[LTP] [PATCH 1/2] Implement tst_setup_netns() helper function

[LTP] [PATCH 1/2] Implement tst_setup_netns() helper function

[Martin Doucha]

Namespace setup boilerplate for network tests is getting more complicated
with the need to check or modify some sysfiles. Move it into LTP library.

Signed-off-by: Martin Doucha <mdoucha@suse.cz>
---

Here is the promised .save_restore follow-up patchset which fixes network
namespace setup without root privileges. Since the exact same boilerplate
code is repeated in multiple tests, I've decided to introduce a helper
function to simplify test setup.

 include/tst_net.h | 16 ++++++++++++++++
 lib/tst_net.c     | 23 +++++++++++++++++++++++
 2 files changed, 39 insertions(+)

diff --git a/include/tst_net.h b/include/tst_net.h
index daefdd9d9..9d8b842dd 100644
--- a/include/tst_net.h
+++ b/include/tst_net.h
@@ -32,4 +32,20 @@ void safe_getaddrinfo(const char *file, const int lineno, const char *src_addr,
 					  const char *port, const struct addrinfo *hints,
 					  struct addrinfo **addr_info);
 
+/*
+ * Create new network namespace for netdevice/socket tests. A test which calls
+ * tst_setup_netns() must declare the following entries in its struct tst_test:
+ *
+ * .needs_kconfigs = (const char *[]) {
+ *	"CONFIG_USER_NS=y",
+ *	"CONFIG_NET_NS=y",
+ *	NULL
+ * },
+ * .save_restore = (const struct tst_path_val[]) {
+ *	{"/proc/sys/user/max_user_namespaces", "1024", TST_SR_SKIP},
+ *	{}
+ * },
+ */
+void tst_setup_netns(void);
+
 #endif /* TST_NET_H_ */
diff --git a/lib/tst_net.c b/lib/tst_net.c
index de343bb39..61fc0ea76 100644
--- a/lib/tst_net.c
+++ b/lib/tst_net.c
@@ -8,11 +8,13 @@
 #include <netdb.h>
 #include <string.h>
 #include <stdlib.h>
+#include <unistd.h>
 
 #define TST_NO_DEFAULT_MAIN
 #include "tst_test.h"
 #include "tst_net.h"
 #include "tst_private.h"
+#include "lapi/namespaces_constants.h"
 
 void tst_print_svar(const char *name, const char *val)
 {
@@ -220,3 +222,24 @@ void safe_getaddrinfo(const char *file, const int lineno, const char *src_addr,
 	if (!*addr_info)
 		tst_brk_(file, lineno, TBROK, "failed to get the address");
 }
+
+void tst_setup_netns(void)
+{
+	int real_uid = getuid();
+	int real_gid = getgid();
+	int nscount = 1;
+
+	if (!access("/proc/sys/user/max_user_namespaces", F_OK)) {
+		SAFE_FILE_SCANF("/proc/sys/user/max_user_namespaces", "%d",
+			&nscount);
+	}
+
+	if (!nscount)
+		tst_brk(TCONF, "User namespaces are disabled");
+
+	SAFE_UNSHARE(CLONE_NEWUSER);
+	SAFE_UNSHARE(CLONE_NEWNET);
+	SAFE_FILE_PRINTF("/proc/self/setgroups", "deny");
+	SAFE_FILE_PRINTF("/proc/self/uid_map", "0 %d 1", real_uid);
+	SAFE_FILE_PRINTF("/proc/self/gid_map", "0 %d 1", real_gid);
+}
-- 
2.38.1


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH 2/2] syscalls: Replace namespace setup boilerplate with tst_setup_netns()

[Martin Doucha]

Removing explicit writes into max_user_namespaces sysfile also restores
the ability to run these tests without root privileges.

