colin/bubblewrap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

test-run: If bubblewrap is setuid, assert that --size is not allowed

Browse Source 
Previously, this test would have failed for a setuid bubblewrap.

Signed-off-by: Simon McVittie <smcv@collabora.com>
This commit is contained in:
Simon McVittie
2022-11-07 18:26:21 +00:00
parent aa0fb696ab
commit cfc15df5f1
1 changed files with 28 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
tests/test-run.sh
View File

@@ -406,27 +406,34 @@ assert_file_has_content dir-permissions '^755$'
echo "ok - tmpfs has expected permissions" echo "ok - tmpfs has expected permissions"
# 1048576 = 1 MiB # 1048576 = 1 MiB
$RUN \ if test -n "${bwrap_is_suid:-}"; then
--size 1048576 --tmpfs "$(pwd -P)" \ if $RUN --size 1048576 --tmpfs "$(pwd -P)" true; then
df --output=size --block-size=1K "$(pwd -P)" > dir-size assert_not_reached "Should not allow --size --tmpfs when setuid"
assert_file_has_content dir-size '^ *1024$' fi
$RUN \ echo "ok - --size --tmpfs is not allowed when setuid"
--size 1048576 --perms 01777 --tmpfs "$(pwd -P)" \ else
stat -c '%a' "$(pwd -P)" > dir-permissions $RUN \
assert_file_has_content dir-permissions '^1777$' --size 1048576 --tmpfs "$(pwd -P)" \
$RUN \ df --output=size --block-size=1K "$(pwd -P)" > dir-size
--size 1048576 --perms 01777 --tmpfs "$(pwd -P)" \ assert_file_has_content dir-size '^ *1024$'
df --output=size --block-size=1K "$(pwd -P)" > dir-size $RUN \
assert_file_has_content dir-size '^ *1024$' --size 1048576 --perms 01777 --tmpfs "$(pwd -P)" \
$RUN \ stat -c '%a' "$(pwd -P)" > dir-permissions
--perms 01777 --size 1048576 --tmpfs "$(pwd -P)" \ assert_file_has_content dir-permissions '^1777$'
stat -c '%a' "$(pwd -P)" > dir-permissions $RUN \
assert_file_has_content dir-permissions '^1777$' --size 1048576 --perms 01777 --tmpfs "$(pwd -P)" \
$RUN \ df --output=size --block-size=1K "$(pwd -P)" > dir-size
--perms 01777 --size 1048576 --tmpfs "$(pwd -P)" \ assert_file_has_content dir-size '^ *1024$'
df --output=size --block-size=1K "$(pwd -P)" > dir-size $RUN \
assert_file_has_content dir-size '^ *1024$' --perms 01777 --size 1048576 --tmpfs "$(pwd -P)" \
echo "ok - tmpfs has expected size" stat -c '%a' "$(pwd -P)" > dir-permissions
assert_file_has_content dir-permissions '^1777$'
$RUN \
--perms 01777 --size 1048576 --tmpfs "$(pwd -P)" \
df --output=size --block-size=1K "$(pwd -P)" > dir-size
assert_file_has_content dir-size '^ *1024$'
echo "ok - tmpfs has expected size"
fi
$RUN \ $RUN \
--file 0 /tmp/file \ --file 0 /tmp/file \