From d777ffccffe4d9a2c4a268113fc422c729ef73a5 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Wed, 30 Jun 2021 13:41:46 +0200
Subject: [PATCH] tests: add tests for read-only /sys with read-write
 /sys/devices/virtual/net

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
 .gitignore            |   1 +
 src/tests/Makefile.am |  58 +++++++++++++++-
 src/tests/sys_mixed.c | 156 ++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 214 insertions(+), 1 deletion(-)
 create mode 100644 src/tests/sys_mixed.c

diff --git a/.gitignore b/.gitignore
index ba377e3ca..0ec731bb7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -106,6 +106,7 @@ src/tests/lxc-test-state-server
 src/tests/lxc-test-basic
 src/tests/lxc-test-cve-2019-5736
 src/tests/lxc-test-mount-injection
+src/tests/lxc-test-sys-mixed
 
 config/compile
 config/config.guess
diff --git a/src/tests/Makefile.am b/src/tests/Makefile.am
index fefe1ff90..95cce8504 100644
--- a/src/tests/Makefile.am
+++ b/src/tests/Makefile.am
@@ -705,6 +705,60 @@ if !HAVE_STRCHRNUL
 lxc_test_utils_SOURCES += ../include/strchrnul.c ../include/strchrnul.h
 endif
 
+lxc_test_sys_mixed_SOURCES = sys_mixed.c \
+			  ../lxc/af_unix.c ../lxc/af_unix.h \
+			  ../lxc/caps.c ../lxc/caps.h \
+			  ../lxc/cgroups/cgfsng.c \
+			  ../lxc/cgroups/cgroup.c ../lxc/cgroups/cgroup.h \
+			  ../lxc/cgroups/cgroup2_devices.c ../lxc/cgroups/cgroup2_devices.h \
+			  ../lxc/cgroups/cgroup_utils.c ../lxc/cgroups/cgroup_utils.h \
+			  ../lxc/commands.c ../lxc/commands.h \
+			  ../lxc/commands_utils.c ../lxc/commands_utils.h \
+			  ../lxc/conf.c ../lxc/conf.h \
+			  ../lxc/confile.c ../lxc/confile.h \
+			  ../lxc/confile_utils.c ../lxc/confile_utils.h \
+			  ../lxc/error.c ../lxc/error.h \
+			  ../lxc/file_utils.c ../lxc/file_utils.h \
+			  ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \
+			  ../lxc/initutils.c ../lxc/initutils.h \
+			  ../lxc/log.c ../lxc/log.h \
+			  ../lxc/lxclock.c ../lxc/lxclock.h \
+			  ../lxc/mainloop.c ../lxc/mainloop.h \
+			  ../lxc/monitor.c ../lxc/monitor.h \
+			  ../lxc/mount_utils.c ../lxc/mount_utils.h \
+			  ../lxc/namespace.c ../lxc/namespace.h \
+			  ../lxc/network.c ../lxc/network.h \
+			  ../lxc/nl.c ../lxc/nl.h \
+			  ../lxc/parse.c ../lxc/parse.h \
+			  ../lxc/process_utils.c ../lxc/process_utils.h \
+			  ../lxc/ringbuf.c ../lxc/ringbuf.h \
+			  ../lxc/start.c ../lxc/start.h \
+			  ../lxc/state.c ../lxc/state.h \
+			  ../lxc/storage/btrfs.c ../lxc/storage/btrfs.h \
+			  ../lxc/storage/dir.c ../lxc/storage/dir.h \
+			  ../lxc/storage/loop.c ../lxc/storage/loop.h \
+			  ../lxc/storage/lvm.c ../lxc/storage/lvm.h \
+			  ../lxc/storage/nbd.c ../lxc/storage/nbd.h \
+			  ../lxc/storage/overlay.c ../lxc/storage/overlay.h \
+			  ../lxc/storage/rbd.c ../lxc/storage/rbd.h \
+			  ../lxc/storage/rsync.c ../lxc/storage/rsync.h \
+			  ../lxc/storage/storage.c ../lxc/storage/storage.h \
+			  ../lxc/storage/storage_utils.c ../lxc/storage/storage_utils.h \
+			  ../lxc/storage/zfs.c ../lxc/storage/zfs.h \
+			  ../lxc/sync.c ../lxc/sync.h \
+			  ../lxc/string_utils.c ../lxc/string_utils.h \
+			  ../lxc/terminal.c ../lxc/terminal.h \
+			  ../lxc/utils.c ../lxc/utils.h \
+			  ../lxc/uuid.c ../lxc/uuid.h \
+			  $(LSM_SOURCES)
+if ENABLE_SECCOMP
+lxc_test_sys_mixed_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h
+endif
+
+if !HAVE_STRCHRNUL
+lxc_test_sys_mixed_SOURCES += ../include/strchrnul.c ../include/strchrnul.h
+endif
+
 AM_CFLAGS += -DLXCROOTFSMOUNT=\"$(LXCROOTFSMOUNT)\" \
 	     -DLXCPATH=\"$(LXCPATH)\" \
 	     -DLXC_GLOBAL_CONF=\"$(LXC_GLOBAL_CONF)\" \
@@ -771,6 +825,7 @@ bin_PROGRAMS = lxc-test-api-reboot \
 	       lxc-test-snapshot \
 	       lxc-test-startone \
 	       lxc-test-state-server \
+	       lxc-test-sys-mixed \
 	       lxc-test-utils
 
