Example #1
0
int main(int argc, char *argv[])
{
	int status;
	int *cinit_no = malloc(sizeof(int));
	pid_t cpid1, cpid2;

	setup();

	/* create pipe */
	if (pipe(pipe_fd) == -1) {
		tst_resm(TBROK, "parent: pipe creation failed");
		cleanup();
	}

	/* container creation on PID namespace */
	if (!cinit_no) {
		tst_resm(TBROK, "memory allocation failed.");
		cleanup();
	}

	/* Create container 1 */
	*cinit_no = 1;
	cpid1 = ltp_clone_quick(CLONE_NEWPID | SIGCHLD, child_fn, cinit_no);

	/* Create container 2 */
	*cinit_no = 2;
	cpid2 = ltp_clone_quick(CLONE_NEWPID | SIGCHLD, child_fn, cinit_no);
	if (cpid1 < 0 || cpid2 < 0) {
		tst_resm(TBROK, "parent: clone() failed.");
		cleanup();
	}

	/* Close unwanted descriptors */
	close(pipe_fd[0]);
	close(pipe_fd[1]);

	/* Wait for containers to exit */
	if (waitpid(cpid2, &status, 0) < 0)
		tst_resm(TWARN, "parent: waitpid(cpid2) failed.");

	if (WIFSIGNALED(status) && WTERMSIG(status))
		tst_resm(TWARN, "parent: cinit2 is terminated by signal(%s)",
			 strsignal(WTERMSIG(status)));

	if (waitpid(cpid1, &status, 0) < 0)
		tst_resm(TWARN, "parent: waitpid(cpid1) failed.");

	if (WIFSIGNALED(status) && WTERMSIG(status))
		tst_resm(TWARN, "parent: cinit1 is terminated by signal(%s)",
			 strsignal(WTERMSIG(status)));

	/* Cleanup and exit */
	cleanup();

	/* Control won't reach below */
	exit(0);

}
Example #2
0
int main(int argc, char *argv[])
{
	pid_t cpid2;
	char path[BUFSIZ];
	int lc;
	int fd;

	tst_parse_opts(argc, argv, NULL, NULL);
	setup();

	for (lc = 0; TEST_LOOPING(lc); lc++) {
		tst_count = 0;

		parentuid = geteuid();
		parentgid = getegid();

		cpid1 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD,
			(void *)child_fn1, NULL);
		if (cpid1 < 0)
			tst_brkm(TBROK | TERRNO, cleanup,
				"cpid1 clone failed");

		cpid2 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD,
			(void *)child_fn2, NULL);
		if (cpid2 < 0)
			tst_brkm(TBROK | TERRNO, cleanup,
				"cpid2 clone failed");

		if (setgroupstag == false) {
			sprintf(path, "/proc/%d/setgroups", cpid1);
			fd = SAFE_OPEN(cleanup, path, O_WRONLY, 0644);
			SAFE_WRITE(cleanup, 1, fd, "deny", 4);
			SAFE_CLOSE(cleanup, fd);

			sprintf(path, "/proc/%d/setgroups", cpid2);
			fd = SAFE_OPEN(cleanup, path, O_WRONLY, 0644);
			SAFE_WRITE(cleanup, 1, fd, "deny", 4);
			SAFE_CLOSE(cleanup, fd);
		}

		updatemap(cpid1, UID_MAP, CHILD1UID, parentuid, cleanup);
		updatemap(cpid2, UID_MAP, CHILD2UID, parentuid, cleanup);

		updatemap(cpid1, GID_MAP, CHILD1GID, parentuid, cleanup);
		updatemap(cpid2, GID_MAP, CHILD2GID, parentuid, cleanup);

		TST_SAFE_CHECKPOINT_WAKE_AND_WAIT(cleanup, 1);

		tst_record_childstatus(cleanup, cpid1);
		tst_record_childstatus(cleanup, cpid2);
	}
	cleanup();
	tst_exit();
}
Example #3
0
int main(int argc, char *argv[])
{
	char *child_cmd;
	char *parent_cmd;
	int ret=0, childret=0;

	if ( argc < 3 ) {
		usage(argv[0]);
		exit(1);
	}

	child_cmd = (char *)strdup(argv[2]);
	parent_cmd = (char *)strdup(argv[1]);

	printf("1\n");
	ret = ltp_clone_quick(CLONE_NEWNS|SIGCHLD, myfunc,
				(void *)child_cmd);
	if (ret != -1) {
		system(parent_cmd);
		wait(&childret);
	} else {
		fprintf(stderr, "clone failed\n");
	}
	if (ret || !WIFEXITED(childret)){
		exit(1);
	}
	exit(0);
}
Example #4
0
int create_net_namespace(char *p1, char *c1)
{
	int pid, status = 0, ret;
	char *ltproot, *par;
	long int clone_flags = 0;

	if (tst_kvercmp(2, 6, 19) < 0)
		return 1;

	clone_flags |= CLONE_NEWNS;
/* Enable other namespaces too optionally */
#ifdef CLONE_NEWPID
	clone_flags |= CLONE_NEWPID;
#endif

	pid = ltp_clone_quick(clone_flags, child_fn, (void *)c1);

	if (pid == -1) {
		perror("Failed to do clone...");
		return -1;
	}

	/* This code will be executed in parent */
	ltproot = getenv("LTPROOT");

	if (!ltproot) {
		printf("LTPROOT env variable is not set\n");
		printf("Please set LTPROOT and re-run the test.. Thankyou\n");
		return -1;
	}

	par = malloc(FILENAME_MAX);

	if (par == NULL) {
		printf("FAIL: error while allocating memory");
		exit(1);
	}

