1 /*
2 * Copyright (c) Huawei Technologies Co., Ltd., 2015
3 * This program is free software; you can redistribute it and/or modify it
4 * under the terms of the GNU General Public License as published by the Free
5 * Software Foundation; either version 2 of the License, or (at your option)
6 * any later version. This program is distributed in the hope that it will be
7 * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
8 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
9 * Public License for more details. You should have received a copy of the GNU
10 * General Public License along with this program.
11 */
12
13 /*
14 * Verify that:
15 * /proc/PID/uid_map and /proc/PID/gid_map contains three values separated by
16 * white space:
17 * ID-inside-ns ID-outside-ns length
18 *
19 * ID-outside-ns is interpreted according to which process is opening the file.
20 * If the process opening the file is in the same user namespace as the process
21 * PID, then ID-outside-ns is defined with respect to the parent user namespace.
22 * If the process opening the file is in a different user namespace, then
23 * ID-outside-ns is defined with respect to the user namespace of the process
24 * opening the file.
25 *
26 * The string "deny" would be written to /proc/self/setgroups before GID
27 * check if setgroups is allowed, see kernel commits:
28 *
29 * commit 9cc46516ddf497ea16e8d7cb986ae03a0f6b92f8
30 * Author: Eric W. Biederman <ebiederm@xmission.com>
31 * Date: Tue Dec 2 12:27:26 2014 -0600
32 * userns: Add a knob to disable setgroups on a per user namespace basis
33 *
34 * commit 66d2f338ee4c449396b6f99f5e75cd18eb6df272
35 * Author: Eric W. Biederman <ebiederm@xmission.com>
36 * Date: Fri Dec 5 19:36:04 2014 -0600
37 * userns: Allow setting gid_maps without privilege when setgroups is disabled
38 *
39 */
40
41 #define _GNU_SOURCE
42 #include <sys/wait.h>
43 #include <assert.h>
44 #include <stdio.h>
45 #include <stdlib.h>
46 #include <stdbool.h>
47 #include <unistd.h>
48 #include <string.h>
49 #include <errno.h>
50 #include "test.h"
51 #include "libclone.h"
52 #include "userns_helper.h"
53
54 #define CHILD1UID 0
55 #define CHILD1GID 0
56 #define CHILD2UID 200
57 #define CHILD2GID 200
58 #define UID_MAP 0
59 #define GID_MAP 1
60
61 char *TCID = "user_namespace3";
62 int TST_TOTAL = 1;
63 static int cpid1, parentuid, parentgid;
64
65 /*
66 * child_fn1() - Inside a new user namespace
67 */
child_fn1(void)68 static int child_fn1(void)
69 {
70 TST_SAFE_CHECKPOINT_WAIT(NULL, 0);
71 return 0;
72 }
73
74 /*
75 * child_fn2() - Inside a new user namespace
76 */
child_fn2(void)77 static int child_fn2(void)
78 {
79 int exit_val = 0;
80 int uid, gid;
81 char cpid1uidpath[BUFSIZ];
82 char cpid1gidpath[BUFSIZ];
83 int idinsidens, idoutsidens, length;
84
85 TST_SAFE_CHECKPOINT_WAIT(NULL, 1);
86
87 uid = geteuid();
88 gid = getegid();
89
90 if (uid != CHILD2UID || gid != CHILD2GID) {
91 printf("unexpected uid=%d gid=%d\n", uid, gid);
92 exit_val = 1;
93 }
94
95 /*Get the uid parameters of the child_fn2 process.*/
96 SAFE_FILE_SCANF(NULL, "/proc/self/uid_map", "%d %d %d", &idinsidens,
97 &idoutsidens, &length);
98
99 /* map file format:ID-inside-ns ID-outside-ns length
100 If the process opening the file is in the same user namespace as
101 the process PID, then ID-outside-ns is defined with respect to the
102 parent user namespace.*/
103 if (idinsidens != CHILD2UID || idoutsidens != parentuid) {
104 printf("child_fn2 checks /proc/cpid2/uid_map:\n");
105 printf("unexpected: idinsidens=%d idoutsidens=%d\n",
106 idinsidens, idoutsidens);
107 exit_val = 1;
108 }
109
110 sprintf(cpid1uidpath, "/proc/%d/uid_map", cpid1);
111 SAFE_FILE_SCANF(NULL, cpid1uidpath, "%d %d %d", &idinsidens,
