From cfc15df5f1669a26c805b91c229805ffe012ca5f Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Mon, 7 Nov 2022 18:26:21 +0000
Subject: test-run: If bubblewrap is setuid, assert that --size is not allowed

Previously, this test would have failed for a setuid bubblewrap.

Signed-off-by: Simon McVittie <smcv@collabora.com>
---
 tests/test-run.sh | 49 ++++++++++++++++++++++++++++---------------------
 1 file changed, 28 insertions(+), 21 deletions(-)

diff --git a/tests/test-run.sh b/tests/test-run.sh
index 3e5e9e6..4aab01d 100755
--- a/tests/test-run.sh
+++ b/tests/test-run.sh
@@ -406,27 +406,34 @@ assert_file_has_content dir-permissions '^755$'
 echo "ok - tmpfs has expected permissions"
 
 # 1048576 = 1 MiB
-$RUN \
-    --size 1048576 --tmpfs "$(pwd -P)" \
-    df --output=size --block-size=1K "$(pwd -P)" > dir-size
-assert_file_has_content dir-size '^ *1024$'
-$RUN \
-    --size 1048576 --perms 01777 --tmpfs "$(pwd -P)" \
-    stat -c '%a' "$(pwd -P)" > dir-permissions
-assert_file_has_content dir-permissions '^1777$'
-$RUN \
-    --size 1048576 --perms 01777 --tmpfs "$(pwd -P)" \
-    df --output=size --block-size=1K "$(pwd -P)" > dir-size
-assert_file_has_content dir-size '^ *1024$'
-$RUN \
-    --perms 01777 --size 1048576 --tmpfs "$(pwd -P)" \
-    stat -c '%a' "$(pwd -P)" > dir-permissions
-assert_file_has_content dir-permissions '^1777$'
-$RUN \
-    --perms 01777 --size 1048576 --tmpfs "$(pwd -P)" \
-    df --output=size --block-size=1K "$(pwd -P)" > dir-size
-assert_file_has_content dir-size '^ *1024$'
-echo "ok - tmpfs has expected size"
+if test -n "${bwrap_is_suid:-}"; then
+    if $RUN --size 1048576 --tmpfs "$(pwd -P)" true; then
+        assert_not_reached "Should not allow --size --tmpfs when setuid"
+    fi
+    echo "ok - --size --tmpfs is not allowed when setuid"
+else
+    $RUN \
+        --size 1048576 --tmpfs "$(pwd -P)" \
+        df --output=size --block-size=1K "$(pwd -P)" > dir-size
+    assert_file_has_content dir-size '^ *1024$'
+    $RUN \
+        --size 1048576 --perms 01777 --tmpfs "$(pwd -P)" \
+        stat -c '%a' "$(pwd -P)" > dir-permissions
+    assert_file_has_content dir-permissions '^1777$'
+    $RUN \
+        --size 1048576 --perms 01777 --tmpfs "$(pwd -P)" \
+        df --output=size --block-size=1K "$(pwd -P)" > dir-size
+    assert_file_has_content dir-size '^ *1024$'
+    $RUN \
+        --perms 01777 --size 1048576 --tmpfs "$(pwd -P)" \
+        stat -c '%a' "$(pwd -P)" > dir-permissions
+    assert_file_has_content dir-permissions '^1777$'
+    $RUN \
+        --perms 01777 --size 1048576 --tmpfs "$(pwd -P)" \
+        df --output=size --block-size=1K "$(pwd -P)" > dir-size
+    assert_file_has_content dir-size '^ *1024$'
+    echo "ok - tmpfs has expected size"
+fi
 
 $RUN \
     --file 0 /tmp/file \
-- 
cgit v1.2.1