mirror of
https://sourceware.org/git/glibc.git
synced 2025-01-16 13:44:14 +00:00
8db7f48cb7
On Fedora, the previous initialization sequence did not work and resulted in failures like: info: entering chroot 1 info: testcase: basic smoketest info: ttyname: PASS {name="/dev/pts/5", errno=0} info: ttyname_r: PASS {name="/dev/pts/5", ret=0, errno=0} error: ../sysdeps/unix/sysv/linux/tst-ttyname.c:122: write (setroups, "deny"): Operation not permitted info: entering chroot 2 error: ../sysdeps/unix/sysv/linux/tst-ttyname.c:122: write (setroups, "deny"): Operation not permitted error: 2 test failures Reviewed-by: Christian Brauner <christian.brauner@ubuntu.com>
571 lines
17 KiB
C
571 lines
17 KiB
C
/* Copyright (C) 2017 Free Software Foundation, Inc.
|
|
This file is part of the GNU C Library.
|
|
|
|
The GNU C Library is free software; you can redistribute it and/or
|
|
modify it under the terms of the GNU Lesser General Public License as
|
|
published by the Free Software Foundation; either version 2.1 of the
|
|
License, or (at your option) any later version.
|
|
|
|
The GNU C Library is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Lesser General Public License for more details.
|
|
|
|
You should have received a copy of the GNU Lesser General Public
|
|
License along with the GNU C Library; see the file COPYING.LIB. If
|
|
not, see <http://www.gnu.org/licenses/>. */
|
|
|
|
#include <dirent.h>
|
|
#include <errno.h>
|
|
#include <fcntl.h>
|
|
#include <limits.h>
|
|
#include <sched.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <sys/mount.h>
|
|
#include <sys/prctl.h>
|
|
#include <sys/stat.h>
|
|
#include <sys/wait.h>
|
|
#include <unistd.h>
|
|
|
|
#include <support/check.h>
|
|
#include <support/namespace.h>
|
|
#include <support/support.h>
|
|
#include <support/temp_file.h>
|
|
#include <support/test-driver.h>
|
|
#include <support/xunistd.h>
|
|
|
|
/* generic utilities */
|
|
|
|
#define VERIFY(expr) \
|
|
do { \
|
|
if (!(expr)) \
|
|
{ \
|
|
printf ("error: %s:%d: %s: %m\n", \
|
|
__FILE__, __LINE__, #expr); \
|
|
exit (1); \
|
|
} \
|
|
} while (0)
|
|
|
|
static void
|
|
touch (const char *path, mode_t mode)
|
|
{
|
|
xclose (xopen (path, O_WRONLY|O_CREAT|O_NOCTTY, mode));
|
|
}
|
|
|
|
static size_t
|
|
trim_prefix (char *str, size_t str_len, const char *prefix)
|
|
{
|
|
size_t prefix_len = strlen (prefix);
|
|
if (str_len > prefix_len && memcmp (str, prefix, prefix_len) == 0)
|
|
{
|
|
memmove (str, str + prefix_len, str_len - prefix_len);
|
|
return str_len - prefix_len;
|
|
}
|
|
return str_len;
|
|
}
|
|
|
|
/* returns a pointer to static storage */
|
|
static char *
|
|
proc_fd_readlink (const char *linkname)
|
|
{
|
|
static char target[PATH_MAX+1];
|
|
ssize_t target_len = readlink (linkname, target, PATH_MAX);
|
|
VERIFY (target_len > 0);
|
|
target_len = trim_prefix (target, target_len, "(unreachable)");
|
|
target[target_len] = '\0';
|
|
return target;
|
|
}
|
|
|
|
/* plain ttyname runner */
|
|
|
|
struct result
|
|
{
|
|
const char *name;
|
|
int err;
|
|
};
|
|
|
|
/* strings in result structure are in static storage */
|
|
static struct result
