From eb8dfc1284f29afa76697f1f3e87b6374d1706fa Mon Sep 17 00:00:00 2001
From: smitsohu <smitsohu@gmail.com>
Date: Thu, 2 Mar 2023 17:34:07 +0100
Subject: restrict-namespaces testing

---
 test/filters/namespaces.c | 38 +++++++++++++++++++++++++++++++++-----
 1 file changed, 33 insertions(+), 5 deletions(-)

(limited to 'test/filters/namespaces.c')

diff --git a/test/filters/namespaces.c b/test/filters/namespaces.c
index ecf0fdcd1..18ebc8faa 100644
--- a/test/filters/namespaces.c
+++ b/test/filters/namespaces.c
@@ -1,21 +1,29 @@
 #define _GNU_SOURCE
 #include <errno.h>
-#include <sched.h>
+#include <linux/sched.h>
 #include <signal.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <sys/mman.h>
+#include <sys/wait.h>
 #include <unistd.h>
 
+#include <sched.h>
 #ifndef CLONE_NEWTIME
 #define CLONE_NEWTIME 0x00000080
 #endif
 
+#include <sys/syscall.h>
+#ifndef __NR_clone3
+#define __NR_clone3 435
+#endif
+
 #define STACK_SIZE 1024 * 1024
 
+
 static int usage() {
-	fprintf(stderr, "Usage: namespaces <system call>[clone,unshare] <list of namespaces>[cgroup,ipc,mnt,net,pid,time,user,uts]\n");
+	fprintf(stderr, "Usage: namespaces <system call>[clone,clone3,unshare] <list of namespaces>[cgroup,ipc,mnt,net,pid,time,user,uts]\n");
 	exit(1);
 }
 
@@ -71,8 +79,11 @@ int main (int argc, char **argv) {
 		usage();
 
 	int flags = ns_flags(argv[2]);
-	if (getuid() != 0)
-		flags |= CLONE_NEWUSER;
+
+	if (getuid() != 0 && (flags & CLONE_NEWUSER) != CLONE_NEWUSER) {
+		fprintf(stderr, "Error: add \"user\" to namespaces list\n");
+		exit(1);
+	}
 
 	if (strcmp(argv[1], "clone") == 0) {
 		void *stack = mmap(NULL, STACK_SIZE, PROT_READ | PROT_WRITE,
@@ -80,8 +91,25 @@ int main (int argc, char **argv) {
 		if (stack == MAP_FAILED)
 			die("mmap");
 
-		if (clone(child, stack + STACK_SIZE, flags | SIGCHLD, NULL) < 0)
+		pid_t pid = clone(child, stack + STACK_SIZE, flags | SIGCHLD, NULL);
+		if (pid < 0)
 			die("clone");
+		waitpid(pid, NULL, 0);
+	}
+	else if (strcmp(argv[1], "clone3") == 0) {
+		struct clone_args args = {
+			.flags = flags,
+			.exit_signal = SIGCHLD,
+		};
+
+		pid_t pid = syscall(__NR_clone3, &args, sizeof(struct clone_args));
+		if (pid < 0)
+			die("clone3");
+		if (pid == 0) {
+			fprintf(stderr, "clone3 successful\n");
+			exit(0);
+		}
+		waitpid(pid, NULL, 0);
 	}
 	else if (strcmp(argv[1], "unshare") == 0) {
 		if (unshare(flags))
-- 
cgit v1.2.3-70-g09d2