On Fri, Oct 11, 2019 at 05:09:29PM +0200, Jann Horn wrote:
On Wed, Oct 9, 2019 at 6:10 PM Christian Kellner ckellner@redhat.com wrote:
Add tests that check that if pid namespaces are configured the fdinfo file of a pidfd contains an NSpid: entry containing the process id in the current and additionally all nested namespaces.
[...]
+static int compare_fdinfo_nspid(int pidfd, char *expect, size_t len) +{
char path[512];FILE *f;size_t n = 0;ssize_t k;char *line = NULL;int r = -1;snprintf(path, sizeof(path), "/proc/self/fdinfo/%d", pidfd);(Maybe at some point the selftests code should add some more concise alternative to snprintf() calls on separate lines. A macro or something like that so that you can write stuff like `f = fopen(tprintf("/proc/self/fdinfo/%d", pidfd), "re")`.)
f = fopen(path, "re");if (!f)return -1;while ((k = getline(&line, &n, f)) != -1) {if (strncmp(line, "NSpid:", 6))continue;line[k - 1] = '\0';ksft_print_msg("Child: fdinfo NSpid line: '%s'.\n", line);r = strncmp(line + 6, expect, len);Wouldn't it be better to get rid of the nullbyte assignment and change the strncmp() into a strcmp() here...
[...]
/* The child will have pid 1 in the new pid namespace,* so the line must be 'NSPid:\t<pid>\t1'*/n = snprintf(expect, sizeof(expect), "\t%d\t%d", pid, 1);... and add a "\n" to the format string? It's shorter and doesn't silently ignore it if the line doesn't end at that point.
Also, what Christian just told me and what I wanted to suggest is that we add tests for sending around pidfds and reading fdinfo too.