[mirror_lxc.git] / src / tests / lxc-test-usernsexec

#!/bin/bash
#
# This is a bash test case to test lxc-usernsexec.
# It basically supports usring lxc-usernsexec to execute itself
# and then create files and check that their ownership is as expected.
#
# It requires that the current user has at least 1 value in subuid and /etc/subgid
TEMP_D=""
VERBOSITY=0
set -f

fail() { echo "$@" 1>&2; exit 1; }
error() { echo "$@" 1>&2; }
skip() {
    error "SKIP:" "$@"
    exit 0
}
debug() {
    local level=${1}; shift;
    [ "${level}" -gt "${VERBOSITY}" ] && return
    error "${@}"
}

collect_owners() {
    # collect_owners([--dir=dir], file1, file2 ...)
    # set _RET to a space delimited array of
    #   <file1>:owner:group <file2>:owner:group ...
    local out="" ret="" dir=""
    if [ "${1#--dir=}" != "$1" ]; then
        dir="${1#--dir=}"
        shift
    fi
    for arg in "$@"; do
        # drop the :* so that input can be same as touch_files.
        out=$(stat --format "%n:%u:%g" "${dir}${arg}") || {
            error "failed to stat ${arg}"
            return 1;
        }
        ret="$ret ${out##*/}"
    done
    _RET="${ret# }"
}

cleanup() {
    if [ -d "$TEMP_D" ]; then
        rm -Rf "$TEMP_D"
    fi
}

touch_files() {
    # touch_files tok [tok ...]
    # tok is filename:chown_id:chown_gid
    # if chown_id or chown_gid is empty, then chown will do the right thing
    # and only change the provided value.
    local args="" tok="" fname="" uidgid=""
    args=( "$@" )
    for tok in "$@"; do
        fname=${tok%%:*}
        uidgid=${tok#$fname}
        uidgid=${uidgid#:}
        : > "$fname" || { error "failed to create $fname"; return 1; }
        [ -z "$uidgid" ] && continue
        chown $uidgid "$fname" || { error "failed to chmod '$uidgid' $fname ($?)"; return 1; }
    done
}

inside_cleanup() {
    local f=""
    rm -f "${FILES[@]}"
    echo "$STATUS" >&5
    echo "$STATUS" >&6
}

set_files() {
    local x=""
    FILES=( )
    for x in "$@"; do
        FILES[${#FILES[@]}]="${x%%:*}"
    done
}

inside() {
    # this what gets run inside the usernsexec environment.
    # basically expects arguments of <filename>:uid:gid
    # it will create the file, and then chmod it to the provided uid:gid
    # it writes to file descriptor 5 a single line with space delimited
    #   exit_value uid gid [<filename>:<owner>:<group> ... ]
    STATUS=127
    trap inside_cleanup EXIT
    local uid="" gid="" x=""

    uid=$(id -u) || fail "failed execution of id -u"
    gid=$(id -g) || fail "failed execution of id -g"

    set_files "$@"

    touch_files "$@" || fail "failed to create files"

    collect_owners "${FILES[@]}" || fail "failed to collect owners"
    result="$_RET"

    # tell caller we are done.
    echo "0" "$uid" "$gid" "$result" >&5
    STATUS=0

    # let the caller do things while the files are around.
    read -t 30 x <&6

    exit
}

runtest() {
    # runtest(mydir, nsexec_args, [inside [...]])
    #  - use 'mydir' as a working dir.
    #  - execute lxc-usernsexec $nsexec_args -- <self> inside <inside args>
    #
    # write to stdout
    #  exit_value inside_exit_value inside_uid:inside_gid <results>
    #
    # where results are a list of space separated
    #    filename:uid:gid
    # for each file passed in inside_args
    [ $# -ge 3 ] || { error "runtest expects 2 args"; return 1; }
    local mydir="$1" nsexec_args="$2"
    shift 2
    local ret inside_owners t=""
    KIDPID=""

    mkfifo "${mydir}/5" && exec 5<>"${mydir}/5" || return
    mkfifo "${mydir}/6" && exec 6<>"${mydir}/6" || return
    mkdir --mode=777 "${mydir}/work" || return
    cd "${mydir}/work"

    set_files "$@"

    local results="" oresults="" iresults="" iuid="" igid="" n=0

    error "$" $USERNSEXEC ${nsexec_args} -- "$MYPATH" inside "$*"
    ${USERNSEXEC} ${nsexec_args} -- "$MYPATH" inside "$@" &
    KIDPID=$!

