From a996acc89235e30d32edcb5f276434ee9798e76a Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Wed, 11 May 2022 15:55:10 +0100
Subject: test-run: Skip a test if we can read /etc/shadow

Ordinarily, we would not be able to read /etc/shadow if we're not uid 0;
but when building in a sysroot owned by the current user (for example
by setting it up using bwrap, as steam-runtime-tools does), we might
actually be able to read it. Skip the assertion that we cannot read it
in this case.

Signed-off-by: Simon McVittie <smcv@collabora.com>
---
 tests/test-run.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tests/test-run.sh b/tests/test-run.sh
index f25a9bc..85c97dd 100755
--- a/tests/test-run.sh
+++ b/tests/test-run.sh
@@ -39,7 +39,8 @@ for ALT in "" "--unshare-user-try" "--unshare-pid" "--unshare-user-try --unshare
         CAP=""
     fi
 
-    if ! ${is_uidzero} && $RUN $CAP $ALT --unshare-net --proc /proc --bind /etc/shadow /tmp/foo cat /etc/shadow; then
+    if ! cat /etc/shadow >/dev/null &&
+        $RUN $CAP $ALT --unshare-net --proc /proc --bind /etc/shadow /tmp/foo cat /etc/shadow; then
         assert_not_reached Could read /etc/shadow
     fi
     echo "ok - cannot read /etc/shadow with $ALT"
-- 
cgit v1.2.1


From 2b4c4a789969d12baca17689911021ba88d7ed10 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Wed, 11 May 2022 16:01:11 +0100
Subject: test-run: Add another assertion that we cannot read /etc/shadow

The goal of this assertion was to demonstrate that a setuid bwrap does
not give us access to otherwise unreadable files, but if we want to
check that, we should probably be looking at the bind-mount destination
instead of the source file.

Leave the old assertion in too, just in case *that* fails.

Signed-off-by: Simon McVittie <smcv@collabora.com>
---
 tests/test-run.sh | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tests/test-run.sh b/tests/test-run.sh
index 85c97dd..da92ffb 100755
--- a/tests/test-run.sh
+++ b/tests/test-run.sh
@@ -39,10 +39,16 @@ for ALT in "" "--unshare-user-try" "--unshare-pid" "--unshare-user-try --unshare
         CAP=""
     fi
 
+    if ! cat /etc/shadow >/dev/null &&
+        $RUN $CAP $ALT --unshare-net --proc /proc --bind /etc/shadow /tmp/foo cat /tmp/foo; then
+        assert_not_reached Could read /etc/shadow via /tmp/foo bind-mount
+    fi
+
     if ! cat /etc/shadow >/dev/null &&
         $RUN $CAP $ALT --unshare-net --proc /proc --bind /etc/shadow /tmp/foo cat /etc/shadow; then
         assert_not_reached Could read /etc/shadow
     fi
+
     echo "ok - cannot read /etc/shadow with $ALT"
     # Unreadable dir
     if [ "x$UNREADABLE" != "x" ]; then
-- 
cgit v1.2.1