	/* We need to pass the child pid to the parentns.sh script */
	sprintf(par, "%s/testcases/bin/parentns.sh %s %" PRId32, ltproot, p1,
		pid);

	ret = system(par);
	status = WEXITSTATUS(ret);
	if (ret == -1 || status != 0) {
		printf("Error while running the script\n");
		fflush(stdout);
		exit(1);
	}
	fflush(stdout);

	ret = waitpid(pid, &status, __WALL);
	status = WEXITSTATUS(status);
	if (ret == -1 || status != 0) {
		printf("Error: waitpid() returns %d, status %d\n", ret, status);
	}

	return status;
}
Example #5
0
int main(int argc, char *argv[])
{
	char c = 0;
	const pid_t pid = ltp_clone_quick(CLONE_NEWNS, child, (void *) argv);
	while (waitpid(pid, NULL, __WALL) == EOF && errno == EINTR)
		c++; /* Dummy. */
	return 0;
}
Example #6
0
int main(int argc, char *argv[])
{
	int status;
	char buf[5];
	pid_t cpid;

	setup();

	if (pipe(child_to_father) == -1 || pipe(father_to_child) == -1) {
		tst_brkm(TBROK | TERRNO, cleanup, "pipe failed");
	}

	ltp_syscall(__NR_mq_unlink, mqname);

	/* container creation on PID namespace */
	cpid = ltp_clone_quick(CLONE_NEWPID | SIGCHLD, child_fn, NULL);
	if (cpid == -1)
		tst_brkm(TBROK | TERRNO, cleanup, "clone failed");

	mqd =
	    ltp_syscall(__NR_mq_open, mqname, O_RDWR | O_CREAT | O_EXCL, 0777,
		    NULL);
	if (mqd == -1)
		tst_brkm(TBROK | TERRNO, cleanup, "mq_open failed");
	else
		tst_resm(TINFO, "successfully created posix mqueue");

	if (write(father_to_child[1], buf, 1) != 1)
		tst_brkm(TBROK | TERRNO, cleanup, "write failed");

	/* Close the appropriate end of each pipe */
	close(child_to_father[1]);
	close(father_to_child[0]);

	/* Is container ready */
	read(child_to_father[0], buf, 5);
	if (strcmp(buf, "c:ok") != 0)
		tst_brkm(TBROK, cleanup,
			 "container did not respond as expected!");

	rc = mq_send(mqd, MSG, strlen(MSG), MSG_PRIO);
	if (rc == -1)
		tst_brkm(TBROK | TERRNO, cleanup, "mq_send failed");
	else
		tst_resm(TINFO, "mq_send succeeded");

	/* Tell the child the message has been sent */
	if (write(father_to_child[1], "f:ok", 5) != 5)
		tst_brkm(TBROK | TERRNO, cleanup, "write failed");

	/* Wait for child to finish */
	if (wait(&status) == -1)
		tst_resm(TBROK | TERRNO, "wait failed");

	cleanup();

	tst_exit();
}
Example #7
0
int main(int argc, char *argv[])
{
	int status;
	char buf[5];
	pid_t cpid;

	/* Create pipes for intercommunication */
	if (pipe(parent_cinit) == -1 || pipe(cinit_parent) == -1) {
		tst_brkm(TBROK | TERRNO, cleanup, "pipe failed");
	}

	cpid = ltp_clone_quick(CLONE_NEWPID | SIGCHLD, child_fn, NULL);
	if (cpid == -1) {
		tst_brkm(TBROK | TERRNO, cleanup, "clone failed");
	}

	/* Setup pipe read and write ends */
	close(cinit_parent[1]);
	close(parent_cinit[0]);

	/* Is container ready */
	read(cinit_parent[0], buf, 5);
	if (strcmp(buf, "c:go") != 0) {
		tst_brkm(TBROK, cleanup, "parent: container did not respond!");
	}

	/* Enqueue SIGUSR1 in pending signal queue of container */
	if (kill(cpid, SIGUSR1) == -1) {
		tst_brkm(TBROK | TERRNO, cleanup, "kill() failed");
	}

	tst_resm(TINFO, "parent: signalled SIGUSR1 to container");
	if (write(parent_cinit[1], "p:go", 5) != 5) {
		tst_brkm(TBROK | TERRNO, cleanup, "write failed");
	}

	/* collect exit status of child */
	if (wait(&status) == -1) {
		tst_brkm(TBROK | TERRNO, cleanup, "wait failed");
	}

	if (WIFSIGNALED(status)) {
		if (WTERMSIG(status) == SIGUSR1)
			tst_resm(TFAIL,
				 "user function was not called inside cinit");
		else
			tst_resm(TBROK,
				 "cinit was terminated by %d",
				 WTERMSIG(status));
	}

	/* Cleanup and exit */
	close(parent_cinit[1]);
	close(cinit_parent[0]);
	cleanup();
	tst_exit();
}
Example #8
0
int main(int argc, char *argv[])
{
    int status;
    pid_t pid, cpid;
    char buf[5];

    setup();

    pid = getpid();
    tst_resm(TINFO, "parent: PID is %d", pid);

    /* Create pipe for intercommunication */
    if (pipe(pipefd) == -1) {
        tst_resm(TBROK, "parent: pipe() failed. aborting!");
        cleanup();
    }

    cpid = ltp_clone_quick(CLONE_NEWPID | SIGCHLD, child_fn, NULL);
    if (cpid < 0) {
        tst_resm(TBROK, "parent: clone() failed(%s).", strerror(errno));
        cleanup();
    }

