[LTP] Do we have some simple way to get the current cgroup.procs path?

[LTP] Do we have some simple way to get the current cgroup.procs path?

[xuyang2018.jy]

Hi Richard, LI

I am writting a simple regression test[1]that refer to kernel selftest cgroup test_core[2]. I may name it as memcontrol05.c.

It tests cgroup migration permission check should be performed based on the credentials at the time of open instead of write.

I have used ltp cgroup framework, but ltp cgroup only use SAFE_CGROUP_PRINTF to write value.

How can get the cgroup root_dir ltp_dir path? So I can open this fd
and change/save effective uid between open and write?

[1]https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1756d7994a
[2]https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/tools/testing/selftests/cgroup/test_core.c#n684

ps: my draft code as below:
#include <stdlib.h>
#include <stdio.h>
#include <sys/types.h>
#include <pwd.h>

#include "tst_test.h"

static struct tst_cg_group *cg_child;
static uid_t nobody_uid, save_uid;

static void test_lesser_euid_open(void)
{
        cg_child = tst_cg_group_mk(tst_cg, "child");
        SAFE_CG_PRINTF(cg_child, "cgroup.procs", "%d", getpid());
        if (!SAFE_FORK()) {
                seteuid(nobody_uid);
                SAFE_CG_PRINTF(cg_child, "cgroup.procs", "%d", getpid());
                seteuid(save_uid);
                exit(0);
        }

        tst_reap_children();
        SAFE_CG_PRINTF(tst_cg_drain, "cgroup.procs", "%d", getpid());
        cg_child = tst_cg_group_rm(cg_child);
}

static void setup(void)
{
        struct passwd *pw;

        pw = SAFE_GETPWNAM("nobody");
        nobody_uid = pw->pw_uid;
        save_uid = geteuid();
}

static void cleanup(void)
{
         if (cg_child) {
                SAFE_CG_PRINTF(tst_cg_drain, "cgroup.procs", "%d", getpid());
                cg_child = tst_cg_group_rm(cg_child);
        }
}

static struct tst_test test = {
        .setup = setup,
        .cleanup = cleanup,
        .test_all = test_lesser_euid_open,
        .forks_child = 1,
        .needs_root = 1,
        .needs_cgroup_ctrls = (const char *const[]){ "memory", NULL },
};

I have think about it yesterday and read ltp cgroup framework code, but don't have good idea.

Best Regards
Yang Xu

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] Do we have some simple way to get the current cgroup.procs path?

[Li Wang]

[-- Attachment #1.1: Type: text/plain, Size: 1063 bytes --]

Hi Xu,

On Thu, Jul 14, 2022 at 2:02 PM xuyang2018.jy@fujitsu.com <
xuyang2018.jy@fujitsu.com> wrote:

> Hi Richard, LI
>
> I am writting a simple regression test[1]that refer to kernel selftest
> cgroup test_core[2]. I may name it as memcontrol05.c.
>
> It tests cgroup migration permission check should be performed based on
> the credentials at the time of open instead of write.
>
> I have used ltp cgroup framework, but ltp cgroup only use
> SAFE_CGROUP_PRINTF to write value.
>
> How can get the cgroup root_dir ltp_dir path? So I can open this fd
> and change/save effective uid between open and write?
>

Not sure if I fully understand your requirements.
Can we achieve this test by creating a two-layer subdirectory?

Does only the root/ltp_dir mandatory for completing your test?
If yes, I think tst_cg_print_config() maybe fits your purpose,
but that would need additional function help extracting that.

Take a reference to see how Luke gets the root path (in shell):
https://lists.linux.it/pipermail/ltp/2022-April/028772.html


-- 
Regards,
Li Wang

[-- Attachment #1.2: Type: text/html, Size: 2235 bytes --]

[-- Attachment #2: Type: text/plain, Size: 60 bytes --]


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] Do we have some simple way to get the current cgroup.procs path?

