1 // SPDX-License-Identifier: GPL-2.0-or-later
2 //
3 // Copyright (c) 2019 Google, Inc.
4 
5 #define _GNU_SOURCE
6 
7 #include "config.h"
8 
9 #include <errno.h>
10 #include <lapi/syscalls.h>
11 #include <sched.h>
12 
13 #include <sys/mount.h>
14 #include <stdlib.h>
15 
16 #include "tst_test.h"
17 
18 #ifdef HAVE_UNSHARE
19 
20 #ifdef HAVE_LIBCAP
21 #include <sys/capability.h>
22 #endif
23 
24 #define CHROOT_DIR	"chroot"
25 #define NEW_ROOT	"/new_root"
26 #define PUT_OLD		"/new_root/put_old"
27 #define PUT_OLD_FS	"/put_old_fs"
28 #define PUT_OLD_BAD	"/put_old_fs/put_old"
29 
30 enum {
31 	/*
32 	 * Test consists of a series of steps that allow pivot_root to succeed,
33 	 * which is run when param is NORMAL. All other values tweak one of the
34 	 * steps to induce a failure, and check the errno is as expected.
35 	 */
36 	NORMAL,
37 
38 	/*
39 	 * EBUSY
40 	 * new_root or put_old are on the current root file system
41 	 */
42 	NEW_ROOT_ON_CURRENT_ROOT,
43 
44 	/*
45 	 * EINVAL
46 	 * put_old is not underneath new_root
47 	 * Note: if put_old and new_root are on the same fs,
48 	 * pivot_root fails with EBUSY before testing reachability
49 	 */
50 	PUT_OLD_NOT_UNDERNEATH_NEW_ROOT,
51 
52 	/*
53 	 * ENOTDIR
54 	 * new_root or put_old is not a directory
55 	 */
56 	PUT_OLD_NOT_DIR,
57 
58 	/*
59 	 * EPERM
60 	 * The calling process does not have the CAP_SYS_ADMIN capability.
61 	 */
62 	NO_CAP_SYS_ADMIN,
63 };
64 
65 static const struct test_case {
66 	int test_case;
67 	int expected_error;
68 } test_cases[] = {
69 	{NORMAL, 0},
70 	{NEW_ROOT_ON_CURRENT_ROOT, EBUSY},
71 	{PUT_OLD_NOT_UNDERNEATH_NEW_ROOT, EINVAL},
72 	{PUT_OLD_NOT_DIR, ENOTDIR},
73 	{NO_CAP_SYS_ADMIN, EPERM},
74 };
75 
76 #ifdef HAVE_LIBCAP
drop_cap_sys_admin(void)77 static void drop_cap_sys_admin(void)
78 {
79 	cap_value_t cap_value[] = { CAP_SYS_ADMIN };
80 	cap_t cap = cap_get_proc();
81 	if (!cap)
82 		tst_brk(TBROK | TERRNO, "cap_get_proc failed");
83 
84 	if (cap_set_flag(cap, CAP_EFFECTIVE, 1, cap_value, CAP_CLEAR))
85 		tst_brk(TBROK | TERRNO, "cap_set_flag failed");
86 
87 	if (cap_set_proc(cap))
88 		tst_brk(TBROK | TERRNO, "cap_set_proc failed");
89 }
90 #endif
91 
run(unsigned int test_case)92 static void run(unsigned int test_case)
93 {
94 	/* Work in child process - needed to undo unshare and chroot */
95 	if (SAFE_FORK()) {
96 		tst_reap_children();
97 		return;
98 	}
99 
100 	/* pivot_root requires no shared mounts exist in process namespace */
101 	TEST(unshare(CLONE_NEWNS | CLONE_FS));
102 	if (TST_RET == -1)
103 		tst_brk(TFAIL | TERRNO, "unshare failed");
104 
105 	/*
106 	 * Create an initial root dir. pivot_root doesn't work if the initial root
107 	 * dir is a initramfs, so use chroot to create a safe environment
108 	 */
109 	SAFE_MOUNT("none", "/", NULL, MS_REC|MS_PRIVATE, NULL);
110 	SAFE_MOUNT("none", CHROOT_DIR, "tmpfs", 0, 0);
111 	SAFE_CHROOT(CHROOT_DIR);
112 
113 	SAFE_MKDIR(NEW_ROOT, 0777);
114 
115 	/*
116 	 * pivot_root only works if new_root is a mount point, so mount a tmpfs
117 	 * unless testing for that fail mode
118 	 */
119 	if (test_cases[test_case].test_case != NEW_ROOT_ON_CURRENT_ROOT)
120 		SAFE_MOUNT("none", NEW_ROOT, "tmpfs", 0, 0);
121 
122 	/*
123 	 * Create put_old under new_root, unless testing for that specific fail
124 	 * mode
125 	 */
126 	const char* actual_put_old = NULL;
127 	if (test_cases[test_case].test_case == PUT_OLD_NOT_UNDERNEATH_NEW_ROOT) {
128 		actual_put_old = PUT_OLD_BAD;
129 		SAFE_MKDIR(PUT_OLD_FS, 0777);
130 		SAFE_MOUNT("none", PUT_OLD_FS, "tmpfs", 0, 0);
131 		SAFE_MKDIR(PUT_OLD_BAD, 0777);
132 	} else {
133 		actual_put_old = PUT_OLD;
134 
135 		if (test_cases[test_case].test_case == PUT_OLD_NOT_DIR)
136 			SAFE_CREAT(PUT_OLD, 0777);
137 		else
138 			SAFE_MKDIR(PUT_OLD, 0777);
139 	}
140 
141 	if (test_cases[test_case].test_case == NO_CAP_SYS_ADMIN) {
142 #ifdef HAVE_LIBCAP
143 		drop_cap_sys_admin();
144 #else
145 		tst_res(TCONF,
146 			"System doesn't have POSIX capabilities support");
147 		return;
148 #endif
149 	}
150 
151 	TEST(syscall(__NR_pivot_root, NEW_ROOT, actual_put_old));
152 
153 	if (test_cases[test_case].test_case == NORMAL) {
154 		if (TST_RET)
155 			tst_res(TFAIL | TERRNO, "pivot_root failed");
156 		else
157 			tst_res(TPASS, "pivot_root succeeded");
158 
159 		return;
160 	}
161 
162 	if (TST_RET == 0) {
163 		tst_res(TFAIL, "pivot_root succeeded unexpectedly");
164 		return;
165 	}
166 
167 	if (errno != test_cases[test_case].expected_error) {
168 		tst_res(TFAIL | TERRNO,	"pivot_root failed with wrong errno");
169 		return;
170 	}
171 
172 	tst_res(TPASS | TERRNO, "pivot_root failed as expectedly");
173 }
174 
setup(void)175 static void setup(void)
176 {
177 	SAFE_MKDIR(CHROOT_DIR, 0777);
178 }
179 
180 static struct tst_test test = {
181 	.test = run,
182 	.tcnt = ARRAY_SIZE(test_cases),
183 	.needs_tmpdir = 1,
184 	.needs_root = 1,
185 	.forks_child = 1,
186 	.setup = setup,
187 };
188 
189 #else
190 	TST_TEST_TCONF("unshare is undefined.");
191 #endif
192