1#!/bin/ksh -p 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or https://opensource.org/licenses/CDDL-1.0. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22 23. $STF_SUITE/tests/functional/user_namespace/user_namespace_common.kshlib 24 25# 26# DESCRIPTION: 27# Regression test for delegation of datasets to user namespaces. 28# 29# STRATEGY: 30# 1. Delegate two datasets with distinctive names to a user namespace. 31# 2. Check that 'zfs list' is not able to see datasets outside of the 32# delegation, which have a prefix matching one of the delegated sets. 33# Also, check that all the delegated sets are visible. 34# 35 36verify_runnable "both" 37 38user_ns_cleanup() { 39 if [ -n "$proc_ns_added" ]; then 40 log_must zfs unzone $proc_ns_added $TESTPOOL/userns 41 log_must zfs unzone $proc_ns_added $TESTPOOL/otheruserns 42 fi 43 if [ -n "$unshared_pid" ]; then 44 kill -9 $unshared_pid 45 # Give it a sec to make the global cleanup more reliable. 46 sleep 1 47 fi 48 log_must zfs destroy -r $TESTPOOL/userns 49 log_must zfs destroy -r $TESTPOOL/usernsisitnot 50 log_must zfs destroy -r $TESTPOOL/otheruserns 51} 52 53log_onexit user_ns_cleanup 54 55log_assert "Check zfs list command handling of dataset visibility in user namespaces" 56 57# Create the baseline dataset. 58log_must zfs create -o zoned=on $TESTPOOL/userns 59# Datasets with a prefix matching the delegated dataset should not be 60# automatically considered visible. 61log_must zfs create -o zoned=on $TESTPOOL/usernsisitnot 62# All delegated datasets should be visible. 63log_must zfs create -o zoned=on $TESTPOOL/otheruserns 64 65# 1. Create a user namespace with a cloned mount namespace, then delegate. 66unshare -Urm echo test 67if [ "$?" -ne "0" ]; then 68 log_unsupported "Failed to create user namespace" 69fi 70unshare -Urm /usr/bin/sleep 1h & 71unshared_pid=$! 72if [ "$?" -ne "0" ]; then 73 log_unsupported "Failed to create user namespace" 74fi 75proc_ns=/proc/$unshared_pid/ns/user 76sleep 2 # Wait for unshare to acquire user namespace 77log_note "unshare: child=${unshared_pid} proc_ns=${proc_ns}" 78 79NSENTER="nsenter -t $unshared_pid --all" 80 81$NSENTER echo test 82if [ "$?" -ne "0" ]; then 83 log_unsupported "Failed to enter user namespace" 84fi 85 86# 1b. Pre-test by checking that 'zone' does something new. 87list="$($NSENTER zfs list -r -H -o name | tr '\n' ' ')" 88log_must test -z "$list" 89log_must zfs zone $proc_ns $TESTPOOL/userns 90log_must zfs zone $proc_ns $TESTPOOL/otheruserns 91proc_ns_added="$ns" 92 93# 2. 'zfs list' 94list="$($NSENTER zfs list -r -H -o name $TESTPOOL | tr '\n' ' ')" 95log_must test "$list" = "$TESTPOOL $TESTPOOL/otheruserns $TESTPOOL/userns " 96 97log_pass "Check zfs list command handling of dataset visibility in user namespaces" 98