    /* Close write end of pipe */
    close(pipefd[1]);

    /* Check if container is ready */
    read(pipefd[0], buf, 5);
    if (strcmp(buf, "c:go") != 0) {
        tst_resm(TBROK, "parent: container did not respond!");
        cleanup();
    }

    /* Send SIGUSR1 to container init */
    if (kill(cpid, SIGUSR1) == -1) {
        tst_resm(TBROK, "parent: kill() failed(%s).", strerror(errno));
        cleanup();
    }

    if (waitpid(cpid, &status, 0) < 0)
        tst_resm(TWARN, "parent: waitpid() failed(%s).",
                 strerror(errno));

    if (WIFSIGNALED(status) && WTERMSIG(status))
        tst_resm(TBROK, "child is terminated by signal(%s)",
                 strsignal(WTERMSIG(status)));

    /* Cleanup and exit */
    close(pipefd[0]);
    cleanup();

    /* Control won't reach below */
    exit(0);

}
Example #9
0
int main(int argc, char *argv[])
{
	int status;
	int lc;
	int childpid;
	int parentuid;
	int parentgid;
	char path[BUFSIZ];
	char content[BUFSIZ];
	int fd;

	tst_parse_opts(argc, argv, NULL, NULL);
	setup();

	for (lc = 0; TEST_LOOPING(lc); lc++) {
		tst_count = 0;
		childpid = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD,
			(void *)child_fn1, NULL);

		if (childpid < 0)
			tst_brkm(TFAIL | TERRNO, cleanup, "clone failed");

		parentuid = geteuid();
		parentgid = getegid();
		sprintf(path, "/proc/%d/uid_map", childpid);
		sprintf(content, "100 %d 1", parentuid);
		fd = SAFE_OPEN(cleanup, path, O_WRONLY, 0644);
		SAFE_WRITE(cleanup, 1, fd, content, strlen(content));
		SAFE_CLOSE(cleanup, fd);
		sprintf(path, "/proc/%d/gid_map", childpid);
		sprintf(content, "100 %d 1", parentgid);
		fd = SAFE_OPEN(cleanup, path, O_WRONLY, 0644);
		SAFE_WRITE(cleanup, 1, fd, content, strlen(content));
		SAFE_CLOSE(cleanup, fd);

		TST_SAFE_CHECKPOINT_WAKE(cleanup, 0);

		if (waitpid(childpid, &status, 0) < 0)
			tst_brkm(TBROK | TERRNO, cleanup, "waitpid failed");

		if (WIFSIGNALED(status)) {
			tst_resm(TFAIL, "child was killed with signal = %d",
				WTERMSIG(status));
		} else if (WIFEXITED(status) && WEXITSTATUS(status) != 0)
			tst_resm(TFAIL, "child exited abnormally");
		else
			tst_resm(TPASS, "the uid and the gid are right inside "
				"the container");
	}
	cleanup();
	tst_exit();
}
Example #10
0
int main()
{
        int pid;

        if (tst_kvercmp(2,6,19) < 0)
                return 1;

	pid = ltp_clone_quick(CLONE_NEWIPC, dummy, NULL);

        if (pid == -1)
                return 3;
      return 0;
}
int main()
{
	int pid;

	if (tst_kvercmp(2, 6, 19) < 0)
		return 1;

	pid = ltp_clone_quick(CLONE_NEWUTS, dummy, NULL);

	if (pid == -1) {
		perror("ltp_clone_quick");
		return 3;
	}
	return 0;
}
Example #12
0
int do_clone_tests(unsigned long clone_flags,
		   int (*fn1) (void *arg), void *arg1,
		   int (*fn2) (void *arg), void *arg2)
{
	int ret;

	ret = ltp_clone_quick(clone_flags | SIGCHLD, fn1, arg1);

	if (ret == -1) {
		return -1;
	}
	if (fn2)
		ret = fn2(arg2);
	else
		ret = 0;

	return ret;
}
int main()
{
	int pid;
	mqd_t mqd;

	if (tst_kvercmp(2, 6, 30) < 0)
		return 1;

	mq_unlink("/checkmqnsenabled");
	mqd =
	    mq_open("/checkmqnsenabled", O_RDWR | O_CREAT | O_EXCL, 0777, NULL);
	if (mqd == -1) {
		perror("mq_open");
		return 3;
	}
	mq_close(mqd);
	mq_unlink("/checkmqnsenabled");

	pid = ltp_clone_quick(CLONE_NEWIPC, dummy, NULL);
	if (pid == -1)
		return 5;

	return 0;
}
Example #14
0
int main(int argc, char **argv)
{
	int pid, rc, status, cloneflags;
	security_context_t context_s;
	context_t context;

	if (argc != 4) {
		fprintf(stderr, "usage:  %s cloneflags newdomain program\n", argv[0]);
		exit(-1);
	}

	cloneflags = strtol(argv[1], NULL, 0);
	if (!cloneflags) {
		fprintf(stderr, "invalid clone flags %s\n", argv[1]);
		exit(-1);
	}

	rc = getcon(&context_s);
	if (rc < 0) {
		fprintf(stderr, "%s:  unable to get my context\n", argv[0]);
		exit(-1);

