gvisor.dev/gvisor@v0.0.0-20240520182842-f9d4d51c7e0f/test/syscalls/linux/network_namespace.cc (about) 1 // Copyright 2020 The gVisor Authors. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 #include <sys/mount.h> 16 17 #include "gtest/gtest.h" 18 #include "test/syscalls/linux/ip_socket_test_util.h" 19 #include "test/util/capability_util.h" 20 #include "test/util/file_descriptor.h" 21 #include "test/util/temp_path.h" 22 #include "test/util/test_util.h" 23 #include "test/util/thread_util.h" 24 25 namespace gvisor { 26 namespace testing { 27 namespace { 28 29 TEST(NetworkNamespaceTest, LoopbackExists) { 30 // TODO(b/267210840): Fix this tests for hostinet. 31 SKIP_IF(IsRunningWithHostinet()); 32 33 SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(HaveCapability(CAP_NET_ADMIN))); 34 35 ScopedThread t([&] { 36 ASSERT_THAT(unshare(CLONE_NEWNET), SyscallSucceedsWithValue(0)); 37 38 // TODO(gvisor.dev/issue/1833): Update this to test that only "lo" exists. 39 ASSERT_NE(ASSERT_NO_ERRNO_AND_VALUE(GetLoopbackIndex()), 0); 40 }); 41 } 42 43 TEST(NetworkNamespaceTest, Setns) { 44 // TODO(b/267210840): Fix this tests for hostinet. 45 SKIP_IF(IsRunningWithHostinet()); 46 47 SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(HaveCapability(CAP_NET_ADMIN))); 48 SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(HaveCapability(CAP_SYS_ADMIN))); 49 50 struct stat st; 51 uint64_t netns1, netns2, netns3; 52 const FileDescriptor nsfd = 53 ASSERT_NO_ERRNO_AND_VALUE(Open("/proc/thread-self/ns/net", O_RDONLY)); 54 55 ASSERT_THAT(stat("/proc/thread-self/ns/net", &st), SyscallSucceeds()); 56 netns1 = st.st_ino; 57 58 ASSERT_THAT(unshare(CLONE_NEWNET), SyscallSucceedsWithValue(0)); 59 ASSERT_THAT(stat("/proc/thread-self/ns/net", &st), SyscallSucceeds()); 60 netns2 = st.st_ino; 61 EXPECT_NE(netns1, netns2); 62 63 ASSERT_THAT(setns(nsfd.get(), CLONE_NEWNET), SyscallSucceedsWithValue(0)); 64 ASSERT_THAT(stat("/proc/thread-self/ns/net", &st), SyscallSucceeds()); 65 netns3 = st.st_ino; 66 EXPECT_EQ(netns1, netns3); 67 68 ASSERT_NE(ASSERT_NO_ERRNO_AND_VALUE(GetLoopbackIndex()), 0); 69 } 70 71 TEST(NetworkNamespaceTest, BindMount) { 72 // TODO(b/267210840): Fix this tests for hostinet. 73 SKIP_IF(IsRunningWithHostinet()); 74 75 SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(HaveCapability(CAP_NET_ADMIN))); 76 SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(HaveCapability(CAP_SYS_ADMIN))); 77 78 auto file = ASSERT_NO_ERRNO_AND_VALUE(TempPath::CreateFile()); 79 ASSERT_THAT( 80 mount("/proc/self/ns/net", file.path().c_str(), NULL, MS_BIND, NULL), 81 SyscallSucceedsWithValue(0)); 82 83 const FileDescriptor nsfd = 84 ASSERT_NO_ERRNO_AND_VALUE(Open(file.path().c_str(), O_RDONLY)); 85 ASSERT_THAT(umount2(file.path().c_str(), MNT_DETACH), 86 SyscallSucceedsWithValue(0)); 87 ASSERT_THAT(unshare(CLONE_NEWNET), SyscallSucceedsWithValue(0)); 88 ASSERT_THAT(setns(nsfd.get(), CLONE_NEWNET), SyscallSucceedsWithValue(0)); 89 90 ASSERT_NE(ASSERT_NO_ERRNO_AND_VALUE(GetLoopbackIndex()), 0); 91 } 92 93 } // namespace 94 } // namespace testing 95 } // namespace gvisor