non-root: extend zdtm.py to be able to run tests as non-root

This are the minimal changes to make zdtm.py successfully run the env00 test case as non-root using the '--user' zdtm option. Signed-off-by: Adrian Reber <[email protected]>
checkpoint-restore · Aug 7, 2020 · fdb337e · fdb337e
1 parent 4e45454
commit fdb337e
Show file tree

Hide file tree

Showing 3 changed files with 82 additions and 53 deletions.
diff --git a/test/zdtm.py b/test/zdtm.py
@@ -35,6 +35,8 @@
 
 prev_line = None
 
+NON_ROOT_UID = 65534
+
 
 def alarm(*args):
     print("==== ALARM ====")
@@ -437,6 +439,8 @@ def __wait_task_die(self):
         wait_pid_die(int(self.__pid), self.__name, self.__timeout)
 
     def __add_wperms(self):
+        if os.getuid() != 0:
+            return
         # Add write perms for .out and .pid files
         for b in self._bins:
             p = os.path.dirname(b)
@@ -618,6 +622,8 @@ def available():
 
     @staticmethod
     def cleanup():
+        if opts['user']:
+            return
         subprocess.check_call(
             ["flock", "zdtm_mount_cgroups.lock", "./zdtm_umount_cgroups"])
 
@@ -1129,7 +1135,10 @@ def __criu_act(self, action, opts=[], log=None, nowait=False):
         if action == "restore":
             preexec = None
         else:
-            preexec = self.__user and self.set_user_id or None
+            if os.getuid():
+                preexec = None
+            else:
+                preexec = self.__user and self.set_user_id or None
 
         __ddir = self.__ddir()
 
@@ -1288,6 +1297,9 @@ def dump(self, action, opts=[]):
         os.mkdir(self.__ddir())
         os.chmod(self.__ddir(), 0o777)
 
+        if self.__user:
+            os.setgid(NON_ROOT_UID)
+            os.setuid(NON_ROOT_UID)
         a_opts = ["-t", self.__test.getpid()]
         if self.__prev_dump_iter:
             a_opts += [
@@ -1363,6 +1375,9 @@ def dump(self, action, opts=[]):
                 raise test_fail_exc("criu page-server exited with %d" % ret)
 
     def restore(self):
+        if self.__user:
+            os.setgid(NON_ROOT_UID)
+            os.setuid(NON_ROOT_UID)
         r_opts = []
         if self.__restore_sibling:
             r_opts = ["--restore-sibling"]
@@ -1986,6 +2001,9 @@ def run_test(self, name, desc, flavor):
             logf = None
             log = None
 
+        if opts['user']:
+            os.setgid(NON_ROOT_UID)
+            os.setuid(NON_ROOT_UID)
         sub = subprocess.Popen(["./zdtm_ct", "zdtm.py"],
                                env=dict(os.environ, CR_CT_TEST_INFO=arg),
                                stdout=log,

diff --git a/test/zdtm/lib/test.c b/test/zdtm/lib/test.c
@@ -211,6 +211,7 @@ int write_pidfile(int pid)
 
 void test_init(int argc, char **argv)
 {
+	uid_t uid;
 	pid_t pid;
 	char *val;
 	struct sigaction sa = {
@@ -219,6 +220,8 @@ void test_init(int argc, char **argv)
 	};
 	sigemptyset(&sa.sa_mask);
 
+	uid = getuid();
+
 	parseargs(argc, argv);
 
 	val = getenv("ZDTM_NEWNS");
@@ -238,34 +241,36 @@ void test_init(int argc, char **argv)
 		exit(1);
 	}
 
-	val = getenv("ZDTM_GROUPS");
-	if (val) {
-		char *tok = NULL;
-		unsigned int size = 0, groups[NGROUPS_MAX];
-
-		tok = strtok(val, " ");
-		while (tok) {
-			size++;
-			groups[size - 1] = atoi(tok);
-			tok = strtok(NULL, " ");
+	if (!uid) {
+		val = getenv("ZDTM_GROUPS");
+		if (val) {
+			char *tok = NULL;
+			unsigned int size = 0, groups[NGROUPS_MAX];
+
+			tok = strtok(val, " ");
+			while (tok) {
+				size++;
+				groups[size - 1] = atoi(tok);
+				tok = strtok(NULL, " ");
+			}
+
+			if (setgroups(size, groups)) {
+				fprintf(stderr, "Can't set groups: %m");
+				exit(1);
+			}
 		}
 
