Bash程序  |  172行  |  4.82 KB

#!/bin/sh
#
# Copyright (c) 2017 FUJITSU LIMITED. All rights reserved.
# Author: Xiao Yang <yangx.jy@cn.fujitsu.com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
# the GNU General Public License for more details.
#
# Test unshare command with some basic options.
# 1) If we run unshare with "--user", UID in the newly created user namespace
#    is set to 65534.
# 2) If we run unshare with "--user", GID in the newly created user namespace
#    is set to 65534.
# 3) If we run with "--user --map-root-user", UID in the newly created user
#    namespace is set to 0.
# 4) If we run with "--user --map-root-user", GID in the newly created user
#    is set to 0.
# 5) If we run with "--mount", mount and unmount events do not propagate to
#    its parent mount namespace.
# 6) If we run with "--mount --propagation shared", mount and unmount events
#    propagate to its parent mount namespace.
# 7) If we run with "--user --map-root-user --mount", mount and unmount events
#    do not propagate to its parent mount namespace.
# 8) Even if we run with "--user --map-root-user --mount --propagation shared",
#    mount and unmount events do not propagate to its parent mount namespace
#    because the shared mount is reduced to a slave mount.
#
#    Please see the following URL for detailed information:
#    http://man7.org/linux/man-pages/man7/user_namespaces.7.html
#    http://man7.org/linux/man-pages/man7/mount_namespaces.7.html
#

TST_CNT=8
TST_SETUP=setup
TST_CLEANUP=cleanup
TST_TESTFUNC=do_test
TST_NEEDS_ROOT=1
TST_NEEDS_TMPDIR=1
TST_NEEDS_CMDS="unshare id mount umount"
. tst_test.sh

max_userns_path="/proc/sys/user/max_user_namespaces"
max_mntns_path="/proc/sys/user/max_mnt_namespaces"
default_max_userns=-1
default_max_mntns=-1

setup()
{
	# On some distributions(e.g RHEL7.4), the default value of
	# max_user_namespaces or max_mnt_namespaces is set to 0.
	# We need to change the default value to run unshare command.
	if [ -f "${max_userns_path}" ]; then
		default_max_userns=$(cat "${max_userns_path}")
		echo 1024 > "${max_userns_path}"
	fi

	if [ -f "${max_mntns_path}" ]; then
		default_max_mntns=$(cat "${max_mntns_path}")
		echo 1024 > "${max_mntns_path}"
	fi

	mkdir -p dir_A dir_B
	touch dir_A/A dir_B/B
}

cleanup()
{
	# Restore the default value to 0.
	[ ${default_max_userns} -ne -1 ] && \
		echo ${default_max_userns} > "${max_userns_path}"
	[ ${default_max_mntns} -ne -1 ] && \
		echo ${default_max_mntns} > "${max_mntns_path}"
}

check_id()
{
	local act_id=$1
	local exp_id=$2
	local cmd=$3

	if [ ${act_id} -ne ${exp_id} ]; then
		tst_res TFAIL "$cmd got wrong uid/gid"
	else
		tst_res TPASS "$cmd got correct uid/gid"
	fi
}

check_mount()
{
	local tst_dir=$1
	local exp_stat=$2
	local cmd=$3

	case ${exp_stat} in
	unmounted)
		if ls "${tst_dir}" | grep -qw 'A'; then
			tst_res TFAIL "$cmd got bind info"
			umount ${tst_dir}
			return
		fi
		;;
	mounted)
		if ! ls "${tst_dir}" | grep -qw 'A'; then
			tst_res TFAIL "$cmd did not get bind info"
			return
		fi
		umount ${tst_dir}
		;;
	esac

	tst_res TPASS "$cmd got bind info as expected"
}

unshare_test()
{
	local unshare_opts=$1
	local verify_cmd=$2
	local exp_result=$3

	local unshare_cmd="unshare ${unshare_opts} ${verify_cmd}"

	eval ${unshare_cmd} > temp 2>&1
	if [ $? -ne 0 ]; then
		# unrecognized option or invalid option is returned if the
		# option is not supported by unshare command(e.g. RHEL6).
		# Invalid argument or Operation not permitted is returned
		# if the feature is not supported by kernel(e.g. RHEL7).
		grep -q -E "unrecognized option|invalid option|Invalid argument|Operation not permitted" temp
		if [ $? -eq 0 ]; then
			tst_res TCONF "${unshare_cmd} not supported."
		else
			tst_res TFAIL "${unshare_cmd} failed."
		fi
		return
	fi

	case ${verify_cmd} in
	id*)
		check_id "$(cat temp)" "${exp_result}" "${unshare_cmd}"
		;;
	mount*)
		check_mount "dir_B" "${exp_result}" "${unshare_cmd}"
		;;
	esac
}

do_test()
{
	case $1 in
	1) unshare_test "--user" "id -u" "65534";;
	2) unshare_test "--user" "id -g" "65534";;
	3) unshare_test "--user --map-root-user" "id -u" "0";;
	4) unshare_test "--user --map-root-user" "id -g" "0";;
	5) unshare_test "--mount" "mount --bind dir_A dir_B" "unmounted";;
	6) unshare_test "--mount --propagation shared" \
			"mount --bind dir_A dir_B" "mounted";;
	7) unshare_test "--user --map-root-user --mount" \
			"mount --bind dir_A dir_B" "unmounted";;
	8) unshare_test "--user --map-root-user --mount --propagation shared" \
			"mount --bind dir_A dir_B" "unmounted";;
	esac
}

tst_run