diff options
author | Daniel Vetter <daniel.vetter@ffwll.ch> | 2019-02-13 21:36:11 +0100 |
---|---|---|
committer | Daniel Vetter <daniel.vetter@ffwll.ch> | 2019-02-15 11:18:45 +0100 |
commit | e8acb89ff45734a581a8110503f6bb79fd8b2228 (patch) | |
tree | 8942da826fe59000e9fe323879f6efed0ac84e54 /tests/core_auth.c | |
parent | 0fb09e7f424fc6c82d52051e4640b65ad1c81eff (diff) |
lib/core_auth: mount namespace magic to make the test work everywhere
We're creating our own namespace and then create a copy of the chardev
that anyone can access before dropping root. Should hopefully work on
any system.
This way we're also guaranteed to open the right device again.
v2: mount(2) instead of mount(3).
v3: Drop execute bits from our temporary chardev (Chris).
Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Emil Velikov <emil.velikov@collabora.com>
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
Diffstat (limited to 'tests/core_auth.c')
-rw-r--r-- | tests/core_auth.c | 35 |
1 files changed, 21 insertions, 14 deletions
diff --git a/tests/core_auth.c b/tests/core_auth.c index 0b9073cb..1bdc2261 100644 --- a/tests/core_auth.c +++ b/tests/core_auth.c @@ -36,6 +36,8 @@ #include <fcntl.h> #include <inttypes.h> #include <errno.h> +#include <sched.h> +#include <sys/mount.h> #include <sys/stat.h> #include <sys/ioctl.h> #include <sys/time.h> @@ -243,17 +245,24 @@ static void test_unauth_vs_render(int master) { int slave; uint32_t handle; + struct stat statbuf; + bool has_render; - /* - * FIXME: when drm_open_driver() fails to open() a node (insufficient - * permissions or otherwise, it will igt_skip. - * As of today, igt_skip and igt_fork do not work together. - */ - slave = __drm_open_driver(DRIVER_ANY); - /* - * FIXME: relate to the master fd passed with the above open and fix - * all of IGT. - */ + /* need to check for render nodes before we wreak the filesystem */ + has_render = has_render_node(master); + + /* create a card node matching master which (only) we can access as + * non-root */ + do_or_die(fstat(master, &statbuf)); + do_or_die(unshare(CLONE_NEWNS)); + do_or_die(mount(NULL, "/", NULL, MS_PRIVATE | MS_REC, NULL)); + do_or_die(mount("none", "/dev/dri", "tmpfs", 0, NULL)); + umask(0); + do_or_die(mknod("/dev/dri/card", S_IFCHR | 0666, statbuf.st_rdev)); + + igt_drop_root(); + + slave = open("/dev/dri/card", O_RDWR); igt_assert(slave >= 0); @@ -276,7 +285,7 @@ static void test_unauth_vs_render(int master) * Note: We are _not_ interested in the FD2HANDLE specific errno, * yet the EBADF check is added on the explicit request by danvet. */ - if (has_render_node(slave)) + if (has_render) igt_assert(errno == EBADF); else igt_assert(errno == EACCES); @@ -330,10 +339,8 @@ igt_main igt_subtest("unauth-vs-render") { check_auth_sanity(master); - igt_fork(child, 1) { - igt_drop_root(); + igt_fork(child, 1) test_unauth_vs_render(master); - } igt_waitchildren(); } } |