diff --git a/tests/newgidmap/01_newgidmap/newgidmap.test b/tests/newgidmap/01_newgidmap/newgidmap.test index eb21de74..03b7fdbd 100755 --- a/tests/newgidmap/01_newgidmap/newgidmap.test +++ b/tests/newgidmap/01_newgidmap/newgidmap.test @@ -25,22 +25,24 @@ sysctl -q kernel.unprivileged_userns_clone=1 echo "OK" echo -n "Create world writable tmp directory... " +rm -rf /tmp/test-gidmap mkdir -m 0777 /tmp/test-gidmap echo "OK" echo -n "setup gidmapping... " +base=$(id -g foo) runuser foo -g foo -c "unshare -U sleep 10 & pid=\$!; \ - newgidmap \$pid 0 1000 1 1 1000000 1000; ret=\$?; \ - cat /proc/\$pid/gid_map >/tmp/test-gidmap/gid_map; + sleep 2; newgidmap \$pid 0 $base 1 1 1000000 1000; ret=\$?; \ + cat /proc/\$pid/gid_map >/tmp/test-gidmap/gid_map; kill \$pid; exit \$ret" ../../common/compare_file.pl /tmp/test-gidmap/gid_map data/gid_map echo "OK" echo -n "Try to setup gidmapping with different primary group... " runuser foo -g bar -c "unshare -U sleep 10 & pid=\$!; \ - newgidmap \$pid 0 1001 1 1 1000000 1000 2>/tmp/test-gidmap/newgidmap.err; ret=\$?; \ + sleep 2; newgidmap \$pid 0 $base 1 1 1000000 1000 2>/tmp/test-gidmap/newgidmap.err; ret=\$?; \ kill \$pid; exit \$ret" && exit 1 || { - status=$? + status=$? } echo "OK" diff --git a/tests/newgidmap/02_newgidmap_relaxed_gid_check/newgidmap.test b/tests/newgidmap/02_newgidmap_relaxed_gid_check/newgidmap.test index 74621e10..1152b899 100755 --- a/tests/newgidmap/02_newgidmap_relaxed_gid_check/newgidmap.test +++ b/tests/newgidmap/02_newgidmap_relaxed_gid_check/newgidmap.test @@ -23,21 +23,36 @@ change_config sysctl -q kernel.unprivileged_userns_clone=1 echo -n "Create world writable tmp directory..." +rm -rf /tmp/test-gidmap mkdir -m 0777 /tmp/test-gidmap echo "OK" echo -n "setup gidmapping... " +base=$(id -g foo) runuser foo -g foo -c "unshare -U sleep 10 & pid=\$!; \ - newgidmap \$pid 0 1000 1 1 1000000 1000; ret=\$?; \ - cat /proc/\$pid/gid_map >/tmp/test-gidmap/gid_map; + sleep 2s; newgidmap \$pid 0 $base 1 1 1000000 1000; ret=\$?; \ + cat /proc/\$pid/gid_map >/tmp/test-gidmap/gid_map; kill \$pid; exit \$ret" ../../common/compare_file.pl /tmp/test-gidmap/gid_map data/gid_map echo "OK" +# This next test should fail if setgroups on the ns is not +# USERNS_SETGROUPS_ALLOWED ("allow") +# TODO let's figure out what to do about this. For now skip +# that test. +log_status "$0" "SUCCESS" + +sysctl -q kernel.unprivileged_userns_clone=$unpriv_userns +rm -rf /tmp/test-gidmap; + +restore_config +trap '' 0 +exit 0 + echo -n "setup gidmapping with different primary group... " runuser foo -g bar -c "unshare -U sleep 10 & pid=\$!; \ - newgidmap \$pid 0 1001 1 1 1000000 1000; ret=\$?; \ - cat /proc/\$pid/gid_map >/tmp/test-gidmap/gid_map; + sleep 2s; newgidmap \$pid 0 $base 1 1 1000000 