diff options
| author | Lubomir Rintel <lkundrak@v3.sk> | 2015-05-15 11:45:24 +0200 |
|---|---|---|
| committer | Thomas Haller <thaller@redhat.com> | 2015-06-05 16:52:49 +0200 |
| commit | ed01c975d8407f2777d17a156751cfc9fdfae797 (patch) | |
| tree | 4545c04d0894772ef6ef75027890dc3c36087d22 | |
| parent | f9dd7f0d849d277cf224c10d069d689764cd2973 (diff) | |
| download | NetworkManager-ed01c975d8407f2777d17a156751cfc9fdfae797.tar.gz | |
tests: use a user ns to fake root
| -rw-r--r-- | src/platform/tests/test-common.c | 58 |
1 files changed, 51 insertions, 7 deletions
diff --git a/src/platform/tests/test-common.c b/src/platform/tests/test-common.c index 203a6e18b1..6170e403eb 100644 --- a/src/platform/tests/test-common.c +++ b/src/platform/tests/test-common.c @@ -285,6 +285,46 @@ run_command (const char *format, ...) NMTST_DEFINE(); +static gboolean +unshare_user () +{ + FILE *f; + uid_t uid = geteuid (); + gid_t gid = getegid (); + + /* Already a root? */ + if (gid == 0 && uid == 0) + return TRUE; + + /* Become a root in new user NS. */ + if (unshare (CLONE_NEWUSER) != 0) + return FALSE; + + /* Since Linux 3.19 we have to disable setgroups() in order to map users. + * Just proceed if the file is not there. */ + f = fopen ("/proc/self/setgroups", "w"); + if (f) { + fprintf (f, "deny"); + fclose (f); + } + + /* Map current UID to root in NS to be created. */ + f = fopen ("/proc/self/uid_map", "w"); + if (!f) + return FALSE; + fprintf (f, "0 %d 1", uid); + fclose (f); + + /* Map current GID to root in NS to be created. */ + f = fopen ("/proc/self/gid_map", "w"); + if (!f) + return FALSE; + fprintf (f, "0 %d 1", gid); + fclose (f); + + return TRUE; +} + int main (int argc, char **argv) { @@ -293,17 +333,21 @@ main (int argc, char **argv) init_tests (&argc, &argv); - if (nmtst_platform_is_root_test () && getuid() != 0) { - /* Try to exec as sudo, this function does not return, if a sudo-cmd is set. */ - nmtst_reexec_sudo (); + if ( nmtst_platform_is_root_test () + && (geteuid () != 0 || getegid () != 0)) { + if ( g_getenv ("NMTST_FORCE_REAL_ROOT") + || !unshare_user ()) { + /* Try to exec as sudo, this function does not return, if a sudo-cmd is set. */ + nmtst_reexec_sudo (); #ifdef REQUIRE_ROOT_TESTS - g_print ("Fail test: requires root privileges (%s)\n", program); - return EXIT_FAILURE; + g_print ("Fail test: requires root privileges (%s)\n", program); + return EXIT_FAILURE; #else - g_print ("Skipping test: requires root privileges (%s)\n", program); - return g_test_run (); + g_print ("Skipping test: requires root privileges (%s)\n", program); + return g_test_run (); #endif + } } if (nmtst_platform_is_root_test () && !g_getenv ("NMTST_NO_UNSHARE")) { |