char *sret;
char template_log[sizeof(TEMPLATE)], template_dir[sizeof(TEMPLATE)],
device_message[sizeof("Check urandom device injected into "" - ") - 1 + strlen(name) + 1],
- dir_message[sizeof("Check dir "" injected into "" - ") - 1 + sizeof(TEMPLATE) - 1 + strlen(name) + 1];
+ dir_message[sizeof("Check dir "" injected into "" - ") - 1 + sizeof(TEMPLATE) - 1 + strlen(name) + 1],
+ fs_message[sizeof("Check devtmpfs injected into "" - ") - 1 + strlen(name) + 1];
struct lxc_container *c;
struct lxc_mount mnt;
struct lxc_log log;
int ret = -1, dev_msg_size = sizeof("Check urandom device injected into "" - ") - 1 + strlen(name) + 1,
- dir_msg_size = sizeof("Check dir "" injected into "" - ") - 1 + sizeof(TEMPLATE) - 1 + strlen(name) + 1;
+ dir_msg_size = sizeof("Check dir "" injected into "" - ") - 1 + sizeof(TEMPLATE) - 1 + strlen(name) + 1,
+ fs_msg_size = sizeof("Check devtmpfs injected into "" - ") - 1 + strlen(name) + 1;
struct mountinfo_data device = {
- .mount_root = "/",
+ .mount_root = "/urandom",
.mount_point = "/mnt/mount_injection_test_urandom",
- .fstype = "devtmpfs",
+ .fstype = NULL,
.mount_source = "/dev/urandom",
.message = "",
.should_be_present = true
.mount_source = NULL,
.message = "",
.should_be_present = true
+ }, fs = {
+ .mount_root = "/",
+ .mount_point = "/mnt/mount_injection_test_devtmpfs",
+ .fstype = "devtmpfs",
+ .mount_source = NULL,
+ .message = "",
+ .should_be_present = true
};
/* Temp paths and messages setup */
}
dir.message = &dir_message[0];
+ ret = snprintf(fs_message, fs_msg_size, "Check devtmpfs injected into %s - ", name);
+ if (ret < 0 || ret >= fs_msg_size) {
+ fprintf(stderr, "Failed to create message for fs\n");
+ exit(EXIT_FAILURE);
+ }
+ fs.message = &fs_message[0];
+
/* Setup logging*/
strcpy(template_log, TEMPLATE);
i = lxc_make_tmpfile(template_log, false);
mnt.version = LXC_MOUNT_API_V1;
/* Check device mounted */
- ret = c->mount(c, "/dev/urandom", "/mnt/mount_injection_test_urandom", "devtmpfs", 0, NULL, &mnt);
+ ret = c->mount(c, "/dev/urandom", "/mnt/mount_injection_test_urandom", NULL, MS_BIND, NULL, &mnt);
if (ret < 0) {
fprintf(stderr, "Failed to mount \"/dev/urandom\"\n");
goto out;
if (ret < 0)
goto out;
+ /* Check fs mounted */
+ ret = c->mount(c, NULL, "/mnt/mount_injection_test_devtmpfs", "devtmpfs", 0, NULL, &mnt);
+ if (ret < 0) {
+ fprintf(stderr, "Failed to mount devtmpfs\n");
+ goto out;
+ }
+
+ ret = check_containers_mountinfo(c, &fs);
+ if (ret < 0)
+ goto out;
+
+ /* Check fs unmounted */
+ /* TODO: what about other umount flags? */
+ ret = c->umount(c, "/mnt/mount_injection_test_devtmpfs", MNT_DETACH, &mnt);
+ if (ret < 0) {
+ fprintf(stderr, "Failed to umount2 devtmpfs\n");
+ goto out;
+ }
+
+ fs.message = "Unmounted \"/mnt/mount_injection_test_devtmpfs\" -- should be missing now: ";
+ fs.should_be_present = false;
+ ret = check_containers_mountinfo(c, &fs);
+ if (ret < 0)
+ goto out;
+
/* Finalize the container */
if (!c->stop(c)) {
fprintf(stderr, "Stopping the container (%s) failed...\n", name);
{
const char *config_items[] = {
"lxc.mount.auto", "shmounts:/tmp/mount_injection_test",
- "lxc.init.uid", "100000",
- "lxc.init.gid", "100000",
NULL
};
return perform_container_test(NAME"unprivileged", config_items);
fprintf(stderr, "Privileged mount injection test failed\n");
return -1;
}
+
if(do_unpriv_container_test()) {
fprintf(stderr, "Unprivileged mount injection test failed\n");
return -1;
projects / thirdparty / lxc.git / commitdiff
