diff options
| author | Simon McVittie <smcv@collabora.com> | 2022-11-07 18:26:21 +0000 |
|---|---|---|
| committer | Simon McVittie <smcv@collabora.com> | 2022-11-07 18:26:21 +0000 |
| commit | cfc15df5f1669a26c805b91c229805ffe012ca5f (patch) | |
| tree | e54cebba9651ca58c87240bbd57e7fb74feb2312 | |
| parent | aa0fb696ab4b7482fa54a0422b8a19c87407350e (diff) | |
| download | bubblewrap-cfc15df5f1669a26c805b91c229805ffe012ca5f.tar.gz | |
test-run: If bubblewrap is setuid, assert that --size is not allowed
Previously, this test would have failed for a setuid bubblewrap.
Signed-off-by: Simon McVittie <smcv@collabora.com>
| -rwxr-xr-x | tests/test-run.sh | 49 |
1 files changed, 28 insertions, 21 deletions
diff --git a/tests/test-run.sh b/tests/test-run.sh index 3e5e9e6..4aab01d 100755 --- a/tests/test-run.sh +++ b/tests/test-run.sh @@ -406,27 +406,34 @@ assert_file_has_content dir-permissions '^755$' echo "ok - tmpfs has expected permissions" # 1048576 = 1 MiB -$RUN \ - --size 1048576 --tmpfs "$(pwd -P)" \ - df --output=size --block-size=1K "$(pwd -P)" > dir-size -assert_file_has_content dir-size '^ *1024$' -$RUN \ - --size 1048576 --perms 01777 --tmpfs "$(pwd -P)" \ - stat -c '%a' "$(pwd -P)" > dir-permissions -assert_file_has_content dir-permissions '^1777$' -$RUN \ - --size 1048576 --perms 01777 --tmpfs "$(pwd -P)" \ - df --output=size --block-size=1K "$(pwd -P)" > dir-size -assert_file_has_content dir-size '^ *1024$' -$RUN \ - --perms 01777 --size 1048576 --tmpfs "$(pwd -P)" \ - stat -c '%a' "$(pwd -P)" > dir-permissions -assert_file_has_content dir-permissions '^1777$' -$RUN \ - --perms 01777 --size 1048576 --tmpfs "$(pwd -P)" \ - df --output=size --block-size=1K "$(pwd -P)" > dir-size -assert_file_has_content dir-size '^ *1024$' -echo "ok - tmpfs has expected size" +if test -n "${bwrap_is_suid:-}"; then + if $RUN --size 1048576 --tmpfs "$(pwd -P)" true; then + assert_not_reached "Should not allow --size --tmpfs when setuid" + fi + echo "ok - --size --tmpfs is not allowed when setuid" +else + $RUN \ + --size 1048576 --tmpfs "$(pwd -P)" \ + df --output=size --block-size=1K "$(pwd -P)" > dir-size + assert_file_has_content dir-size '^ *1024$' + $RUN \ + --size 1048576 --perms 01777 --tmpfs "$(pwd -P)" \ + stat -c '%a' "$(pwd -P)" > dir-permissions + assert_file_has_content dir-permissions '^1777$' + $RUN \ + --size 1048576 --perms 01777 --tmpfs "$(pwd -P)" \ + df --output=size --block-size=1K "$(pwd -P)" > dir-size + assert_file_has_content dir-size '^ *1024$' + $RUN \ + --perms 01777 --size 1048576 --tmpfs "$(pwd -P)" \ + stat -c '%a' "$(pwd -P)" > dir-permissions + assert_file_has_content dir-permissions '^1777$' + $RUN \ + --perms 01777 --size 1048576 --tmpfs "$(pwd -P)" \ + df --output=size --block-size=1K "$(pwd -P)" > dir-size + assert_file_has_content dir-size '^ *1024$' + echo "ok - tmpfs has expected size" +fi $RUN \ --file 0 /tmp/file \ |