    [ -d "/proc/$KIDPID" ] || {
        wait $KIDPID
        fail "kid $KIDPID died quickly $?"
    }

    # if lxc-usernsexec fails to execute MYPATH inside, then
    # the read below would timeout.  To avoid a long timeout,
    # we do a short timeout and check the pid is alive.
    while ! read -t 1 ret iuid igid inside_owners <&5; do
        n=$((n+1))
        if [ ! -d "/proc/$KIDPID" ]; then
            wait $KIDPID
            fail "kid $KIDPID is gone $?"
        fi
        [ $n -ge 30 ] && fail "child never wrote to pipe"
    done
    iresults=( $inside_owners )

    collect_owners "--dir=${mydir}/work/" "${FILES[@]}" || return
    oresults=( $_RET )

    echo 0 >&6
    wait

    ret=$?

    results=( )
    for((i=0;i<${#iresults[@]};i++)); do
        results[$i]="${oresults[$i]}:${iresults[$i]#*:}"
    done

    echo 0 $ret "$iuid:$igid" "${results[@]}"
}

runcheck() {
    local name="$1" expected="$2" nsexec_args="$3" found=""
    shift 3
    mkdir "${TEMP_D}/$name" || fail "failed mkdir <TEMP_D>/$name.d"
    local err="${TEMP_D}/$name.err"
    out=$("$MYPATH" runtest "${TEMP_D}/$name" "$nsexec_args" "$@" 2>"$err") || {
        error "$name: FAIL - runtest failed $?"
        [ -n "$out" ] && error "  $out"
        sed 's,^,  ,' "$err" 1>&2
        ERRORS="${ERRORS} $name"
        return 1
    }
    set -- $out
    local parentrc=$1 kidrc=$2 iuidgid="$3" found=""
    shift 3
    found="$*"
    [ "$parentrc" = "0" -a "$kidrc" = "0" ] || {
        error "$name: FAIL - parentrc=$parentrc kidrc=$kidrc found=$found"
        ERRORS="${ERRORS} $name"
        return 1
    }
    [ "$expected" = "$found" ] && {
        error "$name: PASS"
        PASS="${PASSES} $name"
        return 0
    }
    echo "$name: FAIL expected '$expected' != found '$found'"
    FAILS="${FAILS} $name"
    return 1
}

setup_Usage() {
    cat <<EOF
${0} setup_and_run [-- run-args]

setup the system by creating a user (default is '${asuser:-test-userns}')
and then run test as that user.  Must be root.

If user exists, then do not create the user.

     -v | --verbose                 - be more verbose
      --create-subuid=UID:RANGE
      --create-subgid=UID:RANGE     if adding subuid/subgid use this START:RANGE
                                    example (default) 3000000000:5
EOF
}

setup_and_run() {
    local short_opts="hv"
    local long_opts="help,user:,create-subuid:,create-subgid:,verbose"
    local getopt_out=""
    getopt_out=$(getopt --name "${0##*/}" \
        --options "${short_opts}" --long "${long_opts}" -- "$@") &&
        eval set -- "${getopt_out}" ||
        { bad_Usage; return; }

    local cur="" next="" asuser="test-userns"
    local create_subuid="3000000000:5" create_subgid="3000000000:5"
    while [ $# -ne 0 ]; do
        cur="$1"; next="$2";
        case "$cur" in
            -h|--help) setup_Usage ; exit 0;;
               --user) asuser="$next"; shift;;
               --create-subuid) create_subuid=$next; shift;;
               --create-subgid) create_subgid=$next; shift;;
            -v|--verbose) VERBOSITY=$((${VERBOSITY}+1));;
            --) shift; break;;
        esac
        shift;
    done

    local pt_args=""
    pt_args=( "$@" )

    if [ "$(id -u)" != "0" ]; then
        error "Sorry, setup_and_run has to be done as root, not uid=$(id -u)"
        return 1
    fi

    local home="/home/$asuser"
    if [ ! -d "$home" ]; then
        debug 1 "creating user $asuser"
        useradd "$asuser" --create-home "--home-dir=$home" || {
            error "failed to create $asuser"
            return 1
        }
    else
        debug 1 "$asuser existed"
    fi

    local subuid="" subgid=""
    subuid=$(awk -F: '$1 == n { print $2; exit(0); }' "n=$asuser" /etc/subuid) || {
        error "failed to read /etc/subuid for $asuser"
        return 1
    }

    if [ -n "$subuid" ]; then
        debug 1 "$asuser already had subuid=$subuid"
    else
        debug 1 "adding $asuser:$create_subuid to /etc/subuid"
        echo "$asuser:$create_subuid" >> /etc/subuid || {
            error "failed to add $asuser to /etc/subuid"
        }
    fi

    subgid=$(awk -F: '$1 == n { print $2; exit(0); }' "n=$asuser" /etc/subgid) || {
        error "failed to read /etc/subgid for $asuser"
        return 1
    }
    if [ -n "$subgid" ]; then
        debug 1 "$asuser already had subgid=$subgid"
    else
        debug 1 "adding $asuser:$create_subgid to /etc/subgid"
        echo "$asuser:$create_subgid" >> /etc/subgid || {
            error "failed to add $asuser to /etc/subgid"
        }
    fi

    debug 0 "as $asuser executing ${MYPATH} ${pt_args[*]}"
    sudo -Hu "$asuser" ASAN_OPTIONS=${ASAN_OPTIONS:-} UBSAN_OPTIONS=${UBSAN_OPTIONS:-} "${MYPATH}" "${pt_args[@]}"
}

USERNSEXEC=${USERNSEXEC:-lxc-usernsexec}
MYPATH=$(readlink -f "$0") || { echo "failed to get full path to self: $0"; exit 1; }
export MYPATH

if [ "$1" = "inside" ]; then
    shift
    inside "$@"
    exit
elif [ "$1" = "runtest" ]; then
    shift
    runtest "$@"
    exit
elif [ "$1" = "setup_and_run" ]; then
    shift
    setup_and_run "$@"
    exit
fi

name=$(id --user --name) || fail "failed to get username"
if [ "$name" = "root" ]; then
    setup_and_run "$@"
    exit
fi

subuid=$(awk -F: '$1 == n { print $2; exit(0); }' "n=$name" /etc/subuid) &&
    [ -n "$subuid" ] || fail "did not find $name in /etc/subuid"

subgid=$(awk -F: '$1 == n { print $2; exit(0); }' "n=$name" /etc/subgid) &&
    [ -n "$subgid" ] || fail "did not find $name in /etc/subgid"


uid=$(id --user) || fail "failed to get uid"
gid=$(id --group) || fail "failed to get gid"

mapuid="u:0:$uid:1"
mapgid="g:0:$gid:1"

ver=$(dpkg-query --show lxc-utils | awk '{print $2}')
error "uid=$uid gid=$gid name=$name subuid=$subuid subgid=$subgid ver=$ver"
error "lxc-utils=$ver kver=$(uname -r)"
error "USERNSEXEC=$USERNSEXEC"

TEMP_D=$(mktemp -d)
trap cleanup EXIT

PASSES=""; FAILS=""; ERRORS=""
runcheck nouidgid  "f0:$subuid:$subgid:0:0" "" f0

runcheck myuidgid  "f0:$uid:$gid:0:0" \
    "-m$mapuid -m$mapgid" f0

runcheck subuidgid \
    "f0:$subuid:$subgid:0:0" \
    "-mu:0:$subuid:1 -mg:0:$subgid:1" f0:0:0

runcheck bothsets  "f0:$uid:$gid:0:0 f1:$subuid:$subgid:1:1 f2:$uid:$subgid:0:1" \
    "-m$mapuid -m$mapgid -mu:1:$subuid:1 -mg:1:$subgid:1" \
    f0 f1:1:1 f2::1

runcheck mismatch "f0:$uid:$subgid:0:0 f1:$subuid:$gid:15:31" \
    "-mu:0:$uid:1 -mg:0:$subgid:1 -mu:15:$subuid:1 -mg:31:$gid:1" \
    f0 f1:15:31

FAILS=${FAILS# }
ERRORS=${ERRORS# }
PASSES=${PASSES# }

[ -z "${FAILS}" ] || error "FAILS: ${FAILS}"
[ -z "${ERRORS}" ] || error "ERRORS: ${ERRORS}"
[ -z "${FAILS}" -a -z "${ERRORS}" ] || exit 1
exit 0
Commit	Line	Data
9026f5c2 SM	1	#!/bin/bash
	2	#
	3	# This is a bash test case to test lxc-usernsexec.
	4	# It basically supports usring lxc-usernsexec to execute itself
	5	# and then create files and check that their ownership is as expected.
	6	#
	7	# It requires that the current user has at least 1 value in subuid and /etc/subgid
	8	TEMP_D=""
4c93c06e	9	VERBOSITY=0
9026f5c2 SM	10	set -f
	11
	12	fail() { echo "$@" 1>&2; exit 1; }
	13	error() { echo "$@" 1>&2; }
	14	skip() {
	15	error "SKIP:" "$@"
	16	exit 0
	17	}
4c93c06e SM	18	debug() {
	19	local level=${1}; shift;
	20	[ "${level}" -gt "${VERBOSITY}" ] && return
	21	error "${@}"
	22	}
9026f5c2 SM	23
	24	collect_owners() {
	25	# collect_owners([--dir=dir], file1, file2 ...)
	26	# set _RET to a space delimited array of
	27	# <file1>:owner:group <file2>:owner:group ...
	28	local out="" ret="" dir=""
	29	if [ "${1#--dir=}" != "$1" ]; then
	30	dir="${1#--dir=}"
	31	shift
	32	fi
	33	for arg in "$@"; do
	34	# drop the :* so that input can be same as touch_files.
	35	out=$(stat --format "%n:%u:%g" "${dir}${arg}") \|\| {
	36	error "failed to stat ${arg}"
	37	return 1;
	38	}
	39	ret="$ret ${out##*/}"
	40	done
	41	_RET="${ret# }"
	42	}
	43
	44	cleanup() {
	45	if [ -d "$TEMP_D" ]; then
	46	rm -Rf "$TEMP_D"
	47	fi
	48	}
	49
	50	touch_files() {
	51	# touch_files tok [tok ...]
	52	# tok is filename:chown_id:chown_gid
	53	# if chown_id or chown_gid is empty, then chown will do the right thing
	54	# and only change the provided value.
	55	local args="" tok="" fname="" uidgid=""
	56	args=( "$@" )
	57	for tok in "$@"; do
	58	fname=${tok%%:*}
	59	uidgid=${tok#$fname}
	60	uidgid=${uidgid#:}
	61	: > "$fname" \|\| { error "failed to create $fname"; return 1; }
	62	[ -z "$uidgid" ] && continue
	63	chown $uidgid "$fname" \|\| { error "failed to chmod '$uidgid' $fname ($?)"; return 1; }
	64	done
	65	}
	66
	67	inside_cleanup() {
	68	local f=""
	69	rm -f "${FILES[@]}"
	70	echo "$STATUS" >&5
	71	echo "$STATUS" >&6
	72	}
	73
	74	set_files() {
	75	local x=""
	76	FILES=( )
	77	for x in "$@"; do
	78	FILES[${#FILES[@]}]="${x%%:*}"
	79	done
	80	}
	81
	82	inside() {
	83	# this what gets run inside the usernsexec environment.
	84	# basically expects arguments of <filename>:uid:gid
	85	# it will create the file, and then chmod it to the provided uid:gid
	86	# it writes to file descriptor 5 a single line with space delimited
87	# exit_value uid gid [<filename>:<owner>:<group> ... ]
88	STATUS=127
89	trap inside_cleanup EXIT
90	local uid="" gid="" x=""
91
92	uid=$(id -u) \|\| fail "failed execution of id -u"
