p, "/usr", "/sys", "/", tmp) {
                pid_t pid;

                pid = fork();
                assert_se(pid >= 0);

                if (pid == 0) {
                        struct statvfs svfs;
                        /* child */
                        assert_se(detach_mount_namespace() >= 0);

                        /* Check that the subdir is writable (it must be because it's in /tmp) */
                        assert_se(statvfs(subdir, &svfs) >= 0);
                        assert_se(!FLAGS_SET(svfs.f_flag, ST_RDONLY));

                        /* Make the subdir a bind mount */
                        assert_se(mount_nofollow(subdir, subdir, NULL, MS_BIND|MS_REC, NULL) >= 0);

                        /* Ensure it's still writable */
                        assert_se(statvfs(subdir, &svfs) >= 0);
                        assert_se(!FLAGS_SET(svfs.f_flag, ST_RDONLY));

                        /* Now mark the path we currently run for read-only */
                        assert_se(bind_remount_recursive(p, MS_RDONLY, MS_RDONLY, path_equal(p, "/sys") ? STRV_MAKE("/sys/kernel") : NULL) >= 0);

                        /* Ensure that this worked on the top-level */
                        assert_se(statvfs(p, &svfs) >= 0);
                        assert_se(FLAGS_SET(svfs.f_flag, ST_RDONLY));

                        /* And ensure this had an effect on the subdir exactly if we are talking about a path above the subdir */
                        assert_se(statvfs(subdir, &svfs) >= 0);
                        assert_se(FLAGS_SET(svfs.f_flag, ST_RDONLY) == !!path_startswith(subdir, p));

                        _exit(EXIT_SUCCESS);
                }

                assert_se(wait_for_terminate_and_check("test-remount-rec", pid, WAIT_LOG) == EXIT_SUCCESS);
        }
}

TEST(bind_remount_one) {
        pid_t pid;

        if (geteuid() != 0 || have_effective_cap(CAP_SYS_ADMIN) <= 0) {
                (void) log_tests_skipped("not running privileged");
                return;
        }

        pid = fork();
        assert_se(pid >= 0);

        if (pid == 0) {
                /* child */

                _cleanup_fclose_ FILE *proc_self_mountinfo = NULL;

                assert_se(detach_mount_namespace() >= 0);

                assert_se(fopen_unlocked("/proc/self/mountinfo", "re", &proc_self_mountinfo) >= 0);

                assert_se(bind_remount_one_with_mountinfo("/run", MS_RDONLY, MS_RDONLY, proc_self_mountinfo) >= 0);
                assert_se(bind_remount_one_with_mountinfo("/run", MS_NOEXEC, MS_RDONLY|MS_NOEXEC, proc_self_mountinfo) >= 0);
                assert_se(bind_remount_one_with_mountinfo("/proc/idontexist", MS_RDONLY, MS_RDONLY, proc_self_mountinfo) == -ENOENT);
                assert_se(bind_remount_one_with_mountinfo("/proc/self", MS_RDONLY, MS_RDONLY, proc_self_mountinfo) == -EINVAL);
                assert_se(bind_remount_one_with_mountinfo("/", MS_RDONLY, MS_RDONLY, proc_self_mountinfo) >= 0);

                _exit(EXIT_SUCCESS);
        }

        assert_se(wait_for_terminate_and_check("test-remount-one", pid, WAIT_LOG) == EXIT_SUCCESS);
}

TEST(make_mount_point_inode) {
        _cleanup_(rm_rf_physical_and_freep) char *d = NULL;
        const char *src_file, *src_dir, *dst_file, *dst_dir;
        struct stat st;

        assert_se(mkdtemp_malloc(NULL, &d) >= 0);

        src_file = strjoina(d, "/src/file");
        src_dir = strjoina(d, "/src/dir");
        dst_file = strjoina(d, "/dst/file");
        dst_dir = strjoina(d, "/dst/dir");

        assert_se(mkdir_p(src_dir, 0755) >= 0);
        assert_se(mkdir_parents(dst_file, 0755) >= 0);
        assert_se(touch(src_file) >= 0);

        assert_se(make_mount_point_inode_from_path(src_file, dst_file, 0755) >= 0);
        assert_se(make_mount_point_inode_from_path(src_dir, dst_dir, 0755) >= 0);

        assert_se(stat(dst_dir, &st) == 0);
        assert_se(S_ISDIR(st.st_mode));
        assert_se(stat(dst_file, &st) == 0);
        assert_se(S_ISREG(st.st_mode));
        assert_se(!(S_IXUSR & st.st_mode));
        assert_se(!(S_IXGRP & st.st_mode));
        assert_se(!(S_IXOTH & st.st_mode));

