9 d
=$
(mktemp
-t -d tmp.XXX
)
10 d2
=$
(mktemp
-t -d tmp.XXX
)
14 [ $pid -ne -1 ] && kill -9 $pid
20 cmdline
=$
(realpath
$0)
21 dirname=$
(dirname ${cmdline})
22 topdir
=$
(dirname ${dirname})
24 trap cleanup EXIT HUP INT TERM
29 # put ourselves into x1
30 cgm movepidabs freezer
/ 1
32 cgm movepid freezer x1
1
34 mount
-t cgroup
-o freezer freezer
$d2
35 sudo
rmdir $d2/${UUID}_a
1/${UUID}_a2 || true
36 sudo
rmdir $d2/${UUID}_a1 || true
38 echo "Making sure root cannot mkdir"
40 mkdir
$d/cgroup
/freezer
/${UUID}_a1
&& bad
=1
41 if [ "${bad}" -eq 1 ]; then
45 echo "Making sure root cannot rmdir"
47 mkdir
$d2/${UUID}_a
1/${UUID}_a2
48 rmdir $d/cgroup
/freezer
/${UUID}_a1
&& bad
=1
49 if [ "${bad}" -eq 1 ]; then
53 rmdir $d/cgroup
/freezer
/${UUID}_a
1/${UUID}_a2
&& bad
=1
54 if [ "${bad}" -eq 1 ]; then
57 [ -d $d2/${UUID}_a
1/${UUID}_a2
]
59 echo "Making sure root cannot read/write"
62 echo $p > $d/cgroup
/freezer
/${UUID}_a
1/tasks
&& bad
=1
63 if [ "${bad}" -eq 1 ]; then
66 cat $d/cgroup
/freezer
/${UUID}_a
1/tasks
&& bad
=1
67 if [ "${bad}" -eq 1 ]; then
70 echo $p > $d/cgroup
/freezer
/${UUID}_a
1/${UUID}_a
2/tasks
&& bad
=1
71 if [ "${bad}" -eq 1 ]; then
74 cat $d/cgroup
/freezer
/${UUID}_a
1/${UUID}_a
2/tasks
&& bad
=1
75 if [ "${bad}" -eq 1 ]; then
79 # make sure things like truncate and access don't leak info about
80 # the /${UUID}_a1 cgroup which we shouldn't be able to reach
81 echo "Testing other system calls"
82 ${dirname}/test_syscalls
$d/cgroup
/freezer
/${UUID}_a1
83 ${dirname}/test_syscalls $d/cgroup/freezer/${UUID}_a1/${UUID}_a2
85 echo "Making sure root can act on descendents"
86 mycg
=$
(cgm getpidcgroupabs freezer
1)
87 newcg
=${mycg}/${UUID}_a1
88 rmdir $d2/$newcg || true
# cleanup previosu run
89 mkdir
$d/cgroup
/freezer
/$newcg
90 echo $p > $d/cgroup
/freezer
/$newcg/tasks
91 cat $d/cgroup
/freezer
/$newcg/tasks
93 while [ `wc -l $d/cgroup/freezer/$newcg/tasks | awk '{ print $1 }'` -ne 0 ]; do
96 rmdir $d/cgroup
/freezer
/$newcg
98 echo "All tests passed!"