	}

	context = context_new(context_s);
	if (!context) {
		fprintf(stderr, "%s:  unable to create context structure\n", argv[0]);
		exit(-1);
	}

	if (context_type_set(context, argv[2])) {
		fprintf(stderr, "%s:  unable to set new type\n", argv[0]);
		exit(-1);
	}

	freecon(context_s);
	context_s = context_str(context);
	if (!context_s) {
		fprintf(stderr, "%s:  unable to obtain new context string\n", argv[0]);
		exit(-1);
	}

	rc = setexeccon(context_s);
	if (rc < 0) {
		fprintf(stderr, "%s:  unable to set exec context to %s\n", argv[0], context_s);
		exit(-1);
	}
	pid = ltp_clone_quick(cloneflags | SIGCHLD, clone_fn, argv);
	if (pid < 0) {
		perror("clone");
		exit(-1);
	}

	pid = wait(&status);
	if (pid < 0) {
		perror("wait");
		exit(-1);
	}

	if (WIFEXITED(status)) {
		fprintf(stderr, "Child exited with status %d.\n", WEXITSTATUS(status));
		exit(WEXITSTATUS(status));
	}

	if (WIFSTOPPED(status)) {
		fprintf(stderr, "Child stopped by signal %d.\n", WSTOPSIG(status));
		fprintf(stderr, "..This shouldn't happen.\n");
		fprintf(stderr, "..Killing the child.\n");
		rc = kill(pid,SIGKILL);
		if (rc < 0) {
			perror("kill");
			exit(-1);
		}
		exit(-1);
	}

	if (WIFSIGNALED(status)) {
		fprintf(stderr, "Child terminated by signal %d.\n", WTERMSIG(status));
		fprintf(stderr, "..This is consistent with a share permission denial, check the audit message.\n");
		exit(1);
	}

	fprintf(stderr, "Unexpected exit status 0x%x\n", status);
	exit(-1);
}
Example #15
0
int main(int argc, char *argv[])
{
	pid_t cpid;
	mqd_t mqd;
	struct sigevent notif;
	struct sigaction sa;
	int status;
	struct notify_info info;

	setup();

	if (pipe(father_to_child) == -1) {
		tst_resm(TBROK, "parent: pipe() failed. aborting!");
		cleanup_mqueue(TBROK, NO_STEP, 0);
	}

	ltp_syscall(__NR_mq_unlink, mqname);
	mqd =
	    ltp_syscall(__NR_mq_open, mqname, O_RDWR | O_CREAT | O_EXCL, 0777,
		    NULL);
	if (mqd == (mqd_t) - 1) {
		tst_resm(TBROK, "parent: mq_open() failed (%s)",
			 strerror(errno));
		cleanup_mqueue(TBROK, F_STEP_0, 0);
	}
	tst_resm(TINFO, "parent: successfully created posix mqueue");

	/* container creation on PID namespace */
	cpid = ltp_clone_quick(CLONE_NEWPID | SIGCHLD, child_fn, NULL);
	if (cpid < 0) {
		tst_resm(TBROK, "parent: clone() failed(%s)", strerror(errno));
		cleanup_mqueue(TBROK, F_STEP_1, mqd);
	}
	tst_resm(TINFO, "parent: successfully created child (pid = %d)", cpid);

	/* Register for notification on message arrival */
	notif.sigev_notify = SIGEV_SIGNAL;
	notif.sigev_signo = SIGUSR1;
	info.mqd = mqd;
	info.pid = cpid;
	notif.sigev_value.sival_ptr = &info;
	if (ltp_syscall(__NR_mq_notify, mqd, &notif) == (mqd_t) -1) {
		tst_resm(TBROK, "parent: mq_notify() failed (%s)",
			 strerror(errno));
		cleanup_mqueue(TBROK, F_STEP_1, mqd);
	}
	tst_resm(TINFO, "parent: successfully registered for notification");

	/* Define handler for SIGUSR1 */
	sa.sa_flags = SA_SIGINFO;
	sigemptyset(&sa.sa_mask);
	sa.sa_sigaction = father_signal_handler;
	if (sigaction(SIGUSR1, &sa, NULL) == -1) {
		tst_resm(TBROK, "parent: sigaction() failed(%s)",
			 strerror(errno));
		cleanup_mqueue(TBROK, F_STEP_2, mqd);
	}
	tst_resm(TINFO, "parent: successfully registered handler for SIGUSR1");

	/* Close the appropriate end of pipe */
	close(father_to_child[0]);

	/* Tell the child a message can be sent */
	if (write(father_to_child[1], "f:ok", 5) != 5) {
		tst_resm(TBROK, "parent: pipe is broken(%s)", strerror(errno));
		cleanup_mqueue(TBROK, F_STEP_2, mqd);
	}

	sleep(3);

