go
/
gvisor
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
gvisor/test/syscalls/linux/symlink.cc

289 lines
10 KiB
C++
Raw Blame History

// Copyright 2018 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include <errno.h>
#include <fcntl.h>
#include <string.h>
#include <unistd.h>
#include <string>
#include "gtest/gtest.h"
#include "test/util/capability_util.h"
#include "test/util/file_descriptor.h"
#include "test/util/fs_util.h"
#include "test/util/temp_path.h"
#include "test/util/test_util.h"
namespace gvisor {
namespace testing {
namespace {
mode_t FilePermission(const std::string& path) {
struct stat buf = {0};
TEST_CHECK(lstat(path.c_str(), &buf) == 0);
return buf.st_mode & 0777;
}
// Test that name collisions are checked on the new link path, not the source
// path.
TEST(SymlinkTest, CanCreateSymlinkWithCachedSourceDirent) {
const std::string srcname = NewTempAbsPath();
const std::string newname = NewTempAbsPath();
const std::string basedir = std::string(Dirname(srcname));
ASSERT_EQ(basedir, Dirname(newname));
ASSERT_THAT(chdir(basedir.c_str()), SyscallSucceeds());
// Open the source node to cause the underlying dirent to be cached. It will
// remain cached while we have the file open.
int fd;
ASSERT_THAT(fd = open(srcname.c_str(), O_CREAT | O_RDWR, 0666),
SyscallSucceeds());
FileDescriptor fd_closer(fd);
// Attempt to create a symlink. If the bug exists, this will fail since the
// dirent link creation code will check for a name collision on the source
// link name.
EXPECT_THAT(symlink(std::string(Basename(srcname)).c_str(),
std::string(Basename(newname)).c_str()),
SyscallSucceeds());
}
TEST(SymlinkTest, CanCreateSymlinkFile) {
const std::string oldname = NewTempAbsPath();
const std::string newname = NewTempAbsPath();
int fd;
ASSERT_THAT(fd = open(oldname.c_str(), O_CREAT | O_RDWR, 0666),
SyscallSucceeds());
EXPECT_THAT(close(fd), SyscallSucceeds());
EXPECT_THAT(symlink(oldname.c_str(), newname.c_str()), SyscallSucceeds());
EXPECT_EQ(FilePermission(newname), 0777);
auto link = ASSERT_NO_ERRNO_AND_VALUE(ReadLink(newname));
EXPECT_EQ(oldname, link);
EXPECT_THAT(unlink(newname.c_str()), SyscallSucceeds());
EXPECT_THAT(unlink(oldname.c_str()), SyscallSucceeds());
}
TEST(SymlinkTest, CanCreateSymlinkDir) {
const std::string olddir = NewTempAbsPath();
const std::string newdir = NewTempAbsPath();
EXPECT_THAT(mkdir(olddir.c_str(), 0777), SyscallSucceeds());
EXPECT_THAT(symlink(olddir.c_str(), newdir.c_str()), SyscallSucceeds());
EXPECT_EQ(FilePermission(newdir), 0777);
auto link = ASSERT_NO_ERRNO_AND_VALUE(ReadLink(newdir));
EXPECT_EQ(olddir, link);
EXPECT_THAT(unlink(newdir.c_str()), SyscallSucceeds());
ASSERT_THAT(rmdir(olddir.c_str()), SyscallSucceeds());
}
TEST(SymlinkTest, CannotCreateSymlinkInReadOnlyDir) {
// Drop capabilities that allow us to override file and directory permissions.
