sys/contrib/openzfs/tests/zfs-tests/tests/functional/idmap_mount/idmap_mount_005.ksh


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138

#!/bin/ksh -p
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or https://opensource.org/licenses/CDDL-1.0.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#

. $STF_SUITE/tests/functional/idmap_mount/idmap_mount_common.kshlib

#
#
# DESCRIPTION:
#       Test idmapped mount in a user namespace
#
# STRATEGY:
#	1. Create a zoned dataset
#	2. Create a user namespace and designate the dataset to the zone
#	3. In the zone, mount the dataset to "idmap_test"
#	4. In the zone, idmap mount the dataset mountpoint to "idmap_dest"
#	5. Do some file operations in the idmapped mountpoint "idmap_dest"
#	6. Check the owner of files/folder in the mount point "idmap_test"
#	7. unmount the mountpoints in the zone
#	8. Remount the dataset in global zone to "idmap_test"
#	9. Check the owenr of filers/folder in the mountpoint "idmap_test"
#

verify_runnable "global"

export WORKDIR=$TESTDIR/idmap_test
export IDMAPDIR=$TESTDIR/idmap_dest

function cleanup
{
	if [[ -v unshared_pid ]]; then
		zfs unzone /proc/$unshared_pid/ns/user "$TESTPOOL/userns"
		kill -TERM ${unshared_pid}
	fi
	if mountpoint $WORKDIR; then
		log_must umount $WORKDIR
	fi
	log_must rm -rf $WORKDIR
}

log_onexit cleanup

if ! idmap_util -c $TESTDIR; then
	log_unsupported "Idmap mount not supported."
fi

unshare -Urm echo test
if [ "$?" -ne "0" ]; then
	log_unsupported "Failed to create user namespace"
fi

log_must zfs create -o zoned=off -o mountpoint=$WORKDIR "$TESTPOOL/userns"

# "root" user and group in the user ns
log_must chown 1000000:1000000 $WORKDIR
log_must zfs set zoned=on "$TESTPOOL/userns"

log_must mkdir -p $IDMAPDIR

unshare -Um /usr/bin/sleep 2h &
unshared_pid=$!
if [ "$?" -ne "0" ]; then
	log_unsupported "Failed to create user namespace"
fi
# wait for userns to be ready
sleep 1
echo "0 1000000 1000000" > /proc/$unshared_pid/uid_map
if [ "$?" -ne "0" ]; then
	log_unsupported "Failed to write to uid_map"
fi
echo "0 1000000 1000000" > /proc/$unshared_pid/gid_map
if [ "$?" -ne "0" ]; then
	log_unsupported "Failed to write to gid_map"
fi

NSENTER="nsenter -t $unshared_pid --all -S 0 -G 0"

log_must zfs zone /proc/$unshared_pid/ns/user "$TESTPOOL/userns"
log_must $NSENTER zfs mount "$TESTPOOL/userns"
log_must $NSENTER chmod 777 $WORKDIR

$NSENTER idmap_util -c $WORKDIR
if [ "$?" -ne "0" ]; then
	log_unsupported "Idmapped mount not supported in a user namespace"
fi

log_must $NSENTER idmap_util -m b:0:10000:100000 $WORKDIR $IDMAPDIR
log_must $NSENTER setpriv --reuid 11000 --regid 11000 --clear-groups touch $IDMAPDIR/file
log_must $NSENTER setpriv --reuid 11000 --regid 11000 --clear-groups mkdir $IDMAPDIR/folder
log_must $NSENTER setpriv --reuid 11000 --regid 11000 --clear-groups ln -s file $IDMAPDIR/file-soft
log_must $NSENTER setpriv --reuid 11000 --regid 11000 --clear-groups ln $IDMAPDIR/file $IDMAPDIR/file-hard

log_must $NSENTER setpriv --reuid 11000 --regid 11000 --clear-groups cp -p $IDMAPDIR/file $IDMAPDIR/folder/file-p
log_must $NSENTER setpriv --reuid 11000 --regid 11000 --clear-groups cp $IDMAPDIR/file $IDMAPDIR/folder/file

log_must test "1000 1000" = "$($NSENTER stat -c '%u %g' $WORKDIR/file)"
log_must test "1000 1000" = "$($NSENTER stat -c '%u %g' $WORKDIR/folder)"
log_must test "1000 1000" = "$($NSENTER stat -c '%u %g' $WORKDIR/file-soft)"
log_must test "1000 1000" = "$($NSENTER stat -c '%u %g' $WORKDIR/file-hard)"
log_must test "1000 1000" = "$($NSENTER stat -c '%u %g' $WORKDIR/folder/file-p)"
log_must test "1000 1000" = "$($NSENTER stat -c '%u %g' $WORKDIR/folder/file)"

log_must $NSENTER umount $IDMAPDIR
log_must $NSENTER umount $WORKDIR

log_must zfs unzone /proc/$unshared_pid/ns/user "$TESTPOOL/userns"
log_must kill -TERM $unshared_pid
unset unshared_pid
log_must zfs set zoned=off "$TESTPOOL/userns"
log_must zfs mount "$TESTPOOL/userns"

log_must test "1001000 1001000" = "$(stat -c '%u %g' $WORKDIR/file)"
log_must test "1001000 1001000" = "$(stat -c '%u %g' $WORKDIR/folder)"
log_must test "1001000 1001000" = "$(stat -c '%u %g' $WORKDIR/file-soft)"
log_must test "1001000 1001000" = "$(stat -c '%u %g' $WORKDIR/file-hard)"
log_must test "1001000 1001000" = "$(stat -c '%u %g' $WORKDIR/folder/file-p)"
log_must test "1001000 1001000" = "$(stat -c '%u %g' $WORKDIR/folder/file)"

log_pass "Testing idmapped mount in a user ns is successful."