]>
git.proxmox.com Git - pve-container.git/blob - src/test/bindmount_test.pl
a6052dbda33890f76de5747c6fbfe01fcf56acd5
15 my $rootdir = "./tmproot";
18 my $sharedir = "/tmpshare";
19 my $a = "/tmpshare/a";
20 my $ab = "/tmpshare/a/b";
21 my $abc = "/tmpshare/a/b/c";
22 my $sym = "/tmpshare/sym";
24 my $secret = "/secret";
28 File
::Path
::rmtree
("$pwd/$rootdir", {error
=> \
$ignore_error});
29 File
::Path
::rmtree
("$pwd/$sharedir", {error
=> \
$ignore_error});
30 File
::Path
::rmtree
("$pwd/$secret", {error
=> \
$ignore_error});
33 # Create all the test paths...
34 PVE
::LXC
::walk_tree_nofollow
('.', $rootdir, 1);
35 PVE
::LXC
::walk_tree_nofollow
($rootdir, $destdir, 1);
36 PVE
::LXC
::walk_tree_nofollow
('.', $abc, 1);
37 PVE
::LXC
::walk_tree_nofollow
('.', $secret, 1);
38 # Create one evil symlink
39 symlink('a/b', "$pwd/$sym") or die "failed to prepare test folders: $!\n";
41 # Test walk_tree_nofollow:
42 eval { PVE
::LXC
::walk_tree_nofollow
('.', $rootdir, 0) };
43 die "unexpected error: $@" if $@;
44 eval { PVE
::LXC
::walk_tree_nofollow
('.', "$sym/c", 0) };
45 die "failed to catch symlink at $sym/c\n" if !$@;
46 die "unexpected test error: '$@'\n" if $@ ne "symlink encountered at: .$sym\n";
50 my ($from, $rootdir, $destdir, $inject, $ro, $inject_write) = @_;
52 my ($mpath, $mpfd, $parentfd, $last);
53 ($rootdir, $mpath, $mpfd, $parentfd, $last) =
54 PVE
::LXC
::__mount_prepare_rootdir
($rootdir, $destdir);
56 my $srcdh = PVE
::LXC
::__bindmount_prepare
('.', $from);
59 File
::Path
::rmtree
(".$inject");
60 symlink("$pwd/$secret", ".$inject")
61 or die "failed to create symlink\n";
62 PVE
::LXC
::walk_tree_nofollow
('.', $from, 1);
64 PVE
::LXC
::__bindmount_do
(".$from", $mpath, $inject_write ?
0 : $ro);
66 my $res = PVE
::LXC
::__bindmount_verify
($srcdh, $parentfd, $last, $ro);
68 system('umount', $mpath);
71 bindmount
($a, $rootdir, $destdir, undef, 0, 0);
72 eval { bindmount
($sym, $rootdir, $destdir, undef, 0, 0) };
73 die "illegal symlink bindmount went through\n" if !$@;
74 bindmount
($abc, $rootdir, $destdir, undef, 0, 0);
75 # Race test: Assume someone exchanged 2 equivalent bind mounts between and
76 # after the bindmount_do()'s mount and remount calls.
77 # First: non-ro mount, should pass
78 bindmount
($abc, $rootdir, $destdir, undef, 0, 1);
79 # Second: regular read-only mount, should pass.
80 bindmount
($abc, $rootdir, $destdir, undef, 1, 0);
81 # Third: read-only requested with read-write injected
82 eval { bindmount
($abc, $rootdir, $destdir, undef, 1, 1) };
83 die "read-write mount possible\n" if !$@;
84 die "unexpected test error: $@\n" if $@ ne "failed to mark bind mount read only\n";
85 # Race test: Replace /tmpshare/a/b with a symlink to /secret just before
87 eval { bindmount
($abc, $rootdir, $destdir, $ab, 0, 0) };
88 die "injected symlink bindmount went through\n" if !$@;
89 die "unexpected test error: $@\n" if $@ ne "symlink encountered at: .$ab\n";