ASSERT_NO_ERRNO(SetCapability(CAP_DAC_OVERRIDE, false));
ASSERT_NO_ERRNO(SetCapability(CAP_DAC_READ_SEARCH, false));
const std::string olddir = NewTempAbsPath();
ASSERT_THAT(mkdir(olddir.c_str(), 0444), SyscallSucceeds());
const std::string newdir = NewTempAbsPathInDir(olddir);
EXPECT_THAT(symlink(olddir.c_str(), newdir.c_str()),
SyscallFailsWithErrno(EACCES));
ASSERT_THAT(rmdir(olddir.c_str()), SyscallSucceeds());
}
TEST(SymlinkTest, CannotSymlinkOverExistingFile) {
const std::string oldname = NewTempAbsPath();
const std::string newname = NewTempAbsPath();
int oldfd;
int newfd;
ASSERT_THAT(oldfd = open(oldname.c_str(), O_CREAT | O_RDWR, 0666),
SyscallSucceeds());
EXPECT_THAT(close(oldfd), SyscallSucceeds());
ASSERT_THAT(newfd = open(newname.c_str(), O_CREAT | O_RDWR, 0666),
SyscallSucceeds());
EXPECT_THAT(close(newfd), SyscallSucceeds());
EXPECT_THAT(symlink(oldname.c_str(), newname.c_str()),
SyscallFailsWithErrno(EEXIST));
EXPECT_THAT(unlink(oldname.c_str()), SyscallSucceeds());
EXPECT_THAT(unlink(newname.c_str()), SyscallSucceeds());
}
TEST(SymlinkTest, OldnameIsEmpty) {
const std::string newname = NewTempAbsPath();
EXPECT_THAT(symlink("", newname.c_str()), SyscallFailsWithErrno(ENOENT));
}
TEST(SymlinkTest, OldnameIsDangling) {
const std::string newname = NewTempAbsPath();
EXPECT_THAT(symlink("/dangling", newname.c_str()), SyscallSucceeds());
// This is required for S/R random save tests, which pre-run this test
// in the same TEST_TMPDIR, which means that we need to clean it for any
// operations exclusively creating files, like symlink above.
EXPECT_THAT(unlink(newname.c_str()), SyscallSucceeds());
}
TEST(SymlinkTest, NewnameCannotExist) {
const std::string newname =
JoinPath(GetAbsoluteTestTmpdir(), "thisdoesnotexist", "foo");
EXPECT_THAT(symlink("/thisdoesnotmatter", newname.c_str()),
SyscallFailsWithErrno(ENOENT));
}
TEST(SymlinkTest, CanEvaluateLink) {
const std::string oldname = NewTempAbsPath();
const std::string newname = NewTempAbsPath();
int fd;
ASSERT_THAT(fd = open(oldname.c_str(), O_CREAT | O_RDWR, 0666),
SyscallSucceeds());
struct stat old;
EXPECT_THAT(fstat(fd, &old), SyscallSucceeds());
EXPECT_THAT(close(fd), SyscallSucceeds());
EXPECT_THAT(symlink(oldname.c_str(), newname.c_str()), SyscallSucceeds());
EXPECT_EQ(FilePermission(newname), 0777);
EXPECT_THAT(fd = open(newname.c_str(), O_RDWR, 0666), SyscallSucceeds());
struct stat old_linked;
EXPECT_THAT(fstat(fd, &old_linked), SyscallSucceeds());
EXPECT_THAT(close(fd), SyscallSucceeds());
// Check that in fact newname points to the file we expect.
// FIXME: use only inodes here once they are consistent,
// but this is better than nothing.
EXPECT_EQ(old.st_dev, old_linked.st_dev);
EXPECT_EQ(old.st_mode, old_linked.st_mode);
EXPECT_EQ(old.st_size, old_linked.st_size);
EXPECT_THAT(unlink(newname.c_str()), SyscallSucceeds());
EXPECT_THAT(unlink(oldname.c_str()), SyscallSucceeds());
}
TEST(SymlinkTest, TargetIsNotMapped) {
const std::string oldname = NewTempAbsPath();
const std::string newname = NewTempAbsPath();
int fd;
// Create the target so that when we read the link, it exists.
ASSERT_THAT(fd = open(oldname.c_str(), O_CREAT | O_RDWR, 0666),
SyscallSucceeds());
EXPECT_THAT(close(fd), SyscallSucceeds());
// Create a symlink called newname that points to oldname.
EXPECT_THAT(symlink(oldname.c_str(), newname.c_str()), SyscallSucceeds());
std::vector<char> buf(1024);
int linksize;
// Read the link and assert that the oldname is still the same.