Signed-off-by: Martin Doucha <mdoucha@suse.cz>
---
 testcases/cve/cve-2017-16939.c                | 15 +++++++----
 testcases/cve/icmp_rate_limit01.c             | 14 +++-------
 testcases/kernel/syscalls/bind/bind06.c       | 14 ++--------
 testcases/kernel/syscalls/sendmsg/sendmsg03.c | 15 ++++++++---
 testcases/kernel/syscalls/sendto/sendto03.c   | 14 ++--------
 .../kernel/syscalls/setsockopt/setsockopt05.c | 14 ++--------
 .../kernel/syscalls/setsockopt/setsockopt06.c | 15 ++---------
 .../kernel/syscalls/setsockopt/setsockopt07.c | 15 ++---------
 .../kernel/syscalls/setsockopt/setsockopt08.c |  8 ++----
 .../kernel/syscalls/setsockopt/setsockopt09.c | 15 ++---------
 testcases/network/packet/fanout01.c           | 27 +++++++------------
 11 files changed, 48 insertions(+), 118 deletions(-)

diff --git a/testcases/cve/cve-2017-16939.c b/testcases/cve/cve-2017-16939.c
index d8c09014c..eb5400c0c 100644
--- a/testcases/cve/cve-2017-16939.c
+++ b/testcases/cve/cve-2017-16939.c
@@ -13,7 +13,6 @@
  */
 
 #include <unistd.h>
-#include <sched.h>
 #include <stdlib.h>
 #include <string.h>
 #include <sys/socket.h>
@@ -41,10 +40,7 @@ static struct msg_policy *p;
 
 static void setup(void)
 {
-	if (unshare(CLONE_NEWUSER) != 0)
-		tst_brk(TCONF, "unshare(CLONE_NEWUSER) failed");
-	if (unshare(CLONE_NEWNET) != 0)
-		tst_brk(TCONF, "unshare(CLONE_NEWNET) failed");
+	tst_setup_netns();
 
 	fd = SAFE_SOCKET(PF_NETLINK, SOCK_RAW, NETLINK_XFRM);
 	memset(&addr, 0, sizeof(struct sockaddr_nl));
@@ -77,6 +73,15 @@ static void run(void)
 static struct tst_test test = {
 	.setup = setup,
 	.test_all = run,
+	.needs_kconfigs = (const char *[]) {
+		"CONFIG_USER_NS=y",
+		"CONFIG_NET_NS=y",
+		NULL
+	},
+	.save_restore = (const struct tst_path_val[]) {
+		{"/proc/sys/user/max_user_namespaces", "1024", TST_SR_SKIP},
+		{}
+	},
 	.tags = (const struct tst_tag[]) {
 		{"linux-git", "1137b5e2529a"},
 		{"CVE", "2017-16939"},
diff --git a/testcases/cve/icmp_rate_limit01.c b/testcases/cve/icmp_rate_limit01.c
index 8f876722f..7a51aa0a4 100644
--- a/testcases/cve/icmp_rate_limit01.c
+++ b/testcases/cve/icmp_rate_limit01.c
@@ -29,12 +29,12 @@
 #include <arpa/inet.h>
 #include <linux/errqueue.h>
 
-#include <sched.h>
 #include <limits.h>
 
 #include "lapi/if_addr.h"
 #include "tst_test.h"
 #include "tst_netdevice.h"
+#include "lapi/namespaces_constants.h"
 
 #define DSTNET 0xfa444e00 /* 250.68.78.0 */
 #define SRCNET 0xfa444e40 /* 250.68.78.64 */
@@ -53,19 +53,11 @@ static void setup(void)
 	struct sockaddr_in ipaddr = { .sin_family = AF_INET };
 	uint32_t addr;
 	int i;
-	int real_uid = getuid();
-	int real_gid = getgid();
 
 	for (i = 0; i < SRCADDR_COUNT; i++)
 		fds[i] = -1;
 
