tests: test --userns

2 files changed, 31 insertions, 1 deletions

diff --git a/tests/libtest-core.sh b/tests/libtest-core.sh
index d0b7d37..2067343 100644
--- a/tests/libtest-core.sh
+++ b/tests/libtest-core.sh
@@ -135,8 +135,18 @@ assert_file_empty() {
     fi
 }
 
+assert_files_equal() {
+    if ! cmp "$1" "$2"; then
+        _fatal_print_file "$1" "File '$1' and '$2' is not equal"
+    fi
+}
+
 # Use to skip all of these tests
 skip() {
     echo "1..0 # SKIP" "$@"
     exit 0
 }
+
+extract_child_pid() {
+    grep child-pid "$1" | sed "s/^.*: \([0-9]*\).*/\1/"
+}
diff --git a/tests/test-run.sh b/tests/test-run.sh
index b80ddde..d11da80 100755
--- a/tests/test-run.sh
+++ b/tests/test-run.sh
@@ -80,7 +80,7 @@ if ! $RUN true; then
     skip Seems like bwrap is not working at all. Maybe setuid is not working
 fi
 
-echo "1..47"
+echo "1..48"
 
 # Test help
 ${BWRAP} --help > help.txt
@@ -340,4 +340,24 @@ if $RUN --bind "$(pwd)" /tmp/here test -d /tmp/newroot; then
 fi
 echo "ok - we can mount another directory inside /tmp"
 
+# These tests need user namespaces
+if test -n "${bwrap_is_suid:-}"; then
+    echo "ok - # SKIP no setuid support for --unshare-user"
+else
+    mkfifo donepipe
+
+    $RUN --info-fd 42 --unshare-user sh -c 'ls -l /proc/self/ns/user > sandbox-userns; cat < donepipe' 42>info.json &
+    while ! test -f sandbox-userns; do sleep 1; done
+    SANDBOX1PID=$(extract_child_pid info.json)
+
+    $RUN  --userns 11 ls -l /proc/self/ns/user > sandbox2-userns 11< /proc/$SANDBOX1PID/ns/user
+    echo foo > donepipe
+
+    assert_files_equal sandbox-userns sandbox2-userns
+
+    rm donepipe info.json sandbox-userns
+
+    echo "ok - Test --userns"
+fi
+
 echo "ok - End of test"