	/* Wait for child to finish */
	if (wait(&status) == -1) {
		tst_resm(TBROK, "parent: wait() failed(%s)", strerror(errno));
		cleanup_mqueue(TBROK, F_STEP_1, mqd);
	}

	cleanup_mqueue(result, F_STEP_3, mqd);

	tst_exit();
}
Example #16
0
int main(int argc, char *argv[])
{
	pid_t cpid2;
	char path[BUFSIZ];
	int lc;
	int fd;
	int ret;

	tst_parse_opts(argc, argv, NULL, NULL);
	setup();

	for (lc = 0; TEST_LOOPING(lc); lc++) {
		tst_count = 0;

		parentuid = geteuid();
		parentgid = getegid();

		cpid1 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD,
			(void *)child_fn1, NULL);
		if (cpid1 < 0)
			tst_brkm(TBROK | TERRNO, cleanup,
				"cpid1 clone failed");

		cpid2 = ltp_clone_quick(CLONE_NEWUSER | SIGCHLD,
			(void *)child_fn2, NULL);
		if (cpid2 < 0)
			tst_brkm(TBROK | TERRNO, cleanup,
				"cpid2 clone failed");

		if (access("/proc/self/setgroups", F_OK) == 0) {
			sprintf(path, "/proc/%d/setgroups", cpid1);
			fd = SAFE_OPEN(cleanup, path, O_WRONLY, 0644);
			SAFE_WRITE(cleanup, 1, fd, "deny", 4);
			SAFE_CLOSE(cleanup, fd);
			/* If the setgroups file has the value "deny",
			 * then the setgroups(2) system call can't
			 * subsequently be reenabled (by writing "allow" to
			 * the file) in this user namespace.  (Attempts to
			 * do so will fail with the error EPERM.)
			*/

			/* test that setgroups can't be re-enabled */
			fd = SAFE_OPEN(cleanup, path, O_WRONLY, 0644);
			ret = write(fd, "allow", 5);

			if (ret != -1) {
				tst_brkm(TBROK | TERRNO, cleanup,
					"write action should fail");
			} else if (errno != EPERM) {
				tst_brkm(TBROK | TERRNO, cleanup,
					"unexpected error: \n");
			}
			SAFE_CLOSE(cleanup, fd);
			tst_resm(TPASS, "setgroups can't be re-enabled");

			sprintf(path, "/proc/%d/setgroups", cpid2);
			fd = SAFE_OPEN(cleanup, path, O_WRONLY, 0644);
			SAFE_WRITE(cleanup, 1, fd, "deny", 4);
			SAFE_CLOSE(cleanup, fd);
		}

		updatemap(cpid1, UID_MAP, CHILD1UID, parentuid, cleanup);
		updatemap(cpid2, UID_MAP, CHILD2UID, parentuid, cleanup);

		updatemap(cpid1, GID_MAP, CHILD1GID, parentgid, cleanup);
		updatemap(cpid2, GID_MAP, CHILD2GID, parentgid, cleanup);

		TST_SAFE_CHECKPOINT_WAKE_AND_WAIT(cleanup, 1);

		tst_record_childstatus(cleanup, cpid1);
		tst_record_childstatus(cleanup, cpid2);
	}
	cleanup();
	tst_exit();
}
Example #17
-1
int main(int argc, char *argv[])
{
	char c = 0;
	tomoyo_test_init();

	/* Test mount(). */
	{
		set_profile(3, "file::mount");
		show_prompt("mount('dev\\011name', '/', 'fs\\011name') ", 1);
		if (mount("dev\tname", "/", "fs\tname", 0, NULL) == EOF &&
		    errno == EPERM)
			printf("OK: Permission denied.\n");
		else if (errno == ENODEV)
			printf("OK: No such device.\n");
		else
			printf("BUG: %s\n", strerror(errno));
		set_profile(1, "file::mount");
		show_prompt("mount('dev\\011name', '/', 'fs\\011name') ", 0);
		if (mount("dev\tname", "/", "fs\tname", 0, NULL) == EOF &&
		    errno == ENOMEM)
			printf("OK: Out of memory.\n");
		else if (errno == ENODEV)
			printf("OK: No such device.\n");
		else
			printf("BUG: %s\n", strerror(errno));
		set_profile(3, "file::mount");
		show_prompt("mount('dev\\011name', '/', 'fs\\011name') ", 0);
		if (mount("dev\tname", "/", "fs\tname", 0, NULL) == EOF &&
		    errno == ENOMEM)
			printf("OK: Out of memory.\n");
		else if (errno == ENODEV)
			printf("OK: No such device.\n");
		else
			printf("BUG: %s\n", strerror(errno));
		fprintf(domain_fp, "delete allow_mount dev\\011name / "
			"fs\\011name 0\n");
		show_prompt("mount('dev\\011name', '/', 'fs\\011name') ", 1);
		if (mount("dev\tname", "/", "fs\tname", 0, NULL) == EOF &&
		    errno == EPERM)
			printf("OK: Permission denied.\n");
		else if (errno == ENODEV)
			printf("OK: No such device.\n");
		else
			printf("BUG: %s\n", strerror(errno));
		set_profile(1, "file::mount");
		show_prompt("mount(NULL, '/', 'tmpfs') ", 0);
		if (mount(NULL, "/", "tmpfs", 0, NULL))
			printf("BUG: %s\n", strerror(errno));
		else
			printf("OK: Success\n");
		set_profile(3, "file::mount");
		show_prompt("mount(NULL, '/', 'tmpfs') ", 0);
		if (mount(NULL, "/", "tmpfs", 0, NULL))
			printf("BUG: %s\n", strerror(errno));
		else
			printf("OK: Success\n");
		show_prompt("mount('anydev', '/', 'tmpfs') ", 0);
		if (mount("anydev", "/", "tmpfs", 0, NULL))
			printf("BUG: %s\n", strerror(errno));
		else
			printf("OK: Success\n");
		fprintf(domain_fp, "delete allow_mount <NULL> / tmpfs 0\n");
		fprintf(domain_fp, "allow_mount anydev / tmpfs 0\n");
		show_prompt("mount(NULL, '/', 'tmpfs') ", 0);
		if (mount(NULL, "/", "tmpfs", 0, NULL))
			printf("BUG: %s\n", strerror(errno));
		else
			printf("OK: Success\n");
		fprintf(domain_fp, "delete allow_mount anydev / tmpfs 0\n");
		set_profile(2, "file::mount");
		show_prompt("mount(NULL, NULL, 'tmpfs') ", 1);
		if (mount(NULL, NULL, "tmpfs", 0, NULL))
			printf("OK: %s\n", strerror(errno));
		else
			printf("BUG: Did not fail.\n");
		show_prompt("mount(NULL, NULL, NULL) ", 1);
		if (mount(NULL, NULL, NULL, 0, NULL))
			printf("OK: %s\n", strerror(errno));
		else
			printf("BUG: Did not fail.\n");
		show_prompt("mount('/', NULL, NULL) ", 1);
		if (mount("/", NULL, NULL, 0, NULL))
			printf("OK: %s\n", strerror(errno));
		else
			printf("BUG: Did not fail.\n");
		show_prompt("mount('/', NULL, 'tmpfs') ", 1);
		if (mount("/", NULL, "tmpfs", 0, NULL))
			printf("OK: %s\n", strerror(errno));
		else
			printf("BUG: Did not fail.\n");
		show_prompt("mount('/', '/', 'nonexistentfs') ", 1);
		if (mount("/", "/", "nonexistentfs", 0, NULL))
			printf("OK: %s\n", strerror(errno));
		else
			printf("BUG: Did not fail.\n");
		set_profile(0, "file::mount");
	}

	mkdir("/tmp/mount/", 0755);
	mkdir("/tmp/mount_bind/", 0755);
	mkdir("/tmp/mount_move/", 0755);

	/* Test mount(). */
	{
		static char buf[4096];
		char *dev_ram_path = canonicalize_file_name("/dev/ram0");
		if (!dev_ram_path)
			dev_ram_path = canonicalize_file_name("/dev/ram");
		if (!dev_ram_path) {
			dev_ram_path = "/dev/ram0";
			mknod(dev_ram_path, S_IFBLK, MKDEV(1, 0));
		}
		memset(buf, 0, sizeof(buf));
		{
			struct stat sbuf;
			FILE *fp = NULL;
			snprintf(buf, sizeof(buf) - 1, "zcat - > %s",
				 dev_ram_path);
			if (lstat(dev_ram_path, &sbuf) == 0 &&
			    S_ISBLK(sbuf.st_mode) && MAJOR(sbuf.st_rdev) == 1)
				fp = popen(buf, "w");
			if (fp) {
				if (fwrite(compressed_ext2_image_sample, 1,
				    sizeof(compressed_ext2_image_sample), fp) !=
				    sizeof(compressed_ext2_image_sample))
					err(1, "fwrite");
				pclose(fp);
			} else
				fprintf(stderr, "Can't write to %s .\n",
					dev_ram_path);
		}
		set_profile(3, "file::mount");

		/* Test standard case */
		show_prompt("mount('none', '/tmp/mount/', 'tmpfs') for "
			    "'/tmp/mount/'", 1);
		if (mount("none", "/tmp/mount/", "tmpfs", 0, NULL) == EOF &&
		    errno == EPERM)
			printf("OK: Permission denied.\n");
		else
			printf("BUG: %s\n", strerror(errno));

		/* Test device_name with pattern */
		snprintf(buf, sizeof(buf) - 1, "mount('%s', '/tmp/mount/', "
			 "'ext2') for '%s\\*'", dev_ram_path, dev_ram_path);
		show_prompt(buf, 1);
		if (mount(dev_ram_path, "/tmp/mount/", "ext2", MS_RDONLY, NULL)
		    == EOF && errno == EPERM)
			printf("OK: Permission denied.\n");
		else
			printf("BUG: %s\n", strerror(errno));

		/* Test dir_name with pattern */
		show_prompt("mount('none', '/tmp/mount/', 'tmpfs') for "
			    "'/tmp/\\?\\?\\?\\?\\?/'", 1);
		if (mount("none", "/tmp/mount/", "tmpfs", 0, NULL) == EOF &&
		    errno == EPERM)
			printf("OK: Permission denied.\n");
		else
			printf("BUG: %s\n", strerror(errno));

		/* Test standard case */
		fprintf(domain_fp, "allow_mount none /tmp/mount/ tmpfs 0\n");
		show_prompt("mount('none', '/tmp/mount/', 'tmpfs') for "
			    "'/tmp/mount/'", 0);
		if (mount("none", "/tmp/mount/", "tmpfs", 0, NULL) == 0)
			printf("OK\n");
		else
			printf("FAILED: %s\n", strerror(errno));
		fprintf(domain_fp,
			"delete allow_mount none /tmp/mount/ tmpfs 0\n");

		/* Test device_name with pattern */
		fprintf(domain_fp, "allow_mount %s\\* /tmp/mount/ ext2 1\n",
			dev_ram_path);
		snprintf(buf, sizeof(buf) - 1, "mount('%s', '/tmp/mount/', "
			 "'ext2') for '%s\\*'", dev_ram_path, dev_ram_path);
		show_prompt(buf, 0);
		if (mount(dev_ram_path, "/tmp/mount/", "ext2", MS_RDONLY, NULL)
		    == 0)
			printf("OK\n");
		else
			printf("FAILED: %s\n", strerror(errno));
		fprintf(domain_fp, "delete allow_mount %s\\* "
			"/tmp/mount/ ext2 1\n", dev_ram_path);