-	SAFE_TRY_FILE_PRINTF("/proc/sys/user/max_user_namespaces", "%d", 10);
-
-	SAFE_UNSHARE(CLONE_NEWUSER);
-	SAFE_UNSHARE(CLONE_NEWNET);
-	SAFE_FILE_PRINTF("/proc/self/setgroups", "deny");
-	SAFE_FILE_PRINTF("/proc/self/uid_map", "0 %d 1\n", real_uid);
-	SAFE_FILE_PRINTF("/proc/self/gid_map", "0 %d 1\n", real_gid);
+	tst_setup_netns();
 
 	/*
 	 * Create network namespace to hide the destination interface from
@@ -269,7 +261,7 @@ static struct tst_test test = {
 		NULL
 	},
 	.save_restore = (const struct tst_path_val[]) {
-		{"/proc/sys/user/max_user_namespaces", NULL, TST_SR_SKIP},
+		{"/proc/sys/user/max_user_namespaces", "1024", TST_SR_SKIP},
 		{}
 	},
 	.tags = (const struct tst_tag[]) {
diff --git a/testcases/kernel/syscalls/bind/bind06.c b/testcases/kernel/syscalls/bind/bind06.c
index f7813d26a..7c3300c42 100644
--- a/testcases/kernel/syscalls/bind/bind06.c
+++ b/testcases/kernel/syscalls/bind/bind06.c
@@ -14,13 +14,11 @@
  *  net/packet: fix a race in packet_bind() and packet_notifier()
  */
 
-#define _GNU_SOURCE
 #include <sys/socket.h>
 #include <sys/ioctl.h>
 #include <linux/if_packet.h>
 #include <net/ethernet.h>
 #include <net/if.h>
-#include <sched.h>
 #include "tst_test.h"
 #include "tst_fuzzy_sync.h"
 
@@ -30,17 +28,9 @@ static struct tst_fzsync_pair fzsync_pair;
 
 static void setup(void)
 {
-	int real_uid = getuid();
-	int real_gid = getgid();
 	struct ifreq ifr;
 
-	SAFE_TRY_FILE_PRINTF("/proc/sys/user/max_user_namespaces", "%d", 10);
-
-	SAFE_UNSHARE(CLONE_NEWUSER);
-	SAFE_UNSHARE(CLONE_NEWNET);
-	SAFE_FILE_PRINTF("/proc/self/setgroups", "deny");
-	SAFE_FILE_PRINTF("/proc/self/uid_map", "0 %d 1\n", real_uid);
-	SAFE_FILE_PRINTF("/proc/self/gid_map", "0 %d 1\n", real_gid);
+	tst_setup_netns();
 
 	fd = SAFE_SOCKET(AF_PACKET, SOCK_DGRAM, PF_PACKET);
 	strcpy(ifr.ifr_name, "lo");
@@ -110,7 +100,7 @@ static struct tst_test test = {
 		NULL
 	},
 	.save_restore = (const struct tst_path_val[]) {
-		{"/proc/sys/user/max_user_namespaces", NULL, TST_SR_SKIP},
+		{"/proc/sys/user/max_user_namespaces", "1024", TST_SR_SKIP},
 		{}
 	},
 	.tags = (const struct tst_tag[]) {
diff --git a/testcases/kernel/syscalls/sendmsg/sendmsg03.c b/testcases/kernel/syscalls/sendmsg/sendmsg03.c
index 505a6dd24..38459990f 100644
--- a/testcases/kernel/syscalls/sendmsg/sendmsg03.c
+++ b/testcases/kernel/syscalls/sendmsg/sendmsg03.c
@@ -15,11 +15,9 @@
  *
  *  net: ipv4: fix for a race condition in raw_sendmsg
  */
-#define _GNU_SOURCE
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
-#include <sched.h>
 #include "tst_test.h"
 #include "tst_fuzzy_sync.h"
 
@@ -38,8 +36,8 @@ static void setup(void)
 {
 	int i;
 