|
|
run_ttyname (int fd)
|
|
{
|
|
struct result ret;
|
|
errno = 0;
|
|
ret.name = ttyname (fd);
|
|
ret.err = errno;
|
|
return ret;
|
|
}
|
|
|
|
static bool
|
|
eq_ttyname (struct result actual, struct result expected)
|
|
{
|
|
char *actual_name, *expected_name;
|
|
|
|
if ((actual.err == expected.err) &&
|
|
(!actual.name == !expected.name) &&
|
|
(actual.name ? strcmp (actual.name, expected.name) == 0 : true))
|
|
{
|
|
if (expected.name)
|
|
expected_name = xasprintf ("\"%s\"", expected.name);
|
|
else
|
|
expected_name = xstrdup ("NULL");
|
|
|
|
printf ("info: ttyname: PASS {name=%s, errno=%d}\n",
|
|
expected_name, expected.err);
|
|
|
|
free (expected_name);
|
|
return true;
|
|
}
|
|
|
|
if (actual.name)
|
|
actual_name = xasprintf ("\"%s\"", actual.name);
|
|
else
|
|
actual_name = xstrdup ("NULL");
|
|
|
|
if (expected.name)
|
|
expected_name = xasprintf ("\"%s\"", expected.name);
|
|
else
|
|
expected_name = xstrdup ("NULL");
|
|
|
|
printf ("error: ttyname: actual {name=%s, errno=%d} != expected {name=%s, errno=%d}\n",
|
|
actual_name, actual.err,
|
|
expected_name, expected.err);
|
|
|
|
free (actual_name);
|
|
free (expected_name);
|
|
return false;
|
|
}
|
|
|
|
/* ttyname_r runner */
|
|
|
|
struct result_r
|
|
{
|
|
const char *name;
|
|
int ret;
|
|
int err;
|
|
};
|
|
|
|
/* strings in result structure are in static storage */
|
|
static struct result_r
|
|
run_ttyname_r (int fd)
|
|
{
|
|
static char buf[TTY_NAME_MAX];
|
|
|
|
struct result_r ret;
|
|
errno = 0;
|
|
ret.ret = ttyname_r (fd, buf, TTY_NAME_MAX);
|
|
ret.err = errno;
|
|
if (ret.ret == 0)
|
|
ret.name = buf;
|
|
else
|
|
ret.name = NULL;
|
|
return ret;
|
|
}
|
|
|
|
static bool
|
|
eq_ttyname_r (struct result_r actual, struct result_r expected)
|
|
{
|
|
char *actual_name, *expected_name;
|
|
|
|
if ((actual.err == expected.err) &&
|
|
(actual.ret == expected.ret) &&
|
|
(!actual.name == !expected.name) &&
|
|
(actual.name ? strcmp (actual.name, expected.name) == 0 : true))
|
|
{
|
|
if (expected.name)
|
|
expected_name = xasprintf ("\"%s\"", expected.name);
|
|
else
|
|
expected_name = xstrdup ("NULL");
|
|
|
|
printf ("info: ttyname_r: PASS {name=%s, ret=%d, errno=%d}\n",
|
|
expected_name, expected.ret, expected.err);
|
|
|
|
free (expected_name);
|
|
return true;
|
|
}
|
|
|
|
if (actual.name)
|
|
actual_name = xasprintf ("\"%s\"", actual.name);
|
|
else
|
|
actual_name = xstrdup ("NULL");
|
|
|
|
if (expected.name)
|
|
expected_name = xasprintf ("\"%s\"", expected.name);
|
|
else
|
|
expected_name = xstrdup ("NULL");
|
|
|
|
printf ("error: ttyname_r: actual {name=%s, ret=%d, errno=%d} != expected {name=%s, ret=%d, errno=%d}\n",
|
|
actual_name, actual.ret, actual.err,
|
|
expected_name, expected.ret, expected.err);
|
|
|
|
free (actual_name);
|
|
free (expected_name);
|
|
return false;
|
|
}
|
|
|
|
/* combined runner */
|
|
|
|
static bool
|
|
doit (int fd, const char *testname, struct result_r expected_r)
|
|
{
|
|
struct result expected = {.name=expected_r.name, .err=expected_r.ret};
|
|
bool ret = true;
|
|
|
|
printf ("info: testcase: %s\n", testname);
|
|
|
|
