79 lines
2.8 KiB
C++
79 lines
2.8 KiB
C++
// Copyright 2018 The gVisor Authors.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
#include <sys/ioctl.h>
|
|
#include <termios.h>
|
|
|
|
#include "gtest/gtest.h"
|
|
#include "absl/base/macros.h"
|
|
#include "test/util/capability_util.h"
|
|
#include "test/util/file_descriptor.h"
|
|
#include "test/util/posix_error.h"
|
|
#include "test/util/pty_util.h"
|
|
|
|
namespace gvisor {
|
|
namespace testing {
|
|
|
|
namespace {
|
|
|
|
// StealTTY tests whether privileged processes can steal controlling terminals.
|
|
// If the stealing process has CAP_SYS_ADMIN in the root user namespace, the
|
|
// test ensures that stealing works. If it has non-root CAP_SYS_ADMIN, it
|
|
// ensures stealing fails.
|
|
TEST(JobControlRootTest, StealTTY) {
|
|
SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(HaveCapability(CAP_SYS_ADMIN)));
|
|
|
|
bool true_root = true;
|
|
if (!IsRunningOnGvisor()) {
|
|
// If running in Linux, we may only have CAP_SYS_ADMIN in a non-root user
|
|
// namespace (i.e. we are not truly root). We use init_module as a proxy for
|
|
// whether we are true root, as it returns EPERM immediately.
|
|
ASSERT_THAT(syscall(SYS_init_module, nullptr, 0, nullptr), SyscallFails());
|
|
true_root = errno != EPERM;
|
|
|
|
// Make this a session leader, which also drops the controlling terminal.
|
|
// In the gVisor test environment, this test will be run as the session
|
|
// leader already (as the sentry init process).
|
|
ASSERT_THAT(setsid(), SyscallSucceeds());
|
|
}
|
|
|
|
FileDescriptor master =
|
|
ASSERT_NO_ERRNO_AND_VALUE(Open("/dev/ptmx", O_RDWR | O_NONBLOCK));
|
|
FileDescriptor slave = ASSERT_NO_ERRNO_AND_VALUE(OpenSlave(master));
|
|
|
|
// Make slave the controlling terminal.
|
|
ASSERT_THAT(ioctl(slave.get(), TIOCSCTTY, 0), SyscallSucceeds());
|
|
|
|
// Fork, join a new session, and try to steal the parent's controlling
|
|
// terminal, which should succeed when we have CAP_SYS_ADMIN and pass an arg
|
|
// of 1.
|
|
pid_t child = fork();
|
|
if (!child) {
|
|
ASSERT_THAT(setsid(), SyscallSucceeds());
|
|
// We shouldn't be able to steal the terminal with the wrong arg value.
|
|
TEST_PCHECK(ioctl(slave.get(), TIOCSCTTY, 0));
|
|
// We should be able to steal it if we are true root.
|
|
TEST_PCHECK(true_root == !ioctl(slave.get(), TIOCSCTTY, 1));
|
|
_exit(0);
|
|
}
|
|
|
|
int wstatus;
|
|
ASSERT_THAT(waitpid(child, &wstatus, 0), SyscallSucceedsWithValue(child));
|
|
ASSERT_EQ(wstatus, 0);
|
|
}
|
|
|
|
} // namespace
|
|
} // namespace testing
|
|
} // namespace gvisor
|