Commit 9cc8ab9e authored by Eric W. Biederman's avatar Eric W. Biederman Committed by Luis Henriques

userns: Unbreak the unprivileged remount tests

commit db86da7c upstream.

A security fix in caused the way the unprivileged remount tests were
using user namespaces to break.  Tweak the way user namespaces are
being used so the test works again.
Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: default avatarLuis Henriques <luis.henriques@canonical.com>
parent 8deb6634
......@@ -53,17 +53,14 @@ static void die(char *fmt, ...)
exit(EXIT_FAILURE);
}
static void write_file(char *filename, char *fmt, ...)
static void vmaybe_write_file(bool enoent_ok, char *filename, char *fmt, va_list ap)
{
char buf[4096];
int fd;
ssize_t written;
int buf_len;
va_list ap;
va_start(ap, fmt);
buf_len = vsnprintf(buf, sizeof(buf), fmt, ap);
va_end(ap);
if (buf_len < 0) {
die("vsnprintf failed: %s\n",
strerror(errno));
......@@ -74,6 +71,8 @@ static void write_file(char *filename, char *fmt, ...)
fd = open(filename, O_WRONLY);
if (fd < 0) {
if ((errno == ENOENT) && enoent_ok)
return;
die("open of %s failed: %s\n",
filename, strerror(errno));
}
......@@ -92,6 +91,26 @@ static void write_file(char *filename, char *fmt, ...)
}
}
static void maybe_write_file(char *filename, char *fmt, ...)
{
va_list ap;
va_start(ap, fmt);
vmaybe_write_file(true, filename, fmt, ap);
va_end(ap);
}
static void write_file(char *filename, char *fmt, ...)
{
va_list ap;
va_start(ap, fmt);
vmaybe_write_file(false, filename, fmt, ap);
va_end(ap);
}
static int read_mnt_flags(const char *path)
{
int ret;
......@@ -144,13 +163,10 @@ static void create_and_enter_userns(void)
strerror(errno));
}
maybe_write_file("/proc/self/setgroups", "deny");
write_file("/proc/self/uid_map", "0 %d 1", uid);
write_file("/proc/self/gid_map", "0 %d 1", gid);
if (setgroups(0, NULL) != 0) {
die("setgroups failed: %s\n",
strerror(errno));
}
if (setgid(0) != 0) {
die ("setgid(0) failed %s\n",
strerror(errno));
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment