diff options
author | Simon McVittie <smcv@collabora.com> | 2019-03-05 08:36:55 +0000 |
---|---|---|
committer | Atomic Bot <atomic-devel@projectatomic.io> | 2019-03-06 13:41:29 +0000 |
commit | 8f457ee2868ebfd20e311000aa472462c5ce3c84 (patch) | |
tree | 8c1764ab1cf198a4020ae1e0f9f660e55e2bb8bf | |
parent | efc89e3b939b4bde42c10f065f6b7b02958ed50e (diff) | |
download | bubblewrap-0.3.2.tar.gz |
tests: Ensure that tmpfs with oldroot/newroot doesn't appear in containerv0.3.2
Signed-off-by: Simon McVittie <smcv@collabora.com>
Closes: #305
Approved by: cgwalters
-rwxr-xr-x | tests/test-run.sh | 53 |
1 files changed, 52 insertions, 1 deletions
diff --git a/tests/test-run.sh b/tests/test-run.sh index d67728e..a404c4e 100755 --- a/tests/test-run.sh +++ b/tests/test-run.sh @@ -80,7 +80,7 @@ if ! $RUN true; then skip Seems like bwrap is not working at all. Maybe setuid is not working fi -echo "1..41" +echo "1..46" # Test help ${BWRAP} --help > help.txt @@ -278,4 +278,55 @@ if $RUN -- --dev-bind /dev /dev sh -c 'echo should not have run'; then fi echo "ok - options like --dev-bind are defanged by --" +if command -v mktemp > /dev/null; then + tempfile="$(mktemp /tmp/bwrap-test-XXXXXXXX)" + echo "hello" > "$tempfile" + $BWRAP --bind / / cat "$tempfile" > stdout + assert_file_has_content stdout hello + echo "ok - bind-mount of / exposes real /tmp" + $BWRAP --bind / / --bind /tmp /tmp cat "$tempfile" > stdout + assert_file_has_content stdout hello + echo "ok - bind-mount of /tmp exposes real /tmp" + if [ -d /mnt ]; then + $BWRAP --bind / / --bind /tmp /mnt cat "/mnt/${tempfile#/tmp/}" > stdout + assert_file_has_content stdout hello + echo "ok - bind-mount of /tmp onto /mnt exposes real /tmp" + else + echo "ok - # SKIP /mnt does not exist" + fi +else + echo "ok - # SKIP mktemp not found" + echo "ok - # SKIP mktemp not found" + echo "ok - # SKIP mktemp not found" +fi + +if $RUN test -d /tmp/oldroot; then + assert_not_reached "/tmp/oldroot should not be visible" +fi +if $RUN test -d /tmp/newroot; then + assert_not_reached "/tmp/newroot should not be visible" +fi + +echo "hello" > input.$$ +$BWRAP --bind / / --bind "$(pwd)" /tmp cat /tmp/input.$$ > stdout +assert_file_has_content stdout hello +if $BWRAP --bind / / --bind "$(pwd)" /tmp test -d /tmp/oldroot; then + assert_not_reached "/tmp/oldroot should not be visible" +fi +if $BWRAP --bind / / --bind "$(pwd)" /tmp test -d /tmp/newroot; then + assert_not_reached "/tmp/newroot should not be visible" +fi +echo "ok - we can mount another directory onto /tmp" + +echo "hello" > input.$$ +$RUN --bind "$(pwd)" /tmp/here cat /tmp/here/input.$$ > stdout +assert_file_has_content stdout hello +if $RUN --bind "$(pwd)" /tmp/here test -d /tmp/oldroot; then + assert_not_reached "/tmp/oldroot should not be visible" +fi +if $RUN --bind "$(pwd)" /tmp/here test -d /tmp/newroot; then + assert_not_reached "/tmp/newroot should not be visible" +fi +echo "ok - we can mount another directory inside /tmp" + echo "ok - End of test" |