-	SAFE_UNSHARE(CLONE_NEWUSER);
-	SAFE_UNSHARE(CLONE_NEWNET);
+	tst_setup_netns();
+
 	sockfd = SAFE_SOCKET(AF_INET, SOCK_RAW, IPPROTO_ICMP);
 
 	memset(buf, 0xcc, PACKET_SIZE);
@@ -106,6 +104,15 @@ static struct tst_test test = {
 	.cleanup = cleanup,
 	.taint_check = TST_TAINT_W | TST_TAINT_D,
 	.max_runtime = 150,
+	.needs_kconfigs = (const char *[]) {
+		"CONFIG_USER_NS=y",
+		"CONFIG_NET_NS=y",
+		NULL
+	},
+	.save_restore = (const struct tst_path_val[]) {
+		{"/proc/sys/user/max_user_namespaces", "1024", TST_SR_SKIP},
+		{}
+	},
 	.tags = (const struct tst_tag[]) {
 		{"linux-git", "8f659a03a0ba"},
 		{"CVE", "2017-17712"},
diff --git a/testcases/kernel/syscalls/sendto/sendto03.c b/testcases/kernel/syscalls/sendto/sendto03.c
index 3709b287c..b07d5122b 100644
--- a/testcases/kernel/syscalls/sendto/sendto03.c
+++ b/testcases/kernel/syscalls/sendto/sendto03.c
@@ -17,7 +17,6 @@
  *  net/packet: fix overflow in tpacket_rcv
  */
 
-#define _GNU_SOURCE
 #include <stdio.h>
 #include <limits.h>
 #include <sys/types.h>
@@ -25,7 +24,6 @@
 #include <sys/ioctl.h>
 #include <net/if.h>
 #include <net/ethernet.h>
-#include <sched.h>
 
 #include "tst_test.h"
 #include "tst_net.h"
@@ -39,17 +37,9 @@ static struct sockaddr_ll bind_addr, addr;
 
 static void setup(void)
 {
-	int real_uid = getuid();
-	int real_gid = getgid();
 	struct ifreq ifr;
 
-	SAFE_TRY_FILE_PRINTF("/proc/sys/user/max_user_namespaces", "%d", 10);
-
-	SAFE_UNSHARE(CLONE_NEWUSER);
-	SAFE_UNSHARE(CLONE_NEWNET);
-	SAFE_FILE_PRINTF("/proc/self/setgroups", "deny");
-	SAFE_FILE_PRINTF("/proc/self/uid_map", "0 %d 1", real_uid);
-	SAFE_FILE_PRINTF("/proc/self/gid_map", "0 %d 1", real_gid);
+	tst_setup_netns();
 
 	sock = SAFE_SOCKET(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
 	strcpy(ifr.ifr_name, "lo");
@@ -218,7 +208,7 @@ static struct tst_test test = {
 		NULL
 	},
 	.save_restore = (const struct tst_path_val[]) {
-		{"/proc/sys/user/max_user_namespaces", NULL, TST_SR_SKIP},
+		{"/proc/sys/user/max_user_namespaces", "1024", TST_SR_SKIP},
 		{}
 	},
 	.tags = (const struct tst_tag[]) {
diff --git a/testcases/kernel/syscalls/setsockopt/setsockopt05.c b/testcases/kernel/syscalls/setsockopt/setsockopt05.c
index 580467dc8..3263da98a 100644
--- a/testcases/kernel/syscalls/setsockopt/setsockopt05.c
+++ b/testcases/kernel/syscalls/setsockopt/setsockopt05.c
@@ -17,13 +17,11 @@
  *  udp: consistently apply ufo or fragmentation
  */
 
-#define _GNU_SOURCE
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
 #include <sys/ioctl.h>
 #include <net/if.h>
-#include <sched.h>
 
 #include "tst_test.h"
 #include "tst_net.h"
@@ -35,18 +33,10 @@ static int dst_sock = -1;
 
 static void setup(void)
 {
-	int real_uid = getuid();
-	int real_gid = getgid();
 	struct ifreq ifr;
 	socklen_t addrlen = sizeof(addr);
 
