From 60bb5c731078ad15b3d9e62782d692d91c5c2db0 Mon Sep 17 00:00:00 2001
From: Andrei Vagin <avagin@gmail.com>
Date: Tue, 19 Nov 2019 22:48:44 +0000
Subject: zdtm: Set --root path to 0700 on restore

Update zdtm tests to verify that CRIU does not require the --root
path to be accessible to the unprivileged user being restored when
restoring user namespace.

Signed-off-by: Radostin Stoyanov <rstoyanov1@gmail.com>
---
 test/zdtm.py | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'test')

diff --git a/test/zdtm.py b/test/zdtm.py
index 17e0540eb..16ff0b379 100755
--- a/test/zdtm.py
+++ b/test/zdtm.py
@@ -62,6 +62,7 @@ tests_root = None
 def clean_tests_root():
     global tests_root
     if tests_root and tests_root[0] == os.getpid():
+        os.rmdir(os.path.join(tests_root[1], "root"))
         os.rmdir(tests_root[1])
 
 
@@ -70,7 +71,9 @@ def make_tests_root():
     if not tests_root:
         tests_root = (os.getpid(), tempfile.mkdtemp("", "criu-root-", "/tmp"))
         atexit.register(clean_tests_root)
-    return tests_root[1]
+        os.mkdir(os.path.join(tests_root[1], "root"))
+    os.chmod(tests_root[1], 0o777)
+    return os.path.join(tests_root[1], "root")
 
 
 # Report generation
@@ -483,6 +486,13 @@ class zdtm_test:
             # move into some semi-random state
             time.sleep(random.random())
 
+        if self.__flavor.ns:
+            # In the case of runc the path specified with the opts.root
+            # option is created in /run/runc/ which is inaccessible to
+            # unprivileged users. The permissions here are set to test
+            # this use case.
+            os.chmod(os.path.dirname(self.__flavor.root), 0o700)
+
     def kill(self, sig=signal.SIGKILL):
         self.__freezer.thaw()
         if self.__pid:
-- 
cgit v1.2.3