1 files changed, 63 insertions, 0 deletions

diff --git a/testcases/kernel/containers/utsname/utsname04.c b/testcases/kernel/containers/utsname/utsname04.c
new file mode 100644
index 000000000..bf97880ba
--- /dev/null
+++ b/testcases/kernel/containers/utsname/utsname04.c
@@ -0,0 +1,63 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (C) 2023 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
+ */
+
+/*\
+ * [Description]
+ *
+ * Drop root privileges, create a container with CLONE_NEWUTS and verify that
+ * we receive a permission error.
+ */
+
+#define _GNU_SOURCE
+
+#include <pwd.h>
+#include "tst_test.h"
+#include "lapi/sched.h"
+
+static char *str_op;
+
+static void run(void)
+{
+	const struct tst_clone_args cargs = {
+		.flags = CLONE_NEWUTS,
+		.exit_signal = SIGCHLD,
+	};
+	struct passwd *pw;
+
+	tst_res(TINFO, "Dropping root privileges");
+
+	pw = SAFE_GETPWNAM("nobody");
+	SAFE_SETRESUID(pw->pw_uid, pw->pw_uid, pw->pw_uid);
+
+	if (!str_op || !strcmp(str_op, "clone")) {
+		TEST(tst_clone(&cargs));
+
+		if (TST_RET == -1)
+			tst_res(TPASS, "clone3() fails as expected");
+		else if (TST_RET == -2)
+			tst_res(TPASS, "clone() fails as expected");
+		else
+			tst_res(TFAIL, "tst_clone returns %ld", TST_RET);
+
+		TST_EXP_PASS(errno == EPERM);
+	} else {
+		if (!SAFE_FORK()) {
+			TST_EXP_EQ_LI(unshare(CLONE_NEWUTS), -1);
+			TST_EXP_PASS(errno == EPERM);
+			return;
+		}
+	}
+}
+
+static struct tst_test test = {
+	.test_all = run,
+	.needs_root = 1,
+	.forks_child = 1,
+	.needs_checkpoints = 1,
+	.options = (struct tst_option[]) {
+		{ "m:", &str_op, "Test execution mode <clone|unshare>" },
+		{},
+	},
+};