-	SAFE_TRY_FILE_PRINTF("/proc/sys/user/max_user_namespaces", "%d", 10);
-
-	SAFE_UNSHARE(CLONE_NEWUSER);
-	SAFE_UNSHARE(CLONE_NEWNET);
-	SAFE_FILE_PRINTF("/proc/self/setgroups", "deny");
-	SAFE_FILE_PRINTF("/proc/self/uid_map", "0 %d 1", real_uid);
-	SAFE_FILE_PRINTF("/proc/self/gid_map", "0 %d 1", real_gid);
+	tst_setup_netns();
 
 	tst_init_sockaddr_inet_bin(&addr, INADDR_LOOPBACK, 0);
 	dst_sock = SAFE_SOCKET(AF_INET, SOCK_DGRAM, 0);
@@ -102,7 +92,7 @@ static struct tst_test test = {
 		NULL
 	},
 	.save_restore = (const struct tst_path_val[]) {
-		{"/proc/sys/user/max_user_namespaces", NULL, TST_SR_SKIP},
+		{"/proc/sys/user/max_user_namespaces", "1024", TST_SR_SKIP},
 		{}
 	},
 	.tags = (const struct tst_tag[]) {
diff --git a/testcases/kernel/syscalls/setsockopt/setsockopt06.c b/testcases/kernel/syscalls/setsockopt/setsockopt06.c
index e67996a78..00dc69bfb 100644
--- a/testcases/kernel/syscalls/setsockopt/setsockopt06.c
+++ b/testcases/kernel/syscalls/setsockopt/setsockopt06.c
@@ -16,11 +16,9 @@
  *  packet: fix race condition in packet_set_ring
  */
 
-#define _GNU_SOURCE
 #include <unistd.h>
 #include <sys/types.h>
 #include <sys/socket.h>
-#include <sched.h>
 
 #include "tst_test.h"
 #include "tst_fuzzy_sync.h"
@@ -33,17 +31,8 @@ static struct tst_fzsync_pair fzsync_pair;
 
 static void setup(void)
 {
-	int real_uid = getuid();
-	int real_gid = getgid();
-
 	pagesize = SAFE_SYSCONF(_SC_PAGESIZE);
-	SAFE_TRY_FILE_PRINTF("/proc/sys/user/max_user_namespaces", "%d", 10);
-
-	SAFE_UNSHARE(CLONE_NEWUSER);
-	SAFE_UNSHARE(CLONE_NEWNET);
-	SAFE_FILE_PRINTF("/proc/self/setgroups", "deny");
-	SAFE_FILE_PRINTF("/proc/self/uid_map", "0 %d 1", real_uid);
-	SAFE_FILE_PRINTF("/proc/self/gid_map", "0 %d 1", real_gid);
+	tst_setup_netns();
 
 	fzsync_pair.exec_loops = 100000;
 	tst_fzsync_pair_init(&fzsync_pair);
@@ -130,7 +119,7 @@ static struct tst_test test = {
 		NULL
 	},
 	.save_restore = (const struct tst_path_val[]) {
-		{"/proc/sys/user/max_user_namespaces", NULL, TST_SR_SKIP},
+		{"/proc/sys/user/max_user_namespaces", "1024", TST_SR_SKIP},
 		{}
 	},
 	.tags = (const struct tst_tag[]) {
diff --git a/testcases/kernel/syscalls/setsockopt/setsockopt07.c b/testcases/kernel/syscalls/setsockopt/setsockopt07.c
index 1c5a0ed6d..f6f94ad97 100644
--- a/testcases/kernel/syscalls/setsockopt/setsockopt07.c
+++ b/testcases/kernel/syscalls/setsockopt/setsockopt07.c
@@ -19,11 +19,9 @@
  *  packet: fix tp_reserve race in packet_set_ring
  */
 
