11 #include <sys/ioctl.h>
12 #include <sys/prctl.h>
16 #define NS_GET_USERNS _IO(NSIO, 0x1)
18 #define pr_err(fmt, ...) \
20 fprintf(stderr, "%s:%d:" fmt ": %m\n", \
21 __func__, __LINE__, ##__VA_ARGS__); \
25 int main(int argc, char *argvp[])
27 int pfd[2], ns, uns, init_uns;
38 return pr_err("fork");
40 prctl(PR_SET_PDEATHSIG, SIGKILL);
41 if (unshare(CLONE_NEWUTS | CLONE_NEWUSER))
42 return pr_err("unshare");
50 if (read(pfd[0], &c, 1) != 0)
51 return pr_err("Unable to read from pipe");
54 snprintf(path, sizeof(path), "/proc/%d/ns/uts", pid);
55 ns = open(path, O_RDONLY);
57 return pr_err("Unable to open %s", path);
59 uns = ioctl(ns, NS_GET_USERNS);
61 return pr_err("Unable to get an owning user namespace");
64 return pr_err("fstat");
66 snprintf(path, sizeof(path), "/proc/%d/ns/user", pid);
68 return pr_err("stat");
70 if (st1.st_ino != st2.st_ino)
71 return pr_err("NS_GET_USERNS returned a wrong namespace");
73 init_uns = ioctl(uns, NS_GET_USERNS);
75 return pr_err("Unable to get an owning user namespace");
77 if (ioctl(init_uns, NS_GET_USERNS) >= 0 || errno != EPERM)
78 return pr_err("Don't get EPERM");
80 if (unshare(CLONE_NEWUSER))
81 return pr_err("unshare");
83 if (ioctl(ns, NS_GET_USERNS) >= 0 || errno != EPERM)
84 return pr_err("Don't get EPERM");
85 if (ioctl(init_uns, NS_GET_USERNS) >= 0 || errno != EPERM)
86 return pr_err("Don't get EPERM");