bash: Fix shellcheck warnings
Signed-off-by: a1346054 <36859588+a1346054@users.noreply.github.com>
This commit is contained in:
a1346054
Alexander Larsson
parent
f2a2dbbeb9
commit
d69d21b036
|
|
@ -1,10 +1,10 @@
|
|||
#!/bin/sh
|
||||
|
||||
test -n "$srcdir" || srcdir=`dirname "$0"`
|
||||
test -n "$srcdir" || srcdir=$(dirname "$0")
|
||||
test -n "$srcdir" || srcdir=.
|
||||
|
||||
olddir=`pwd`
|
||||
cd $srcdir
|
||||
olddir=$(pwd)
|
||||
cd "$srcdir"
|
||||
|
||||
if ! (autoreconf --version >/dev/null 2>&1); then
|
||||
echo "*** No autoreconf found, please install it ***"
|
||||
|
|
@ -15,5 +15,5 @@ mkdir -p m4
|
|||
|
||||
autoreconf --force --install --verbose
|
||||
|
||||
cd $olddir
|
||||
cd "$olddir"
|
||||
test -n "$NOCONFIGURE" || "$srcdir/configure" "$@"
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
set -eux
|
||||
set -o pipefail
|
||||
|
||||
usage () {
|
||||
usage() {
|
||||
if [ "${1-2}" -ne 0 ]; then
|
||||
exec >&2
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -60,11 +60,11 @@ _bwrap() {
|
|||
--userns-block-fd
|
||||
"
|
||||
|
||||
if [[ "$cur" == -* ]]; then
|
||||
COMPREPLY=( $( compgen -W "$boolean_options $options_with_args" -- "$cur" ) )
|
||||
fi
|
||||
if [[ "$cur" == -* ]]; then
|
||||
COMPREPLY=( $( compgen -W "$boolean_options $options_with_args" -- "$cur" ) )
|
||||
fi
|
||||
|
||||
return 0
|
||||
return 0
|
||||
}
|
||||
complete -F _bwrap bwrap
|
||||
|
||||
|
|
|
|||
|
|
@ -42,11 +42,11 @@ PATH="$PATH:/usr/sbin:/sbin"
|
|||
|
||||
tempdir=$(mktemp -d /var/tmp/tap-test.XXXXXX)
|
||||
touch "${tempdir}/.testtmp"
|
||||
function cleanup () {
|
||||
cleanup() {
|
||||
if test -n "${TEST_SKIP_CLEANUP:-}"; then
|
||||
echo "Skipping cleanup of ${tempdir}"
|
||||
elif test -f "${tempdir}/.testtmp"; then
|
||||
rm "${tempdir}" -rf
|
||||
rm -rf "${tempdir}"
|
||||
fi
|
||||
}
|
||||
trap cleanup EXIT
|
||||
|
|
|
|||
|
|
@ -15,10 +15,10 @@ ${BWRAP} --help > help.txt
|
|||
assert_file_has_content help.txt "usage: ${BWRAP}"
|
||||
echo "ok - Help works"
|
||||
|
||||
for ALT in "" "--unshare-user-try" "--unshare-pid" "--unshare-user-try --unshare-pid"; do
|
||||
for ALT in "" "--unshare-user-try" "--unshare-pid" "--unshare-user-try --unshare-pid"; do
|
||||
# Test fuse fs as bind source
|
||||
if [ x$FUSE_DIR != x ]; then
|
||||
$RUN $ALT --proc /proc --dev /dev --bind $FUSE_DIR /tmp/foo true
|
||||
if [ "x$FUSE_DIR" != "x" ]; then
|
||||
$RUN $ALT --proc /proc --dev /dev --bind $FUSE_DIR /tmp/foo true
|
||||
echo "ok - can bind-mount a FUSE directory with $ALT"
|
||||
else
|
||||
echo "ok # SKIP no FUSE support"
|
||||
|
|
@ -39,14 +39,14 @@ for ALT in "" "--unshare-user-try" "--unshare-pid" "--unshare-user-try --unshar
|
|||
CAP=""
|
||||
fi
|
||||
|
||||
if ! ${is_uidzero} && $RUN $CAP $ALT --unshare-net --proc /proc --bind /etc/shadow /tmp/foo cat /etc/shadow; then
|
||||
if ! ${is_uidzero} && $RUN $CAP $ALT --unshare-net --proc /proc --bind /etc/shadow /tmp/foo cat /etc/shadow; then
