^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) // SPDX-License-Identifier: GPL-2.0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) #define _GNU_SOURCE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) #include <sched.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) #include <stdio.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) #include <errno.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) #include <string.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) #include <sys/types.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) #include <sys/mount.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) #include <sys/wait.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) #include <sys/vfs.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) #include <sys/statvfs.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) #include <stdlib.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) #include <unistd.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) #include <fcntl.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) #include <grp.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) #include <stdbool.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) #include <stdarg.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) #ifndef CLONE_NEWNS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) # define CLONE_NEWNS 0x00020000
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) #ifndef CLONE_NEWUTS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) # define CLONE_NEWUTS 0x04000000
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) #ifndef CLONE_NEWIPC
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) # define CLONE_NEWIPC 0x08000000
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) #ifndef CLONE_NEWNET
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) # define CLONE_NEWNET 0x40000000
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) #ifndef CLONE_NEWUSER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) # define CLONE_NEWUSER 0x10000000
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) #ifndef CLONE_NEWPID
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) # define CLONE_NEWPID 0x20000000
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) #ifndef MS_REC
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) # define MS_REC 16384
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) #ifndef MS_RELATIME
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) # define MS_RELATIME (1 << 21)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) #ifndef MS_STRICTATIME
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) # define MS_STRICTATIME (1 << 24)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) static void die(char *fmt, ...)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) va_list ap;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) va_start(ap, fmt);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) vfprintf(stderr, fmt, ap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) va_end(ap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) exit(EXIT_FAILURE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) static void vmaybe_write_file(bool enoent_ok, char *filename, char *fmt, va_list ap)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) char buf[4096];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) int fd;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) ssize_t written;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) int buf_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) buf_len = vsnprintf(buf, sizeof(buf), fmt, ap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) if (buf_len < 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) die("vsnprintf failed: %s\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) strerror(errno));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) if (buf_len >= sizeof(buf)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) die("vsnprintf output truncated\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) fd = open(filename, O_WRONLY);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) if (fd < 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) if ((errno == ENOENT) && enoent_ok)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) die("open of %s failed: %s\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) filename, strerror(errno));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) written = write(fd, buf, buf_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) if (written != buf_len) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) if (written >= 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) die("short write to %s\n", filename);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) die("write to %s failed: %s\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) filename, strerror(errno));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89) if (close(fd) != 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) die("close of %s failed: %s\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) filename, strerror(errno));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) static void maybe_write_file(char *filename, char *fmt, ...)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) va_list ap;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99) va_start(ap, fmt);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) vmaybe_write_file(true, filename, fmt, ap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) va_end(ap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) static void write_file(char *filename, char *fmt, ...)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) va_list ap;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) va_start(ap, fmt);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) vmaybe_write_file(false, filename, fmt, ap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) va_end(ap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) static int read_mnt_flags(const char *path)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) int ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) struct statvfs stat;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) int mnt_flags;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) ret = statvfs(path, &stat);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) if (ret != 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) die("statvfs of %s failed: %s\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) path, strerror(errno));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) if (stat.f_flag & ~(ST_RDONLY | ST_NOSUID | ST_NODEV | \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) ST_NOEXEC | ST_NOATIME | ST_NODIRATIME | ST_RELATIME | \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) ST_SYNCHRONOUS | ST_MANDLOCK)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) die("Unrecognized mount flags\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) mnt_flags = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) if (stat.f_flag & ST_RDONLY)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) mnt_flags |= MS_RDONLY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) if (stat.f_flag & ST_NOSUID)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) mnt_flags |= MS_NOSUID;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) if (stat.f_flag & ST_NODEV)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) mnt_flags |= MS_NODEV;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) if (stat.f_flag & ST_NOEXEC)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) mnt_flags |= MS_NOEXEC;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) if (stat.f_flag & ST_NOATIME)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) mnt_flags |= MS_NOATIME;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) if (stat.f_flag & ST_NODIRATIME)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) mnt_flags |= MS_NODIRATIME;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) if (stat.f_flag & ST_RELATIME)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) mnt_flags |= MS_RELATIME;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) if (stat.f_flag & ST_SYNCHRONOUS)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) mnt_flags |= MS_SYNCHRONOUS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) if (stat.f_flag & ST_MANDLOCK)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) mnt_flags |= ST_MANDLOCK;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) return mnt_flags;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) static void create_and_enter_userns(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) uid_t uid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) gid_t gid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) uid = getuid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) gid = getgid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) if (unshare(CLONE_NEWUSER) !=0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) die("unshare(CLONE_NEWUSER) failed: %s\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) strerror(errno));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) maybe_write_file("/proc/self/setgroups", "deny");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) write_file("/proc/self/uid_map", "0 %d 1", uid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) write_file("/proc/self/gid_map", "0 %d 1", gid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) if (setgid(0) != 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) die ("setgid(0) failed %s\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) strerror(errno));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) if (setuid(0) != 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) die("setuid(0) failed %s\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) strerror(errno));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) static
