You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
161 lines
5.3 KiB
161 lines
5.3 KiB
https://github.com/thom311/libnl/issues/308
|
|
https://github.com/thom311/libnl/commit/85e3c5d423a0ab8f8414f892998323c886484725
|
|
https://github.com/thom311/libnl/commit/ec712a4514e667b6f7fc3a54a10d4d4f65d1b5c7
|
|
https://github.com/thom311/libnl/commit/7577266c03ddbf42257f6c43f42e5837a2671038
|
|
|
|
From 85e3c5d423a0ab8f8414f892998323c886484725 Mon Sep 17 00:00:00 2001
|
|
From: Thomas Haller <thaller@redhat.com>
|
|
Date: Thu, 21 Apr 2022 08:39:51 +0200
|
|
Subject: [PATCH] tests: add _assert_nltst_netns() helper
|
|
|
|
--- a/tests/nl-test-util.c
|
|
+++ b/tests/nl-test-util.c
|
|
@@ -25,6 +25,14 @@ struct nltst_netns {
|
|
|
|
/*****************************************************************************/
|
|
|
|
+#define _assert_nltst_netns(nsdata) \
|
|
+ do { \
|
|
+ const struct nltst_netns *_nsdata = (nsdata); \
|
|
+ \
|
|
+ ck_assert_ptr_nonnull(_nsdata); \
|
|
+ ck_assert_int_eq(_nsdata->canary, _CANARY); \
|
|
+ } while (0)
|
|
+
|
|
static struct {
|
|
struct nltst_netns *nsdata;
|
|
} _netns_fixture_global;
|
|
@@ -34,12 +42,12 @@ void nltst_netns_fixture_setup(void)
|
|
ck_assert(!_netns_fixture_global.nsdata);
|
|
|
|
_netns_fixture_global.nsdata = nltst_netns_enter();
|
|
- ck_assert(_netns_fixture_global.nsdata);
|
|
+ _assert_nltst_netns(_netns_fixture_global.nsdata);
|
|
}
|
|
|
|
void nltst_netns_fixture_teardown(void)
|
|
{
|
|
- ck_assert(_netns_fixture_global.nsdata);
|
|
+ _assert_nltst_netns(_netns_fixture_global.nsdata);
|
|
_nl_clear_pointer(&_netns_fixture_global.nsdata, nltst_netns_leave);
|
|
}
|
|
|
|
From ec712a4514e667b6f7fc3a54a10d4d4f65d1b5c7 Mon Sep 17 00:00:00 2001
|
|
From: Thomas Haller <thaller@redhat.com>
|
|
Date: Thu, 21 Apr 2022 08:41:03 +0200
|
|
Subject: [PATCH] tests: cleanup unshare_user() and use _nltst_fclose()
|
|
|
|
--- a/tests/nl-test-util.c
|
|
+++ b/tests/nl-test-util.c
|
|
@@ -65,24 +65,27 @@ static void unshare_user(void)
|
|
_nltst_assert_errno(r == 0);
|
|
|
|
/* Since Linux 3.19 we have to disable setgroups() in order to map users.