112 &idoutsidens, &length);
113
114 /* If the process opening the file is in a different user namespace,
115 then ID-outside-ns is defined with respect to the user namespace
116 of the process opening the file.*/
117 if (idinsidens != CHILD1UID || idoutsidens != CHILD2UID) {
118 printf("child_fn2 checks /proc/cpid1/uid_map:\n");
119 printf("unexpected: idinsidens=%d idoutsidens=%d\n",
120 idinsidens, idoutsidens);
121 exit_val = 1;
122 }
123
124 sprintf(cpid1gidpath, "/proc/%d/gid_map", cpid1);
125 SAFE_FILE_SCANF(NULL, "/proc/self/gid_map", "%d %d %d",
126 &idinsidens, &idoutsidens, &length);
127
128 if (idinsidens != CHILD2GID || idoutsidens != parentgid) {
129 printf("child_fn2 checks /proc/cpid2/gid_map:\n");
130 printf("unexpected: idinsidens=%d idoutsidens=%d\n",
131 idinsidens, idoutsidens);
132 exit_val = 1;
133 }
134
135 SAFE_FILE_SCANF(NULL, cpid1gidpath, "%d %d %d", &idinsidens,
136 &idoutsidens, &length);
137
138 if (idinsidens != CHILD1GID || idoutsidens != CHILD2GID) {
139 printf("child_fn1 checks /proc/cpid1/gid_map:\n");
140 printf("unexpected: idinsidens=%d idoutsidens=%d\n",
141 idinsidens, idoutsidens);
142 exit_val = 1;
143 }
144
145 TST_SAFE_CHECKPOINT_WAKE(NULL, 0);
146 TST_SAFE_CHECKPOINT_WAKE(NULL, 1);
147 return exit_val;
148 }
149
cleanup(void)150 static void cleanup(void)
151 {
152 tst_rmdir();
153 }
154
setup(void)155 static void setup(void)
156 {
157 check_newuser();
158 tst_tmpdir();
159 TST_CHECKPOINT_INIT(NULL);
160 }
161
main(int argc,char * argv[])162 int main(int argc, char *argv[])
163 {
164 pid_t cpid2;
165 char path[BUFSIZ];
166 int lc;
167 int fd;
168 int ret;
169
170 tst_parse_opts(argc, argv, NULL, NULL);
171 setup();
172
173 for (lc = 0; TEST_LOOPING(lc); lc++) {
174 tst_count = 0;
175
176 parentuid = geteuid();
177 parentgid = getegid();
178
179 cpid1 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD,
180 (void *)child_fn1, NULL);
181 if (cpid1 < 0)
182 tst_brkm(TBROK | TERRNO, cleanup,
183 "cpid1 clone failed");
184
185 cpid2 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD,
186 (void *)child_fn2, NULL);
187 if (cpid2 < 0)
188 tst_brkm(TBROK | TERRNO, cleanup,
189 "cpid2 clone failed");
190
191 if (access("/proc/self/setgroups", F_OK) == 0) {
192 sprintf(path, "/proc/%d/setgroups", cpid1);
193 fd = SAFE_OPEN(cleanup, path, O_WRONLY, 0644);
194 SAFE_WRITE(cleanup, 1, fd, "deny", 4);
195 SAFE_CLOSE(cleanup, fd);
196 /* If the setgroups file has the value "deny",
197 * then the setgroups(2) system call can't
198 * subsequently be reenabled (by writing "allow" to
199 * the file) in this user namespace. (Attempts to
200 * do so will fail with the error EPERM.)
201 */
202
203 /* test that setgroups can't be re-enabled */
204 fd = SAFE_OPEN(cleanup, path, O_WRONLY, 0644);
205 ret = write(fd, "allow", 5);
206
207 if (ret != -1) {
208 tst_brkm(TBROK | TERRNO, cleanup,
209 "write action should fail");
210 } else if (errno != EPERM) {
211 tst_brkm(TBROK | TERRNO, cleanup,
212 "unexpected error: \n");
213 }
214 SAFE_CLOSE(cleanup, fd);
215 tst_resm(TPASS, "setgroups can't be re-enabled");
216
217 sprintf(path, "/proc/%d/setgroups", cpid2);
218 fd = SAFE_OPEN(cleanup, path, O_WRONLY, 0644);
219 SAFE_WRITE(cleanup, 1, fd, "deny", 4);
220 SAFE_CLOSE(cleanup, fd);
221 }
222
223 updatemap(cpid1, UID_MAP, CHILD1UID, parentuid, cleanup);
224 updatemap(cpid2, UID_MAP, CHILD2UID, parentuid, cleanup);
225
226 updatemap(cpid1, GID_MAP, CHILD1GID, parentgid, cleanup);
227 updatemap(cpid2, GID_MAP, CHILD2GID, parentgid, cleanup);
228
229 TST_SAFE_CHECKPOINT_WAKE_AND_WAIT(cleanup, 1);
230
231 tst_record_childstatus(cleanup, cpid1);
232 tst_record_childstatus(cleanup, cpid2);
233 }
234 cleanup();
235 tst_exit();
236 }
237