90 lines
2.5 KiB
Bash
Executable File
90 lines
2.5 KiB
Bash
Executable File
#!/bin/ksh -p
|
|
#
|
|
# CDDL HEADER START
|
|
#
|
|
# The contents of this file are subject to the terms of the
|
|
# Common Development and Distribution License (the "License").
|
|
# You may not use this file except in compliance with the License.
|
|
#
|
|
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
|
# or http://www.opensolaris.org/os/licensing.
|
|
# See the License for the specific language governing permissions
|
|
# and limitations under the License.
|
|
#
|
|
# When distributing Covered Code, include this CDDL HEADER in each
|
|
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
|
# If applicable, add the following below this CDDL HEADER, with the
|
|
# fields enclosed by brackets "[]" replaced with your own identifying
|
|
# information: Portions Copyright [yyyy] [name of copyright owner]
|
|
#
|
|
# CDDL HEADER END
|
|
#
|
|
|
|
. $STF_SUITE/tests/functional/user_namespace/user_namespace_common.kshlib
|
|
|
|
#
|
|
#
|
|
# DESCRIPTION:
|
|
# Regression test for secpolicy_vnode_setids_setgids
|
|
#
|
|
#
|
|
# STRATEGY:
|
|
# 1. Create files with various owners.
|
|
# 2. Try to set setgid bit.
|
|
#
|
|
|
|
verify_runnable "both"
|
|
|
|
# rroot: real root,
|
|
# uroot: root within user namespace
|
|
# uother: other user within user namespace
|
|
set -A files rroot_rroot uroot_uroot uroot_other uother_uroot uother_uother
|
|
|
|
function cleanup
|
|
{
|
|
for i in ${files[*]}; do
|
|
log_must rm -f $TESTDIR/$i
|
|
done
|
|
}
|
|
|
|
log_onexit cleanup
|
|
|
|
log_assert "Check root in user namespaces"
|
|
|
|
TOUCH=$(readlink -e $(which touch))
|
|
CHMOD=$(readlink -e $(which chmod))
|
|
|
|
for i in ${files[*]}; do
|
|
log_must $TOUCH $TESTDIR/$i
|
|
log_must $CHMOD 0644 $TESTDIR/$i
|
|
done
|
|
|
|
log_must chown 0:0 $TESTDIR/rroot_rroot
|
|
log_must chown $ROOT_UID:$ROOT_UID $TESTDIR/uroot_uroot
|
|
log_must chown $ROOT_UID:$OTHER_UID $TESTDIR/uroot_other
|
|
log_must chown $OTHER_UID:$ROOT_UID $TESTDIR/uother_uroot
|
|
log_must chown $OTHER_UID:$OTHER_UID $TESTDIR/uother_uother
|
|
|
|
log_mustnot user_ns_exec $CHMOD 02755 $TESTDIR/rroot_rroot
|
|
log_mustnot test -g $TESTDIR/rroot_rroot
|
|
|
|
log_must user_ns_exec $CHMOD 02755 $TESTDIR/uroot_uroot
|
|
log_must test -g $TESTDIR/uroot_uroot
|
|
|
|
log_must user_ns_exec $CHMOD 02755 $TESTDIR/uroot_other
|
|
log_must test -g $TESTDIR/uroot_other
|
|
|
|
log_must user_ns_exec $CHMOD 02755 $TESTDIR/uother_uroot
|
|
log_must test -g $TESTDIR/uother_uroot
|
|
|
|
log_must user_ns_exec $CHMOD 02755 $TESTDIR/uother_uother
|
|
log_must test -g $TESTDIR/uother_uother
|
|
|
|
log_mustnot user_ns_exec $TOUCH $TESTDIR/rroot_rroot
|
|
log_must $CHMOD 0666 $TESTDIR/rroot_rroot
|
|
for i in ${files[*]}; do
|
|
log_must user_ns_exec $TOUCH $TESTDIR/$i
|
|
done
|
|
|
|
log_pass "Check root in user namespaces"
|