        assert_se(unlink(dst_file) == 0);
        assert_se(rmdir(dst_dir) == 0);

        assert_se(stat(src_file, &st) == 0);
        assert_se(make_mount_point_inode_from_stat(&st, dst_file, 0755) >= 0);
        assert_se(stat(src_dir, &st) == 0);
        assert_se(make_mount_point_inode_from_stat(&st, dst_dir, 0755) >= 0);

        assert_se(stat(dst_dir, &st) == 0);
        assert_se(S_ISDIR(st.st_mode));
        assert_se(stat(dst_file, &st) == 0);
        assert_se(S_ISREG(st.st_mode));
        assert_se(!(S_IXUSR & st.st_mode));
        assert_se(!(S_IXGRP & st.st_mode));
        assert_se(!(S_IXOTH & st.st_mode));
}

DEFINE_TEST_MAIN(LOG_DEBUG);
Commit	Line	Data
db9ecf05	1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
83555251 LP	2
83555251 LP	3	#include <sys/mount.h>
10cdbb83	4	#include <sys/statvfs.h>
83555251	5
c2a986d5	6	#include "alloc-util.h"
c75370cc	7	#include "capability-util.h"
10cdbb83 LP	8	#include "fd-util.h"
10cdbb83 LP	9	#include "fileio.h"
9c653536	10	#include "fs-util.h"
51bb6a10	11	#include "missing_mount.h"
9c653536	12	#include "mkdir.h"
83555251	13	#include "mount-util.h"
61ef3051	14	#include "mountpoint-util.h"
10cdbb83 LP	15	#include "namespace-util.h"
	16	#include "path-util.h"
	17	#include "process-util.h"
	18	#include "rm-rf.h"
83555251	19	#include "string-util.h"
10cdbb83	20	#include "strv.h"
6d7c4033	21	#include "tests.h"
10cdbb83	22	#include "tmpfile-util.h"
83555251	23
4f7452a8	24	TEST(mount_option_mangle) {
f27b437b YW	25	char *opts = NULL;
	26	unsigned long f;
	27
	28	assert_se(mount_option_mangle(NULL, MS_RDONLY\|MS_NOSUID, &f, &opts) == 0);
	29	assert_se(f == (MS_RDONLY\|MS_NOSUID));
	30	assert_se(opts == NULL);
	31
	32	assert_se(mount_option_mangle("", MS_RDONLY\|MS_NOSUID, &f, &opts) == 0);
	33	assert_se(f == (MS_RDONLY\|MS_NOSUID));
	34	assert_se(opts == NULL);
	35
	36	assert_se(mount_option_mangle("ro,nosuid,nodev,noexec", 0, &f, &opts) == 0);
	37	assert_se(f == (MS_RDONLY\|MS_NOSUID\|MS_NODEV\|MS_NOEXEC));
	38	assert_se(opts == NULL);
	39
9f563f27	40	assert_se(mount_option_mangle("ro,nosuid,nodev,noexec,mode=0755", 0, &f, &opts) == 0);
f27b437b	41	assert_se(f == (MS_RDONLY\|MS_NOSUID\|MS_NODEV\|MS_NOEXEC));
9f563f27	42	assert_se(streq(opts, "mode=0755"));
f27b437b YW	43	opts = mfree(opts);
f27b437b YW	44
9f563f27	45	assert_se(mount_option_mangle("rw,nosuid,foo,hogehoge,nodev,mode=0755", 0, &f, &opts) == 0);
f27b437b	46	assert_se(f == (MS_NOSUID\|MS_NODEV));
9f563f27	47	assert_se(streq(opts, "foo,hogehoge,mode=0755"));
f27b437b YW	48	opts = mfree(opts);
	49
	50	assert_se(mount_option_mangle("rw,nosuid,nodev,noexec,relatime,net_cls,net_prio", MS_RDONLY, &f, &opts) == 0);
	51	assert_se(f == (MS_NOSUID\|MS_NODEV\|MS_NOEXEC\|MS_RELATIME));
	52	assert_se(streq(opts, "net_cls,net_prio"));
	53	opts = mfree(opts);
	54
9f563f27	55	assert_se(mount_option_mangle("rw,nosuid,nodev,relatime,size=1630748k,mode=0700,uid=1000,gid=1000", MS_RDONLY, &f, &opts) == 0);
f27b437b	56	assert_se(f == (MS_NOSUID\|MS_NODEV\|MS_RELATIME));
