xref: /linux/tools/testing/selftests/proc/proc-pidns.c (revision 46582a15c1742ff0dd9d2faffd62672a79603a42) 
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  * Author: Aleksa Sarai <cyphar@cyphar.com>
4  * Copyright (C) 2025 SUSE LLC.
5  */
6 
7 #include <assert.h>
8 #include <errno.h>
9 #include <sched.h>
10 #include <stdbool.h>
11 #include <stdlib.h>
12 #include <string.h>
13 #include <unistd.h>
14 #include <stdio.h>
15 #include <sys/mount.h>
16 #include <sys/stat.h>
17 #include <sys/prctl.h>
18 
19 #include "../kselftest_harness.h"
20 
21 #define ASSERT_ERRNO(expected, _t, seen)				\
22 	__EXPECT(expected, #expected,					\
23 		({__typeof__(seen) _tmp_seen = (seen);			\
24 		  _tmp_seen >= 0 ? _tmp_seen : -errno; }), #seen, _t, 1)
25 
26 #define ASSERT_ERRNO_EQ(expected, seen) \
27 	ASSERT_ERRNO(expected, ==, seen)
28 
29 #define ASSERT_SUCCESS(seen) \
30 	ASSERT_ERRNO(0, <=, seen)
31 
32 static int touch(char *path)
33 {
34 	int fd = open(path, O_WRONLY|O_CREAT|O_CLOEXEC, 0644);
35 	if (fd < 0)
36 		return -1;
37 	return close(fd);
38 }
39 
40 FIXTURE(ns)
41 {
42 	int host_mntns, host_pidns;
43 	int dummy_pidns;
44 };
45 
46 FIXTURE_SETUP(ns)
47 {
48 	/* Stash the old mntns. */
49 	self->host_mntns = open("/proc/self/ns/mnt", O_RDONLY|O_CLOEXEC);
50 	ASSERT_SUCCESS(self->host_mntns);
51 
52 	/* Create a new mount namespace and make it private. */
53 	ASSERT_SUCCESS(unshare(CLONE_NEWNS));
54 	ASSERT_SUCCESS(mount(NULL, "/", NULL, MS_PRIVATE|MS_REC, NULL));
55 
56 	/*
57 	 * Create a proper tmpfs that we can use and will disappear once we
58 	 * leave this mntns.
59 	 */
60 	ASSERT_SUCCESS(mount("tmpfs", "/tmp", "tmpfs", 0, NULL));
61 
62 	/*
63 	 * Create a pidns we can use for later tests. We need to fork off a
64 	 * child so that we get a usable nsfd that we can bind-mount and open.
65 	 */
66 	ASSERT_SUCCESS(mkdir("/tmp/dummy", 0755));
67 	ASSERT_SUCCESS(touch("/tmp/dummy/pidns"));
68 	ASSERT_SUCCESS(mkdir("/tmp/dummy/proc", 0755));
69 
70 	self->host_pidns = open("/proc/self/ns/pid", O_RDONLY|O_CLOEXEC);
71 	ASSERT_SUCCESS(self->host_pidns);
72 	ASSERT_SUCCESS(unshare(CLONE_NEWPID));
73 
74 	pid_t pid = fork();
75 	ASSERT_SUCCESS(pid);
76 	if (!pid) {
77 		prctl(PR_SET_PDEATHSIG, SIGKILL);
78 		ASSERT_SUCCESS(mount("/proc/self/ns/pid", "/tmp/dummy/pidns", NULL, MS_BIND, NULL));
79 		ASSERT_SUCCESS(mount("proc", "/tmp/dummy/proc", "proc", 0, NULL));
80 		exit(0);
81 	}
82 
83 	int wstatus;
84 	ASSERT_EQ(waitpid(pid, &wstatus, 0), pid);
85 	ASSERT_TRUE(WIFEXITED(wstatus));
86 	ASSERT_EQ(WEXITSTATUS(wstatus), 0);
87 
88 	ASSERT_SUCCESS(setns(self->host_pidns, CLONE_NEWPID));
89 
90 	self->dummy_pidns = open("/tmp/dummy/pidns", O_RDONLY|O_CLOEXEC);
91 	ASSERT_SUCCESS(self->dummy_pidns);
92 }
93 
94 FIXTURE_TEARDOWN(ns)
95 {
96 	ASSERT_SUCCESS(setns(self->host_mntns, CLONE_NEWNS));
97 	ASSERT_SUCCESS(close(self->host_mntns));
98 
99 	ASSERT_SUCCESS(close(self->host_pidns));
100 	ASSERT_SUCCESS(close(self->dummy_pidns));
101 }
102 
103 TEST_F(ns, pidns_mount_string_path)
104 {
105 	ASSERT_SUCCESS(mkdir("/tmp/proc-host", 0755));
106 	ASSERT_SUCCESS(mount("proc", "/tmp/proc-host", "proc", 0, "pidns=/proc/self/ns/pid"));
107 	ASSERT_SUCCESS(access("/tmp/proc-host/self/", X_OK));
108 
109 	ASSERT_SUCCESS(mkdir("/tmp/proc-dummy", 0755));
110 	ASSERT_SUCCESS(mount("proc", "/tmp/proc-dummy", "proc", 0, "pidns=/tmp/dummy/pidns"));
111 	ASSERT_ERRNO_EQ(-ENOENT, access("/tmp/proc-dummy/1/", X_OK));
