[igt-dev] [PATCH i-g-t] lib/core_auth: mount namespace magic to make the test work everywhere

From: Daniel Vetter <daniel.vetter@ffwll.ch>
To: IGT development <igt-dev@lists.freedesktop.org>
Cc: Daniel Vetter <daniel.vetter@intel.com>,
	Emil Velikov <emil.velikov@collabora.com>
Subject: [igt-dev] [PATCH i-g-t] lib/core_auth: mount namespace magic to make the test work everywhere
Date: Wed, 13 Feb 2019 19:33:09 +0100	[thread overview]
Message-ID: <20190213183309.21175-1-daniel.vetter@ffwll.ch> (raw)

We're creating our own namespace and then create a copy of the chardev
that anyone can access before dropping root. Should hopefully work on
any system.

This way we're also guaranteed to open the right device again.

Cc: Emil Velikov <emil.velikov@collabora.com>
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
---
 tests/core_auth.c | 34 ++++++++++++++++++++--------------
 1 file changed, 20 insertions(+), 14 deletions(-)

diff --git a/tests/core_auth.c b/tests/core_auth.c
index 0b9073cb0fce..3b50a13f7171 100644
--- a/tests/core_auth.c
+++ b/tests/core_auth.c
@@ -36,6 +36,7 @@
 #include <fcntl.h>
 #include <inttypes.h>
 #include <errno.h>
+#include <sched.h>
 #include <sys/stat.h>
 #include <sys/ioctl.h>
 #include <sys/time.h>
@@ -243,17 +244,24 @@ static void test_unauth_vs_render(int master)
 {
 	int slave;
 	uint32_t handle;
+	struct stat statbuf;
+	bool has_render;
 
-	/*
-	 * FIXME: when drm_open_driver() fails to open() a node (insufficient
-	 * permissions or otherwise, it will igt_skip.
-	 * As of today, igt_skip and igt_fork do not work together.
-	 */
-	slave = __drm_open_driver(DRIVER_ANY);
-	/*
-	 * FIXME: relate to the master fd passed with the above open and fix
-	 * all of IGT.
-	 */
+	/* need to check for render nodes before we wreak the filesystem */
+	has_render = has_render_node(master);
+
+	/* create a card node matching master which (only) we can access as
+	 * non-root */
+	do_or_die(fstat(master, &statbuf));
+	do_or_die(unshare(CLONE_NEWNS));
+	igt_system("mount --make-rprivate /");
+	igt_system("mount -t tmpfs none /dev/dri");
+	umask(0);
+	do_or_die(mknod("/dev/dri/card", S_IFCHR | 0777, statbuf.st_rdev));
+
+	igt_drop_root();
+
+	slave = open("/dev/dri/card", O_RDWR);
 
 	igt_assert(slave >= 0);
 
@@ -276,7 +284,7 @@ static void test_unauth_vs_render(int master)
 	 * Note: We are _not_ interested in the FD2HANDLE specific errno,
 	 * yet the EBADF check is added on the explicit request by danvet.
 	 */
-	if (has_render_node(slave))
+	if (has_render)
 		igt_assert(errno == EBADF);
 	else
 		igt_assert(errno == EACCES);
@@ -330,10 +338,8 @@ igt_main
 		igt_subtest("unauth-vs-render") {
 			check_auth_sanity(master);
 
-			igt_fork(child, 1) {
-				igt_drop_root();
+			igt_fork(child, 1)
 				test_unauth_vs_render(master);
-			}
 			igt_waitchildren();
 		}
 	}
-- 
2.20.1

_______________________________________________
igt-dev mailing list
igt-dev@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/igt-dev
