1#!/bin/ksh -p 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22 23. $STF_SUITE/tests/functional/user_namespace/user_namespace_common.kshlib 24 25# 26# 27# DESCRIPTION: 28# Regression test for secpolicy_vnode_setids_setgids 29# 30# 31# STRATEGY: 32# 1. Create files with various owners. 33# 2. Try to set setgid bit. 34# 35 36verify_runnable "both" 37 38# rroot: real root, 39# uroot: root within user namespace 40# uother: other user within user namespace 41set -A files rroot_rroot uroot_uroot uroot_other uother_uroot uother_uother 42 43function cleanup 44{ 45 for i in ${files[*]}; do 46 log_must rm -f $TESTDIR/$i 47 done 48} 49 50unshare -Urm echo test 51if [ "$?" -ne "0" ]; then 52 log_unsupported "Failed to create user namespace" 53fi 54 55log_onexit cleanup 56 57log_assert "Check root in user namespaces" 58 59TOUCH=$(readlink -f $(command -v touch)) 60CHMOD=$(readlink -f $(command -v chmod)) 61 62for i in ${files[*]}; do 63 log_must $TOUCH $TESTDIR/$i 64 log_must $CHMOD 0644 $TESTDIR/$i 65done 66 67log_must chown 0:0 $TESTDIR/rroot_rroot 68log_must chown $ROOT_UID:$ROOT_UID $TESTDIR/uroot_uroot 69log_must chown $ROOT_UID:$OTHER_UID $TESTDIR/uroot_other 70log_must chown $OTHER_UID:$ROOT_UID $TESTDIR/uother_uroot 71log_must chown $OTHER_UID:$OTHER_UID $TESTDIR/uother_uother 72 73log_mustnot user_ns_exec $CHMOD 02755 $TESTDIR/rroot_rroot 74log_mustnot test -g $TESTDIR/rroot_rroot 75 76log_must user_ns_exec $CHMOD 02755 $TESTDIR/uroot_uroot 77log_must test -g $TESTDIR/uroot_uroot 78 79log_must user_ns_exec $CHMOD 02755 $TESTDIR/uroot_other 80log_must test -g $TESTDIR/uroot_other 81 82log_must user_ns_exec $CHMOD 02755 $TESTDIR/uother_uroot 83log_must test -g $TESTDIR/uother_uroot 84 85log_must user_ns_exec $CHMOD 02755 $TESTDIR/uother_uother 86log_must test -g $TESTDIR/uother_uother 87 88log_mustnot user_ns_exec $TOUCH $TESTDIR/rroot_rroot 89log_must $CHMOD 0666 $TESTDIR/rroot_rroot 90for i in ${files[*]}; do 91 log_must user_ns_exec $TOUCH $TESTDIR/$i 92done 93 94log_pass "Check root in user namespaces" 95