		/* Test dir_name with pattern */
		fprintf(domain_fp,
			"allow_mount none /tmp/\\?\\?\\?\\?\\?/ tmpfs 0\n");
		show_prompt("mount('none', '/tmp/mount/', 'tmpfs') for "
			    "'/tmp/\\?\\?\\?\\?\\?/'", 0);
		if (mount("none", "/tmp/mount/", "tmpfs", 0, NULL) == 0)
			printf("OK\n");
		else
			printf("FAILED: %s\n", strerror(errno));
		fprintf(domain_fp, "delete allow_mount none "
			"/tmp/\\?\\?\\?\\?\\?/ tmpfs 0\n");

		set_profile(0, "file::mount");
		while (umount("/tmp/mount/") == 0)
			c++; /* Dummy. */
	}

	/* Test mount(). */
	{
		mount2("none", "/tmp/mount/", "tmpfs");
		set_profile(3, "file::mount");

		/* Test remount case */
		show_prompt("mount('/tmp/mount/', MS_REMOUNT)", 1);
		if (mount("none", "/tmp/mount/", "tmpfs", MS_REMOUNT, NULL)
		    == EOF && errno == EPERM)
			printf("OK: Permission denied.\n");
		else
			printf("BUG: %s\n", strerror(errno));
		show_prompt("mount('/tmp/mount/', MS_REMOUNT)", 1);
		if (mount(NULL, "/tmp/mount/", NULL, MS_REMOUNT, NULL) == EOF
		    && errno == EPERM)
			printf("OK: Permission denied.\n");
		else
			printf("BUG: %s\n", strerror(errno));
		fprintf(domain_fp, "allow_mount something /tmp/mount/ "
			"--remount 0\n");
		show_prompt("mount('/tmp/mount/', MS_REMOUNT)", 0);
		if (mount(NULL, "/tmp/mount/", NULL, MS_REMOUNT, NULL))
			printf("BUG: %s\n", strerror(errno));
		else
			printf("OK: Success.\n");
		fprintf(domain_fp, "delete allow_mount something /tmp/mount/ "
			"--remount 0\n");

		/* Test bind case */
		show_prompt("mount('/tmp/mount/', '/tmp/mount_bind/', "
			    "MS_BIND)", 1);
		if (mount("/tmp/mount/", "/tmp/mount_bind/", NULL, MS_BIND,
			  NULL) == EOF && errno == EPERM)
			printf("OK: Permission denied.\n");
		else
			printf("BUG: %s\n", strerror(errno));

		/* Test move case */
		show_prompt("mount('/tmp/mount/', '/tmp/mount_move/', "
			    "MS_MOVE)", 1);
		if (mount("/tmp/mount/", "/tmp/mount_move/", NULL, MS_MOVE,
			  NULL) == EOF && errno == EPERM)
			printf("OK: Permission denied.\n");
		else
			printf("BUG: %s\n", strerror(errno));

		/* Test remount case */
		fprintf(domain_fp,
			"allow_mount any /tmp/mount/ --remount 0\n");
		show_prompt("mount('/tmp/mount/', MS_REMOUNT)", 0);
		if (mount("none", "/tmp/mount/", "tmpfs", MS_REMOUNT, NULL)
		    == 0)
			printf("OK\n");
		else
			printf("FAILED: %s\n", strerror(errno));
		fprintf(domain_fp, "delete allow_mount any /tmp/mount/ "
			"--remount 0\n");

		/* Test bind case */
		fprintf(domain_fp,
			"allow_mount /tmp/mount/ /tmp/mount_bind/ --bind 0\n");
		show_prompt("mount('/tmp/mount/', '/tmp/mount_bind', MS_BIND)",
			    0);
		if (mount("/tmp/mount/", "/tmp/mount_bind/", NULL, MS_BIND,
			  NULL) == 0)
			printf("OK\n");
		else
			printf("FAILED: %s\n", strerror(errno));
		set_profile(0, "file::mount");
		umount("/tmp/mount_bind/");
		fprintf(domain_fp, "delete allow_mount /tmp/mount/ "
			"/tmp/mount_bind/ --bind 0\n");

		/* Test move case */
		set_profile(3, "file::mount");
		fprintf(domain_fp, "allow_unmount /tmp/mount/\n");
		fprintf(domain_fp, "allow_mount /tmp/mount/ /tmp/mount_move/ "
			"--move 0\n");
		show_prompt("mount('/tmp/mount/', '/tmp/mount_move/', "
			    "MS_MOVE)", 0);
		if (mount("/tmp/mount/", "/tmp/mount_move/", NULL, MS_MOVE,
			  NULL) == 0)
			printf("OK\n");
		else
			printf("FAILED: %s\n", strerror(errno));
		set_profile(0, "file::mount");
		umount("/tmp/mount_move/");
		fprintf(domain_fp, "delete allow_unmount /tmp/mount/\n");
		fprintf(domain_fp, "delete allow_mount /tmp/mount/ "
			"/tmp/mount_move/ --move 0\n");

		while (umount("/tmp/mount/") == 0)
			c++; /* Dummy. */
	}

	/* Test umount(). */
	{
		/* Test standard case */
		fprintf(domain_fp, "allow_unmount /tmp/mount/\n");

		set_profile(0, "file::umount");
		mount2("none", "/tmp/mount/", "tmpfs");
		set_profile(3, "file::umount");
		show_prompt("umount('/tmp/mount/') for '/tmp/mount/'", 0);
		if (umount("/tmp/mount/") == 0)
			printf("OK\n");
		else
			printf("BUG: %s\n", strerror(errno));
		fprintf(domain_fp, "delete allow_unmount /tmp/mount/\n");

		set_profile(0, "file::umount");

		mount2("none", "/tmp/mount/", "tmpfs");
		set_profile(3, "file::umount");
		show_prompt("umount('/tmp/mount/') for '/tmp/mount/'", 1);
		if (umount("/tmp/mount/") == EOF && errno == EPERM)
			printf("OK: Permission denied.\n");
		else
			printf("FAILED: %s\n", strerror(errno));

