selftests/namespaces: fourth listns() permission test

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Test permission checking with LISTNS_CURRENT_USER.
Verify that listing with LISTNS_CURRENT_USER respects permissions.

Link: https://patch.msgid.link/20251029-work-namespace-nstree-listns-v4-51-2e6f823ebdc0@kernel.org
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Christian Brauner <brauner@kernel.org>

Christian Brauner 5 months ago 6f360f2b 2635f939

+76

1 changed file

expand all

tools

testing

selftests

namespaces

listns_permissions_test.c

+76

tools/testing/selftests/namespaces/listns_permissions_test.c

··· 366 366 TH_LOG("User namespace B correctly could not see sibling namespace A's network namespace"); 367 367 } 368 368 369 + /* 370 + * Test permission checking with LISTNS_CURRENT_USER. 371 + * Verify that listing with LISTNS_CURRENT_USER respects permissions. 372 + */ 373 + TEST(listns_current_user_permissions) 374 + { 375 + int pipefd[2]; 376 + pid_t pid; 377 + int status; 378 + bool success; 379 + ssize_t count; 380 + 381 + ASSERT_EQ(pipe(pipefd), 0); 382 + 383 + pid = fork(); 384 + ASSERT_GE(pid, 0); 385 + 386 + if (pid == 0) { 387 + struct ns_id_req req = { 388 + .size = sizeof(req), 389 + .spare = 0, 390 + .ns_id = 0, 391 + .ns_type = 0, 392 + .spare2 = 0, 393 + .user_ns_id = LISTNS_CURRENT_USER, 394 + }; 395 + __u64 ns_ids[100]; 396 + ssize_t ret; 397 + bool success; 398 + 399 + close(pipefd[0]); 400 + 401 + /* Create user namespace */ 402 + if (setup_userns() < 0) { 403 + close(pipefd[1]); 404 + exit(1); 405 + } 406 + 407 + /* Create some namespaces owned by this user namespace */ 408 + if (unshare(CLONE_NEWNET) < 0) { 409 + close(pipefd[1]); 410 + exit(1); 411 + } 412 + 413 + if (unshare(CLONE_NEWUTS) < 0) { 414 + close(pipefd[1]); 415 + exit(1); 416 + } 417 + 418 + /* List with LISTNS_CURRENT_USER - should see our owned namespaces */ 419 + ret = sys_listns(&req, ns_ids, ARRAY_SIZE(ns_ids), 0); 420 + 421 + success = (ret >= 3); /* At least user, net, uts */ 422 + write(pipefd[1], &success, sizeof(success)); 423 + write(pipefd[1], &ret, sizeof(ret)); 424 + close(pipefd[1]); 425 + exit(0); 426 + } 427 + 428 + /* Parent */ 429 + close(pipefd[1]); 430 + 431 + success = false; 432 + count = 0; 433 + read(pipefd[0], &success, sizeof(success)); 434 + read(pipefd[0], &count, sizeof(count)); 435 + close(pipefd[0]); 436 + 437 + waitpid(pid, &status, 0); 438 + ASSERT_TRUE(WIFEXITED(status)); 439 + ASSERT_EQ(WEXITSTATUS(status), 0); 440 + 441 + ASSERT_TRUE(success); 442 + TH_LOG("LISTNS_CURRENT_USER returned %zd namespaces", count); 443 + } 444 + 369 445 TEST_HARNESS_MAIN