|
||||
assert_not_reached Could read /etc/shadow
|
||||
fi
|
||||
echo "ok - cannot read /etc/shadow with $ALT"
|
||||
# Unreadable dir
|
||||
if [ x$UNREADABLE != x ]; then
|
||||
if [ "x$UNREADABLE" != "x" ]; then
|
||||
echo -n "expect EPERM: " >&2
|
||||
if $RUN $ALT --unshare-net --proc /proc --dev /dev --bind $UNREADABLE /tmp/foo cat /tmp/foo ; then
|
||||
if $RUN $ALT --unshare-net --proc /proc --dev /dev --bind $UNREADABLE /tmp/foo cat /tmp/foo; then
|
||||
assert_not_reached Could read $UNREADABLE
|
||||
fi
|
||||
echo "ok - cannot read $UNREADABLE with $ALT"
|
||||
|
|
@ -113,13 +113,13 @@ else
|
|||
assert_file_has_content recursive_proc.txt "hello"
|
||||
echo "ok - can mount /proc recursively"
|
||||
|
||||
$BWRAP_RECURSE -- /proc/self/exe --unshare-all ${BWRAP_RO_HOST_ARGS} findmnt > recursive-newroot.txt
|
||||
$BWRAP_RECURSE -- /proc/self/exe --unshare-all ${BWRAP_RO_HOST_ARGS} findmnt > recursive-newroot.txt
|
||||
assert_file_has_content recursive-newroot.txt "/usr"
|
||||
echo "ok - can pivot to new rootfs recursively"
|
||||
fi
|
||||
|
||||
# Test error prefixing
|
||||
if $RUN --unshare-pid --bind /source-enoent /dest true 2>err.txt; then
|
||||
if $RUN --unshare-pid --bind /source-enoent /dest true 2>err.txt; then
|
||||
assert_not_reached "bound nonexistent source"
|
||||
fi
|
||||
assert_file_has_content err.txt "^bwrap: Can't find source path.*source-enoent"
|
||||
|
|
@ -147,12 +147,12 @@ else
|
|||
# Check for dropping kill/fowner (we assume all uid 0 callers have this)
|
||||
# But we should still have net_bind_service for example
|
||||
$RUN $OPT --cap-drop CAP_KILL --cap-drop CAP_FOWNER --unshare-pid capsh --print >caps.test
|
||||
# capsh's output format changed from v2.29 -> drops are now indicated with -eip
|
||||
if grep 'Current: =.*+eip$' caps.test; then
|
||||
# capsh's output format changed from v2.29 -> drops are now indicated with -eip
|
||||
if grep 'Current: =.*+eip$' caps.test; then
|
||||
assert_not_file_has_content caps.test '^Current: =.*cap_kill.*+eip$'
|
||||
assert_not_file_has_content caps.test '^Current: =.*cap_fowner.*+eip$'
|
||||
assert_file_has_content caps.test '^Current: =.*cap_net_bind_service.*+eip$'
|
||||
else
|
||||
else
|
||||
assert_file_has_content caps.test '^Current: =eip.*cap_kill.*-eip$'
|
||||
assert_file_has_content caps.test '^Current: =eip.*cap_fowner.*-eip$'
|
||||
assert_not_file_has_content caps.test '^Current: =.*cap_net_bind_service.*-eip$'
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ else
|
|||
while ! test -f sandbox-userns; do sleep 1; done
|
||||
SANDBOX1PID=$(extract_child_pid info.json)
|
||||
|
||||
$RUN --userns 11 readlink /proc/self/ns/user > sandbox2-userns 11< /proc/$SANDBOX1PID/ns/user
|
||||
$RUN --userns 11 readlink /proc/self/ns/user > sandbox2-userns 11< /proc/$SANDBOX1PID/ns/user
|
||||
echo foo > donepipe
|
||||
|
||||
assert_files_equal sandbox-userns sandbox2-userns
|
||||
|
|
|
|||
Loading…
Reference in New Issue