On Thu, Sep 11, 2025 at 11:15 AM Christian Brauner <brauner@xxxxxxxxxx> wrote: > > On Wed, Sep 10, 2025 at 07:30:03PM +0200, Amir Goldstein wrote: > > On Wed, Sep 10, 2025 at 4:40 PM Christian Brauner <brauner@xxxxxxxxxx> wrote: > > > > > > Add a bunch of selftests for namespace file handles. > > > > > > Signed-off-by: Christian Brauner <brauner@xxxxxxxxxx> > > > > Obviously, I did not go over every single line, but for the general > > test template and test coverage you may add: > > > > Reviewed-by: Amir Goldstein <amir73il@xxxxxxxxx> > > > > However, see my comment on file handle support patch. > > The test matrix is incomplete. > > I mean, I'll just drop to non-root in the non-cross ns tests: > > /* Drop to unprivileged uid/gid */ > ASSERT_EQ(setresgid(65534, 65534, 65534), 0); /* nogroup */ > ASSERT_EQ(setresuid(65534, 65534, 65534), 0); /* nobody */ > That would be good I think. > > Maybe it would be complete if test is run as root and then > > as non root, but then I think the test needs some changes > > for running as root and opening non-self ns. > > > > I am not sure what the standard is wrt running the selftests > > as root /non-root. > > > > I see that the userns isolation tests do: > > /* Map current uid/gid to root in the new namespace */ > > > > Are you assuming that non root is running this test > > or am I missing something? > > No, I'm not assuming that. I just need a new user namespace and become > root in it to assume privilege over it so I can test that decoding > doesn't work from an ancestor userns owned namespace. > With dropping to unprivileged uid/gid in parent, I understand it should work. I guess I wasn't sure if dropping to unprivileged uid/gid was required for the test to pass when the test is run as root user, but with the addition of dropping to unprivileged uid/gid - feel free to add: Reviewed-by: Amir Goldstein <amir73il@xxxxxxxxx> Thanks, Amir.
