From e8acb89ff45734a581a8110503f6bb79fd8b2228 Mon Sep 17 00:00:00 2001
From: Daniel Vetter <daniel.vetter@ffwll.ch>
Date: Wed, 13 Feb 2019 21:36:11 +0100
Subject: lib/core_auth: mount namespace magic to make the test work everywhere

We're creating our own namespace and then create a copy of the chardev
that anyone can access before dropping root. Should hopefully work on
any system.

This way we're also guaranteed to open the right device again.

v2: mount(2) instead of mount(3).

v3: Drop execute bits from our temporary chardev (Chris).

Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Emil Velikov <emil.velikov@collabora.com>
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
---
 tests/core_auth.c | 35 +++++++++++++++++++++--------------
 1 file changed, 21 insertions(+), 14 deletions(-)

(limited to 'tests/core_auth.c')

diff --git a/tests/core_auth.c b/tests/core_auth.c
index 0b9073cb..1bdc2261 100644
--- a/tests/core_auth.c
+++ b/tests/core_auth.c
@@ -36,6 +36,8 @@
 #include <fcntl.h>
 #include <inttypes.h>
 #include <errno.h>
+#include <sched.h>
+#include <sys/mount.h>
 #include <sys/stat.h>
 #include <sys/ioctl.h>
 #include <sys/time.h>
@@ -243,17 +245,24 @@ static void test_unauth_vs_render(int master)
 {
 	int slave;
 	uint32_t handle;
+	struct stat statbuf;
+	bool has_render;
 
-	/*
-	 * FIXME: when drm_open_driver() fails to open() a node (insufficient
-	 * permissions or otherwise, it will igt_skip.
-	 * As of today, igt_skip and igt_fork do not work together.
-	 */
-	slave = __drm_open_driver(DRIVER_ANY);
-	/*
-	 * FIXME: relate to the master fd passed with the above open and fix
-	 * all of IGT.
-	 */
+	/* need to check for render nodes before we wreak the filesystem */
+	has_render = has_render_node(master);
+
+	/* create a card node matching master which (only) we can access as
+	 * non-root */
+	do_or_die(fstat(master, &statbuf));
+	do_or_die(unshare(CLONE_NEWNS));
+	do_or_die(mount(NULL, "/", NULL, MS_PRIVATE | MS_REC, NULL));
+	do_or_die(mount("none", "/dev/dri", "tmpfs", 0, NULL));
+	umask(0);
+	do_or_die(mknod("/dev/dri/card", S_IFCHR | 0666, statbuf.st_rdev));
+
+	igt_drop_root();
+
+	slave = open("/dev/dri/card", O_RDWR);
 
 	igt_assert(slave >= 0);
 
@@ -276,7 +285,7 @@ static void test_unauth_vs_render(int master)
 	 * Note: We are _not_ interested in the FD2HANDLE specific errno,
 	 * yet the EBADF check is added on the explicit request by danvet.
 	 */
-	if (has_render_node(slave))
+	if (has_render)
 		igt_assert(errno == EBADF);
 	else
 		igt_assert(errno == EACCES);
@@ -330,10 +339,8 @@ igt_main
 		igt_subtest("unauth-vs-render") {
 			check_auth_sanity(master);
 
-			igt_fork(child, 1) {
-				igt_drop_root();
+			igt_fork(child, 1)
 				test_unauth_vs_render(master);
-			}
 			igt_waitchildren();
 		}
 	}
-- 
cgit v1.2.3