mirror of
https://github.com/torvalds/linux.git
synced 2026-04-18 14:53:58 -04:00
32f54f2bbc
Add a test suite for the UNSHARE_EMPTY_MNTNS and CLONE_EMPTY_MNTNS flags exercising the empty mount namespace functionality through the kselftest harness. The tests cover: - basic functionality: unshare succeeds, exactly one mount exists in the new namespace, root and cwd point to the same mount - flag interactions: UNSHARE_EMPTY_MNTNS works standalone without explicit CLONE_NEWNS, combines correctly with CLONE_NEWUSER and other namespace flags (CLONE_NEWUTS, CLONE_NEWIPC) - edge cases: EPERM without capabilities, works from a user namespace, many source mounts still result in one mount, cwd on a different mount gets reset to root - error paths: invalid flags return EINVAL - regression: plain CLONE_NEWNS still copies the full mount tree, other namespace unshares are unaffected - mount properties: the root mount has the expected statmount properties, is its own parent, and is the only entry returned by listmount - repeated unshare: consecutive UNSHARE_EMPTY_MNTNS calls each produce a new namespace with a distinct mount ID - overmount workflow: verifies the intended usage pattern of creating an empty mount namespace with a nullfs root and then mounting tmpfs over it to build a writable filesystem from scratch Link: https://patch.msgid.link/20260306-work-empty-mntns-consolidated-v1-2-6eb30529bbb0@kernel.org Signed-off-by: Christian Brauner <brauner@kernel.org>
52 lines
1.1 KiB
C
52 lines
1.1 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
|
|
#ifndef __IDMAP_UTILS_H
|
|
#define __IDMAP_UTILS_H
|
|
|
|
#ifndef _GNU_SOURCE
|
|
#define _GNU_SOURCE
|
|
#endif
|
|
#include <errno.h>
|
|
#include <linux/types.h>
|
|
#include <sched.h>
|
|
#include <signal.h>
|
|
#include <stdbool.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <syscall.h>
|
|
#include <sys/capability.h>
|
|
#include <sys/fsuid.h>
|
|
#include <sys/types.h>
|
|
#include <unistd.h>
|
|
|
|
extern int get_userns_fd(unsigned long nsid, unsigned long hostid,
|
|
unsigned long range);
|
|
|
|
extern int caps_down(void);
|
|
extern int cap_down(cap_value_t down);
|
|
|
|
extern bool switch_ids(uid_t uid, gid_t gid);
|
|
extern int setup_userns(void);
|
|
extern int enter_userns(void);
|
|
|
|
static inline bool switch_userns(int fd, uid_t uid, gid_t gid, bool drop_caps)
|
|
{
|
|
if (setns(fd, CLONE_NEWUSER))
|
|
return false;
|
|
|
|
if (!switch_ids(uid, gid))
|
|
return false;
|
|
|
|
if (drop_caps && !caps_down())
|
|
return false;
|
|
|
|
return true;
|
|
}
|
|
|
|
extern int wait_for_pid(pid_t pid);
|
|
extern int write_file(const char *path, const char *val);
|
|
extern uint64_t get_unique_mnt_id(const char *path);
|
|
|
|
#endif /* __IDMAP_UTILS_H */
|