diff options
| author | Simon McVittie <smcv@collabora.com> | 2017-10-06 16:53:51 +0100 |
|---|---|---|
| committer | Atomic Bot <atomic-devel@projectatomic.io> | 2017-10-06 16:31:19 +0000 |
| commit | 3983c1c34d7c124f3a065af5913e7f3496373b41 (patch) | |
| tree | 43f292e8b06a9da4c65049ee8d34f51987dff4f5 | |
| parent | 6ea0642ac9061b4cd86d417d4bf5fe3daadef0dd (diff) | |
| download | bubblewrap-3983c1c34d7c124f3a065af5913e7f3496373b41.tar.gz | |
tests: Produce finer-grained TAP output
Signed-off-by: Simon McVittie <smcv@collabora.com>
Closes: #229
Approved by: cgwalters
| -rwxr-xr-x | tests/test-run.sh | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/tests/test-run.sh b/tests/test-run.sh index c73e9f9..4712418 100755 --- a/tests/test-run.sh +++ b/tests/test-run.sh @@ -50,21 +50,27 @@ if ! $RUN true; then skip Seems like bwrap is not working at all. Maybe setuid is not working fi -echo "1..3" +echo "1..31" # Test help ${BWRAP} --help > help.txt assert_file_has_content help.txt "usage: ${BWRAP}" +echo "ok - Help works" for ALT in "" "--unshare-user-try" "--unshare-pid" "--unshare-user-try --unshare-pid"; do # Test fuse fs as bind source if [ x$FUSE_DIR != x ]; then $RUN $ALT --proc /proc --dev /dev --bind $FUSE_DIR /tmp/foo true + echo "ok - can bind-mount a FUSE directory with $ALT" + else + echo "ok # SKIP no FUSE support" fi # no --dev => no devpts => no map_root workaround $RUN $ALT --proc /proc true + echo "ok - can mount /proc with $ALT" # No network $RUN $ALT --unshare-net --proc /proc --dev /dev true + echo "ok - can unshare network, create new /dev with $ALT" # Unreadable file echo -n "expect EPERM: " >&2 @@ -78,24 +84,31 @@ for ALT in "" "--unshare-user-try" "--unshare-pid" "--unshare-user-try --unshar if ! ${is_uidzero} && $RUN $CAP $ALT --unshare-net --proc /proc --bind /etc/shadow /tmp/foo cat /etc/shadow; then assert_not_reached Could read /etc/shadow fi + echo "ok - cannot read /etc/shadow with $ALT" # Unreadable dir if [ x$UNREADABLE != x ]; then echo -n "expect EPERM: " >&2 if $RUN $ALT --unshare-net --proc /proc --dev /dev --bind $UNREADABLE /tmp/foo cat /tmp/foo ; then assert_not_reached Could read $UNREADABLE fi + echo "ok - cannot read $UNREADABLE with $ALT" + else + echo "ok # SKIP not sure what unreadable file to use" fi # bind dest in symlink (https://github.com/projectatomic/bubblewrap/pull/119) $RUN $ALT --dir /tmp/dir --symlink dir /tmp/link --bind /etc /tmp/link true + echo "ok - can bind a destination over a symlink" done # Test devices $RUN --unshare-pid --dev /dev ls -al /dev/{stdin,stdout,stderr,null,random,urandom,fd,core} >/dev/null +echo "ok - all expected devices were created" # Test --as-pid-1 $RUN --unshare-pid --as-pid-1 --bind / / bash -c 'echo $$' > as_pid_1.txt assert_file_has_content as_pid_1.txt "1" +echo "ok - can run as pid 1" if ! ${is_uidzero}; then # When invoked as non-root, check that by default we have no caps left @@ -106,6 +119,7 @@ if ! ${is_uidzero}; then test "$e" = 0 assert_not_file_has_content caps.test ': =.*cap' done + echo "ok - we have no caps as uid != 0" else capsh --print > caps.orig for OPT in "" "--as-pid-1"; do @@ -121,6 +135,7 @@ else assert_not_file_has_content caps.test '^Current: =.*cap_fowner' # But we should still have net_bind_service for example assert_file_has_content caps.test '^Current: =.*cap_net_bind_service' + echo "ok - we have the expected caps as uid 0" fi # Test --die-with-parent |