-#define _GNU_SOURCE
 #include <unistd.h>
 #include <sys/types.h>
 #include <sys/socket.h>
-#include <sched.h>
 
 #include "tst_test.h"
 #include "tst_fuzzy_sync.h"
@@ -36,17 +34,8 @@ static struct tst_fzsync_pair fzsync_pair;
 
 static void setup(void)
 {
-	int real_uid = getuid();
-	int real_gid = getgid();
-
 	pagesize = SAFE_SYSCONF(_SC_PAGESIZE);
-	SAFE_TRY_FILE_PRINTF("/proc/sys/user/max_user_namespaces", "%d", 10);
-
-	SAFE_UNSHARE(CLONE_NEWUSER);
-	SAFE_UNSHARE(CLONE_NEWNET);
-	SAFE_FILE_PRINTF("/proc/self/setgroups", "deny");
-	SAFE_FILE_PRINTF("/proc/self/uid_map", "0 %d 1", real_uid);
-	SAFE_FILE_PRINTF("/proc/self/gid_map", "0 %d 1", real_gid);
+	tst_setup_netns();
 
 	/*
 	 * Reproducing the bug on unpatched system takes <15 loops. The test
@@ -143,7 +132,7 @@ static struct tst_test test = {
 		NULL
 	},
 	.save_restore = (const struct tst_path_val[]) {
-		{"/proc/sys/user/max_user_namespaces", NULL, TST_SR_SKIP},
+		{"/proc/sys/user/max_user_namespaces", "1024", TST_SR_SKIP},
 		{}
 	},
 	.tags = (const struct tst_tag[]) {
diff --git a/testcases/kernel/syscalls/setsockopt/setsockopt08.c b/testcases/kernel/syscalls/setsockopt/setsockopt08.c
index a29125fd7..5fc1a8b8e 100644
--- a/testcases/kernel/syscalls/setsockopt/setsockopt08.c
+++ b/testcases/kernel/syscalls/setsockopt/setsockopt08.c
@@ -84,7 +84,6 @@
 #include "tst_test.h"
 #include "tst_safe_net.h"
 #include "lapi/ip_tables.h"
-#include "lapi/namespaces_constants.h"
 
 static void *buffer;
 
@@ -95,10 +94,7 @@ void setup(void)
 			"The vulnerability was only present in 32-bit compat mode");
 	}
 
-	SAFE_TRY_FILE_PRINTF("/proc/sys/user/max_user_namespaces", "%d", 10);
-
-	SAFE_UNSHARE(CLONE_NEWUSER);
-	SAFE_UNSHARE(CLONE_NEWNET);
+	tst_setup_netns();
 }
 
 void run(void)
@@ -159,7 +155,7 @@ static struct tst_test test = {
 		NULL
 	},
 	.save_restore = (const struct tst_path_val[]) {
-		{"/proc/sys/user/max_user_namespaces", NULL, TST_SR_SKIP},
+		{"/proc/sys/user/max_user_namespaces", "1024", TST_SR_SKIP},
 		{}
 	},
 	.tags = (const struct tst_tag[]) {
diff --git a/testcases/kernel/syscalls/setsockopt/setsockopt09.c b/testcases/kernel/syscalls/setsockopt/setsockopt09.c
index b49b17e7d..9ed80e46b 100644
--- a/testcases/kernel/syscalls/setsockopt/setsockopt09.c
+++ b/testcases/kernel/syscalls/setsockopt/setsockopt09.c
@@ -26,11 +26,9 @@
  *  packet: fix use-after-free in prb_retire_rx_blk_timer_expired()
  */
 
-#define _GNU_SOURCE
 #include <unistd.h>
 #include <sys/types.h>
 #include <sys/socket.h>
-#include <sched.h>
 
