path: root/tools/testing/selftests/mount/Makefile
diff options
authorEric W. Biederman <ebiederm@xmission.com>2014-07-29 15:50:44 -0700
committerEric W. Biederman <ebiederm@xmission.com>2014-07-31 17:13:15 -0700
commitdb181ce011e3c033328608299cd6fac06ea50130 (patch)
tree45122ca259c9310f7082e9920713a073fe127ddb /tools/testing/selftests/mount/Makefile
parentmnt: Change the default remount atime from relatime to the existing value (diff)
mnt: Add tests for unprivileged remount cases that have found to be faulty
Kenton Varda <kenton@sandstorm.io> discovered that by remounting a read-only bind mount read-only in a user namespace the MNT_LOCK_READONLY bit would be cleared, allowing an unprivileged user to the remount a read-only mount read-write. Upon review of the code in remount it was discovered that the code allowed nosuid, noexec, and nodev to be cleared. It was also discovered that the code was allowing the per mount atime flags to be changed. The first naive patch to fix these issues contained the flaw that using default atime settings when remounting a filesystem could be disallowed. To avoid this problems in the future add tests to ensure unprivileged remounts are succeeding and failing at the appropriate times. Cc: stable@vger.kernel.org Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Diffstat (limited to '')
1 files changed, 17 insertions, 0 deletions
diff --git a/tools/testing/selftests/mount/Makefile b/tools/testing/selftests/mount/Makefile
new file mode 100644
index 000000000000..337d853c2b72
--- /dev/null
+++ b/tools/testing/selftests/mount/Makefile
@@ -0,0 +1,17 @@
+# Makefile for mount selftests.
+all: unprivileged-remount-test
+unprivileged-remount-test: unprivileged-remount-test.c
+ gcc -Wall -O2 unprivileged-remount-test.c -o unprivileged-remount-test
+# Allow specific tests to be selected.
+test_unprivileged_remount: unprivileged-remount-test
+ @if [ -f /proc/self/uid_map ] ; then ./unprivileged-remount-test ; fi
+run_tests: all test_unprivileged_remount
+ rm -f unprivileged-remount-test
+.PHONY: all test_unprivileged_remount