[xuyang2018.jy]

Hi Li
> Hi Xu,
> 
> On Thu, Jul 14, 2022 at 2:02 PM xuyang2018.jy@fujitsu.com 
> <mailto:xuyang2018.jy@fujitsu.com> <xuyang2018.jy@fujitsu.com 
> <mailto:xuyang2018.jy@fujitsu.com>> wrote:
> 
>     Hi Richard, LI
> 
>     I am writting a simple regression test[1]that refer to kernel
>     selftest cgroup test_core[2]. I may name it as memcontrol05.c.
> 
>     It tests cgroup migration permission check should be performed based
>     on the credentials at the time of open instead of write.
> 
>     I have used ltp cgroup framework, but ltp cgroup only use
>     SAFE_CGROUP_PRINTF to write value.
> 
>     How can get the cgroup root_dir ltp_dir path? So I can open this fd
>     and change/save effective uid between open and write?
> 
> Not sure if I fully understand your requirements.
> Can we achieve this test by creating a two-layer subdirectory?

I think yes.

> 
> Does only the root/ltp_dir mandatory for completing your test?

It also need gettid subdirectory and cgroup name.
> If yes, I think tst_cg_print_config() maybe fits your purpose,
> but that would need additional function help extracting that.
> 
> Take a reference to see how Luke gets the root path (in shell):
> https://lists.linux.it/pipermail/ltp/2022-April/028772.html
> <https://lists.linux.it/pipermail/ltp/2022-April/028772.html>

Thanks, I prefer to use c api and will think about it continuely.

Best Regards
Yang Xu
> 
> 
> -- 
> Regards,
> Li Wang

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] Do we have some simple way to get the current cgroup.procs path?

[Richard Palethorpe]

Hello,

"xuyang2018.jy@fujitsu.com" <xuyang2018.jy@fujitsu.com> writes:

> Hi Li
>> Hi Xu,
>> 
>> On Thu, Jul 14, 2022 at 2:02 PM xuyang2018.jy@fujitsu.com 
>> <mailto:xuyang2018.jy@fujitsu.com> <xuyang2018.jy@fujitsu.com 
>> <mailto:xuyang2018.jy@fujitsu.com>> wrote:
>> 
>>     Hi Richard, LI
>> 
>>     I am writting a simple regression test[1]that refer to kernel
>>     selftest cgroup test_core[2]. I may name it as memcontrol05.c.
>> 
>>     It tests cgroup migration permission check should be performed based
>>     on the credentials at the time of open instead of write.
>> 
>>     I have used ltp cgroup framework, but ltp cgroup only use
>>     SAFE_CGROUP_PRINTF to write value.
>> 
>>     How can get the cgroup root_dir ltp_dir path? So I can open this fd
>>     and change/save effective uid between open and write?
>> 
>> Not sure if I fully understand your requirements.
>> Can we achieve this test by creating a two-layer subdirectory?
>
> I think yes.

I think you must have multiple layers. Otherwise you could break other
tests running in parallel.

>
>> 
>> Does only the root/ltp_dir mandatory for completing your test?
>
> It also need gettid subdirectory and cgroup name.

You could create an accessor function in the library to get dir_fd from
cgroup_dir.

This is complicated by V1 CGs where a tst_cg_group can have multiple
struct cgroup_dir's. This isn't a problem for selftests because they
only support V2, but it would be nice to make as many tests as possible
work with V1.

The easiest solution I can think of is to write a library function like
SAFE_CG_GROUP_EACH_DIR(void (*const fn_ptr)(int dir_fd)) which takes a
const function pointer and executes it with the FD of each
directory. Then you can use the internal for_each_dir macro like
SAFE_CGROUP_PRINTF.