 #include "tst_test.h"
 #include "lapi/if_packet.h"
@@ -40,17 +38,8 @@ static unsigned int pagesize;
 
 static void setup(void)
 {
-	int real_uid = getuid();
-	int real_gid = getgid();
-
 	pagesize = SAFE_SYSCONF(_SC_PAGESIZE);
-	SAFE_TRY_FILE_PRINTF("/proc/sys/user/max_user_namespaces", "%d", 10);
-
-	SAFE_UNSHARE(CLONE_NEWUSER);
-	SAFE_UNSHARE(CLONE_NEWNET);
-	SAFE_FILE_PRINTF("/proc/self/setgroups", "deny");
-	SAFE_FILE_PRINTF("/proc/self/uid_map", "0 %d 1", real_uid);
-	SAFE_FILE_PRINTF("/proc/self/gid_map", "0 %d 1", real_gid);
+	tst_setup_netns();
 }
 
 static void run(void)
@@ -124,7 +113,7 @@ static struct tst_test test = {
 		NULL
 	},
 	.save_restore = (const struct tst_path_val[]) {
-		{"/proc/sys/user/max_user_namespaces", NULL, TST_SR_SKIP},
+		{"/proc/sys/user/max_user_namespaces", "1024", TST_SR_SKIP},
 		{}
 	},
 	.tags = (const struct tst_tag[]) {
diff --git a/testcases/network/packet/fanout01.c b/testcases/network/packet/fanout01.c
index 0aad3321b..4243f8400 100644
--- a/testcases/network/packet/fanout01.c
+++ b/testcases/network/packet/fanout01.c
@@ -13,7 +13,6 @@
  * See blogpost in copyright notice for more details.
  */
 #include <errno.h>
-#include <sched.h>
 #include <sys/types.h>
 #include <net/if.h>
 #include <linux/if_packet.h>
@@ -22,7 +21,6 @@
 #include "tst_test.h"
 #include "tst_fuzzy_sync.h"
 #include "lapi/if_packet.h"
-#include "lapi/namespaces_constants.h"
 
 static struct tst_fzsync_pair pair;
 static int fd;
@@ -30,21 +28,7 @@ static struct sockaddr_ll addr;
 
 void setup(void)
 {
-	int real_uid = getuid();
-	int real_gid = getgid();
-
-	TEST(unshare(CLONE_NEWUSER));
-	if (TST_RET)
-		tst_brk(TBROK | TTERRNO, "Can't create new user namespace");
-
-	TEST(unshare(CLONE_NEWNET));
-	if (TST_RET)
-		tst_brk(TBROK | TTERRNO, "Can't create new net namespace");
-
-	FILE_PRINTF("/proc/self/setgroups", "deny");
-	FILE_PRINTF("/proc/self/uid_map", "0 %d 1\n", real_uid);
-	FILE_PRINTF("/proc/self/gid_map", "0 %d 1\n", real_gid);
-
+	tst_setup_netns();
 	tst_fzsync_pair_init(&pair);
 }
 
@@ -107,6 +91,15 @@ static struct tst_test test = {
 	.cleanup = cleanup,
 	.needs_root = 1,
 	.max_runtime = 180,
+	.needs_kconfigs = (const char *[]) {
+		"CONFIG_USER_NS=y",
+		"CONFIG_NET_NS=y",
+		NULL
+	},
+	.save_restore = (const struct tst_path_val[]) {
+		{"/proc/sys/user/max_user_namespaces", "1024", TST_SR_SKIP},
+		{}
+	},
 	.tags = (const struct tst_tag[]) {
 		{"CVE", "2017-15649"},
 		{"linux-git", "4971613c1639"},
-- 
2.38.1


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 1/2] Implement tst_setup_netns() helper function

[Petr Vorel]

Hi Martin,
> Namespace setup boilerplate for network tests is getting more complicated
> with the need to check or modify some sysfiles. Move it into LTP library.
+1

Reviewed-by: Petr Vorel <pvorel@suse.cz>

>  #define TST_NO_DEFAULT_MAIN
>  #include "tst_test.h"
>  #include "tst_net.h"
>  #include "tst_private.h"
> +#include "lapi/namespaces_constants.h"
WDYT about adding <sched.h> to lapi/namespaces_constants.h?
(not related to this patchset at all).