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) bool test_unpriv_remount(const char *fstype, const char *mount_options,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) int mount_flags, int remount_flags, int invalid_flags)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) pid_t child;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) child = fork();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) if (child == -1) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) die("fork failed: %s\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) strerror(errno));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) if (child != 0) { /* parent */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) pid_t pid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) int status;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) pid = waitpid(child, &status, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) if (pid == -1) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) die("waitpid failed: %s\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) strerror(errno));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) if (pid != child) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) die("waited for %d got %d\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) child, pid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) if (!WIFEXITED(status)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) die("child did not terminate cleanly\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) return WEXITSTATUS(status) == EXIT_SUCCESS ? true : false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) create_and_enter_userns();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) if (unshare(CLONE_NEWNS) != 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) die("unshare(CLONE_NEWNS) failed: %s\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) strerror(errno));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) if (mount("testing", "/tmp", fstype, mount_flags, mount_options) != 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) die("mount of %s with options '%s' on /tmp failed: %s\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) fstype,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) mount_options? mount_options : "",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) strerror(errno));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) create_and_enter_userns();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) if (unshare(CLONE_NEWNS) != 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) die("unshare(CLONE_NEWNS) failed: %s\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) strerror(errno));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) if (mount("/tmp", "/tmp", "none",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) MS_REMOUNT | MS_BIND | remount_flags, NULL) != 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) /* system("cat /proc/self/mounts"); */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) die("remount of /tmp failed: %s\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) strerror(errno));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) if (mount("/tmp", "/tmp", "none",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) MS_REMOUNT | MS_BIND | invalid_flags, NULL) == 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) /* system("cat /proc/self/mounts"); */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) die("remount of /tmp with invalid flags "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) "succeeded unexpectedly\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) exit(EXIT_SUCCESS);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) static bool test_unpriv_remount_simple(int mount_flags)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) return test_unpriv_remount("ramfs", NULL, mount_flags, mount_flags, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) static bool test_unpriv_remount_atime(int mount_flags, int invalid_flags)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) return test_unpriv_remount("ramfs", NULL, mount_flags, mount_flags,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) invalid_flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) static bool test_priv_mount_unpriv_remount(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) pid_t child;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260) int ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261) const char *orig_path = "/dev";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262) const char *dest_path = "/tmp";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263) int orig_mnt_flags, remount_mnt_flags;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265) child = fork();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266) if (child == -1) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267) die("fork failed: %s\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) strerror(errno));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270) if (child != 0) { /* parent */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271) pid_t pid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272) int status;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273) pid = waitpid(child, &status, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274) if (pid == -1) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275) die("waitpid failed: %s\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276) strerror(errno));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278) if (pid != child) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279) die("waited for %d got %d\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280) child, pid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282) if (!WIFEXITED(status)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283) die("child did not terminate cleanly\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 284) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 285) return WEXITSTATUS(status) == EXIT_SUCCESS ? true : false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 286) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 287)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 288) orig_mnt_flags = read_mnt_flags(orig_path);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 289)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 290) create_and_enter_userns();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 291) ret = unshare(CLONE_NEWNS);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 292) if (ret != 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 293) die("unshare(CLONE_NEWNS) failed: %s\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 294) strerror(errno));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 295) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 296)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 297) ret = mount(orig_path, dest_path, "bind", MS_BIND | MS_REC, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 298) if (ret != 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 299) die("recursive bind mount of %s onto %s failed: %s\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 300) orig_path, dest_path, strerror(errno));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 301) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 302)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 303) ret = mount(dest_path, dest_path, "none",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 304) MS_REMOUNT | MS_BIND | orig_mnt_flags , NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 305) if (ret != 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 306) /* system("cat /proc/self/mounts"); */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 307) die("remount of /tmp failed: %s\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 308) strerror(errno));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 309) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 310)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 311) remount_mnt_flags = read_mnt_flags(dest_path);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 312) if (orig_mnt_flags != remount_mnt_flags) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 313) die("Mount flags unexpectedly changed during remount of %s originally mounted on %s\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 314) dest_path, orig_path);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 315) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 316) exit(EXIT_SUCCESS);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 317) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 318)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 319) int main(int argc, char **argv)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 320) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 321) if (!test_unpriv_remount_simple(MS_RDONLY)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 322) die("MS_RDONLY malfunctions\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 323) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 324) if (!test_unpriv_remount("devpts", "newinstance", MS_NODEV, MS_NODEV, 0)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 325) die("MS_NODEV malfunctions\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 326) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 327) if (!test_unpriv_remount_simple(MS_NOSUID)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 328) die("MS_NOSUID malfunctions\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 329) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 330) if (!test_unpriv_remount_simple(MS_NOEXEC)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 331) die("MS_NOEXEC malfunctions\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 332) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 333) if (!test_unpriv_remount_atime(MS_RELATIME,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 334) MS_NOATIME))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 335) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 336) die("MS_RELATIME malfunctions\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 337) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 338) if (!test_unpriv_remount_atime(MS_STRICTATIME,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 339) MS_NOATIME))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 340) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 341) die("MS_STRICTATIME malfunctions\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 342) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 343) if (!test_unpriv_remount_atime(MS_NOATIME,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 344) MS_STRICTATIME))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 345) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 346) die("MS_NOATIME malfunctions\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 347) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 348) if (!test_unpriv_remount_atime(MS_RELATIME|MS_NODIRATIME,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 349) MS_NOATIME))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 350) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 351) die("MS_RELATIME|MS_NODIRATIME malfunctions\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 352) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 353) if (!test_unpriv_remount_atime(MS_STRICTATIME|MS_NODIRATIME,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 354) MS_NOATIME))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 355) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 356) die("MS_STRICTATIME|MS_NODIRATIME malfunctions\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 357) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 358) if (!test_unpriv_remount_atime(MS_NOATIME|MS_NODIRATIME,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 359) MS_STRICTATIME))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 360) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 361) die("MS_NOATIME|MS_DIRATIME malfunctions\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 362) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 363) if (!test_unpriv_remount("ramfs", NULL, MS_STRICTATIME, 0, MS_NOATIME))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 364) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 365) die("Default atime malfunctions\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 366) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 367) if (!test_priv_mount_unpriv_remount()) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 368) die("Mount flags unexpectedly changed after remount\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 369) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 370) return EXIT_SUCCESS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 371) }
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags