client/site_tests/platform_MiniJailVfsNamespace/platform_MiniJailVfsNamespaceFromOuter.sh - mirrors/cros/chromiumos/third_party/autotest - Git at Google

 #!/bin/sh
 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 # This script runs two processes to check the mount visibility.  On start, the
 # first process waits for the MOUNT command on stdin.  Upon receiving the
 # command, it will mount $MOUNT_FROM to $MOUNT_TO as a bind mount, and then
 # create the file named $MOUNT_TO/$FILE_TO_TEST.  The second process waits the
 # command CHECK on stdin, and upon receipt, it checks to see if it can open
 # $MOUNT_TO/$FILE_TO_TEST and reports success or failure.  UMOUNT is sent to the
 # first process, which then deletes the file and removes the mount.
 # Finally, both processes are sent the EXIT command on stdin.

 # In this test, the mount is done outside of minijail, but after the minijail
 # process starts.  So the jailed process should not be able to see the mount
 # because it's copy of the vfs namespace was made before the mount was created.

 PREFIX=platform_MiniJailVfsNamespace_$$
 PROG=${1}

 PIPER_MOUNTER=/tmp/${PREFIX}_mounter_r
 PIPEW_MOUNTER=/tmp/${PREFIX}_mounter_w
 PIPER_CHECKER=/tmp/${PREFIX}_checker_r
 PIPEW_CHECKER=/tmp/${PREFIX}_checker_w
 MOUNT_FROM=/tmp/${PREFIX}_mountfrom
 MOUNT_TO=/tmp/${PREFIX}_mountto
 FILE_TO_TEST=file_to_test.txt

 mkfifo ${PIPER_MOUNTER}
 mkfifo ${PIPEW_MOUNTER}
 mkfifo ${PIPER_CHECKER}
 mkfifo ${PIPEW_CHECKER}

 exec 6<>${PIPER_MOUNTER}
 exec 7<>${PIPEW_MOUNTER}
 exec 8<>${PIPER_CHECKER}
 exec 9<>${PIPEW_CHECKER}

 mkdir ${MOUNT_FROM}
 mkdir ${MOUNT_TO}

 ${PROG} --doMountOnSignal \
   --fromDir=${MOUNT_FROM} \
   --toDir=${MOUNT_TO} \
   --fileName=${FILE_TO_TEST} \
   <&7 >&6 \
   7<&- 6<&- 9<&- 8<&- &

 /sbin/minijail --namespace-vfs -- \
   ${PROG} --checkMountOnSignal \
     --filePath=${MOUNT_TO}/${FILE_TO_TEST} \
     <&9 >&8 \
     7<&- 6<&- 9<&- 8<&- &

 read <&6 PID_MOUNTER
 read <&8 PID_CHECKER
 sleep 1

 echo Mounter PID: ${PID_MOUNTER}
 echo Checker PID: ${PID_CHECKER}

 # Tell the mounter to do the bind mount and create the file
 echo "MOUNT" >${PIPEW_MOUNTER}
 LINE=""
 while [ "${LINE}" != "DONE_CMD: MOUNT" ]
 do
   read <&6 LINE
   echo ${LINE}
 done
 sleep 1

 # Tell the checker to see if the file is visible
 echo "CHECK" >${PIPEW_CHECKER}
 LINE=""
 while [ "${LINE}" != "DONE_CMD: CHECK" ]
 do
   read <&8 LINE
   echo ${LINE}
 done
 sleep 1

 # Tell the mounter to delete the file and unmount
 echo "UMOUNT" >${PIPEW_MOUNTER}
 LINE=""
 while [ "${LINE}" != "DONE_CMD: UMOUNT" ]
 do
   read <&6 LINE
   echo ${LINE}
 done
 sleep 1

 echo "EXIT" >${PIPEW_MOUNTER}
 echo "EXIT" >${PIPEW_CHECKER}
 sleep 1

 exec 6<&-
 exec 7<&-
 exec 8<&-
 exec 9<&-

 rm -fR ${MOUNT_FROM}
 rm -fR ${MOUNT_TO}

 rm -f ${PIPER_MOUNTER}
 rm -f ${PIPEW_MOUNTER}
 rm -f ${PIPER_CHECKER}
 rm -f ${PIPEW_CHECKER}
	#!/bin/sh
	# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	# This script runs two processes to check the mount visibility. On start, the
	# first process waits for the MOUNT command on stdin. Upon receiving the
	# command, it will mount $MOUNT_FROM to $MOUNT_TO as a bind mount, and then
	# create the file named $MOUNT_TO/$FILE_TO_TEST. The second process waits the
	# command CHECK on stdin, and upon receipt, it checks to see if it can open
	# $MOUNT_TO/$FILE_TO_TEST and reports success or failure. UMOUNT is sent to the
	# first process, which then deletes the file and removes the mount.
	# Finally, both processes are sent the EXIT command on stdin.

	# In this test, the mount is done outside of minijail, but after the minijail
	# process starts. So the jailed process should not be able to see the mount
	# because it's copy of the vfs namespace was made before the mount was created.

	PREFIX=platform_MiniJailVfsNamespace_$$
	PROG=${1}

	PIPER_MOUNTER=/tmp/${PREFIX}_mounter_r
	PIPEW_MOUNTER=/tmp/${PREFIX}_mounter_w
	PIPER_CHECKER=/tmp/${PREFIX}_checker_r
	PIPEW_CHECKER=/tmp/${PREFIX}_checker_w
	MOUNT_FROM=/tmp/${PREFIX}_mountfrom
	MOUNT_TO=/tmp/${PREFIX}_mountto
	FILE_TO_TEST=file_to_test.txt

	mkfifo ${PIPER_MOUNTER}
	mkfifo ${PIPEW_MOUNTER}
	mkfifo ${PIPER_CHECKER}
	mkfifo ${PIPEW_CHECKER}

	exec 6<>${PIPER_MOUNTER}
	exec 7<>${PIPEW_MOUNTER}
	exec 8<>${PIPER_CHECKER}
	exec 9<>${PIPEW_CHECKER}

	mkdir ${MOUNT_FROM}
	mkdir ${MOUNT_TO}

	${PROG} --doMountOnSignal \
	--fromDir=${MOUNT_FROM} \
	--toDir=${MOUNT_TO} \
	--fileName=${FILE_TO_TEST} \
	<&7 >&6 \
	7<&- 6<&- 9<&- 8<&- &

	/sbin/minijail --namespace-vfs -- \
	${PROG} --checkMountOnSignal \
	--filePath=${MOUNT_TO}/${FILE_TO_TEST} \
	<&9 >&8 \
	7<&- 6<&- 9<&- 8<&- &

	read <&6 PID_MOUNTER
	read <&8 PID_CHECKER
	sleep 1

	echo Mounter PID: ${PID_MOUNTER}
	echo Checker PID: ${PID_CHECKER}

	# Tell the mounter to do the bind mount and create the file
	echo "MOUNT" >${PIPEW_MOUNTER}
	LINE=""
	while [ "${LINE}" != "DONE_CMD: MOUNT" ]
	do
	read <&6 LINE
	echo ${LINE}
	done
	sleep 1

	# Tell the checker to see if the file is visible
	echo "CHECK" >${PIPEW_CHECKER}
	LINE=""
	while [ "${LINE}" != "DONE_CMD: CHECK" ]
	do
	read <&8 LINE
	echo ${LINE}
	done
	sleep 1

	# Tell the mounter to delete the file and unmount
	echo "UMOUNT" >${PIPEW_MOUNTER}
	LINE=""
	while [ "${LINE}" != "DONE_CMD: UMOUNT" ]
	do
	read <&6 LINE
	echo ${LINE}
	done
	sleep 1

	echo "EXIT" >${PIPEW_MOUNTER}
	echo "EXIT" >${PIPEW_CHECKER}
	sleep 1

	exec 6<&-
	exec 7<&-
	exec 8<&-
	exec 9<&-

	rm -fR ${MOUNT_FROM}
	rm -fR ${MOUNT_TO}

	rm -f ${PIPER_MOUNTER}
	rm -f ${PIPEW_MOUNTER}
	rm -f ${PIPER_CHECKER}
	rm -f ${PIPEW_CHECKER}