		/* Test pattern */
		fprintf(domain_fp, "allow_unmount /tmp/\\?\\?\\?\\?\\?/\n");
		set_profile(0, "file::umount");
		mount2("none", "/tmp/mount/", "tmpfs");
		set_profile(3, "file::umount");
		show_prompt("umount('/tmp/mount/') for "
			    "'/tmp/\\?\\?\\?\\?\\?/'", 1);
		if (umount("/tmp/mount/") == 0)
			printf("OK\n");
		else
			printf("BUG: %s\n", strerror(errno));
		fprintf(domain_fp,
			"delete allow_unmount /tmp/\\?\\?\\?\\?\\?/\n");

		set_profile(0, "file::umount");
		while (umount("/tmp/mount/") == 0)
			c++; /* Dummy. */
	}

	/* Test chroot(). */
	{
		set_profile(3, "file::chroot");

		/* Test standard case */
		fprintf(domain_fp, "allow_chroot /tmp/mount/\n");
		show_prompt("chroot('/tmp/mount/') for '/tmp/mount/'", 0);
		fflush(stdout);
		if (fork() == 0) {
			if (chroot("/tmp/mount/") == 0)
				printf("OK\n");
			else
				printf("FAILED: %s\n", strerror(errno));
			fflush(stdout);
			_exit(0);
		}
		wait(NULL);
		fprintf(domain_fp, "delete allow_chroot /tmp/mount/\n");

		show_prompt("chroot('/tmp/mount/') for '/tmp/mount/'", 1);
		fflush(stdout);
		if (fork() == 0) {
			if (chroot("/tmp/mount/") == EOF && errno == EPERM)
				printf("OK: Permission denied.\n");
			else
				printf("BUG: %s\n", strerror(errno));
			fflush(stdout);
			_exit(0);
		}
		wait(NULL);

		/* Test pattern */
		fprintf(domain_fp, "allow_chroot /tmp/\\?\\?\\?\\?\\?/\n");
		show_prompt("chroot('/tmp/mount/') for "
			    "'/tmp/\\?\\?\\?\\?\\?/'", 0);
		fflush(stdout);
		if (fork() == 0) {
			if (chroot("/tmp/mount/") == 0)
				printf("OK\n");
			else
				printf("FAILED: %s\n", strerror(errno));
			fflush(stdout);
			_exit(0);
		}
		wait(NULL);
		fprintf(domain_fp,
			"delete allow_chroot /tmp/\\?\\?\\?\\?\\?/\n");

		set_profile(0, "file::chroot");
	}

	/* Test pivot_root(). */
	{
		int error;
		static char stack[8192];
		set_profile(3, "file::pivot_root");
		fprintf(domain_fp, "allow_pivot_root %s %s\n",
			 pivot_root_dir, proc_policy_dir);
		snprintf(stack, 8191, "pivot_root('%s', '%s')", pivot_root_dir,
			 proc_policy_dir);
		show_prompt(stack, 0);
		{
			const pid_t pid = ltp_clone_quick(CLONE_NEWNS, child,
							  NULL);
			while (waitpid(pid, &error, __WALL) == EOF &&
			       errno == EINTR)
				c++; /* Dummy. */
		}
		errno = WIFEXITED(error) ? WEXITSTATUS(error) : -1;
		if (errno == 0)
			printf("OK\n");
		else
			printf("FAILED: %s\n", strerror(errno));

		fprintf(domain_fp, "delete allow_pivot_root %s %s\n",
			pivot_root_dir, proc_policy_dir);
		snprintf(stack, 8191, "pivot_root('%s', '%s')", pivot_root_dir,
			 proc_policy_dir);
		show_prompt(stack, 1);
		{
			const pid_t pid = ltp_clone_quick(CLONE_NEWNS, child,
							  NULL);
			while (waitpid(pid, &error, __WALL) == EOF &&
			       errno == EINTR)
				c++; /* Dummy. */
		}
		errno = WIFEXITED(error) ? WEXITSTATUS(error) : -1;
		if (errno == EPERM)
			printf("OK: Permission denied.\n");
		else
			printf("BUG: %s\n", strerror(errno));

		set_profile(2, "file::pivot_root");
		snprintf(stack, 8191, "pivot_root('%s', '%s')", pivot_root_dir,
			 proc_policy_dir);
		show_prompt(stack, 0);
		{
			const pid_t pid = ltp_clone_quick(CLONE_NEWNS, child,
							  NULL);
			while (waitpid(pid, &error, __WALL) == EOF &&
			       errno == EINTR)
				c++; /* Dummy. */
		}
		errno = WIFEXITED(error) ? WEXITSTATUS(error) : -1;
		if (errno == 0)
			printf("OK\n");
		else
			printf("FAILED: %s\n", strerror(errno));

		set_profile(0, "file::pivot_root");

	}

	rmdir("/tmp/mount_move/");
	rmdir("/tmp/mount_bind/");
	rmdir("/tmp/mount/");

	clear_status();
	return 0;
}