user namespace testcases

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hey all,

sometime in the next two months I intend to write a set of testcases for
LTP for user namespaces.  Here is what I briefly jotted down for testcases
I intend to write.  If anyone else is interested in writing some, by all
means please feel free :)  This is a subtle feature and I feel it needs
to be methodically tested to make sure we're not breaking anything, and
that nothing gets broken later.

====

All start as root.

hostname
	1. sethostname(); should succeed
	2. setuid(500); sethostname: should fail
	3. clone(CLONE_NEWUTS); sethostname: should succeed
	4. clone(CLONE_NEWUTS|CLONE_NEWUSER); sethostname: should pass
	5. clone(CLONE_NEWUSER); sethostname: should fail
	6. setuid(500); clone(USER|UTS); sethostname; should pass
	Note that 6 requires keeping CAP_SETUID etc across setuid.

kill
	1.
	p1=fork; kill p1; should pass
	2.
	p1=fork and does setuid(500); should pass
	3.
	p1=fork; p2=fork; p1 does setuid(500); p1 kills p2; should fail
	4.
	p1=clone(NEWUSER); p2=fork; p1 kills p2; should fail
	5.
	p1=fork; p2=clone(NEWUSER); p1 kills p2; should pass
	6.
	p1 does setuid(500) then does clone(NEWUSER); p2 = fork; p1 kills p2.
	should fail
	7.
	p1 does setuid(500); p2 does setuid(500); p2 does clone(NEWUSER);
	p1 kills p2; should pass.

ptrace
	1. 
	p1=fork; p2=fork; pass p2.pid to p1
	p2: sleep(500);
	p1: setuid(500); ret = ptrace(p2); pass ret to parent
	should fail
	2.
	same as (1) without setuid; should succeed
	3. same as (1) but p2 also does setuid(500): should succeed
	4. same as (1), p1 created with clone(CLONE_NEWPID); should fail
	5. same as (1), p2 created with clone(CLONE_NEWPID); should pass
	6. same as (1), p1 and p2 setuid(500), and p2 created with CLONE_NEWPID;
	should pass
	7. same as (1), p1 setuid(500), p2 setuid(501), p2 created with
	CLONE_NEWPID; should fail
	Note that 6 and 7 require keeping CAP_SETUID etc across setuid.

reboot
	clone(CLONE_NEWUSER); reboot: should fail

===
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linux-foundation.org/mailman/listinfo/containers
[Index of Archives]     [Cgroups]     [Netdev]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]

  Powered by Linux