if (!eq_ttyname (run_ttyname (fd), expected))
|
|
ret = false;
|
|
if (!eq_ttyname_r (run_ttyname_r (fd), expected_r))
|
|
ret = false;
|
|
|
|
if (!ret)
|
|
support_record_failure ();
|
|
|
|
return ret;
|
|
}
|
|
|
|
/* chroot setup */
|
|
|
|
static char *chrootdir;
|
|
|
|
static void
|
|
prepare (int argc, char **argv)
|
|
{
|
|
chrootdir = xasprintf ("%s/tst-ttyname-XXXXXX", test_dir);
|
|
if (mkdtemp (chrootdir) == NULL)
|
|
FAIL_EXIT1 ("mkdtemp (\"%s\"): %m", chrootdir);
|
|
add_temp_file (chrootdir);
|
|
}
|
|
#define PREPARE prepare
|
|
|
|
/* These chroot setup functions put the TTY at at "/console" (where it
|
|
won't be found by ttyname), and create "/dev/console" as an
|
|
ordinary file. This way, it's easier to write test-cases that
|
|
expect ttyname to fail; test-cases that expect it to succeed need
|
|
to explicitly remount it at "/dev/console". */
|
|
|
|
static int
|
|
do_in_chroot_1 (int (*cb)(const char *, int))
|
|
{
|
|
printf ("info: entering chroot 1\n");
|
|
|
|
/* Open the PTS that we'll be testing on. */
|
|
int master;
|
|
char *slavename;
|
|
VERIFY ((master = posix_openpt (O_RDWR|O_NOCTTY|O_NONBLOCK)) >= 0);
|
|
VERIFY ((slavename = ptsname (master)));
|
|
VERIFY (unlockpt (master) == 0);
|
|
if (strncmp (slavename, "/dev/pts/", 9) != 0)
|
|
FAIL_UNSUPPORTED ("slave pseudo-terminal is not under /dev/pts/: %s",
|
|
slavename);
|
|
int slave = xopen (slavename, O_RDWR, 0);
|
|
if (!doit (slave, "basic smoketest",
|
|
(struct result_r){.name=slavename, .ret=0, .err=0}))
|
|
return 1;
|
|
|
|
pid_t pid = xfork ();
|
|
if (pid == 0)
|
|
{
|
|
xclose (master);
|
|
|
|
if (!support_enter_mount_namespace ())
|
|
FAIL_UNSUPPORTED ("could not enter new mount namespace");
|
|
|
|
VERIFY (mount ("tmpfs", chrootdir, "tmpfs", 0, "mode=755") == 0);
|
|
VERIFY (chdir (chrootdir) == 0);
|
|
|
|
xmkdir ("proc", 0755);
|
|
xmkdir ("dev", 0755);
|
|
xmkdir ("dev/pts", 0755);
|
|
|
|
VERIFY (mount ("/proc", "proc", NULL, MS_BIND|MS_REC, NULL) == 0);
|
|
VERIFY (mount ("devpts", "dev/pts", "devpts",
|
|
MS_NOSUID|MS_NOEXEC,
|
|
"newinstance,ptmxmode=0666,mode=620") == 0);
|
|
VERIFY (symlink ("pts/ptmx", "dev/ptmx") == 0);
|
|
|
|
touch ("console", 0);
|
|
touch ("dev/console", 0);
|
|
VERIFY (mount (slavename, "console", NULL, MS_BIND, NULL) == 0);
|
|
|
|
xchroot (".");
|
|
|
|
char *linkname = xasprintf ("/proc/self/fd/%d", slave);
|
|
char *target = proc_fd_readlink (linkname);
|
|
VERIFY (strcmp (target, slavename) == 0);
|
|
free (linkname);
|
|
|
|
_exit (cb (slavename, slave));
|
|
}
|
|
int status;
|
|
xwaitpid (pid, &status, 0);
|
|
VERIFY (WIFEXITED (status));
|
|
xclose (master);
|
|
xclose (slave);
|
|
return WEXITSTATUS (status);
|
|
}
|
|
|
|
static int
|
|
do_in_chroot_2 (int (*cb)(const char *, int))
|
|
{
|
|
printf ("info: entering chroot 2\n");
|
|
|
|
int pid_pipe[2];
|
|
xpipe (pid_pipe);
|
|
int exit_pipe[2];
|
|
xpipe (exit_pipe);
|
|
|
|
/* Open the PTS that we'll be testing on. */
|
|
int master;
|
|
char *slavename;
|
|
VERIFY ((master = posix_openpt (O_RDWR|O_NOCTTY|O_NONBLOCK)) >= 0);
|
|
VERIFY ((slavename = ptsname (master)));
|
|
VERIFY (unlockpt (master) == 0);
|
|
if (strncmp (slavename, "/dev/pts/", 9) != 0)
|
|
FAIL_UNSUPPORTED ("slave pseudo-terminal is not under /dev/pts/: %s",
|
|
slavename);
|
|
/* wait until in a new mount ns to open the slave */
|
|
|
|
/* enable `wait`ing on grandchildren */
|
|
VERIFY (prctl (PR_SET_CHILD_SUBREAPER, 1) == 0);
|
|
|
|
pid_t pid = xfork (); /* outer child */
|
|
if (pid == 0)
|
|
{
|
|
xclose (master);
|
|
xclose (pid_pipe[0]);
|
|
xclose (exit_pipe[1]);
|
|
|
|
if (!support_enter_mount_namespace ())
|
|
FAIL_UNSUPPORTED ("could not enter new mount namespace");
|
|
|
|
int slave = xopen (slavename, O_RDWR, 0);
|
|
if (!doit (slave, "basic smoketest",
|
|
(struct result_r){.name=slavename, .ret=0, .err=0}))
|
|
_exit (1);
|
|
|
|
VERIFY (mount ("tmpfs", chrootdir, "tmpfs", 0, "mode=755") == 0);
|
|
VERIFY (chdir (chrootdir) == 0);
|
|
|
|
xmkdir ("proc", 0755);
|
|
xmkdir ("dev", 0755);
|
|
xmkdir ("dev/pts", 0755);
|
|
|
|
VERIFY (mount ("devpts", "dev/pts", "devpts",
|
|
MS_NOSUID|MS_NOEXEC,
|
|
"newinstance,ptmxmode=0666,mode=620") == 0);
|
|
VERIFY (symlink ("pts/ptmx", "dev/ptmx") == 0);
|
|
|
|
touch ("console", 0);
|
|
touch ("dev/console", 0);
|
|
VERIFY (mount (slavename, "console", NULL, MS_BIND, NULL) == 0);
|
|
|
|
xchroot (".");
|
|
|
|
if (unshare (CLONE_NEWNS | CLONE_NEWPID) < 0)
|
|
FAIL_UNSUPPORTED ("could not enter new PID namespace");
|
|
pid = xfork (); /* inner child */
|
|
if (pid == 0)
|
|
{
|
|
xclose (pid_pipe[1]);
|
|
|
|
/* wait until the outer child has exited */
|
|
char c;
|
|
VERIFY (read (exit_pipe[0], &c, 1) == 0);
|
|
xclose (exit_pipe[0]);
|
|
|
|
VERIFY (mount ("proc", "/proc", "proc",
|
|
MS_NOSUID|MS_NOEXEC|MS_NODEV, NULL) == 0);
|
|
|
|
char *linkname = xasprintf ("/proc/self/fd/%d", slave);
|
|
char *target = proc_fd_readlink (linkname);
|
|
VERIFY (strcmp (target, strrchr (slavename, '/')) == 0);
|
|
free (linkname);
|
|
|
|
_exit (cb (slavename, slave));
|
|
}
|
|
xwrite (pid_pipe[1], &pid, sizeof pid);
|
|
_exit (0);
|
|
}
|
|
xclose (pid_pipe[1]);
|
|
xclose (exit_pipe[0]);
|
|
xclose (exit_pipe[1]);
|
|
|
|
/* wait for the outer child */
|
|
int status;
|
|
xwaitpid (pid, &status, 0);
|
|
VERIFY (WIFEXITED (status));
|
|
int ret = WEXITSTATUS (status);
|
|
if (ret != 0)
|
|
return ret;
|
|
|
|
/* set 'pid' to the inner child */
|
|
VERIFY (read (pid_pipe[0], &pid, sizeof pid) == sizeof pid);
|
|
xclose (pid_pipe[0]);
|
|
|
|
/* wait for the inner child */
|
|
xwaitpid (pid, &status, 0);
|
|
VERIFY (WIFEXITED (status));
|
|
xclose (master);
|
|
return WEXITSTATUS (status);
|
|
}
|
|
|
|
/* main test */
|
|
|
|
static int
|
|
run_chroot_tests (const char *slavename, int slave)
|
|
{
|
|
struct stat st;
|
|
bool ok = true;
|
|
|
|
/* There are 3 groups of tests here. The first group fairly
|
|
generically does things known to mess up ttyname, and verifies
|
|
that ttyname copes correctly. The remaining groups are
|
|
increasingly convoluted, as we target specific parts of ttyname
|
|
to try to confuse. */
|
|
|
|
/* Basic tests that it doesn't get confused by multiple devpts
|
|
instances. */
|
|
{
|
|
VERIFY (stat (slavename, &st) < 0); /* sanity check */
|
|
if (!doit (slave, "no conflict, no match",
|
|
(struct result_r){.name=NULL, .ret=ENODEV, .err=ENODEV}))
|
|
ok = false;
|
|
VERIFY (mount ("/console", "/dev/console", NULL, MS_BIND, NULL) == 0);
|
|
if (!doit (slave, "no conflict, console",
|
|
(struct result_r){.name="/dev/console", .ret=0, .err=0}))
|
|
ok = false;
|
|
VERIFY (umount ("/dev/console") == 0);
|
|
|
|
/* keep creating PTYs until we we get a name collision */
|
|
while (stat (slavename, &st) < 0)
|
|
posix_openpt (O_RDWR|O_NOCTTY|O_NONBLOCK);
|
|
VERIFY (stat (slavename, &st) == 0);
|
|
|
|
if (!doit (slave, "conflict, no match",
|
|
(struct result_r){.name=NULL, .ret=ENODEV, .err=ENODEV}))
|
|
ok = false;
|
|
VERIFY (mount ("/console", "/dev/console", NULL, MS_BIND, NULL) == 0);
|
|
if (!doit (slave, "conflict, console",
|
|
(struct result_r){.name="/dev/console", .ret=0, .err=0}))
|
|
ok = false;
|
|
VERIFY (umount ("/dev/console") == 0);
|
|
}
|
|
|
|
/* The first tests kinda assumed that they hit certain code-paths
|
|
based on assuming that the readlink target is 'slavename', but
|
|
that's not quite always true. They're still a good preliminary
|
|
sanity check, so keep them, but let's add tests that make sure
|
|
that those code-paths are hit by doing a readlink ourself. */
|
|
{
|
|
char *linkname = xasprintf ("/proc/self/fd/%d", slave);
|
|
char *target = proc_fd_readlink (linkname);
|
|
free (linkname);
|
|
/* Depeding on how we set up the chroot, the kernel may or may not
|
|
trim the leading path to the target (it may give us "/6",
|
|
instead of "/dev/pts/6"). We test it both ways (do_in_chroot_1
|
|
and do_in_chroot_2). This test group relies on the target
|
|
existing, so guarantee that it does exist by creating it if
|
|
necessary. */
|
|
if (stat (target, &st) < 0)
|
|
{
|
|
VERIFY (errno == ENOENT);
|
|
touch (target, 0);
|
|
}
|
|
|
|
VERIFY (mount ("/console", "/dev/console", NULL, MS_BIND, NULL) == 0);
|
|
VERIFY (mount ("/console", target, NULL, MS_BIND, NULL) == 0);
|
|
if (!doit (slave, "with readlink target",
|
|
(struct result_r){.name=target, .ret=0, .err=0}))
|
|
ok = false;
|
|
VERIFY (umount (target) == 0);
|
|
VERIFY (umount ("/dev/console") == 0);
|
|
|
|
VERIFY (mount ("/console", "/dev/console", NULL, MS_BIND, NULL) == 0);
|
|
VERIFY (mount (slavename, target, NULL, MS_BIND, NULL) == 0);
|
|
if (!doit (slave, "with readlink trap; fallback",
|
|
(struct result_r){.name="/dev/console", .ret=0, .err=0}))
|
|
ok = false;
|
|
VERIFY (umount (target) == 0);
|
|
VERIFY (umount ("/dev/console") == 0);
|
|
|
|
VERIFY (mount (slavename, target, NULL, MS_BIND, NULL) == 0);
|
|
if (!doit (slave, "with readlink trap; no fallback",
|
|
(struct result_r){.name=NULL, .ret=ENODEV, .err=ENODEV}))
|
|
ok = false;
|
|
VERIFY (umount (target) == 0);
|
|
}
|
|
|
|
/* This test makes sure that everything still works OK if readdir
|
|
finds a pseudo-match before and/or after the actual match. Now,
|
|
to do that, we need to control that readdir finds the
|
|
pseudo-matches before and after the actual match; and there's no
|
|
good way to control that order in absence of whitebox testing.
