Lines Matching full:user
58 /* Create user namespace to be unprivileged */ in TEST()
132 * Test that users with CAP_SYS_ADMIN in a user namespace can see
133 * all namespaces owned by that user namespace.
143 .user_ns_id = 0, /* Will be set to our created user namespace */ in TEST()
166 /* Create user namespace - we'll have CAP_SYS_ADMIN in it */ in TEST()
172 /* Get the user namespace ID */ in TEST()
173 fd = open("/proc/self/ns/user", O_RDONLY); in TEST()
186 /* Create several namespaces owned by this user namespace */ in TEST()
191 /* List namespaces owned by our user namespace */ in TEST()
200 * We have CAP_SYS_ADMIN in this user namespace, in TEST()
202 * That includes: net, uts, ipc, and the user namespace itself. in TEST()
227 TH_LOG("User with CAP_SYS_ADMIN saw %zd namespaces owned by their user namespace", in TEST()
232 * Test that users cannot see namespaces from unrelated user namespaces.
233 * Create two sibling user namespaces, verify they can't see each other's
247 /* Fork first child - creates user namespace A */ in TEST()
258 /* Create user namespace A */ in TEST()
264 /* Create network namespace owned by user namespace A */ in TEST()
298 TH_LOG("User namespace A created network namespace with ID %llu", in TEST()
301 /* Fork second child - creates user namespace B */ in TEST()
323 /* Create user namespace B (sibling to A) */ in TEST()
366 TH_LOG("User namespace B correctly could not see sibling namespace A's network namespace"); in TEST()
401 /* Create user namespace */ in TEST()
407 /* Create some namespaces owned by this user namespace */ in TEST()
421 success = (ret >= 3); /* At least user, net, uts */ in TEST()
446 * Test that CAP_SYS_ADMIN in parent user namespace allows seeing
447 * child user namespace's owned namespaces.
473 /* Create parent user namespace - we have CAP_SYS_ADMIN in it */ in TEST()
479 /* Get parent user namespace ID */ in TEST()
480 fd = open("/proc/self/ns/user", O_RDONLY); in TEST()
493 /* Create child user namespace */ in TEST()
499 /* Get child user namespace ID */ in TEST()
500 fd = open("/proc/self/ns/user", O_RDONLY); in TEST()
513 /* Create namespaces owned by child user namespace */ in TEST()
519 /* List namespaces owned by parent user namespace */ in TEST()
529 /* Should see child user namespace in the list */ in TEST()
560 TH_LOG("Process with CAP_SYS_ADMIN in parent user namespace saw child user namespace (total: %zd)", in TEST()
565 * Test that we can see user namespaces we have CAP_SYS_ADMIN inside of.
566 * This is different from seeing namespaces owned by a user namespace.
590 /* Create user namespace - we have CAP_SYS_ADMIN inside it */ in TEST()
596 /* Get our user namespace ID */ in TEST()
597 fd = open("/proc/self/ns/user", O_RDONLY); in TEST()
610 /* List all user namespaces globally */ in TEST()
620 /* We should be able to see our own user namespace */ in TEST()
648 TH_LOG("Process can see user namespace it has CAP_SYS_ADMIN inside of"); in TEST()
705 /* Create user namespace */ in TEST()