tools/testing/selftests/capabilities/test_execve.c

Source file repositories/reference/linux-study-clean/tools/testing/selftests/capabilities/test_execve.c

File Facts

System
Linux kernel
Corpus path
tools/testing/selftests/capabilities/test_execve.c
Extension
.c
Size
13143 bytes
Lines
457
Domain
Support Tooling And Documentation
Bucket
tools
Inferred role
Support Tooling And Documentation: implementation source
Status
source implementation candidate

Why This File Exists

Repository support layer: documentation, build tooling, samples, user-space helper tools, generated initramfs support, licenses, and validation utilities.

Dependency Surface

Detected Declarations

Annotated Snippet

if (written >= 0) {
			ksft_exit_fail_msg("short write to %s\n", filename);
		} else {
			ksft_exit_fail_msg("write to %s failed - %s\n",
						filename, strerror(errno));
		}
	}
	if (close(fd) != 0) {
		ksft_exit_fail_msg("close of %s failed - %s\n",
					filename, strerror(errno));
	}
}

static void maybe_write_file(char *filename, char *fmt, ...)
{
	va_list ap;

	va_start(ap, fmt);
	vmaybe_write_file(true, filename, fmt, ap);
	va_end(ap);
}

static void write_file(char *filename, char *fmt, ...)
{
	va_list ap;

	va_start(ap, fmt);
	vmaybe_write_file(false, filename, fmt, ap);
	va_end(ap);
}

static bool create_and_enter_ns(uid_t inner_uid)
{
	uid_t outer_uid;
	gid_t outer_gid;
	int i, ret;
	bool have_outer_privilege;

	outer_uid = getuid();
	outer_gid = getgid();

	if (outer_uid == 0 && unshare(CLONE_NEWNS) == 0) {
		ksft_print_msg("[NOTE]\tUsing global UIDs for tests\n");
		if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) != 0)
			ksft_exit_fail_msg("PR_SET_KEEPCAPS - %s\n",
						strerror(errno));
		if (setresuid(inner_uid, inner_uid, -1) != 0)
			ksft_exit_fail_msg("setresuid - %s\n", strerror(errno));

		// Re-enable effective caps
		ret = capng_get_caps_process();
		if (ret == -1)
			ksft_exit_fail_msg("capng_get_caps_process failed\n");

		for (i = 0; i < CAP_LAST_CAP; i++)
			if (capng_have_capability(CAPNG_PERMITTED, i))
				capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, i);
		if (capng_apply(CAPNG_SELECT_CAPS) != 0)
			ksft_exit_fail_msg(
					"capng_apply - %s\n", strerror(errno));

		have_outer_privilege = true;
	} else if (unshare(CLONE_NEWUSER | CLONE_NEWNS) == 0) {
		ksft_print_msg("[NOTE]\tUsing a user namespace for tests\n");
		maybe_write_file("/proc/self/setgroups", "deny");
		write_file("/proc/self/uid_map", "%d %d 1", inner_uid, outer_uid);
		write_file("/proc/self/gid_map", "0 %d 1", outer_gid);

		have_outer_privilege = false;
	} else {
		ksft_exit_skip("must be root or be able to create a userns\n");
	}

	if (mount("none", "/", NULL, MS_REC | MS_PRIVATE, NULL) != 0)
		ksft_exit_fail_msg("remount everything private - %s\n",
					strerror(errno));

	return have_outer_privilege;
}

static void chdir_to_tmpfs(void)
{
	char cwd[PATH_MAX];
	if (getcwd(cwd, sizeof(cwd)) != cwd)
		ksft_exit_fail_msg("getcwd - %s\n", strerror(errno));

	if (mount("private_tmp", ".", "tmpfs", 0, "mode=0777") != 0)
		ksft_exit_fail_msg("mount private tmpfs - %s\n",
					strerror(errno));

Annotation

Implementation Notes