|
|
So, just create 3 files, then use opendir/readdir to see what
|
|
order they are in, and assign meaning based on that order, not by
|
|
name; assigning the first to be a pseudo-match, the second to be
|
|
the actual match, and the third to be a pseudo-match. This
|
|
assumes that (on tmpfs) ordering within the directory is stable
|
|
in the absence of modification, which seems reasonably safe. */
|
|
{
|
|
/* since we're testing the fallback search, disable the readlink
|
|
happy-path */
|
|
VERIFY (umount2 ("/proc", MNT_DETACH) == 0);
|
|
|
|
touch ("/dev/console1", 0);
|
|
touch ("/dev/console2", 0);
|
|
touch ("/dev/console3", 0);
|
|
|
|
char *c[3];
|
|
int ci = 0;
|
|
DIR *dirstream = opendir ("/dev");
|
|
VERIFY (dirstream != NULL);
|
|
struct dirent *d;
|
|
while ((d = readdir (dirstream)) != NULL && ci < 3)
|
|
{
|
|
if (strcmp (d->d_name, "console1") &&
|
|
strcmp (d->d_name, "console2") &&
|
|
strcmp (d->d_name, "console3") )
|
|
continue;
|
|
c[ci++] = xasprintf ("/dev/%s", d->d_name);
|
|
}
|
|
VERIFY (ci == 3);
|
|
VERIFY (closedir (dirstream) == 0);
|
|
|
|
VERIFY (mount (slavename, c[0], NULL, MS_BIND, NULL) == 0);
|
|
VERIFY (mount ("/console", c[1], NULL, MS_BIND, NULL) == 0);
|
|
VERIFY (mount (slavename, c[2], NULL, MS_BIND, NULL) == 0);
|
|
VERIFY (umount2 ("/dev/pts", MNT_DETACH) == 0);
|
|
if (!doit (slave, "with search-path trap",
|
|
(struct result_r){.name=c[1], .ret=0, .err=0}))
|
|
ok = false;
|
|
for (int i = 0; i < 3; i++)
|
|
{
|
|
VERIFY (umount (c[i]) == 0);
|
|
VERIFY (unlink (c[i]) == 0);
|
|
free (c[i]);
|
|
}
|
|
}
|
|
|
|
return ok ? 0 : 1;
|
|
}
|
|
|
|
static int
|
|
do_test (void)
|
|
{
|
|
support_become_root ();
|
|
|
|
int ret1 = do_in_chroot_1 (run_chroot_tests);
|
|
if (ret1 == EXIT_UNSUPPORTED)
|
|
return ret1;
|
|
|
|
int ret2 = do_in_chroot_2 (run_chroot_tests);
|
|
if (ret2 == EXIT_UNSUPPORTED)
|
|
return ret2;
|
|
|
|
return ret1 | ret2;
|
|
}
|
|
|
|
#include <support/test-driver.c>
|