>> If yes, I think tst_cg_print_config() maybe fits your purpose,
>> but that would need additional function help extracting that.
>> 
>> Take a reference to see how Luke gets the root path (in shell):
>> https://lists.linux.it/pipermail/ltp/2022-April/028772.html
>> <https://lists.linux.it/pipermail/ltp/2022-April/028772.html>
>
> Thanks, I prefer to use c api and will think about it continuely.
>
> Best Regards
> Yang Xu
>> 
>> 
>> -- 
>> Regards,
>> Li Wang


-- 
Thank you,
Richard.

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] Do we have some simple way to get the current cgroup.procs path?

[xuyang2018.jy]

Hi  Richard
> Hello,
> 
> "xuyang2018.jy@fujitsu.com" <xuyang2018.jy@fujitsu.com> writes:
> 
>> Hi Li
>>> Hi Xu,
>>>
>>> On Thu, Jul 14, 2022 at 2:02 PM xuyang2018.jy@fujitsu.com
>>> <mailto:xuyang2018.jy@fujitsu.com> <xuyang2018.jy@fujitsu.com
>>> <mailto:xuyang2018.jy@fujitsu.com>> wrote:
>>>
>>>      Hi Richard, LI
>>>
>>>      I am writting a simple regression test[1]that refer to kernel
>>>      selftest cgroup test_core[2]. I may name it as memcontrol05.c.
>>>
>>>      It tests cgroup migration permission check should be performed based
>>>      on the credentials at the time of open instead of write.
>>>
>>>      I have used ltp cgroup framework, but ltp cgroup only use
>>>      SAFE_CGROUP_PRINTF to write value.
>>>
>>>      How can get the cgroup root_dir ltp_dir path? So I can open this fd
>>>      and change/save effective uid between open and write?
>>>
>>> Not sure if I fully understand your requirements.
>>> Can we achieve this test by creating a two-layer subdirectory?
>>
>> I think yes.
> 
> I think you must have multiple layers. Otherwise you could break other
> tests running in parallel.
> 
>>
>>>
>>> Does only the root/ltp_dir mandatory for completing your test?
>>
>> It also need gettid subdirectory and cgroup name.
> 
> You could create an accessor function in the library to get dir_fd from
> cgroup_dir.
> 
> This is complicated by V1 CGs where a tst_cg_group can have multiple
> struct cgroup_dir's. This isn't a problem for selftests because they
> only support V2, but it would be nice to make as many tests as possible
> work with V1.
> 

Yes, this bug exists on both v1 and v2.

> The easiest solution I can think of is to write a library function like
> SAFE_CG_GROUP_EACH_DIR(void (*const fn_ptr)(int dir_fd)) which takes a
> const function pointer and executes it with the FD of each
> directory. Then you can use the internal for_each_dir macro like
> SAFE_CGROUP_PRINTF.
> 

Thanks, I will try this.

Best Regards
Yang Xu
>>> If yes, I think tst_cg_print_config() maybe fits your purpose,
>>> but that would need additional function help extracting that.
>>>
>>> Take a reference to see how Luke gets the root path (in shell):
>>> https://lists.linux.it/pipermail/ltp/2022-April/028772.html
>>> <https://lists.linux.it/pipermail/ltp/2022-April/028772.html>
>>
>> Thanks, I prefer to use c api and will think about it continuely.
>>
>> Best Regards
>> Yang Xu
>>>
>>>
>>> -- 
>>> Regards,
>>> Li Wang
> 
> 

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] Do we have some simple way to get the current cgroup.procs path?

[xuyang2018.jy]

Hi Richard,Li

Today, I try it again by adding two cgroup functions and succeed by 
using at* syscalls(I like at* syscalls because they are so convient). I 
will send patch set to mail list tomorrow.

