tests: add tests for read-only /sys with read-write /sys/devices/virtual/net

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tests: add tests for read-only /sys with read-write /sys/devices/virtual/net
d777ffcc · Christian Brauner · cb4889ab · d777ffcc · d777ffcc · d777ffcc
Unverified Commit d777ffcc authored Jun 30, 2021 by Christian Brauner
Show whitespace changes
Inline Side-by-side

Showing with 214 additions and 1 deletion

.gitignore .gitignore +1 -0

Makefile.am src/tests/Makefile.am +57 -1

sys_mixed.c src/tests/sys_mixed.c +156 -0

No files found.
--- a/.gitignore
+++ b/.gitignore
@@ -106,6 +106,7 @@ src/tests/lxc-test-state-server
 src/tests/lxc-test-basic
 src/tests/lxc-test-cve-2019-5736
 src/tests/lxc-test-mount-injection
+src/tests/lxc-test-sys-mixed
 config/compile
 config/config.guess

--- a/src/tests/Makefile.am
+++ b/src/tests/Makefile.am
@@ -705,6 +705,60 @@ if !HAVE_STRCHRNUL
 lxc_test_utils_SOURCES += ../include/strchrnul.c ../include/strchrnul.h
 endif
+lxc_test_sys_mixed_SOURCES = sys_mixed.c \
+			  ../lxc/af_unix.c ../lxc/af_unix.h \
+			  ../lxc/caps.c ../lxc/caps.h \
+			  ../lxc/cgroups/cgfsng.c \
+			  ../lxc/cgroups/cgroup.c ../lxc/cgroups/cgroup.h \
+			  ../lxc/cgroups/cgroup2_devices.c ../lxc/cgroups/cgroup2_devices.h \
+			  ../lxc/cgroups/cgroup_utils.c ../lxc/cgroups/cgroup_utils.h \
+			  ../lxc/commands.c ../lxc/commands.h \
+			  ../lxc/commands_utils.c ../lxc/commands_utils.h \
+			  ../lxc/conf.c ../lxc/conf.h \
+			  ../lxc/confile.c ../lxc/confile.h \
+			  ../lxc/confile_utils.c ../lxc/confile_utils.h \
+			  ../lxc/error.c ../lxc/error.h \
+			  ../lxc/file_utils.c ../lxc/file_utils.h \
+			  ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \
+			  ../lxc/initutils.c ../lxc/initutils.h \
+			  ../lxc/log.c ../lxc/log.h \
+			  ../lxc/lxclock.c ../lxc/lxclock.h \
+			  ../lxc/mainloop.c ../lxc/mainloop.h \
+			  ../lxc/monitor.c ../lxc/monitor.h \
+			  ../lxc/mount_utils.c ../lxc/mount_utils.h \
+			  ../lxc/namespace.c ../lxc/namespace.h \
+			  ../lxc/network.c ../lxc/network.h \
+			  ../lxc/nl.c ../lxc/nl.h \
+			  ../lxc/parse.c ../lxc/parse.h \
+			  ../lxc/process_utils.c ../lxc/process_utils.h \
+			  ../lxc/ringbuf.c ../lxc/ringbuf.h \
+			  ../lxc/start.c ../lxc/start.h \
+			  ../lxc/state.c ../lxc/state.h \
+			  ../lxc/storage/btrfs.c ../lxc/storage/btrfs.h \
+			  ../lxc/storage/dir.c ../lxc/storage/dir.h \
+			  ../lxc/storage/loop.c ../lxc/storage/loop.h \
+			  ../lxc/storage/lvm.c ../lxc/storage/lvm.h \
+			  ../lxc/storage/nbd.c ../lxc/storage/nbd.h \
+			  ../lxc/storage/overlay.c ../lxc/storage/overlay.h \
+			  ../lxc/storage/rbd.c ../lxc/storage/rbd.h \
+			  ../lxc/storage/rsync.c ../lxc/storage/rsync.h \
+			  ../lxc/storage/storage.c ../lxc/storage/storage.h \
+			  ../lxc/storage/storage_utils.c ../lxc/storage/storage_utils.h \
+			  ../lxc/storage/zfs.c ../lxc/storage/zfs.h \
+			  ../lxc/sync.c ../lxc/sync.h \
+			  ../lxc/string_utils.c ../lxc/string_utils.h \
+			  ../lxc/terminal.c ../lxc/terminal.h \
+			  ../lxc/utils.c ../lxc/utils.h \
+			  ../lxc/uuid.c ../lxc/uuid.h \
+			  $(LSM_SOURCES)
+if ENABLE_SECCOMP
+lxc_test_sys_mixed_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h
+endif
+if !HAVE_STRCHRNUL
+lxc_test_sys_mixed_SOURCES += ../include/strchrnul.c ../include/strchrnul.h
+endif
 AM_CFLAGS += -DLXCROOTFSMOUNT=\"$(LXCROOTFSMOUNT)\" \
 	     -DLXCPATH=\"$(LXCPATH)\" \
 	     -DLXC_GLOBAL_CONF=\"$(LXC_GLOBAL_CONF)\" \
@@ -771,6 +825,7 @@ bin_PROGRAMS = lxc-test-api-reboot \
 	       lxc-test-snapshot \
 	       lxc-test-startone \
 	       lxc-test-state-server \
+	       lxc-test-sys-mixed \
 	       lxc-test-utils
 bin_SCRIPTS =
@@ -876,7 +931,8 @@ EXTRA_DIST = arch_parse.c \
 	     snapshot.c \
 	     startone.c \
 	     state_server.c \
-	     share_ns.c
+	     share_ns.c \
+	     sys_mixed.c
 clean-local:
 	rm -f lxc-test-utils-*

--- a/src/tests/sys_mixed.c
+++ b/src/tests/sys_mixed.c
+/* liblxcapi
+ *
+ * Copyright © 2021 Christian Brauner <christian.brauner@ubuntu.com>.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2, as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#include "config.h"
+#define __STDC_FORMAT_MACROS
+#include <errno.h>
+#include <fcntl.h>
+#include <inttypes.h>
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <lxc/lxccontainer.h>
+#include <lxc/attach_options.h>
+#ifdef HAVE_STATVFS
+#include <sys/statvfs.h>
+#endif
+#include "lxctest.h"
+#include "utils.h"
+static int is_read_only(const char *path)
+{
+#ifdef HAVE_STATVFS
+	int ret;
+	struct statvfs sb;
+	ret = statvfs(path, &sb);
+	if (ret < 0)
+		return -errno;
+	return (sb.f_flag & MS_RDONLY) > 0;
+#else
+	return -EOPNOTSUPP;
+#endif
+}
+static int sys_mixed(void *payload)
+{
+	int ret;
+	ret = is_read_only("/sys");
+	if (ret == -EOPNOTSUPP)
+		return 0;
+	if (ret <= 0)
+		return -1;
+	if (is_read_only("/sys/devices/virtual/net"))
+		return -1;
+	return 0;
+}
+int main(int argc, char *argv[])
+{
+	int fret = EXIT_FAILURE;
+	lxc_attach_options_t attach_options = LXC_ATTACH_OPTIONS_DEFAULT;
+	int ret;
+	pid_t pid;
+	struct lxc_container *c;
+	c = lxc_container_new("sys-mixed", NULL);
+	if (!c) {
+		lxc_error("%s", "Failed to create container \"sys-mixed\"");
+		exit(fret);
+	}
+	if (c->is_defined(c)) {
+		lxc_error("%s\n", "Container \"sys-mixed\" is defined");
+		goto on_error_put;
+	}
+	if (!c->createl(c, "busybox", NULL, NULL, 0, NULL)) {
+		lxc_error("%s\n", "Failed to create busybox container \"sys-mixed\"");
+		goto on_error_put;
+	}
+	if (!c->is_defined(c)) {
+		lxc_error("%s\n", "Container \"sys-mixed\" is not defined");
+		goto on_error_put;
+	}
+	c->clear_config(c);
+	if (!c->set_config_item(c, "lxc.mount.auto", "sys:mixed")) {
+		lxc_error("%s\n", "Failed to set config item \"lxc.mount.auto=sys:mixed\"");
+		goto on_error_put;
+	}
+	if (!c->load_config(c, NULL)) {
+		lxc_error("%s\n", "Failed to load config for container \"sys-mixed\"");
+		goto on_error_stop;
+	}
+	if (!c->want_daemonize(c, true)) {
+		lxc_error("%s\n", "Failed to mark container \"sys-mixed\" daemonized");
+		goto on_error_stop;
+	}
+	if (!c->startl(c, 0, NULL)) {
+		lxc_error("%s\n", "Failed to start container \"sys-mixed\" daemonized");
+		goto on_error_stop;
+	}
+	/* Leave some time for the container to write something to the log. */
+	sleep(2);
+	ret = c->attach(c, sys_mixed, NULL, &attach_options, &pid);
+	if (ret < 0) {
+		lxc_error("%s\n", "Failed to run function in container \"sys-mixed\"");
+		goto on_error_stop;
+	}
+	ret = wait_for_pid(pid);
+	if (ret < 0) {
+		lxc_error("%s\n", "Failed to run function in container \"sys-mixed\"");
+		goto on_error_stop;
+	}
+	fret = 0;
+on_error_stop:
+	if (c->is_running(c) && !c->stop(c))
+		lxc_error("%s\n", "Failed to stop container \"sys-mixed\"");
+	if (!c->destroy(c))
+		lxc_error("%s\n", "Failed to destroy container \"sys-mixed\"");
+on_error_put:
+	lxc_container_put(c);
+	exit(fret);
+}