|
|
- * Just proceed if the file is not there. */
|
|
+ * Just proceed if the file is not there. */
|
|
f = fopen("/proc/self/setgroups", "we");
|
|
if (f) {
|
|
- fprintf(f, "deny");
|
|
- fclose(f);
|
|
+ r = fprintf(f, "deny");
|
|
+ _nltst_assert_errno(r > 0);
|
|
+ _nltst_fclose(f);
|
|
}
|
|
|
|
/* Map current UID to root in NS to be created. */
|
|
f = fopen("/proc/self/uid_map", "we");
|
|
- ck_assert(f);
|
|
- fprintf(f, "0 %d 1", uid);
|
|
- fclose(f);
|
|
+ _nltst_assert_errno(f);
|
|
+ r = fprintf(f, "0 %d 1", uid);
|
|
+ _nltst_assert_errno(r > 0);
|
|
+ _nltst_fclose(f);
|
|
|
|
/* Map current GID to root in NS to be created. */
|
|
f = fopen("/proc/self/gid_map", "we");
|
|
- ck_assert(f);
|
|
- fprintf(f, "0 %d 1", gid);
|
|
- fclose(f);
|
|
+ _nltst_assert_errno(f);
|
|
+ r = fprintf(f, "0 %d 1", gid);
|
|
+ _nltst_assert_errno(r > 0);
|
|
+ _nltst_fclose(f);
|
|
}
|
|
|
|
struct nltst_netns *nltst_netns_enter(void)
|
|
--- a/tests/nl-test-util.h
|
|
+++ b/tests/nl-test-util.h
|
|
@@ -34,6 +34,14 @@
|
|
_nltst_assert_errno(_r == 0); \
|
|
} while (0)
|
|
|
|
+#define _nltst_fclose(f) \
|
|
+ do { \
|
|
+ int _r; \
|
|
+ \
|
|
+ _r = fclose((f)); \
|
|
+ _nltst_assert_errno(_r == 0); \
|
|
+ } while (0)
|
|
+
|
|
/*****************************************************************************/
|
|
|
|
void nltst_netns_fixture_setup(void);
|
|
From 7577266c03ddbf42257f6c43f42e5837a2671038 Mon Sep 17 00:00:00 2001
|
|
From: Thomas Haller <thaller@redhat.com>
|
|
Date: Thu, 21 Apr 2022 08:42:35 +0200
|
|
Subject: [PATCH] tests: silently ignore EACCES for setting uid_map for test
|
|
namespace
|
|
|
|
Seems this can happen, but we probably can just continue with the
|
|
unit test. Just ignore the error.
|
|
|
|
https://github.com/thom311/libnl/issues/ ## 308
|
|
--- a/tests/nl-test-util.c
|
|
+++ b/tests/nl-test-util.c
|
|
@@ -53,7 +53,7 @@ void nltst_netns_fixture_teardown(void)
|
|
|
|
/*****************************************************************************/
|
|
|
|
-static void unshare_user(void)
|
|
+static bool unshare_user(void)
|
|
{
|
|
const uid_t uid = geteuid();
|
|
const gid_t gid = getegid();
|
|
@@ -75,7 +75,11 @@ static void unshare_user(void)
|
|
|
|
/* Map current UID to root in NS to be created. */
|
|
f = fopen("/proc/self/uid_map", "we");
|
|
- _nltst_assert_errno(f);
|
|
+ if (!f) {
|
|
+ if (errno == EACCES)
|
|
+ return false;
|
|
+ _nltst_assert_errno(f);
|
|
+ }
|
|
r = fprintf(f, "0 %d 1", uid);
|
|
_nltst_assert_errno(r > 0);
|
|
_nltst_fclose(f);
|
|
@@ -86,6 +90,7 @@ static void unshare_user(void)
|
|
r = fprintf(f, "0 %d 1", gid);
|
|
_nltst_assert_errno(r > 0);
|
|
_nltst_fclose(f);
|
|
+ return true;
|
|
}
|
|
|
|
struct nltst_netns *nltst_netns_enter(void)
|
|
@@ -96,8 +101,12 @@ struct nltst_netns *nltst_netns_enter(void)
|
|
nsdata = calloc(1, sizeof(struct nltst_netns));
|
|
ck_assert(nsdata);
|
|
|
|
- nsdata->canary = _CANARY;
|
|
+ *nsdata = (struct nltst_netns){
|
|
+ .canary = _CANARY,
|
|
+ };
|
|
|
|
+ /* unshare_user() might fail to set uid_map/gid_map due to sandboxing.
|
|
+ * We ignore that error and proceed. The test will possibly still work. */
|
|
unshare_user();
|
|
|
|
r = unshare(CLONE_NEWNET | CLONE_NEWNS);
|
|
|