9f563f27	57	assert_se(streq(opts, "size=1630748k,mode=0700,uid=1000,gid=1000"));
f27b437b YW	58	opts = mfree(opts);
f27b437b YW	59
9f563f27	60	assert_se(mount_option_mangle("size=1630748k,rw,gid=1000,,,nodev,relatime,,mode=0700,nosuid,uid=1000", MS_RDONLY, &f, &opts) == 0);
f27b437b	61	assert_se(f == (MS_NOSUID\|MS_NODEV\|MS_RELATIME));
9f563f27	62	assert_se(streq(opts, "size=1630748k,gid=1000,mode=0700,uid=1000"));
f27b437b YW	63	opts = mfree(opts);
f27b437b YW	64
9f563f27	65	assert_se(mount_option_mangle("rw,exec,size=8143984k,nr_inodes=2035996,mode=0755", MS_RDONLY\|MS_NOSUID\|MS_NOEXEC\|MS_NODEV, &f, &opts) == 0);
f27b437b	66	assert_se(f == (MS_NOSUID\|MS_NODEV));
9f563f27	67	assert_se(streq(opts, "size=8143984k,nr_inodes=2035996,mode=0755"));
f27b437b YW	68	opts = mfree(opts);
	69
	70	assert_se(mount_option_mangle("rw,relatime,fmask=0022,,,dmask=0022", MS_RDONLY, &f, &opts) == 0);
	71	assert_se(f == MS_RELATIME);
	72	assert_se(streq(opts, "fmask=0022,dmask=0022"));
	73	opts = mfree(opts);
	74
	75	assert_se(mount_option_mangle("rw,relatime,fmask=0022,dmask=0022,\"hogehoge", MS_RDONLY, &f, &opts) < 0);
9b23679e	76
9f563f27	77	assert_se(mount_option_mangle("mode=01777,size=10%,nr_inodes=400k,uid=496107520,gid=496107520,context=\"system_u:object_r:svirt_sandbox_file_t:s0:c0,c1\"", 0, &f, &opts) == 0);
9b23679e	78	assert_se(f == 0);
9f563f27	79	assert_se(streq(opts, "mode=01777,size=10%,nr_inodes=400k,uid=496107520,gid=496107520,context=\"system_u:object_r:svirt_sandbox_file_t:s0:c0,c1\""));
9b23679e	80	opts = mfree(opts);
f27b437b YW	81	}
f27b437b YW	82
51bb6a10 ZJS	83	static void test_mount_flags_to_string_one(unsigned long flags, const char *expected) {
	84	_cleanup_free_ char *x = NULL;
	85	int r;
	86
	87	r = mount_flags_to_string(flags, &x);
	88	log_info("flags: %#lX → %d/\"%s\"", flags, r, strnull(x));
	89	assert_se(r >= 0);
	90	assert_se(streq(x, expected));
	91	}
	92
4f7452a8	93	TEST(mount_flags_to_string) {
51bb6a10 ZJS	94	test_mount_flags_to_string_one(0, "0");
	95	test_mount_flags_to_string_one(MS_RDONLY, "MS_RDONLY");
	96	test_mount_flags_to_string_one(MS_NOSUID, "MS_NOSUID");
	97	test_mount_flags_to_string_one(MS_NODEV, "MS_NODEV");
	98	test_mount_flags_to_string_one(MS_NOEXEC, "MS_NOEXEC");
	99	test_mount_flags_to_string_one(MS_SYNCHRONOUS, "MS_SYNCHRONOUS");
	100	test_mount_flags_to_string_one(MS_REMOUNT, "MS_REMOUNT");
	101	test_mount_flags_to_string_one(MS_MANDLOCK, "MS_MANDLOCK");
	102	test_mount_flags_to_string_one(MS_DIRSYNC, "MS_DIRSYNC");
	103	test_mount_flags_to_string_one(MS_NOSYMFOLLOW, "MS_NOSYMFOLLOW");
	104	test_mount_flags_to_string_one(MS_NOATIME, "MS_NOATIME");
	105	test_mount_flags_to_string_one(MS_NODIRATIME, "MS_NODIRATIME");
	106	test_mount_flags_to_string_one(MS_BIND, "MS_BIND");
	107	test_mount_flags_to_string_one(MS_MOVE, "MS_MOVE");
	108	test_mount_flags_to_string_one(MS_REC, "MS_REC");
	109	test_mount_flags_to_string_one(MS_SILENT, "MS_SILENT");
	110	test_mount_flags_to_string_one(MS_POSIXACL, "MS_POSIXACL");