112 	ASSERT_ERRNO_EQ(-ENOENT, access("/tmp/proc-dummy/self/", X_OK));
113 }
114 
115 TEST_F(ns, pidns_fsconfig_string_path)
116 {
117 	int fsfd = fsopen("proc", FSOPEN_CLOEXEC);
118 	ASSERT_SUCCESS(fsfd);
119 
120 	ASSERT_SUCCESS(fsconfig(fsfd, FSCONFIG_SET_STRING, "pidns", "/tmp/dummy/pidns", 0));
121 	ASSERT_SUCCESS(fsconfig(fsfd, FSCONFIG_CMD_CREATE, NULL, NULL, 0));
122 
123 	int mountfd = fsmount(fsfd, FSMOUNT_CLOEXEC, 0);
124 	ASSERT_SUCCESS(mountfd);
125 
126 	ASSERT_ERRNO_EQ(-ENOENT, faccessat(mountfd, "1/", X_OK, 0));
127 	ASSERT_ERRNO_EQ(-ENOENT, faccessat(mountfd, "self/", X_OK, 0));
128 
129 	ASSERT_SUCCESS(close(fsfd));
130 	ASSERT_SUCCESS(close(mountfd));
131 }
132 
133 TEST_F(ns, pidns_fsconfig_fd)
134 {
135 	int fsfd = fsopen("proc", FSOPEN_CLOEXEC);
136 	ASSERT_SUCCESS(fsfd);
137 
138 	ASSERT_SUCCESS(fsconfig(fsfd, FSCONFIG_SET_FD, "pidns", NULL, self->dummy_pidns));
139 	ASSERT_SUCCESS(fsconfig(fsfd, FSCONFIG_CMD_CREATE, NULL, NULL, 0));
140 
141 	int mountfd = fsmount(fsfd, FSMOUNT_CLOEXEC, 0);
142 	ASSERT_SUCCESS(mountfd);
143 
144 	ASSERT_ERRNO_EQ(-ENOENT, faccessat(mountfd, "1/", X_OK, 0));
145 	ASSERT_ERRNO_EQ(-ENOENT, faccessat(mountfd, "self/", X_OK, 0));
146 
147 	ASSERT_SUCCESS(close(fsfd));
148 	ASSERT_SUCCESS(close(mountfd));
149 }
150 
151 TEST_F(ns, pidns_reconfigure_remount)
152 {
153 	ASSERT_SUCCESS(mkdir("/tmp/proc", 0755));
154 	ASSERT_SUCCESS(mount("proc", "/tmp/proc", "proc", 0, ""));
155 
156 	ASSERT_SUCCESS(access("/tmp/proc/1/", X_OK));
157 	ASSERT_SUCCESS(access("/tmp/proc/self/", X_OK));
158 
159 	ASSERT_ERRNO_EQ(-EBUSY, mount(NULL, "/tmp/proc", NULL, MS_REMOUNT, "pidns=/tmp/dummy/pidns"));
160 
161 	ASSERT_SUCCESS(access("/tmp/proc/1/", X_OK));
162 	ASSERT_SUCCESS(access("/tmp/proc/self/", X_OK));
163 }
164 
165 TEST_F(ns, pidns_reconfigure_fsconfig_string_path)
166 {
167 	int fsfd = fsopen("proc", FSOPEN_CLOEXEC);
168 	ASSERT_SUCCESS(fsfd);
169 
170 	ASSERT_SUCCESS(fsconfig(fsfd, FSCONFIG_CMD_CREATE, NULL, NULL, 0));
171 
172 	int mountfd = fsmount(fsfd, FSMOUNT_CLOEXEC, 0);
173 	ASSERT_SUCCESS(mountfd);
174 
175 	ASSERT_SUCCESS(faccessat(mountfd, "1/", X_OK, 0));
176 	ASSERT_SUCCESS(faccessat(mountfd, "self/", X_OK, 0));
177 
178 	ASSERT_ERRNO_EQ(-EBUSY, fsconfig(fsfd, FSCONFIG_SET_STRING, "pidns", "/tmp/dummy/pidns", 0));
179 	ASSERT_SUCCESS(fsconfig(fsfd, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0)); /* noop */
180 
181 	ASSERT_SUCCESS(faccessat(mountfd, "1/", X_OK, 0));
182 	ASSERT_SUCCESS(faccessat(mountfd, "self/", X_OK, 0));
183 
184 	ASSERT_SUCCESS(close(fsfd));
185 	ASSERT_SUCCESS(close(mountfd));
186 }
187 
188 TEST_F(ns, pidns_reconfigure_fsconfig_fd)
189 {
190 	int fsfd = fsopen("proc", FSOPEN_CLOEXEC);
191 	ASSERT_SUCCESS(fsfd);
192 
193 	ASSERT_SUCCESS(fsconfig(fsfd, FSCONFIG_CMD_CREATE, NULL, NULL, 0));
194 
195 	int mountfd = fsmount(fsfd, FSMOUNT_CLOEXEC, 0);
196 	ASSERT_SUCCESS(mountfd);
197 
198 	ASSERT_SUCCESS(faccessat(mountfd, "1/", X_OK, 0));
199 	ASSERT_SUCCESS(faccessat(mountfd, "self/", X_OK, 0));
200 
201 	ASSERT_ERRNO_EQ(-EBUSY, fsconfig(fsfd, FSCONFIG_SET_FD, "pidns", NULL, self->dummy_pidns));
202 	ASSERT_SUCCESS(fsconfig(fsfd, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0)); /* noop */
203 
204 	ASSERT_SUCCESS(faccessat(mountfd, "1/", X_OK, 0));
205 	ASSERT_SUCCESS(faccessat(mountfd, "self/", X_OK, 0));
206 
207 	ASSERT_SUCCESS(close(fsfd));
208 	ASSERT_SUCCESS(close(mountfd));
209 }
210 
211 TEST_HARNESS_MAIN
212