diff options
| author | Alexander Larsson <alexl@redhat.com> | 2017-06-19 19:41:00 +0200 |
|---|---|---|
| committer | Alexander Larsson <alexl@redhat.com> | 2017-06-19 19:41:00 +0200 |
| commit | 0bbb8354dc52f027f3301893d2b3c6a7bd6fd7ea (patch) | |
| tree | 0edc279772df7ce141f30de59fa9ab2eeed1a9ab /tests/test-run.sh | |
| parent | 67ffd9a0b6f2f76de8aa08e6eb00505e48c48cbd (diff) | |
| download | flatpak-0bbb8354dc52f027f3301893d2b3c6a7bd6fd7ea.tar.gz | |
tests: Add tests for no world writable dirs & no setuid files
Diffstat (limited to 'tests/test-run.sh')
| -rwxr-xr-x | tests/test-run.sh | 32 |
1 files changed, 31 insertions, 1 deletions
diff --git a/tests/test-run.sh b/tests/test-run.sh index 0f0d3aa9..b9e2e7a7 100755 --- a/tests/test-run.sh +++ b/tests/test-run.sh @@ -24,7 +24,7 @@ set -euo pipefail skip_without_bwrap skip_without_user_xattrs -echo "1..10" +echo "1..12" setup_repo install_repo @@ -338,3 +338,33 @@ ${FLATPAK} build-export ${FL_GPGARGS} repos/test ${DIR} ${FLATPAK} ${U} update org.test.OldVersion echo "ok version checks" + +rm -rf app +flatpak build-init app org.test.Writable org.test.Platform org.test.Platform +mkdir -p app/files/a-dir +chmod a+rwx app/files/a-dir +flatpak build-finish --command=hello.sh app +ostree --repo=repos/test commit ${FL_GPGARGS} --branch=app/org.test.Writable/$ARCH/master app +update_repo + +${FLATPAK} ${U} install test-repo org.test.Writable + +assert_file_has_mode $FL_DIR/app/org.test.Writable/$ARCH/master/active/files/a-dir 775 + +echo "ok no world writable dir" + +rm -rf app +flatpak build-init app org.test.Setuid org.test.Platform org.test.Platform +mkdir -p app/files/ +touch app/files/exe +chmod u+s app/files/exe +flatpak build-finish --command=hello.sh app +ostree --repo=repos/test commit ${FL_GPGARGS} --branch=app/org.test.Setuid/$ARCH/master app +update_repo + +if ${FLATPAK} ${U} install test-repo org.test.Setuid &> err2.txt; then + assert_not_reached "Should not be able to install with setuid file" +fi +assert_file_has_content err2.txt [Ii]nvalid + +echo "ok no setuid" |