On Sat, Mar 27, 2021 at 12:18:52PM +0100, Christian Brauner wrote:
> From: Christian Brauner <christian.brauner@xxxxxxxxxx>
>
> Add a test suite to verify the behavior of idmapped mounts. The test
> suite also includes a range of vfs tests to verify that no regressions
> are introduced by idmapped mounts. The following tests are currently
> available with more to come in the future:
>
> 01. posix acls on regular and idmapped mounts
> 02. create operations in user namespace
> 03. device node creation in user namespace
> 04. expected ownership on idmapped mounts
> 05. fscaps on regular mounts
> 06. fscaps on idmapped mounts
> 07. fscaps on idmapped mounts in user namespace
> 08. fscaps on idmapped mounts in user namespace
> with different id mappings
> 09. mapped fsids
> 10. unmapped fsids
> 11. cross mount hardlink
> 12. cross idmapped mount hardlink
> 13. hardlinks from idmapped mounts
> 14. hardlinks from idmapped mounts in user namespace
> 15. io_uring
> 16. io_uring in user namespace
> 17. io_uring from idmapped mounts
> 18. io_uring from idmapped mounts in user namespace
> 19. io_uring from idmapped mounts with unmapped ids
> 20. io_uring from idmapped mounts with unmapped ids in user namespace
> 21. following protected symlinks on regular mounts
> 22. following protected symlinks on idmapped mounts
> 23. following protected symlinks on idmapped mounts in user namespace
> 24. cross mount rename
> 25. cross idmapped mount rename
> 26. rename from idmapped mounts
> 27. rename from idmapped mounts in user namespace
> 28. symlink from regular mounts
> 29. symlink from idmapped mounts
> 30. symlink from idmapped mounts in user namespace
> 31. setid binaries on regular mounts
> 32. setid binaries on idmapped mounts
> 33. setid binaries on idmapped mounts in user namespace
> 34. setid binaries on idmapped mounts in user namespace
> with different id mappings
> 35. sticky bit unlink operations on regular mounts
> 36. sticky bit unlink operations on idmapped mounts
> 37. sticky bit unlink operations on idmapped mounts in user namespace
> 38. sticky bit rename operations on regular mounts
> 39. sticky bit rename operations on idmapped mounts
> 40. sticky bit rename operations on idmapped mounts in user namespace
> 41. create operations in directories with setgid bit set
> 42. create operations in directories with setgid bit set
> on idmapped mounts
> 43. create operations in directories with setgid bit set
> on idmapped mounts in user namespace
> 44. verify create operations and ownership with racing threads idmapping
> a mount
> 45. setattr truncate operations on regular mounts
> 46. setattr truncate operations on idmapped mounts
> 47. setattr truncate operations on idmapped mounts in user namespace
>
> Here's some sample output when running with DEBUG_TRACE defined:
>
> Cc: Amir Goldstein <amir73il@xxxxxxxxx>
> Cc: Eryu Guan <guan@xxxxxxx>
> Cc: fstests@xxxxxxxxxxxxxxx
> Reviewed-by: Christoph Hellwig <hch@xxxxxx>
> Signed-off-by: Christian Brauner <christian.brauner@xxxxxxxxxx>
> ---
> /* v2 */ (send out alongside idmapped mounts patchset)
> test-suite part of the kernel selftest framework
>
> /* v3 */ (send out alongside idmapped mounts patchset)
> patch introduced (ported form kernel selftest framework)
>
> /* v4 */ (send out alongside idmapped mounts patchset)
> - Amir Goldstein <amir73il@xxxxxxxxx>:
> - Don't Cc fstests mailing list on the testing patches for now.
>
> - Add setgid creation tests.
>
> /* v5 */ (send out alongside idmapped mounts patchset)
> new base: 2080ad637bbb4d2c24c4d63939799dab178eb407
>
> - Christoph Hellwig <hch@xxxxxx>:
> - Enable xfs testing.
> - Improve idmapped mount testing support.
>
> - Christian Brauner <christian.brauner@xxxxxxxxxx>:
> - Fix protected symlink tests.
> - Introduce xfs specific helpers.
> - Expand setgid bit tests to xfs.
>
> /* v6 */ (send out alongside idmapped mounts patchset)
> - Christian Brauner <christian.brauner@xxxxxxxxxx>:
> - After Christoph fixed setgid handling on xfs remove all xfs specific
> parts apart from irix_sgid_inheritance checking.
> - Add idmapped-mounts binary to .gitignore
> - Fix feature testing.
> - Add truncation tests.
>
> /* v7 */ (sent out as a separate patchset)
> new base: 011bfb01f7f9f8f37c01d0a1ae0b0ca28e96a4f5
> - Christian Brauner <christian.brauner@xxxxxxxxxx>:
> - Expand debugging options.
>
> /* v8 */
> - Christoph Hellwig <hch@xxxxxx>:
> - Use __supported_fs generic instead of explicitly listing ext4 and xfs.
> - Remove obsolete comment.
>
> /* v9 */
> - Christian Brauner <christian.brauner@xxxxxxxxxx>:
> - Rebase on current master.
>
> /* v10 */
> unchanged
>
> /* v11 */
> - Amir Goldstein <amir73il@xxxxxxxxx>:
> - Place "auto" and "quick" tags first for easier "eye grepping".
> - Add a dedicated "idmapped" tag for idmapped mounts tests.
> ---
> .gitignore | 1 +
> common/rc | 25 +
> configure.ac | 2 +
> include/builddefs.in | 1 +
> m4/Makefile | 1 +
> m4/package_libcap.m4 | 4 +
> src/Makefile | 5 +
> src/detached_mounts_propagation.c | 65 +-
> src/feature.c | 40 +-
> src/idmapped-mounts/Makefile | 35 +
> src/idmapped-mounts/idmapped-mounts.c | 8761 +++++++++++++++++++++++++
> src/idmapped-mounts/missing.h | 151 +
> src/idmapped-mounts/utils.c | 134 +
> src/idmapped-mounts/utils.h | 29 +
> tests/generic/632 | 42 +
> tests/generic/632.out | 2 +
> tests/generic/group | 1 +
> 17 files changed, 9231 insertions(+), 68 deletions(-)
> create mode 100644 m4/package_libcap.m4
> create mode 100644 src/idmapped-mounts/Makefile
> create mode 100644 src/idmapped-mounts/idmapped-mounts.c
> create mode 100644 src/idmapped-mounts/missing.h
> create mode 100644 src/idmapped-mounts/utils.c
> create mode 100644 src/idmapped-mounts/utils.h
> create mode 100644 tests/generic/632
> create mode 100644 tests/generic/632.out
>
[snip]
> +
> +/* caps_down - lower all effective caps */
> +static int caps_down(void)
> +{
> + bool fret = false;
When HAVE_SYS_CAPABILITY_H is not defined, i.e. libcap-devel package is
not installed, so this causes test fails as
@@ -1,2 +1,7 @@
QA output created by 632
Silence is golden
+idmapped-mounts.c: 419: switch_userns - Success - failure: caps_down
+idmapped-mounts.c: 6617: acls - Success - failure: switch_userns
+idmapped-mounts.c: 6627: acls - Success - failure: wait_for_pid
+failure: posix acls on regular mounts
+idmapped-mounts.c: 805: test_cleanup - Directory not empty - failure: rm_r
Also, please update README to add libcap-devel to "install prerequisite
packages" list.
And it seems some tests depend on caps_down(), like io_uring tests, it
depends on caps_down() to drop caps and expect EPERM. It'd be better to
make libcap-devel optional and don't fail other tests if it's not
installed.
> +#ifdef HAVE_SYS_CAPABILITY_H
> + cap_t caps = NULL;
> + int ret = -1;
> +
> + caps = cap_get_proc();
> + if (!caps)
> + goto out;
> +
> + ret = cap_clear_flag(caps, CAP_EFFECTIVE);
> + if (ret)
> + goto out;
> +
> + ret = cap_set_proc(caps);
> + if (ret)
> + goto out;
> +
> + fret = true;
> +
> +out:
> + cap_free(caps);
> +#endif
> + return fret;
> +}
> +
> +/* caps_down - raise all permitted caps */
caps_up
> +static int caps_up(void)
[snip]
> +static int print_r(int fd, const char *path)
I saw build warnings:
idmapped-mounts.c:554:12: warning: 'print_r' defined but not used [-Wunused-function]
554 | static int print_r(int fd, const char *path)
| ^~~~~~~
because DEBUG_TRACE is not defined.
Thanks,
Eryu