	111	test_mount_flags_to_string_one(MS_UNBINDABLE, "MS_UNBINDABLE");
	112	test_mount_flags_to_string_one(MS_PRIVATE, "MS_PRIVATE");
	113	test_mount_flags_to_string_one(MS_SLAVE, "MS_SLAVE");
	114	test_mount_flags_to_string_one(MS_SHARED, "MS_SHARED");
	115	test_mount_flags_to_string_one(MS_RELATIME, "MS_RELATIME");
	116	test_mount_flags_to_string_one(MS_KERNMOUNT, "MS_KERNMOUNT");
	117	test_mount_flags_to_string_one(MS_I_VERSION, "MS_I_VERSION");
	118	test_mount_flags_to_string_one(MS_STRICTATIME, "MS_STRICTATIME");
	119	test_mount_flags_to_string_one(MS_LAZYTIME, "MS_LAZYTIME");
	120	test_mount_flags_to_string_one(MS_LAZYTIME\|MS_STRICTATIME, "MS_STRICTATIME\|MS_LAZYTIME");
	121	test_mount_flags_to_string_one(UINT_MAX,
	122	"MS_RDONLY\|MS_NOSUID\|MS_NODEV\|MS_NOEXEC\|MS_SYNCHRONOUS\|MS_REMOUNT\|"
	123	"MS_MANDLOCK\|MS_DIRSYNC\|MS_NOSYMFOLLOW\|MS_NOATIME\|MS_NODIRATIME\|"
	124	"MS_BIND\|MS_MOVE\|MS_REC\|MS_SILENT\|MS_POSIXACL\|MS_UNBINDABLE\|"
	125	"MS_PRIVATE\|MS_SLAVE\|MS_SHARED\|MS_RELATIME\|MS_KERNMOUNT\|"
	126	"MS_I_VERSION\|MS_STRICTATIME\|MS_LAZYTIME\|fc000200");
	127	}
	128
4f7452a8	129	TEST(bind_remount_recursive) {
10cdbb83 LP	130	_cleanup_(rm_rf_physical_and_freep) char *tmp = NULL;
10cdbb83 LP	131	_cleanup_free_ char *subdir = NULL;
10cdbb83	132
c75370cc LP	133	if (geteuid() != 0 \|\| have_effective_cap(CAP_SYS_ADMIN) <= 0) {
c75370cc LP	134	(void) log_tests_skipped("not running privileged");
10cdbb83 LP	135	return;
	136	}
	137
	138	assert_se(mkdtemp_malloc("/tmp/XXXXXX", &tmp) >= 0);
	139	subdir = path_join(tmp, "subdir");
	140	assert_se(subdir);
	141	assert_se(mkdir(subdir, 0755) >= 0);
	142
	143	FOREACH_STRING(p, "/usr", "/sys", "/", tmp) {
	144	pid_t pid;
	145
	146	pid = fork();
	147	assert_se(pid >= 0);
	148
	149	if (pid == 0) {
	150	struct statvfs svfs;
	151	/* child */
	152	assert_se(detach_mount_namespace() >= 0);
	153
	154	/* Check that the subdir is writable (it must be because it's in /tmp) */
	155	assert_se(statvfs(subdir, &svfs) >= 0);
	156	assert_se(!FLAGS_SET(svfs.f_flag, ST_RDONLY));
	157
	158	/* Make the subdir a bind mount */
	159	assert_se(mount_nofollow(subdir, subdir, NULL, MS_BIND\|MS_REC, NULL) >= 0);
	160
	161	/* Ensure it's still writable */
	162	assert_se(statvfs(subdir, &svfs) >= 0);
	163	assert_se(!FLAGS_SET(svfs.f_flag, ST_RDONLY));
	164
	165	/* Now mark the path we currently run for read-only */
874052c5	166	assert_se(bind_remount_recursive(p, MS_RDONLY, MS_RDONLY, path_equal(p, "/sys") ? STRV_MAKE("/sys/kernel") : NULL) >= 0);
10cdbb83 LP	167
	168	/* Ensure that this worked on the top-level */
	169	assert_se(statvfs(p, &svfs) >= 0);
	170	assert_se(FLAGS_SET(svfs.f_flag, ST_RDONLY));
	171
	172	/* And ensure this had an effect on the subdir exactly if we are talking about a path above the subdir */
	173	assert_se(statvfs(subdir, &svfs) >= 0);
	174	assert_se(FLAGS_SET(svfs.f_flag, ST_RDONLY) == !!path_startswith(subdir, p));
	175
	176	_exit(EXIT_SUCCESS);
	177	}
	178
	179	assert_se(wait_for_terminate_and_check("test-remount-rec", pid, WAIT_LOG) == EXIT_SUCCESS);
