zfs/tests/zfs-tests/tests/functional/user_namespace/user_namespace_001.ksh - backupdr - Git at Google

 #!/bin/ksh -p
 #
 # CDDL HEADER START
 #
 # The contents of this file are subject to the terms of the
 # Common Development and Distribution License (the "License").
 # You may not use this file except in compliance with the License.
 #
 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 # or http://www.opensolaris.org/os/licensing.
 # See the License for the specific language governing permissions
 # and limitations under the License.
 #
 # When distributing Covered Code, include this CDDL HEADER in each
 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 # If applicable, add the following below this CDDL HEADER, with the
 # fields enclosed by brackets "[]" replaced with your own identifying
 # information: Portions Copyright [yyyy] [name of copyright owner]
 #
 # CDDL HEADER END
 #

 . $STF_SUITE/tests/functional/user_namespace/user_namespace_common.kshlib

 #
 #
 # DESCRIPTION:
 #       Regression test for secpolicy_vnode_setids_setgids
 #
 #
 # STRATEGY:
 #       1. Create files with various owners.
 #       2. Try to set setgid bit.
 #

 verify_runnable "both"

 # rroot: real root,
 # uroot: root within user namespace
 # uother: other user within user namespace
 set -A files rroot_rroot uroot_uroot uroot_other uother_uroot uother_uother

 function cleanup
 {
 	for i in ${files[*]}; do
 		log_must rm -f $TESTDIR/$i
 	done
 }

 log_onexit cleanup

 log_assert "Check root in user namespaces"

 TOUCH=$(readlink -e $(which touch))
 CHMOD=$(readlink -e $(which chmod))

 for i in ${files[*]}; do
 	log_must $TOUCH $TESTDIR/$i
 	log_must $CHMOD 0644 $TESTDIR/$i
 done

 log_must chown 0:0 $TESTDIR/rroot_rroot
 log_must chown $ROOT_UID:$ROOT_UID $TESTDIR/uroot_uroot
 log_must chown $ROOT_UID:$OTHER_UID $TESTDIR/uroot_other
 log_must chown $OTHER_UID:$ROOT_UID $TESTDIR/uother_uroot
 log_must chown $OTHER_UID:$OTHER_UID $TESTDIR/uother_uother

 log_mustnot user_ns_exec $CHMOD 02755 $TESTDIR/rroot_rroot
 log_mustnot test -g $TESTDIR/rroot_rroot

 log_must user_ns_exec $CHMOD 02755 $TESTDIR/uroot_uroot
 log_must test -g $TESTDIR/uroot_uroot

 log_must user_ns_exec $CHMOD 02755 $TESTDIR/uroot_other
 log_must test -g $TESTDIR/uroot_other

 log_must user_ns_exec $CHMOD 02755 $TESTDIR/uother_uroot
 log_must test -g $TESTDIR/uother_uroot

 log_must user_ns_exec $CHMOD 02755 $TESTDIR/uother_uother
 log_must test -g $TESTDIR/uother_uother

 log_mustnot user_ns_exec $TOUCH $TESTDIR/rroot_rroot
 log_must $CHMOD 0666 $TESTDIR/rroot_rroot
 for i in ${files[*]}; do
 	log_must user_ns_exec $TOUCH $TESTDIR/$i
 done

 log_pass "Check root in user namespaces"
	#!/bin/ksh -p
	#
	# CDDL HEADER START
	#
	# The contents of this file are subject to the terms of the
	# Common Development and Distribution License (the "License").
	# You may not use this file except in compliance with the License.
	#
	# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
	# or http://www.opensolaris.org/os/licensing.
	# See the License for the specific language governing permissions
	# and limitations under the License.
	#
	# When distributing Covered Code, include this CDDL HEADER in each
	# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
	# If applicable, add the following below this CDDL HEADER, with the
	# fields enclosed by brackets "[]" replaced with your own identifying
	# information: Portions Copyright [yyyy] [name of copyright owner]
	#
	# CDDL HEADER END
	#

	. $STF_SUITE/tests/functional/user_namespace/user_namespace_common.kshlib

	#
	#
	# DESCRIPTION:
	# Regression test for secpolicy_vnode_setids_setgids
	#
	#
	# STRATEGY:
	# 1. Create files with various owners.
	# 2. Try to set setgid bit.
	#

	verify_runnable "both"

	# rroot: real root,
	# uroot: root within user namespace
	# uother: other user within user namespace
	set -A files rroot_rroot uroot_uroot uroot_other uother_uroot uother_uother

	function cleanup
	{
	for i in ${files[*]}; do
	log_must rm -f $TESTDIR/$i
	done
	}

	log_onexit cleanup

	log_assert "Check root in user namespaces"

	TOUCH=$(readlink -e $(which touch))
	CHMOD=$(readlink -e $(which chmod))

	for i in ${files[*]}; do
	log_must $TOUCH $TESTDIR/$i
	log_must $CHMOD 0644 $TESTDIR/$i
	done

	log_must chown 0:0 $TESTDIR/rroot_rroot
	log_must chown $ROOT_UID:$ROOT_UID $TESTDIR/uroot_uroot
	log_must chown $ROOT_UID:$OTHER_UID $TESTDIR/uroot_other
	log_must chown $OTHER_UID:$ROOT_UID $TESTDIR/uother_uroot
	log_must chown $OTHER_UID:$OTHER_UID $TESTDIR/uother_uother

	log_mustnot user_ns_exec $CHMOD 02755 $TESTDIR/rroot_rroot
	log_mustnot test -g $TESTDIR/rroot_rroot

	log_must user_ns_exec $CHMOD 02755 $TESTDIR/uroot_uroot
	log_must test -g $TESTDIR/uroot_uroot

	log_must user_ns_exec $CHMOD 02755 $TESTDIR/uroot_other
	log_must test -g $TESTDIR/uroot_other

	log_must user_ns_exec $CHMOD 02755 $TESTDIR/uother_uroot
	log_must test -g $TESTDIR/uother_uroot

	log_must user_ns_exec $CHMOD 02755 $TESTDIR/uother_uother
	log_must test -g $TESTDIR/uother_uother

	log_mustnot user_ns_exec $TOUCH $TESTDIR/rroot_rroot
	log_must $CHMOD 0666 $TESTDIR/rroot_rroot
	for i in ${files[*]}; do
	log_must user_ns_exec $TOUCH $TESTDIR/$i
	done

	log_pass "Check root in user namespaces"