diff options
author | Simon McVittie <smcv@collabora.com> | 2022-05-11 16:01:11 +0100 |
---|---|---|
committer | Simon McVittie <smcv@collabora.com> | 2022-05-11 16:01:11 +0100 |
commit | 2b4c4a789969d12baca17689911021ba88d7ed10 (patch) | |
tree | ab476ed7845b847bcf85b52c6d39ba9180476546 | |
parent | a996acc89235e30d32edcb5f276434ee9798e76a (diff) | |
download | bubblewrap-2b4c4a789969d12baca17689911021ba88d7ed10.tar.gz |
test-run: Add another assertion that we cannot read /etc/shadow
The goal of this assertion was to demonstrate that a setuid bwrap does
not give us access to otherwise unreadable files, but if we want to
check that, we should probably be looking at the bind-mount destination
instead of the source file.
Leave the old assertion in too, just in case *that* fails.
Signed-off-by: Simon McVittie <smcv@collabora.com>
-rwxr-xr-x | tests/test-run.sh | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/tests/test-run.sh b/tests/test-run.sh index 85c97dd..da92ffb 100755 --- a/tests/test-run.sh +++ b/tests/test-run.sh @@ -40,9 +40,15 @@ for ALT in "" "--unshare-user-try" "--unshare-pid" "--unshare-user-try --unshare fi if ! cat /etc/shadow >/dev/null && + $RUN $CAP $ALT --unshare-net --proc /proc --bind /etc/shadow /tmp/foo cat /tmp/foo; then + assert_not_reached Could read /etc/shadow via /tmp/foo bind-mount + fi + + if ! cat /etc/shadow >/dev/null && $RUN $CAP $ALT --unshare-net --proc /proc --bind /etc/shadow /tmp/foo cat /etc/shadow; then assert_not_reached Could read /etc/shadow fi + echo "ok - cannot read /etc/shadow with $ALT" # Unreadable dir if [ "x$UNREADABLE" != "x" ]; then |