Kind regards,
Petr

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 1/2] Implement tst_setup_netns() helper function

[Petr Vorel]

Hi Martin,

> +void tst_setup_netns(void)
> +{
> +	int real_uid = getuid();
> +	int real_gid = getgid();
> +	int nscount = 1;
> +
> +	if (!access("/proc/sys/user/max_user_namespaces", F_OK)) {
Out of curiosity, this can happen only on old kernel, which does not support
user namespaces (kernel < 3.8) ? I guess there must be other case,
I suppose you would not bother about 3.8, right?

Also asking that if not readable we don't TCONF (int nscount = 1).

Kind regards,
Petr

> +		SAFE_FILE_SCANF("/proc/sys/user/max_user_namespaces", "%d",
> +			&nscount);
> +	}
> +
> +	if (!nscount)
> +		tst_brk(TCONF, "User namespaces are disabled");
> +
> +	SAFE_UNSHARE(CLONE_NEWUSER);
> +	SAFE_UNSHARE(CLONE_NEWNET);
> +	SAFE_FILE_PRINTF("/proc/self/setgroups", "deny");
> +	SAFE_FILE_PRINTF("/proc/self/uid_map", "0 %d 1", real_uid);
> +	SAFE_FILE_PRINTF("/proc/self/gid_map", "0 %d 1", real_gid);
> +}

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 1/2] Implement tst_setup_netns() helper function

[Martin Doucha]

On 25. 11. 22 18:01, Petr Vorel wrote:
> Hi Martin,
> 
>> +void tst_setup_netns(void)
>> +{
>> +	int real_uid = getuid();
>> +	int real_gid = getgid();
>> +	int nscount = 1;
>> +
>> +	if (!access("/proc/sys/user/max_user_namespaces", F_OK)) {
> Out of curiosity, this can happen only on old kernel, which does not support
> user namespaces (kernel < 3.8) ? I guess there must be other case,
> I suppose you would not bother about 3.8, right?
> 
> Also asking that if not readable we don't TCONF (int nscount = 1).

This is very much still happening on kernel 4.4.180 even though user 
namespaces are supported and enabled by default. That's why 
tst_setup_netns() fails with TCONF only when max_user_namespaces sysfile 
exists, is read-only AND the value inside is zero.

-- 
Martin Doucha   mdoucha@suse.cz
QA Engineer for Software Maintenance
SUSE LINUX, s.r.o.
CORSO IIa
Krizikova 148/34
186 00 Prague 8
Czech Republic


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 1/2] Implement tst_setup_netns() helper function

[Petr Vorel]

> On 25. 11. 22 18:01, Petr Vorel wrote:
> > Hi Martin,

> > > +void tst_setup_netns(void)
> > > +{
> > > +	int real_uid = getuid();
> > > +	int real_gid = getgid();
> > > +	int nscount = 1;
> > > +
> > > +	if (!access("/proc/sys/user/max_user_namespaces", F_OK)) {
> > Out of curiosity, this can happen only on old kernel, which does not support
> > user namespaces (kernel < 3.8) ? I guess there must be other case,
> > I suppose you would not bother about 3.8, right?

> > Also asking that if not readable we don't TCONF (int nscount = 1).

> This is very much still happening on kernel 4.4.180 even though user
> namespaces are supported and enabled by default. That's why
> tst_setup_netns() fails with TCONF only when max_user_namespaces sysfile
> exists, is read-only AND the value inside is zero.

Makes sense.

And missing file: if I'm correct sysctl files were added in v4.9-rc1 in
25f9c0817c53 ("userns: Generalize the user namespace count into ucount")

Kind regards,
Petr

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 1/2] Implement tst_setup_netns() helper function

[Petr Vorel]

Hi Martin,

Patchset merged, thanks for this cleanup.

Kind regards,
Petr

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp