Re: generic/633 failing without CONFIG_USER_NS

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index] 

On Thu, Mar 31, 2022 at 10:28:46AM +0200, Jan Kara wrote:
> Hello,
> 
> I have noticed that when I build a kernel without CONFIG_USER_NS,
> generic/633 is failing. This is because despite it properly detects
> idmapped mounts are not supported, it still tries to execute some tests
> (such as fscaps test) and they rely on bits of user namespace support (e.g.
> /proc/<pid>/ns/user existing). I could hack some additional support check
> into the test but then I figured I'm not sure whether all the tests are OK
> to skip without CONFIG_USER_NS or whether there are not some more subtle
> dependencies... So I'm asking here :).

Hey Jan,

Thank your for detecting and reporting this. So the only ones we can
reasonably run are the ones that don't require idmapped mount support
and of this the actual subset that should be runnable without userns is:

{ hardlink_crossing_mounts,					false,	"cross mount hardlink",										},
{ io_uring,							false,	"io_uring",											},
{ protected_symlinks,						false,	"following protected symlinks on regular mounts",						},
{ rename_crossing_mounts,					false,	"cross mount rename",										},
{ setattr_truncate,						false,	"setattr truncate",										},
{ setgid_create,						false,	"create operations in directories with setgid bit set",						},
{ setid_binaries,						false,	"setid binaries on regular mounts",								},
{ sticky_bit_unlink,						false,	"sticky bit unlink operations on regular mounts",						},
{ sticky_bit_rename,						false,	"sticky bit rename operations on regular mounts",						},
{ symlink_regular_mounts,					false,	"symlink from regular mounts",									},

I think currently we're doing:

struct t_idmapped_mounts {
	int (*test)(void);
	bool require_fs_allow_idmap;
	const char *description;
};

which defines
bool require_fs_allow_idmap
which gets set for each test and then we can skip or execute tests
depending on whether or not they require that.

One possible way to deal with the userns thing in there might be to make
this a flags argument:

unsigned int required_flags;

then

#define T_REQUIRE_IDMAPPED_MOUNTS (0 << 1)
#define T_REQUIRE_USERNS (0 << 2)

then for each test that currently does set require_fs_allow_idmap to
be true we set:

T_REQUIRE_IDMAPPED_MOUNTS

and for the tests that require userns do

T_REQUIRE_USERNS

and 0 for the others. Then in

run_test() we can do:

if (t->required_flags != (t_available_flags & t->required_flags)) {
	log_debug("Skipping test %s", t->description);
	continue;
}

?

Maybe there's a simpler way though. :)

Christian
[Index of Archives]     [Linux Filesystems Development]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux