xref: /freebsd/sys/contrib/openzfs/tests/zfs-tests/tests/functional/idmap_mount/idmap_mount_005.ksh (revision 61145dc2b94f12f6a47344fb9aac702321880e43) 
1#!/bin/ksh -p
2# SPDX-License-Identifier: CDDL-1.0
3#
4# CDDL HEADER START
5#
6# The contents of this file are subject to the terms of the
7# Common Development and Distribution License (the "License").
8# You may not use this file except in compliance with the License.
9#
10# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
11# or https://opensource.org/licenses/CDDL-1.0.
12# See the License for the specific language governing permissions
13# and limitations under the License.
14#
15# When distributing Covered Code, include this CDDL HEADER in each
16# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
17# If applicable, add the following below this CDDL HEADER, with the
18# fields enclosed by brackets "[]" replaced with your own identifying
19# information: Portions Copyright [yyyy] [name of copyright owner]
20#
21# CDDL HEADER END
22#
23
24. $STF_SUITE/tests/functional/idmap_mount/idmap_mount_common.kshlib
25
26#
27#
28# DESCRIPTION:
29#       Test idmapped mount in a user namespace
30#
31# STRATEGY:
32#	1. Create a zoned dataset
33#	2. Create a user namespace and designate the dataset to the zone
34#	3. In the zone, mount the dataset to "idmap_test"
35#	4. In the zone, idmap mount the dataset mountpoint to "idmap_dest"
36#	5. Do some file operations in the idmapped mountpoint "idmap_dest"
37#	6. Check the owner of files/folder in the mount point "idmap_test"
38#	7. unmount the mountpoints in the zone
39#	8. Remount the dataset in global zone to "idmap_test"
40#	9. Check the owenr of filers/folder in the mountpoint "idmap_test"
41#
42
43verify_runnable "global"
44
45export WORKDIR=$TESTDIR/idmap_test
46export IDMAPDIR=$TESTDIR/idmap_dest
47
48function cleanup
49{
50	if [[ -v unshared_pid ]]; then
51		zfs unzone /proc/$unshared_pid/ns/user "$TESTPOOL/userns"
52		kill -TERM ${unshared_pid}
53	fi
54	if mountpoint $WORKDIR; then
55		log_must umount $WORKDIR
56	fi
57	log_must rm -rf $WORKDIR
58}
59
60log_onexit cleanup
61
62if ! idmap_util -c $TESTDIR; then
63	log_unsupported "Idmap mount not supported."
64fi
65
66unshare -Urm echo test
67if [ "$?" -ne "0" ]; then
68	log_unsupported "Failed to create user namespace"
69fi
70
71log_must zfs create -o zoned=off -o mountpoint=$WORKDIR "$TESTPOOL/userns"
72
73# "root" user and group in the user ns
74log_must chown 1000000:1000000 $WORKDIR
75log_must zfs set zoned=on "$TESTPOOL/userns"
76
77log_must mkdir -p $IDMAPDIR
78
79unshare -Um /usr/bin/sleep 2h &
80unshared_pid=$!
81if [ "$?" -ne "0" ]; then
82	log_unsupported "Failed to create user namespace"
83fi
84# wait for userns to be ready
85sleep 1
86echo "0 1000000 1000000" > /proc/$unshared_pid/uid_map
87if [ "$?" -ne "0" ]; then
88	log_unsupported "Failed to write to uid_map"
89fi
90echo "0 1000000 1000000" > /proc/$unshared_pid/gid_map
91if [ "$?" -ne "0" ]; then
92	log_unsupported "Failed to write to gid_map"
93fi
94
95NSENTER="nsenter -t $unshared_pid --all -S 0 -G 0"
96
97log_must zfs zone /proc/$unshared_pid/ns/user "$TESTPOOL/userns"
98log_must $NSENTER zfs mount "$TESTPOOL/userns"
99log_must $NSENTER chmod 777 $WORKDIR
100
101$NSENTER idmap_util -c $WORKDIR
102if [ "$?" -ne "0" ]; then
103	log_unsupported "Idmapped mount not supported in a user namespace"
104fi
105
106log_must $NSENTER idmap_util -m b:0:10000:100000 $WORKDIR $IDMAPDIR
107log_must $NSENTER setpriv --reuid 11000 --regid 11000 --clear-groups touch $IDMAPDIR/file
108log_must $NSENTER setpriv --reuid 11000 --regid 11000 --clear-groups mkdir $IDMAPDIR/folder
109log_must $NSENTER setpriv --reuid 11000 --regid 11000 --clear-groups ln -s file $IDMAPDIR/file-soft
110log_must $NSENTER setpriv --reuid 11000 --regid 11000 --clear-groups ln $IDMAPDIR/file $IDMAPDIR/file-hard
111
112log_must $NSENTER setpriv --reuid 11000 --regid 11000 --clear-groups cp -p $IDMAPDIR/file $IDMAPDIR/folder/file-p
113log_must $NSENTER setpriv --reuid 11000 --regid 11000 --clear-groups cp $IDMAPDIR/file $IDMAPDIR/folder/file
114
115log_must test "1000 1000" = "$($NSENTER stat -c '%u %g' $WORKDIR/file)"
116log_must test "1000 1000" = "$($NSENTER stat -c '%u %g' $WORKDIR/folder)"
117log_must test "1000 1000" = "$($NSENTER stat -c '%u %g' $WORKDIR/file-soft)"
118log_must test "1000 1000" = "$($NSENTER stat -c '%u %g' $WORKDIR/file-hard)"
119log_must test "1000 1000" = "$($NSENTER stat -c '%u %g' $WORKDIR/folder/file-p)"
120log_must test "1000 1000" = "$($NSENTER stat -c '%u %g' $WORKDIR/folder/file)"
121
122log_must $NSENTER umount $IDMAPDIR
123log_must $NSENTER umount $WORKDIR
124
125log_must zfs unzone /proc/$unshared_pid/ns/user "$TESTPOOL/userns"
126log_must kill -TERM $unshared_pid
127unset unshared_pid
128log_must zfs set zoned=off "$TESTPOOL/userns"
129log_must zfs mount "$TESTPOOL/userns"
130
131log_must test "1001000 1001000" = "$(stat -c '%u %g' $WORKDIR/file)"
132log_must test "1001000 1001000" = "$(stat -c '%u %g' $WORKDIR/folder)"
133log_must test "1001000 1001000" = "$(stat -c '%u %g' $WORKDIR/file-soft)"
134log_must test "1001000 1001000" = "$(stat -c '%u %g' $WORKDIR/file-hard)"
135log_must test "1001000 1001000" = "$(stat -c '%u %g' $WORKDIR/folder/file-p)"
136log_must test "1001000 1001000" = "$(stat -c '%u %g' $WORKDIR/folder/file)"
137
138log_pass "Testing idmapped mount in a user ns is successful."
139
140