passt/test, branch 2023_06_25.32660ce Plug A Simple Socket Transport test/nstool: Fix fd leak in accept() loop 2023-05-23T15:06:32+00:00 David Gibson david@gibson.dropbear.id.au 2023-05-23T02:25:43+00:00 e3b19530e4a689f9f8e417ebf737dfca2340342b nstool loops on accept(), but failed to close the accepted socket fds before continuing on. So, with repeated commands it would eventually die with an EMFILE. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
nstool loops on accept(), but failed to close the accepted socket fds
before continuing on.  So, with repeated commands it would eventually die
with an EMFILE.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
test/nstool: Provide useful error if given a path that's too long 2023-05-23T15:06:29+00:00 David Gibson david@gibson.dropbear.id.au 2023-05-23T02:25:42+00:00 527c822a3bd5536fd6bd52d2821925b8a05c99fb Normal filesystem paths can be very long (PATH_MAX is around 8k), however Unix domain sockets can only use relatively short paths (UNIX_PATH_MAX is 108 on Linux). Currently nstool will simply truncate paths that are too long, leading to difficult to understand failures. Make such failures clearer, with an explicit error message if given a path that's too long. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
Normal filesystem paths can be very long (PATH_MAX is around 8k), however
Unix domain sockets can only use relatively short paths (UNIX_PATH_MAX is
108 on Linux).  Currently nstool will simply truncate paths that are too
long, leading to difficult to understand failures.

Make such failures clearer, with an explicit error message if given a path
that's too long.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
nstool: Enter holder's cwd when changing mount ns with nstool exec 2023-04-07T23:12:12+00:00 David Gibson david@gibson.dropbear.id.au 2023-04-06T03:28:19+00:00 1a3ade90371f7e9490e8f3be0aff83f2e178c327 If we enter a mount namespace with nstool exec our working directory will be changed to / in the new mount ns. This is surprising if we haven't actually altered any mounts yet in the new ns. Instead, change the working directory to match that of the holder process in this situation. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
If we enter a mount namespace with nstool exec our working directory will
be changed to / in the new mount ns.  This is surprising if we haven't
actually altered any mounts yet in the new ns.  Instead, change the working
directory to match that of the holder process in this situation.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
nstool: Advertise the holder's cwd (in its mountns) across the socket 2023-04-07T23:12:10+00:00 David Gibson david@gibson.dropbear.id.au 2023-04-06T03:28:18+00:00 98031bee73b30ec82a4bc5f078175061d6157b4f This is possible useful in nstool info and has further uses for nstool exec. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
This is possible useful in nstool info and has further uses for nstool
exec.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
test: Use "nstool exec" to slightly simplify tests 2023-04-07T23:12:08+00:00 David Gibson david@gibson.dropbear.id.au 2023-04-06T03:28:17+00:00 469b69aaa141a8163a6930e2dd4a25272a85d146 Using this, rather than using "nstool info" to get the pid then manually connecting with nsenter makes things a little simpler. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
Using this, rather than using "nstool info" to get the pid then manually
connecting with nsenter makes things a little simpler.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
test: Initialise ${TRACE} properly 2023-04-07T23:12:05+00:00 David Gibson david@gibson.dropbear.id.au 2023-04-06T03:28:16+00:00 3372cd0902f262b591ecb930a12d0049e69ac372 Unlike ${DEBUG} we don't initialize ${TRACE} to 0 if not set, which cases failures when testing it later. That failure acts as though it is false, however it emits spurious errors in script.log, which can make it harder to spot real errors. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
Unlike ${DEBUG} we don't initialize ${TRACE} to 0 if not set, which cases
failures when testing it later.  That failure acts as though it is false,
however it emits spurious errors in script.log, which can make it harder to
spot real errors.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
nstool: Add --keep-caps option to nstool exec 2023-04-07T23:12:03+00:00 David Gibson david@gibson.dropbear.id.au 2023-04-06T03:28:15+00:00 329149d51a7f8132beefcafc688812e2926607e1 This allows you to run commands within a user namespace with the privilege that comes from owning that userns. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
This allows you to run commands within a user namespace with the
privilege that comes from owning that userns.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
nstool: Add nstool exec command to execute commands in an nstool namespace 2023-04-07T23:12:01+00:00 David Gibson david@gibson.dropbear.id.au 2023-04-06T03:28:14+00:00 0b669446482e110719b3935aa4819396dea4d1ab This combines nstool info -pw <sock> with nsenter with various options for a more convenient and less verbose of entering existing nstool managed namespaces. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
This combines nstool info -pw <sock> with nsenter with various options for
a more convenient and less verbose of entering existing nstool managed
namespaces.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
nstool: Helpers to iterate through namespace types 2023-04-07T23:11:59+00:00 David Gibson david@gibson.dropbear.id.au 2023-04-06T03:28:13+00:00 3bcbca5db8547142df54debbe3ca2aba9e807b9c Will make things a bit less verbose in future. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
Will make things a bit less verbose in future.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
nstool: Add magic number to advertized information 2023-04-07T23:11:57+00:00 David Gibson david@gibson.dropbear.id.au 2023-04-06T03:28:12+00:00 f6a9ea3af5384ac561b67494073d520145ae2281 So that we'll probably give a better error if you point it at something that's not an nstool hold control socket. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
So that we'll probably give a better error if you point it at something
that's not an nstool hold control socket.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>