test: add test for failing to dump different creds

v2: use the test list instead of the file for telling zdtm.sh the test will fail Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by: Pavel Emelyanov <xemul@parallels.com>

test: add test for failing to dump different creds
v2: use the test list instead of the file for telling zdtm.sh the test will fail Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
e880dbd9 · Tycho Andersen · Pavel Emelyanov · 6e218166 · e880dbd9 · e880dbd9
Commit e880dbd9 authored Jun 26, 2015 by Tycho Andersen Committed by Pavel Emelyanov Jul 14, 2015
Showing with 95 additions and 0 deletions

zdtm.sh test/zdtm.sh +3 -0

.gitignore test/zdtm/.gitignore +1 -0

Makefile test/zdtm/live/static/Makefile +2 -0

different_creds.c test/zdtm/live/static/different_creds.c +89 -0

No files found.
--- a/test/zdtm.sh
+++ b/test/zdtm.sh
@@ -200,6 +200,7 @@ generate_test_list()
 		static/poll
 		static/apparmor
 		ns/static/apparmor
+		static/different_creds
 	"

 	TEST_CR_KERNEL="
@@ -343,9 +344,11 @@ sockets00
 cow01
 apparmor
 seccomp_strict
+different_creds
 "

 TEST_EXPECTED_FAILURE="
+static/different_creds
 "

 CRIU_CPT=$CRIU

--- a/test/zdtm/.gitignore
+++ b/test/zdtm/.gitignore
@@ -21,6 +21,7 @@
 /live/static/cwd02
 /live/static/deleted_dev
 /live/static/deleted_unix_sock
+/live/static/different_creds
 /live/static/dumpable01
 /live/static/dumpable02
 /live/static/env00

--- a/test/zdtm/live/static/Makefile
+++ b/test/zdtm/live/static/Makefile
@@ -124,6 +124,7 @@ TST_NOFILE	=				\
 		fd				\
 		apparmor				\
 		seccomp_strict			\
+		different_creds			\
 #		jobctl00			\

 TST_FILE	=				\
@@ -284,6 +285,7 @@ wait_stop:
 $(TST):	$(LIB)

 aio00:			override LDLIBS += -laio
+different_creds:	override LDLIBS += -lcap
 futex.o:		override CFLAGS += -pthread
 futex:			override LDFLAGS += -pthread
 futex-rl.o:		override CFLAGS += -pthread

--- a/test/zdtm/live/static/different_creds.c
+++ b/test/zdtm/live/static/different_creds.c
+#define _GNU_SOURCE
+#include <alloca.h>
+#include <unistd.h>
+#include <stdbool.h>
+#include <signal.h>
+#include <sched.h>
+#include <sys/capability.h>
+#include <linux/seccomp.h>
+#include <linux/limits.h>
+
+#include "zdtmtst.h"
+
+const char *test_doc	= "Check that threads with different creds aren't checkpointed";
+const char *test_author	= "Tycho Andersen <tycho.andersen@canonical.com>";
+
+int drop_caps_and_wait(void *arg)
+{
+	cap_t caps;
+	int *pipe = arg;
+
+        caps = cap_get_proc();
+        if (!caps) {
+                err("cap_get_proc");
+                return 1;
+        }
+
+        if (cap_clear_flag(caps, CAP_EFFECTIVE) < 0) {
+                err("cap_clear_flag");
+                goto die;
+        }
+
+        if (cap_set_proc(caps) < 0) {
+                err("cap_set_proc");
+                goto die;
+        }
+
+	close(*pipe);
+
+	while(1)
+		sleep(1000);
+die:
+        cap_free(caps);
+        return 1;
+}
+
+int main(int argc, char ** argv)
+{
+	pid_t pid;
+	int ret, pipefd[2];
+	long clone_flags = CLONE_VM | CLONE_FILES | CLONE_SIGHAND |
+			   CLONE_THREAD | CLONE_SYSVSEM;
+
+        size_t stack_size = sysconf(_SC_PAGESIZE);
+        void *stack = alloca(stack_size);
+	char buf;
+
+	test_init(argc, argv);
+
+	if (pipe(pipefd) < 0) {
+		err("pipe");
+		return -1;
+	}
+
+	pid = clone(drop_caps_and_wait, stack + stack_size, clone_flags, pipefd);
+	if (pid < 0) {
+		err("fork");
+		return -1;
+	}
+
+	close(pipefd[1]);
+
+	/*
+	 * Wait for child to signal us that it has droped caps.
+	 */
+	ret = read(pipefd[0], &buf, 1);
+	close(pipefd[0]);
+	if (ret < 0) {
+		err("read");
+		return 1;
+	}
+
+	test_daemon();
+	test_waitsig();
+
+	fail("shouldn't dump successfully");
+
+	kill(pid, SIGKILL);
+	return ret;
+}