93	gid=$(id -g) \|\| fail "failed execution of id -g"
94
95	set_files "$@"
96
97	touch_files "$@" \|\| fail "failed to create files"
98
99	collect_owners "${FILES[@]}" \|\| fail "failed to collect owners"
100	result="$_RET"
101
102	# tell caller we are done.
103	echo "0" "$uid" "$gid" "$result" >&5
104	STATUS=0
105
106	# let the caller do things while the files are around.
107	read -t 30 x <&6
108
109	exit
110	}
111
112	runtest() {
113	# runtest(mydir, nsexec_args, [inside [...]])
114	# - use 'mydir' as a working dir.
115	# - execute lxc-usernsexec $nsexec_args -- <self> inside <inside args>
116	#
117	# write to stdout
118	# exit_value inside_exit_value inside_uid:inside_gid <results>
119	#
120	# where results are a list of space separated
121	# filename:uid:gid
122	# for each file passed in inside_args
123	[ $# -ge 3 ] \|\| { error "runtest expects 2 args"; return 1; }
124	local mydir="$1" nsexec_args="$2"
125	shift 2
126	local ret inside_owners t=""
127	KIDPID=""
128
129	mkfifo "${mydir}/5" && exec 5<>"${mydir}/5" \|\| return
130	mkfifo "${mydir}/6" && exec 6<>"${mydir}/6" \|\| return
131	mkdir --mode=777 "${mydir}/work" \|\| return
132	cd "${mydir}/work"
133
134	set_files "$@"
135
136	local results="" oresults="" iresults="" iuid="" igid="" n=0
137
138	error "$" $USERNSEXEC ${nsexec_args} -- "$MYPATH" inside "$*"
139	${USERNSEXEC} ${nsexec_args} -- "$MYPATH" inside "$@" &
140	KIDPID=$!
141
142	[ -d "/proc/$KIDPID" ] \|\| {
143	wait $KIDPID
144	fail "kid $KIDPID died quickly $?"
145	}
146
147	# if lxc-usernsexec fails to execute MYPATH inside, then
148	# the read below would timeout. To avoid a long timeout,
149	# we do a short timeout and check the pid is alive.
150	while ! read -t 1 ret iuid igid inside_owners <&5; do
151	n=$((n+1))
152	if [ ! -d "/proc/$KIDPID" ]; then
153	wait $KIDPID
154	fail "kid $KIDPID is gone $?"
155	fi
156	[ $n -ge 30 ] && fail "child never wrote to pipe"
157	done
158	iresults=( $inside_owners )
159
160	collect_owners "--dir=${mydir}/work/" "${FILES[@]}" \|\| return
161	oresults=( $_RET )
162
163	echo 0 >&6
164	wait
165
166	ret=$?
167
168	results=( )
169	for((i=0;i<${#iresults[@]};i++)); do
170	results[$i]="${oresults[$i]}:${iresults[$i]#*:}"
171	done
172
173	echo 0 $ret "$iuid:$igid" "${results[@]}"
174	}
175
176	runcheck() {
177	local name="$1" expected="$2" nsexec_args="$3" found=""
178	shift 3
179	mkdir "${TEMP_D}/$name" \|\| fail "failed mkdir <TEMP_D>/$name.d"
180	local err="${TEMP_D}/$name.err"
181	out=$("$MYPATH" runtest "${TEMP_D}/$name" "$nsexec_args" "$@" 2>"$err") \|\| {
182	error "$name: FAIL - runtest failed $?"
183	[ -n "$out" ] && error " $out"
184	sed 's,^, ,' "$err" 1>&2
185	ERRORS="${ERRORS} $name"
186	return 1
187	}
188	set -- $out
189	local parentrc=$1 kidrc=$2 iuidgid="$3" found=""
190	shift 3
