tests: add vfs/idmapped mounts test suite
This adds a whole test suite for idmapped mounts but in order to ensure that
there are no regression for the vfs itself it also includes tests for correct
functionality on non-idmapped mounts. The following tests are currently
available with more to come in the future:
01. create_delete_rename: test that basic file interactions work for idmapped mounts
02. create_delete_rename_userns: test that basic file interactions work for
idmapped mounts from within user namespaces
03. hardlinks: verify that hardlinks work correctly
04. rename: verity tat rename works correctly
05. create_userns: verify that file creation in user namespaces works from idmapped mounts
06. create_userns_device_node: verify that device node creation fails inside user
namespace from idmapped mounts.
07. expected_uid_gid: verify that file ownership works correctly on idmapped mounts
08. expected_uid_gid_userns: verify that file ownership works correctly on
idmapped mounts inside user namespaces
09. expected_fscaps_userns: verify that filesystem capabilities work correctly on
idmapped mounts and inside user namespaces
10. expected_fscaps_reverse: verify that filesystem capabilities work correctly
on idmapped mounts and inside user namespaces where we map from unprivileged
ids to privileged ids
11. setid_binaries: verify that suid and sgid binaries work correctly on idmapped mounts
12. setid_binaries_reverse: verify that suid and sgid binaries work correctly on
idmapped mounts where we map from unprivileged ids to privileged ids
13. setid_binaries_userns: verify that suid and sgid binaries work correctly on
idmapped mounts inside user namespaces
14. idmap_mount_tree: verify that idmapping a whole mount tree works correctly
15. idmap_mount_tree_invalid: verify that idmapping a mount tree with a mount of
a filesystem that doesn't support being idmapped yet fails
16. sticky_bit_unlink: verify that unlinking in sticky directories works correctly
17. sticky_bit_unlink_idmapped: verify that unlinking in sticky directories works
correctly on idmapped mounts
18. sticky_bit_unlink_idmapped_userns: verify that unlinking in sticky directories works
correctly on idmapped mounts inside user namespaces
19. sticky_bit_rename_idmapped: verify that renaminging in sticky directories works
correctly on idmapped mounts
20. sticky_bit_rename_idmapped_userns: verify that renaming in sticky directories works
correctly on idmapped mounts inside user namespaces
21. follow_symlinks: test that following protected symlinks works correctly
22. follow_symlinks_idmapped: test that following symlinks works correctly on idmapped mounts
23. follow_symlinks_idmapped_userns: test that following symlinks works correctly
on idmapped mounts inside user namespaces
24. invalid_fd_negative: test that negative fds are rejected when idmapping mounts
25. invalid_fd_large: test that excessively large fds are rejected when idmappings mounts
26. invalid_fd_closed: test that closed fds are rejected when idmapping mounts
27. invalid_fd_initial_userns: test that fds referencing the initial user namespace are rejected
28. attached_mount_inside_current_mount_namespace: test that attached mounts can be idmapped
29. attached_mount_outside_current_mount_namespace: test that attached mounts
can't be idmapped if we are in a different user namespace
30. detached_mount_inside_current_mount_namespace: test that detached mounts can be idmapped
31. detached_mount_outside_current_mount_namespace: test that detached mounts can
be idmapped outside of our current user namespace
32. change_idmapping: test that idmapped mounts can't be changed
Output:
TAP version 13
1..33
# Starting 33 tests from 2 test cases.
# RUN core.invalid_fd_negative ...
# OK core.invalid_fd_negative
ok 1 core.invalid_fd_negative
# RUN core.invalid_fd_large ...
# OK core.invalid_fd_large
ok 2 core.invalid_fd_large
# RUN core.invalid_fd_closed ...
# OK core.invalid_fd_closed
ok 3 core.invalid_fd_closed
# RUN core.invalid_fd_initial_userns ...
# OK core.invalid_fd_initial_userns
ok 4 core.invalid_fd_initial_userns
# RUN core.attached_mount_inside_current_mount_namespace ...
# OK core.attached_mount_inside_current_mount_namespace
ok 5 core.attached_mount_inside_current_mount_namespace
# RUN core.attached_mount_outside_current_mount_namespace ...
# OK core.attached_mount_outside_current_mount_namespace
ok 6 core.attached_mount_outside_current_mount_namespace
# RUN core.detached_mount_inside_current_mount_namespace ...
# OK core.detached_mount_inside_current_mount_namespace
ok 7 core.detached_mount_inside_current_mount_namespace
# RUN core.detached_mount_outside_current_mount_namespace ...
# OK core.detached_mount_outside_current_mount_namespace
ok 8 core.detached_mount_outside_current_mount_namespace
# RUN core.change_idmapping ...
# OK core.change_idmapping
ok 9 core.change_idmapping
# RUN core.create_delete_rename ...
# OK core.create_delete_rename
ok 10 core.create_delete_rename
# RUN core.create_delete_rename_userns ...
# OK core.create_delete_rename_userns
ok 11 core.create_delete_rename_userns
# RUN core.hardlinks ...
# OK core.hardlinks
ok 12 core.hardlinks
# RUN core.rename ...
# OK core.rename
ok 13 core.rename
# RUN core.create_userns ...
# OK core.create_userns
ok 14 core.create_userns
# RUN core.create_userns_device_node ...
# OK core.create_userns_device_node
ok 15 core.create_userns_device_node
# RUN core.expected_uid_gid ...
# OK core.expected_uid_gid
ok 16 core.expected_uid_gid
# RUN core.expected_uid_gid_userns ...
# OK core.expected_uid_gid_userns
ok 17 core.expected_uid_gid_userns
# RUN core.expected_fscaps_userns ...
# OK core.expected_fscaps_userns
ok 18 core.expected_fscaps_userns
# RUN core.expected_fscaps_reverse ...
# OK core.expected_fscaps_reverse
ok 19 core.expected_fscaps_reverse
# RUN core.setid_binaries ...
# OK core.setid_binaries
ok 20 core.setid_binaries
# RUN core.setid_binaries_reverse ...
# OK core.setid_binaries_reverse
ok 21 core.setid_binaries_reverse
# RUN core.setid_binaries_userns ...
# OK core.setid_binaries_userns
ok 22 core.setid_binaries_userns
# RUN core.idmap_mount_tree ...
# OK core.idmap_mount_tree
ok 23 core.idmap_mount_tree
# RUN core.idmap_mount_tree_invalid ...
# OK core.idmap_mount_tree_invalid
ok 24 core.idmap_mount_tree_invalid
# RUN core.sticky_bit_unlink ...
# OK core.sticky_bit_unlink
ok 25 core.sticky_bit_unlink
# RUN core.sticky_bit_unlink_idmapped ...
# OK core.sticky_bit_unlink_idmapped
ok 26 core.sticky_bit_unlink_idmapped
# RUN core.sticky_bit_unlink_idmapped_userns ...
# OK core.sticky_bit_unlink_idmapped_userns
ok 27 core.sticky_bit_unlink_idmapped_userns
# RUN core.sticky_bit_rename ...
# OK core.sticky_bit_rename
ok 28 core.sticky_bit_rename
# RUN core.sticky_bit_rename_idmapped ...
# OK core.sticky_bit_rename_idmapped
ok 29 core.sticky_bit_rename_idmapped
# RUN core.sticky_bit_rename_idmapped_userns ...
# OK core.sticky_bit_rename_idmapped_userns
ok 30 core.sticky_bit_rename_idmapped_userns
# RUN core.follow_symlinks ...
# OK core.follow_symlinks
ok 31 core.follow_symlinks
# RUN core.follow_symlinks_idmapped ...
# OK core.follow_symlinks_idmapped
ok 32 core.follow_symlinks_idmapped
# RUN core.follow_symlinks_idmapped_userns ...
# OK core.follow_symlinks_idmapped_userns
ok 33 core.follow_symlinks_idmapped_userns
# PASSED: 33 / 33 tests passed.
# Totals: pass:33 fail:0 xfail:0 xpass:0 skip:0 error:0
Cc: Christoph Hellwig <hch@lst.de>
Cc: David Howells <dhowells@redhat.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: linux-fsdevel@vger.kernel.org
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
/* v2 */
patch introduced
7 files changed
