1 // SPDX-License-Identifier: GPL-2.0
12 #include <sys/ioctl.h>
13 #include <sys/prctl.h>
17 #define NS_GET_USERNS _IO(NSIO, 0x1)
19 #define pr_err(fmt, ...) \
21 fprintf(stderr, "%s:%d:" fmt ": %m\n", \
22 __func__, __LINE__, ##__VA_ARGS__); \
26 int main(int argc, char *argvp[])
28 int pfd[2], ns, uns, init_uns;
39 return pr_err("fork");
41 prctl(PR_SET_PDEATHSIG, SIGKILL);
42 if (unshare(CLONE_NEWUTS | CLONE_NEWUSER))
43 return pr_err("unshare");
51 if (read(pfd[0], &c, 1) != 0)
52 return pr_err("Unable to read from pipe");
55 snprintf(path, sizeof(path), "/proc/%d/ns/uts", pid);
56 ns = open(path, O_RDONLY);
58 return pr_err("Unable to open %s", path);
60 uns = ioctl(ns, NS_GET_USERNS);
62 return pr_err("Unable to get an owning user namespace");
65 return pr_err("fstat");
67 snprintf(path, sizeof(path), "/proc/%d/ns/user", pid);
69 return pr_err("stat");
71 if (st1.st_ino != st2.st_ino)
72 return pr_err("NS_GET_USERNS returned a wrong namespace");
74 init_uns = ioctl(uns, NS_GET_USERNS);
76 return pr_err("Unable to get an owning user namespace");
78 if (ioctl(init_uns, NS_GET_USERNS) >= 0 || errno != EPERM)
79 return pr_err("Don't get EPERM");
81 if (unshare(CLONE_NEWUSER))
82 return pr_err("unshare");
84 if (ioctl(ns, NS_GET_USERNS) >= 0 || errno != EPERM)
85 return pr_err("Don't get EPERM");
86 if (ioctl(init_uns, NS_GET_USERNS) >= 0 || errno != EPERM)
87 return pr_err("Don't get EPERM");