191	found="$*"
192	[ "$parentrc" = "0" -a "$kidrc" = "0" ] \|\| {
193	error "$name: FAIL - parentrc=$parentrc kidrc=$kidrc found=$found"
194	ERRORS="${ERRORS} $name"
195	return 1
196	}
197	[ "$expected" = "$found" ] && {
198	error "$name: PASS"
199	PASS="${PASSES} $name"
200	return 0
201	}
202	echo "$name: FAIL expected '$expected' != found '$found'"
203	FAILS="${FAILS} $name"
204	return 1
205	}
206
4c93c06e SM	207	setup_Usage() {
	208	cat <<EOF
	209	${0} setup_and_run [-- run-args]
	210
	211	setup the system by creating a user (default is '${asuser:-test-userns}')
	212	and then run test as that user. Must be root.
	213
	214	If user exists, then do not create the user.
	215
	216	-v \| --verbose - be more verbose
	217	--create-subuid=UID:RANGE
	218	--create-subgid=UID:RANGE if adding subuid/subgid use this START:RANGE
	219	example (default) 3000000000:5
	220	EOF
	221	}
	222
	223	setup_and_run() {
	224	local short_opts="hv"
	225	local long_opts="help,user:,create-subuid:,create-subgid:,verbose"
	226	local getopt_out=""
	227	getopt_out=$(getopt --name "${0##*/}" \
	228	--options "${short_opts}" --long "${long_opts}" -- "$@") &&
	229	eval set -- "${getopt_out}" \|\|
	230	{ bad_Usage; return; }
	231
	232	local cur="" next="" asuser="test-userns"
	233	local create_subuid="3000000000:5" create_subgid="3000000000:5"
	234	while [ $# -ne 0 ]; do
	235	cur="$1"; next="$2";
	236	case "$cur" in
	237	-h\|--help) setup_Usage ; exit 0;;
	238	--user) asuser="$next"; shift;;
	239	--create-subuid) create_subuid=$next; shift;;
	240	--create-subgid) create_subgid=$next; shift;;
	241	-v\|--verbose) VERBOSITY=$((${VERBOSITY}+1));;
	242	--) shift; break;;
	243	esac
	244	shift;
	245	done
	246
	247	local pt_args=""
	248	pt_args=( "$@" )
	249
	250	if [ "$(id -u)" != "0" ]; then
	251	error "Sorry, setup_and_run has to be done as root, not uid=$(id -u)"
	252	return 1
	253	fi
	254
	255	local home="/home/$asuser"
	256	if [ ! -d "$home" ]; then
	257	debug 1 "creating user $asuser"
	258	useradd "$asuser" --create-home "--home-dir=$home" \|\| {
	259	error "failed to create $asuser"
	260	return 1
	261	}
	262	else
	263	debug 1 "$asuser existed"
	264	fi
	265
	266	local subuid="" subgid=""
	267	subuid=$(awk -F: '$1 == n { print $2; exit(0); }' "n=$asuser" /etc/subuid) \|\| {
	268	error "failed to read /etc/subuid for $asuser"
	269	return 1
	270	}
271
272	if [ -n "$subuid" ]; then
273	debug 1 "$asuser already had subuid=$subuid"
274	else
275	debug 1 "adding $asuser:$create_subuid to /etc/subuid"
276	echo "$asuser:$create_subuid" >> /etc/subuid \|\| {
277	error "failed to add $asuser to /etc/subuid"
278	}
279	fi
280
281	subgid=$(awk -F: '$1 == n { print $2; exit(0); }' "n=$asuser" /etc/subgid) \|\| {
282	error "failed to read /etc/subgid for $asuser"
283	return 1
284	}