EXPECT_THAT(linksize = readlink(newname.c_str(), buf.data(), 1024),
SyscallSucceeds());
EXPECT_EQ(0, strncmp(oldname.c_str(), buf.data(), linksize));
EXPECT_THAT(unlink(newname.c_str()), SyscallSucceeds());
EXPECT_THAT(unlink(oldname.c_str()), SyscallSucceeds());
}
TEST(SymlinkTest, PreadFromSymlink) {
std::string name = NewTempAbsPath();
int fd;
ASSERT_THAT(fd = open(name.c_str(), O_CREAT, 0644), SyscallSucceeds());
ASSERT_THAT(close(fd), SyscallSucceeds());
std::string linkname = NewTempAbsPath();
ASSERT_THAT(symlink(name.c_str(), linkname.c_str()), SyscallSucceeds());
ASSERT_THAT(fd = open(linkname.c_str(), O_RDONLY), SyscallSucceeds());
char buf[1024];
EXPECT_THAT(pread64(fd, buf, 1024, 0), SyscallSucceeds());
EXPECT_THAT(close(fd), SyscallSucceeds());
EXPECT_THAT(unlink(name.c_str()), SyscallSucceeds());
EXPECT_THAT(unlink(linkname.c_str()), SyscallSucceeds());
}
TEST(SymlinkTest, SymlinkAtDegradedPermissions_NoRandomSave) {
// Drop capabilities that allow us to override file and directory permissions.
ASSERT_NO_ERRNO(SetCapability(CAP_DAC_OVERRIDE, false));
ASSERT_NO_ERRNO(SetCapability(CAP_DAC_READ_SEARCH, false));
auto dir = ASSERT_NO_ERRNO_AND_VALUE(TempPath::CreateDir());
auto file = ASSERT_NO_ERRNO_AND_VALUE(TempPath::CreateFileIn(dir.path()));
int dirfd;
ASSERT_THAT(dirfd = open(dir.path().c_str(), O_DIRECTORY, 0),
SyscallSucceeds());
const DisableSave ds; // Permissions are dropped.
EXPECT_THAT(fchmod(dirfd, 0), SyscallSucceeds());
std::string basename = std::string(Basename(file.path()));
EXPECT_THAT(symlinkat("/dangling", dirfd, basename.c_str()),
SyscallFailsWithErrno(EACCES));
EXPECT_THAT(close(dirfd), SyscallSucceeds());
}
TEST(SymlinkTest, ReadlinkAtDegradedPermissions_NoRandomSave) {
// Drop capabilities that allow us to override file and directory permissions.
ASSERT_NO_ERRNO(SetCapability(CAP_DAC_OVERRIDE, false));
ASSERT_NO_ERRNO(SetCapability(CAP_DAC_READ_SEARCH, false));
auto dir = ASSERT_NO_ERRNO_AND_VALUE(TempPath::CreateDir());
const std::string oldpath = NewTempAbsPathInDir(dir.path());
const std::string oldbase = std::string(Basename(oldpath));
ASSERT_THAT(symlink("/dangling", oldpath.c_str()), SyscallSucceeds());
int dirfd;
EXPECT_THAT(dirfd = open(dir.path().c_str(), O_DIRECTORY, 0),
SyscallSucceeds());
const DisableSave ds; // Permissions are dropped.
EXPECT_THAT(fchmod(dirfd, 0), SyscallSucceeds());
char buf[1024];
int linksize;
EXPECT_THAT(linksize = readlinkat(dirfd, oldbase.c_str(), buf, 1024),
SyscallFailsWithErrno(EACCES));
EXPECT_THAT(close(dirfd), SyscallSucceeds());
}
TEST(SymlinkTest, ChmodSymlink) {
auto target = ASSERT_NO_ERRNO_AND_VALUE(TempPath::CreateFile());
const std::string newpath = NewTempAbsPath();
ASSERT_THAT(symlink(target.path().c_str(), newpath.c_str()),
SyscallSucceeds());
EXPECT_EQ(FilePermission(newpath), 0777);
EXPECT_THAT(chmod(newpath.c_str(), 0666), SyscallSucceeds());
EXPECT_EQ(FilePermission(newpath), 0777);
}
} // namespace
} // namespace testing
} // namespace gvisor
Reference in New Issue View Git Blame Copy Permalink