	180	}
	181	}
	182
4f7452a8	183	TEST(bind_remount_one) {
67d22a36 LP	184	pid_t pid;
67d22a36 LP	185
c75370cc LP	186	if (geteuid() != 0 \|\| have_effective_cap(CAP_SYS_ADMIN) <= 0) {
c75370cc LP	187	(void) log_tests_skipped("not running privileged");
67d22a36 LP	188	return;
	189	}
	190
	191	pid = fork();
	192	assert_se(pid >= 0);
	193
	194	if (pid == 0) {
	195	/* child */
	196
	197	_cleanup_fclose_ FILE *proc_self_mountinfo = NULL;
	198
	199	assert_se(detach_mount_namespace() >= 0);
	200
	201	assert_se(fopen_unlocked("/proc/self/mountinfo", "re", &proc_self_mountinfo) >= 0);
	202
	203	assert_se(bind_remount_one_with_mountinfo("/run", MS_RDONLY, MS_RDONLY, proc_self_mountinfo) >= 0);
4f5644db	204	assert_se(bind_remount_one_with_mountinfo("/run", MS_NOEXEC, MS_RDONLY\|MS_NOEXEC, proc_self_mountinfo) >= 0);
67d22a36 LP	205	assert_se(bind_remount_one_with_mountinfo("/proc/idontexist", MS_RDONLY, MS_RDONLY, proc_self_mountinfo) == -ENOENT);
	206	assert_se(bind_remount_one_with_mountinfo("/proc/self", MS_RDONLY, MS_RDONLY, proc_self_mountinfo) == -EINVAL);
	207	assert_se(bind_remount_one_with_mountinfo("/", MS_RDONLY, MS_RDONLY, proc_self_mountinfo) >= 0);
	208
	209	_exit(EXIT_SUCCESS);
	210	}
	211
	212	assert_se(wait_for_terminate_and_check("test-remount-one", pid, WAIT_LOG) == EXIT_SUCCESS);
	213	}
	214
4f7452a8	215	TEST(make_mount_point_inode) {
9c653536 ZJS	216	_cleanup_(rm_rf_physical_and_freep) char *d = NULL;
	217	const char src_file, src_dir, dst_file, dst_dir;
	218	struct stat st;
	219
9c653536 ZJS	220	assert_se(mkdtemp_malloc(NULL, &d) >= 0);
	221
	222	src_file = strjoina(d, "/src/file");
	223	src_dir = strjoina(d, "/src/dir");
	224	dst_file = strjoina(d, "/dst/file");
	225	dst_dir = strjoina(d, "/dst/dir");
	226
	227	assert_se(mkdir_p(src_dir, 0755) >= 0);
	228	assert_se(mkdir_parents(dst_file, 0755) >= 0);
	229	assert_se(touch(src_file) >= 0);
	230
	231	assert_se(make_mount_point_inode_from_path(src_file, dst_file, 0755) >= 0);
	232	assert_se(make_mount_point_inode_from_path(src_dir, dst_dir, 0755) >= 0);
	233
	234	assert_se(stat(dst_dir, &st) == 0);
	235	assert_se(S_ISDIR(st.st_mode));
	236	assert_se(stat(dst_file, &st) == 0);
	237	assert_se(S_ISREG(st.st_mode));
	238	assert_se(!(S_IXUSR & st.st_mode));
	239	assert_se(!(S_IXGRP & st.st_mode));
	240	assert_se(!(S_IXOTH & st.st_mode));
	241
	242	assert_se(unlink(dst_file) == 0);
	243	assert_se(rmdir(dst_dir) == 0);
	244
	245	assert_se(stat(src_file, &st) == 0);
	246	assert_se(make_mount_point_inode_from_stat(&st, dst_file, 0755) >= 0);
	247	assert_se(stat(src_dir, &st) == 0);
	248	assert_se(make_mount_point_inode_from_stat(&st, dst_dir, 0755) >= 0);
	249
	250	assert_se(stat(dst_dir, &st) == 0);
	251	assert_se(S_ISDIR(st.st_mode));
	252	assert_se(stat(dst_file, &st) == 0);
	253	assert_se(S_ISREG(st.st_mode));
	254	assert_se(!(S_IXUSR & st.st_mode));
	255	assert_se(!(S_IXGRP & st.st_mode));
	256	assert_se(!(S_IXOTH & st.st_mode));
	257	}
	258
4f7452a8	259	DEFINE_TEST_MAIN(LOG_DEBUG);