285	if [ -n "$subgid" ]; then
286	debug 1 "$asuser already had subgid=$subgid"
287	else
288	debug 1 "adding $asuser:$create_subgid to /etc/subgid"
289	echo "$asuser:$create_subgid" >> /etc/subgid \|\| {
290	error "failed to add $asuser to /etc/subgid"
291	}
292	fi
293
294	debug 0 "as $asuser executing ${MYPATH} ${pt_args[*]}"
5f850cf9	295	sudo -Hu "$asuser" ASAN_OPTIONS=${ASAN_OPTIONS:-} UBSAN_OPTIONS=${UBSAN_OPTIONS:-} "${MYPATH}" "${pt_args[@]}"
4c93c06e SM	296	}
4c93c06e SM	297
9026f5c2	298	USERNSEXEC=${USERNSEXEC:-lxc-usernsexec}
4c93c06e SM	299	MYPATH=$(readlink -f "$0") \|\| { echo "failed to get full path to self: $0"; exit 1; }
	300	export MYPATH
	301
9026f5c2 SM	302	if [ "$1" = "inside" ]; then
	303	shift
	304	inside "$@"
	305	exit
	306	elif [ "$1" = "runtest" ]; then
	307	shift
	308	runtest "$@"
	309	exit
4c93c06e SM	310	elif [ "$1" = "setup_and_run" ]; then
	311	shift
	312	setup_and_run "$@"
	313	exit
9026f5c2 SM	314	fi
	315
	316	name=$(id --user --name) \|\| fail "failed to get username"
4c93c06e SM	317	if [ "$name" = "root" ]; then
	318	setup_and_run "$@"
	319	exit
	320	fi
	321
9026f5c2	322	subuid=$(awk -F: '$1 == n { print $2; exit(0); }' "n=$name" /etc/subuid) &&
4c93c06e	323	[ -n "$subuid" ] \|\| fail "did not find $name in /etc/subuid"
9026f5c2 SM	324
9026f5c2 SM	325	subgid=$(awk -F: '$1 == n { print $2; exit(0); }' "n=$name" /etc/subgid) &&
4c93c06e	326	[ -n "$subgid" ] \|\| fail "did not find $name in /etc/subgid"
9026f5c2 SM	327
	328
	329	uid=$(id --user) \|\| fail "failed to get uid"
	330	gid=$(id --group) \|\| fail "failed to get gid"
	331
	332	mapuid="u:0:$uid:1"
	333	mapgid="g:0:$gid:1"
	334
	335	ver=$(dpkg-query --show lxc-utils \| awk '{print $2}')
	336	error "uid=$uid gid=$gid name=$name subuid=$subuid subgid=$subgid ver=$ver"
	337	error "lxc-utils=$ver kver=$(uname -r)"
	338	error "USERNSEXEC=$USERNSEXEC"
	339
	340	TEMP_D=$(mktemp -d)
	341	trap cleanup EXIT
9026f5c2 SM	342
	343	PASSES=""; FAILS=""; ERRORS=""
	344	runcheck nouidgid "f0:$subuid:$subgid:0:0" "" f0
	345
	346	runcheck myuidgid "f0:$uid:$gid:0:0" \
	347	"-m$mapuid -m$mapgid" f0
	348
	349	runcheck subuidgid \
	350	"f0:$subuid:$subgid:0:0" \
	351	"-mu:0:$subuid:1 -mg:0:$subgid:1" f0:0:0
	352
	353	runcheck bothsets "f0:$uid:$gid:0:0 f1:$subuid:$subgid:1:1 f2:$uid:$subgid:0:1" \
	354	"-m$mapuid -m$mapgid -mu:1:$subuid:1 -mg:1:$subgid:1" \
	355	f0 f1:1:1 f2::1
	356
	357	runcheck mismatch "f0:$uid:$subgid:0:0 f1:$subuid:$gid:15:31" \
	358	"-mu:0:$uid:1 -mg:0:$subgid:1 -mu:15:$subuid:1 -mg:31:$gid:1" \
	359	f0 f1:15:31
	360
	361	FAILS=${FAILS# }
	362	ERRORS=${ERRORS# }
	363	PASSES=${PASSES# }
	364
	365	[ -z "${FAILS}" ] \|\| error "FAILS: ${FAILS}"
	366	[ -z "${ERRORS}" ] \|\| error "ERRORS: ${ERRORS}"
	367	[ -z "${FAILS}" -a -z "${ERRORS}" ] \|\| exit 1
	368	exit 0