1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Copyright (C) 2023 SUSE LLC Andrea Cervesato <[email protected]>
4 */
5
6 /*\
7 * [Description]
8 *
9 * Drop root privileges, create a container with CLONE_NEWUTS and verify that
10 * we receive a permission error.
11 */
12
13 #define _GNU_SOURCE
14
15 #include <pwd.h>
16 #include "tst_test.h"
17 #include "lapi/sched.h"
18
19 static char *str_op;
20
run(void)21 static void run(void)
22 {
23 const struct tst_clone_args cargs = {
24 .flags = CLONE_NEWUTS,
25 .exit_signal = SIGCHLD,
26 };
27 struct passwd *pw;
28
29 tst_res(TINFO, "Dropping root privileges");
30
31 pw = SAFE_GETPWNAM("nobody");
32 SAFE_SETRESUID(pw->pw_uid, pw->pw_uid, pw->pw_uid);
33
34 if (!str_op || !strcmp(str_op, "clone")) {
35 TEST(tst_clone(&cargs));
36
37 if (TST_RET == -1)
38 tst_res(TPASS, "clone3() fails as expected");
39 else if (TST_RET == -2)
40 tst_res(TPASS, "clone() fails as expected");
41 else
42 tst_res(TFAIL, "tst_clone returns %ld", TST_RET);
43
44 TST_EXP_PASS(errno == EPERM);
45 } else {
46 if (!SAFE_FORK()) {
47 TST_EXP_EQ_LI(unshare(CLONE_NEWUTS), -1);
48 TST_EXP_PASS(errno == EPERM);
49 return;
50 }
51 }
52 }
53
54 static struct tst_test test = {
55 .test_all = run,
56 .needs_root = 1,
57 .forks_child = 1,
58 .needs_checkpoints = 1,
59 .options = (struct tst_option[]) {
60 { "m:", &str_op, "Test execution mode <clone|unshare>" },
61 {},
62 },
63 };
64