On Thu, Sep 11, 2025 at 11:15 AM Christian Brauner brauner@kernel.org wrote:
On Wed, Sep 10, 2025 at 07:30:03PM +0200, Amir Goldstein wrote:
On Wed, Sep 10, 2025 at 4:40 PM Christian Brauner brauner@kernel.org wrote:
Add a bunch of selftests for namespace file handles.
Signed-off-by: Christian Brauner brauner@kernel.org
Obviously, I did not go over every single line, but for the general test template and test coverage you may add:
Reviewed-by: Amir Goldstein amir73il@gmail.com
However, see my comment on file handle support patch. The test matrix is incomplete.
I mean, I'll just drop to non-root in the non-cross ns tests:
/* Drop to unprivileged uid/gid */ ASSERT_EQ(setresgid(65534, 65534, 65534), 0); /* nogroup */ ASSERT_EQ(setresuid(65534, 65534, 65534), 0); /* nobody */
That would be good I think.
Maybe it would be complete if test is run as root and then as non root, but then I think the test needs some changes for running as root and opening non-self ns.
I am not sure what the standard is wrt running the selftests as root /non-root.
I see that the userns isolation tests do: /* Map current uid/gid to root in the new namespace */
Are you assuming that non root is running this test or am I missing something?
No, I'm not assuming that. I just need a new user namespace and become root in it to assume privilege over it so I can test that decoding doesn't work from an ancestor userns owned namespace.
With dropping to unprivileged uid/gid in parent, I understand it should work. I guess I wasn't sure if dropping to unprivileged uid/gid was required for the test to pass when the test is run as root user, but with the addition of dropping to unprivileged uid/gid - feel free to add:
Reviewed-by: Amir Goldstein amir73il@gmail.com
Thanks, Amir.