 bin_SCRIPTS =
@@ -876,7 +931,8 @@ EXTRA_DIST = arch_parse.c \
 	     snapshot.c \
 	     startone.c \
 	     state_server.c \
-	     share_ns.c
+	     share_ns.c \
+	     sys_mixed.c
 
 clean-local:
 	rm -f lxc-test-utils-*
diff --git a/src/tests/sys_mixed.c b/src/tests/sys_mixed.c
new file mode 100644
index 000000000..b8f21f5a3
--- /dev/null
+++ b/src/tests/sys_mixed.c
@@ -0,0 +1,156 @@
+/* liblxcapi
+ *
+ * Copyright © 2021 Christian Brauner <christian.brauner@ubuntu.com>.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2, as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "config.h"
+
+#define __STDC_FORMAT_MACROS
+
+#include <errno.h>
+#include <fcntl.h>
+#include <inttypes.h>
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+
+#include <lxc/lxccontainer.h>
+#include <lxc/attach_options.h>
+
+#ifdef HAVE_STATVFS
+#include <sys/statvfs.h>
+#endif
+
+#include "lxctest.h"
+#include "utils.h"
+
+static int is_read_only(const char *path)
+{
+#ifdef HAVE_STATVFS
+	int ret;
+	struct statvfs sb;
+
+	ret = statvfs(path, &sb);
+	if (ret < 0)
+		return -errno;
+
+	return (sb.f_flag & MS_RDONLY) > 0;
+#else
+	return -EOPNOTSUPP;
+#endif
+}
+
+static int sys_mixed(void *payload)
+{
+	int ret;
+
+	ret = is_read_only("/sys");
+	if (ret == -EOPNOTSUPP)
+		return 0;
+
+	if (ret <= 0)
+		return -1;
+
+	if (is_read_only("/sys/devices/virtual/net"))
+		return -1;
+
+	return 0;
+}
+
+int main(int argc, char *argv[])
+{
+	int fret = EXIT_FAILURE;
+	lxc_attach_options_t attach_options = LXC_ATTACH_OPTIONS_DEFAULT;
+	int ret;
+	pid_t pid;
+	struct lxc_container *c;
+
+	c = lxc_container_new("sys-mixed", NULL);
+	if (!c) {
+		lxc_error("%s", "Failed to create container \"sys-mixed\"");
+		exit(fret);
+	}
+
+	if (c->is_defined(c)) {
+		lxc_error("%s\n", "Container \"sys-mixed\" is defined");
+		goto on_error_put;
+	}
+
+	if (!c->createl(c, "busybox", NULL, NULL, 0, NULL)) {
+		lxc_error("%s\n", "Failed to create busybox container \"sys-mixed\"");
+		goto on_error_put;
+	}
+
+	if (!c->is_defined(c)) {
+		lxc_error("%s\n", "Container \"sys-mixed\" is not defined");
+		goto on_error_put;
+	}
+
+	c->clear_config(c);
+
+	if (!c->set_config_item(c, "lxc.mount.auto", "sys:mixed")) {
+		lxc_error("%s\n", "Failed to set config item \"lxc.mount.auto=sys:mixed\"");
+		goto on_error_put;
+	}
+
+	if (!c->load_config(c, NULL)) {
+		lxc_error("%s\n", "Failed to load config for container \"sys-mixed\"");
+		goto on_error_stop;
+	}
+
+	if (!c->want_daemonize(c, true)) {
+		lxc_error("%s\n", "Failed to mark container \"sys-mixed\" daemonized");
+		goto on_error_stop;
+	}
+
+	if (!c->startl(c, 0, NULL)) {
+		lxc_error("%s\n", "Failed to start container \"sys-mixed\" daemonized");
+		goto on_error_stop;
+	}
+
+	/* Leave some time for the container to write something to the log. */
+	sleep(2);
+
+	ret = c->attach(c, sys_mixed, NULL, &attach_options, &pid);
+	if (ret < 0) {
+		lxc_error("%s\n", "Failed to run function in container \"sys-mixed\"");
+		goto on_error_stop;
+	}
+
+	ret = wait_for_pid(pid);
+	if (ret < 0) {
+		lxc_error("%s\n", "Failed to run function in container \"sys-mixed\"");
+		goto on_error_stop;
+	}
+
+	fret = 0;
+
+on_error_stop:
+	if (c->is_running(c) && !c->stop(c))
+		lxc_error("%s\n", "Failed to stop container \"sys-mixed\"");
+
+	if (!c->destroy(c))
+		lxc_error("%s\n", "Failed to destroy container \"sys-mixed\"");
+
+on_error_put:
+	lxc_container_put(c);
+	exit(fret);
+}
-- 
2.47.2