+int safe_cg_open(const char *const file, const int lineno,
+                       const struct tst_cg_group *cg,
+                       const char *const file_name, int flags)
+{
+       const struct cgroup_file *const cfile =
+               cgroup_file_find(file, lineno, file_name);
+       struct cgroup_dir *const *dir;
+       const char *alias;
+       int fd;
+
+       for_each_dir(cg, cfile->ctrl_indx, dir) {
+               alias = cgroup_file_alias(cfile, *dir);
+               if (!alias)
+                       continue;
+
+               fd = safe_openat(file, lineno, (*dir)->dir_fd, alias, 
flags);
+       }
+
+       return fd;
+}
+
+void safe_cg_fchown(const char *const file, const int lineno,
+                       const struct tst_cg_group *cg,
+                       const char *const file_name, uid_t owner, gid_t 
group)
+{
+       const struct cgroup_file *const cfile =
+               cgroup_file_find(file, lineno, file_name);
+       struct cgroup_dir *const *dir;
+       const char *alias;
+
+       for_each_dir(cg, cfile->ctrl_indx, dir) {
+               alias = cgroup_file_alias(cfile, *dir);
+               if (!alias)
+                       continue;
+
+
+                safe_fchownat(file, lineno, (*dir)->dir_fd, alias, 
owner, group, 0);
+        }
+}
+

Best Regards
Yang Xu

> Hi  Richard
>> Hello,
>>
>> "xuyang2018.jy@fujitsu.com" <xuyang2018.jy@fujitsu.com> writes:
>>
>>> Hi Li
>>>> Hi Xu,
>>>>
>>>> On Thu, Jul 14, 2022 at 2:02 PM xuyang2018.jy@fujitsu.com
>>>> <mailto:xuyang2018.jy@fujitsu.com> <xuyang2018.jy@fujitsu.com
>>>> <mailto:xuyang2018.jy@fujitsu.com>> wrote:
>>>>
>>>>       Hi Richard, LI
>>>>
>>>>       I am writting a simple regression test[1]that refer to kernel
>>>>       selftest cgroup test_core[2]. I may name it as memcontrol05.c.
>>>>
>>>>       It tests cgroup migration permission check should be performed based
>>>>       on the credentials at the time of open instead of write.
>>>>
>>>>       I have used ltp cgroup framework, but ltp cgroup only use
>>>>       SAFE_CGROUP_PRINTF to write value.
>>>>
>>>>       How can get the cgroup root_dir ltp_dir path? So I can open this fd
>>>>       and change/save effective uid between open and write?
>>>>
>>>> Not sure if I fully understand your requirements.
>>>> Can we achieve this test by creating a two-layer subdirectory?
>>>
>>> I think yes.
>>
>> I think you must have multiple layers. Otherwise you could break other
>> tests running in parallel.
>>
>>>
>>>>
>>>> Does only the root/ltp_dir mandatory for completing your test?
>>>
>>> It also need gettid subdirectory and cgroup name.
>>
>> You could create an accessor function in the library to get dir_fd from
>> cgroup_dir.
>>
>> This is complicated by V1 CGs where a tst_cg_group can have multiple
>> struct cgroup_dir's. This isn't a problem for selftests because they
>> only support V2, but it would be nice to make as many tests as possible
>> work with V1.
>>
> 
> Yes, this bug exists on both v1 and v2.
> 
>> The easiest solution I can think of is to write a library function like
>> SAFE_CG_GROUP_EACH_DIR(void (*const fn_ptr)(int dir_fd)) which takes a
>> const function pointer and executes it with the FD of each
>> directory. Then you can use the internal for_each_dir macro like
>> SAFE_CGROUP_PRINTF.
>>
> 
> Thanks, I will try this.
> 
> Best Regards
> Yang Xu
>>>> If yes, I think tst_cg_print_config() maybe fits your purpose,
>>>> but that would need additional function help extracting that.
>>>>
>>>> Take a reference to see how Luke gets the root path (in shell):
>>>> https://lists.linux.it/pipermail/ltp/2022-April/028772.html
>>>> <https://lists.linux.it/pipermail/ltp/2022-April/028772.html>
>>>
>>> Thanks, I prefer to use c api and will think about it continuely.
>>>
>>> Best Regards
>>> Yang Xu
>>>>
>>>>
>>>> -- 
>>>> Regards,
>>>> Li Wang
>>
>>
> 

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp