diff options
Diffstat (limited to 'tests/test_all.py')
-rw-r--r-- | tests/test_all.py | 110 |
1 files changed, 33 insertions, 77 deletions
diff --git a/tests/test_all.py b/tests/test_all.py index d5ff47c..3d3d398 100644 --- a/tests/test_all.py +++ b/tests/test_all.py @@ -13,37 +13,17 @@ # with this program. If not, see <http://www.gnu.org/licenses/>. -'''Functional ('black-box') tests for all 'sandboxlib' backends. - -FIXME: right now this is incomplete! Needs to introspect more! - -''' +'''Functional ('black-box') tests for all 'sandboxlib' backends.''' import pytest import os -import subprocess -import tempfile import sandboxlib - - -def build_c_program(source_code, output_path, compiler_args=None): - '''Compile a temporary C program. - - In order that the test suite be self-contained, we test the sandboxes - using statically linked C programs. The alternative would be to depend on - some operating system image that can run in a container. - - ''' - compiler_args = compiler_args or [] - with tempfile.NamedTemporaryFile(suffix='.c') as f: - f.write(WRITEABLE_PATHS_TEST_CODE.encode('utf-8')) - f.flush() - - subprocess.check_call( - ['gcc', '-static', f.name, '-o', str(output_path)]) +from programs import ( + file_is_writable_test_program, file_or_directory_exists_test_program, + session_tmpdir) @pytest.fixture(params=['chroot', 'linux_user_chroot']) @@ -73,64 +53,40 @@ def test_current_working_directory(sandboxlib_executor, tmpdir): assert err.decode('unicode-escape') == '' -def test_mounts(sandboxlib_executor, tmpdir): - # FIXME: This test will fail because we try to run a command in an empty - # chroot. Need some kind of statically linked C program to run in there. - exit, out, err = sandboxlib_executor.run_sandbox( - ['/bin/ls', '/proc'], - filesystem_root=str(tmpdir), - extra_mounts=[(None, '/proc', 'proc')]) - - -# The simplest way to test these sandboxes is with a statically linked C -# program. -WRITEABLE_PATHS_TEST_CODE = """ -#include <stdio.h> - -int main(int argc, char *argv[]) { - FILE *file; +class TestMounts(object): + @pytest.fixture() + def mounts_test_sandbox(self, tmpdir, + file_or_directory_exists_test_program): + sandbox_path = tmpdir.mkdir('sandbox') - if (argc != 2) { - fprintf(stderr, "Expected 1 argument: filename to try to write to."); - return 1; - } + bin_path = sandbox_path.mkdir('bin') - file = fopen(argv[0], "w"); + file_or_directory_exists_test_program.copy(bin_path) + bin_path.join('test-file-or-directory-exists').chmod(0o755) - if (file == NULL) { - printf("Couldn't open %s for writing.", argv[1]); - return 2; - } + return sandbox_path - if (fputc('!', file) != '!') { - printf("Couldn't write to %s.", argv[1]); - fclose(file); - return 3; - } + def test_mount_proc(self, sandboxlib_executor, mounts_test_sandbox): + exit, out, err = sandboxlib_executor.run_sandbox( + ['test-file-or-directory-exists', '/proc'], + filesystem_root=str(mounts_test_sandbox), + extra_mounts=[(None, '/proc', 'proc')]) - fclose(file); - printf("Wrote data to %s.", argv[1]); - return 0; -}; -""" + assert err.decode('unicode-escape') == '' + assert out.decode('unicode-escape') == "/proc exists" + assert exit == 0 class TestWriteablePaths(object): - @pytest.fixture(scope='module') - def writable_paths_test_program(self, tmpdir): - program_path = tmpdir.join('writable-paths-tester') - build_c_program( - WRITEABLE_PATHS_TEST_CODE, program_path, compiler_args=['-static']) - return program_path - @pytest.fixture() - def writable_paths_test_sandbox(self, tmpdir, writable_paths_test_program): + def writable_paths_test_sandbox(self, tmpdir, + file_is_writable_test_program): sandbox_path = tmpdir.mkdir('sandbox') bin_path = sandbox_path.mkdir('bin') - writable_paths_test_program.copy(bin_path) - bin_path.join('writable-paths-tester').chmod(0o755) + file_is_writable_test_program.copy(bin_path) + bin_path.join('test-file-is-writable').chmod(0o755) data_path = sandbox_path.mkdir('data') data_path.mkdir('1') @@ -139,19 +95,19 @@ class TestWriteablePaths(object): return sandbox_path def test_none_writable(self, sandboxlib_executor, - writable_paths_test_sandbox): + writable_paths_test_sandbox): if sandboxlib_executor == sandboxlib.chroot: pytest.xfail("chroot backend doesn't support read-only paths.") exit, out, err = sandboxlib_executor.run_sandbox( - ['writable-paths-tester', '/data/1/canary'], + ['test-file-is-writable', '/data/1/canary'], filesystem_root=str(writable_paths_test_sandbox), filesystem_writable_paths='none') assert err.decode('unicode-escape') == '' assert out.decode('unicode-escape') == \ "Couldn't open /data/1/canary for writing." - assert exit == 2 + assert exit == 1 def test_some_writable(self, sandboxlib_executor, writable_paths_test_sandbox): @@ -159,7 +115,7 @@ class TestWriteablePaths(object): pytest.xfail("chroot backend doesn't support read-only paths.") exit, out, err = sandboxlib_executor.run_sandbox( - ['writable-paths-tester', '/data/1/canary'], + ['test-file-is-writable', '/data/1/canary'], filesystem_root=str(writable_paths_test_sandbox), filesystem_writable_paths=['/data/1']) @@ -171,7 +127,7 @@ class TestWriteablePaths(object): def test_all_writable(self, sandboxlib_executor, writable_paths_test_sandbox): exit, out, err = sandboxlib_executor.run_sandbox( - ['writable-paths-tester', '/data/1/canary'], + ['test-file-is-writable', '/data/1/canary'], filesystem_root=str(writable_paths_test_sandbox), filesystem_writable_paths='all') @@ -186,7 +142,7 @@ class TestWriteablePaths(object): pytest.xfail("chroot backend doesn't support read-only paths.") exit, out, err = sandboxlib_executor.run_sandbox( - ['writable-paths-tester', '/data/1/canary'], + ['test-file-is-writable', '/data/1/canary'], filesystem_root=str(writable_paths_test_sandbox), filesystem_writable_paths='none', extra_mounts=[ @@ -196,7 +152,7 @@ class TestWriteablePaths(object): assert err.decode('unicode-escape') == '' assert out.decode('unicode-escape') == \ "Couldn't open /data/1/canary for writing." - assert exit == 2 + assert exit == 1 def test_mount_point_writable(self, sandboxlib_executor, writable_paths_test_sandbox): @@ -204,7 +160,7 @@ class TestWriteablePaths(object): pytest.xfail("chroot backend doesn't support read-only paths.") exit, out, err = sandboxlib_executor.run_sandbox( - ['writable-paths-tester', '/data/1/canary'], + ['test-file-is-writable', '/data/1/canary'], filesystem_root=str(writable_paths_test_sandbox), filesystem_writable_paths=['/data'], extra_mounts=[ |