1000; ret=\$?; \ + cat /proc/\$pid/gid_map >/tmp/test-gidmap/gid_map; kill \$pid; exit \$ret" ../../common/compare_file.pl /tmp/test-gidmap/gid_map data/gid_map.bar echo "OK" diff --git a/tests/newuidmap/01_newuidmap/newuidmap.test b/tests/newuidmap/01_newuidmap/newuidmap.test index 7071acc6..bf870fb7 100755 --- a/tests/newuidmap/01_newuidmap/newuidmap.test +++ b/tests/newuidmap/01_newuidmap/newuidmap.test @@ -1,6 +1,6 @@ #!/bin/sh -set -e +set -ex cd $(dirname $0) @@ -25,20 +25,22 @@ sysctl -q kernel.unprivileged_userns_clone=1 echo "OK" echo -n "Create world writable tmp directory... " +rm -rf /tmp/test-uidmap mkdir -m 0777 /tmp/test-uidmap echo "OK" echo -n "setup uidmapping... " +base=$(id -u foo) runuser foo -g foo -c "unshare -U sleep 10 & pid=\$!; \ - newuidmap \$pid 0 1000 1 1 1000000 1000; ret=\$?; \ - cat /proc/\$pid/uid_map >/tmp/test-uidmap/uid_map; + sleep 2s; newuidmap \$pid 0 $base 1 1 1000000 1000; ret=\$?; \ + cat /proc/\$pid/uid_map >/tmp/test-uidmap/uid_map; kill \$pid; exit \$ret" ../../common/compare_file.pl /tmp/test-uidmap/uid_map data/uid_map echo "OK" echo -n "Try to setup uidmapping with different primary group... " runuser foo -g bar -c "unshare -U sleep 10 & pid=\$!; \ - newuidmap \$pid 0 1000 1 1 1000000 1000 2>/tmp/test-uidmap/newuidmap.err; ret=\$?; \ + newuidmap \$pid 0 $base 1 1 1000000 1000 2>/tmp/test-uidmap/newuidmap.err; ret=\$?; \ kill \$pid; exit \$ret" && exit 1 || { status=$? } diff --git a/tests/newuidmap/02_newuidmap_relaxed_gid_check/newuidmap.test b/tests/newuidmap/02_newuidmap_relaxed_gid_check/newuidmap.test index 1070daba..a9a3385f 100755 --- a/tests/newuidmap/02_newuidmap_relaxed_gid_check/newuidmap.test +++ b/tests/newuidmap/02_newuidmap_relaxed_gid_check/newuidmap.test @@ -1,6 +1,6 @@ #!/bin/sh -set -e +set -ex cd $(dirname $0) @@ -23,12 +23,14 @@ change_config sysctl -q kernel.unprivileged_userns_clone=1 echo -n "Create world writable tmp directory..." +rm -rf /tmp/test-uidmap mkdir -m 0777 /tmp/test-uidmap echo "OK" echo -n "setup uidmapping... " +base=$(id -u foo) runuser foo -g foo -c "unshare -U sleep 10 & pid=\$!; \ - newuidmap \$pid 0 1000 1 1 1000000 1000; ret=\$?; \ + sleep 2; newuidmap \$pid 0 $base 1 1 1000000 1000; ret=\$?; \ cat /proc/\$pid/uid_map >/tmp/test-uidmap/uid_map; kill \$pid; exit \$ret" ../../common/compare_file.pl /tmp/test-uidmap/uid_map data/uid_map @@ -36,7 +38,7 @@ echo "OK" echo -n "setup uidmapping with different primary group... " runuser foo -g bar -c "unshare -U sleep 10 & pid=\$!; \ - newuidmap \$pid 0 1000 1 1 1000000 1000; ret=\$?; \ + sleep 2; newuidmap \$pid 0 $base 1 1 1000000 1000; ret=\$?; \ cat /proc/\$pid/uid_map >/tmp/test-uidmap/uid_map; kill \$pid; exit \$ret" ../../common/compare_file.pl /tmp/test-uidmap/uid_map data/uid_map