-		if (setgroups(size, groups)) {
-			fprintf(stderr, "Can't set groups: %m");
+		val = getenv("ZDTM_GID");
+		if (val && (setgid(atoi(val)) == -1)) {
+			fprintf(stderr, "Can't set gid: %m");
 			exit(1);
 		}
-	}
 
-	val = getenv("ZDTM_GID");
-	if (val && (setgid(atoi(val)) == -1)) {
-		fprintf(stderr, "Can't set gid: %m");
-		exit(1);
-	}
-
-	val = getenv("ZDTM_UID");
-	if (val && (setuid(atoi(val)) == -1)) {
-		fprintf(stderr, "Can't set gid: %m");
-		exit(1);
+		val = getenv("ZDTM_UID");
+		if (val && (setuid(atoi(val)) == -1)) {
+			fprintf(stderr, "Can't set gid: %m");
+			exit(1);
+		}
 	}
 
 	if (prctl(PR_SET_DUMPABLE, 1)) {

diff --git a/test/zdtm_ct.c b/test/zdtm_ct.c
@@ -71,46 +71,52 @@ static int create_timens()
 
 int main(int argc, char **argv)
 {
+	uid_t uid;
 	pid_t pid;
 	int status;
 
+	uid = getuid();
+
 	/*
 	 * pidns is used to avoid conflicts
 	 * mntns is used to mount /proc
 	 * net is used to avoid conflicts of parasite sockets
 	 */
-	if (unshare(CLONE_NEWNS | CLONE_NEWPID | CLONE_NEWNET | CLONE_NEWIPC))
-		return 1;
+	if (!uid)
+		if (unshare(CLONE_NEWNS | CLONE_NEWPID | CLONE_NEWNET | CLONE_NEWIPC))
+			return 1;
 	pid = fork();
 	if (pid == 0) {
-		if (create_timens())
-			exit(1);
-		if (mount(NULL, "/", NULL, MS_REC | MS_SLAVE, NULL)) {
-			fprintf(stderr, "mount(/, S_REC | MS_SLAVE)): %m");
-			return 1;
-		}
-		umount2("/proc", MNT_DETACH);
-		umount2("/dev/pts", MNT_DETACH);
-		if (mount("zdtm_proc", "/proc", "proc", 0, NULL)) {
-			fprintf(stderr, "mount(/proc): %m");
-			return 1;
+		if (!uid) {
+			if (create_timens())
+				exit(1);
+			if (mount(NULL, "/", NULL, MS_REC | MS_SLAVE, NULL)) {
+				fprintf(stderr, "mount(/, S_REC | MS_SLAVE)): %m");
+				return 1;
+			}
+			umount2("/proc", MNT_DETACH);
+			umount2("/dev/pts", MNT_DETACH);
+			if (mount("zdtm_proc", "/proc", "proc", 0, NULL)) {
+				fprintf(stderr, "mount(/proc): %m");
+				return 1;
+			}
+			if (mount("zdtm_devpts", "/dev/pts", "devpts", 0,
+						"newinstance,ptmxmode=0666")) {
+				fprintf(stderr, "mount(pts): %m");
+				return 1;
+			}
+			if (mount("zdtm_binfmt", "/proc/sys/fs/binfmt_misc", "binfmt_misc", 0,
+						NULL)) {
+				fprintf(stderr, "mount(binfmt_misc): %m");
+				return 1;
+			}
+			if (mount("/dev/pts/ptmx", "/dev/ptmx", NULL, MS_BIND, NULL)) {
+				fprintf(stderr, "mount(ptmx): %m");
+				return 1;
+			}
+			if (system("ip link set up dev lo"))
+				return 1;
 		}
-		if (mount("zdtm_devpts", "/dev/pts", "devpts", 0,
-					"newinstance,ptmxmode=0666")) {
-			fprintf(stderr, "mount(pts): %m");
-			return 1;
-		}
-		if (mount("zdtm_binfmt", "/proc/sys/fs/binfmt_misc", "binfmt_misc", 0,
-					NULL)) {
-			fprintf(stderr, "mount(binfmt_misc): %m");
-			return 1;
-		}
-		if (mount("/dev/pts/ptmx", "/dev/ptmx", NULL, MS_BIND, NULL)) {
-			fprintf(stderr, "mount(ptmx): %m");
-			return 1;
-		}
-		if (system("ip link set up dev lo"))
-			return 1;
 		execv(argv[1], argv + 1);
 		fprintf(stderr, "execve: %m");
 		return 1;