diff --git a/autogen.sh b/autogen.sh index 4674ca8..2d83faf 100755 --- a/autogen.sh +++ b/autogen.sh @@ -1,10 +1,10 @@ #!/bin/sh -test -n "$srcdir" || srcdir=`dirname "$0"` +test -n "$srcdir" || srcdir=$(dirname "$0") test -n "$srcdir" || srcdir=. -olddir=`pwd` -cd $srcdir +olddir=$(pwd) +cd "$srcdir" if ! (autoreconf --version >/dev/null 2>&1); then echo "*** No autoreconf found, please install it ***" @@ -15,5 +15,5 @@ mkdir -p m4 autoreconf --force --install --verbose -cd $olddir +cd "$olddir" test -n "$NOCONFIGURE" || "$srcdir/configure" "$@" diff --git a/ci/builddeps.sh b/ci/builddeps.sh index b6dae0b..65fa8b4 100755 --- a/ci/builddeps.sh +++ b/ci/builddeps.sh @@ -5,7 +5,7 @@ set -eux set -o pipefail -usage () { +usage() { if [ "${1-2}" -ne 0 ]; then exec >&2 fi diff --git a/completions/bash/bwrap b/completions/bash/bwrap index 9389afd..59928a8 100644 --- a/completions/bash/bwrap +++ b/completions/bash/bwrap @@ -60,11 +60,11 @@ _bwrap() { --userns-block-fd " - if [[ "$cur" == -* ]]; then - COMPREPLY=( $( compgen -W "$boolean_options $options_with_args" -- "$cur" ) ) - fi + if [[ "$cur" == -* ]]; then + COMPREPLY=( $( compgen -W "$boolean_options $options_with_args" -- "$cur" ) ) + fi - return 0 + return 0 } complete -F _bwrap bwrap diff --git a/tests/libtest.sh b/tests/libtest.sh index c888ad8..3ef2d64 100644 --- a/tests/libtest.sh +++ b/tests/libtest.sh @@ -42,11 +42,11 @@ PATH="$PATH:/usr/sbin:/sbin" tempdir=$(mktemp -d /var/tmp/tap-test.XXXXXX) touch "${tempdir}/.testtmp" -function cleanup () { +cleanup() { if test -n "${TEST_SKIP_CLEANUP:-}"; then echo "Skipping cleanup of ${tempdir}" elif test -f "${tempdir}/.testtmp"; then - rm "${tempdir}" -rf + rm -rf "${tempdir}" fi } trap cleanup EXIT diff --git a/tests/test-run.sh b/tests/test-run.sh index 270979d..c41e632 100755 --- a/tests/test-run.sh +++ b/tests/test-run.sh @@ -15,10 +15,10 @@ ${BWRAP} --help > help.txt assert_file_has_content help.txt "usage: ${BWRAP}" echo "ok - Help works" -for ALT in "" "--unshare-user-try" "--unshare-pid" "--unshare-user-try --unshare-pid"; do +for ALT in "" "--unshare-user-try" "--unshare-pid" "--unshare-user-try --unshare-pid"; do # Test fuse fs as bind source - if [ x$FUSE_DIR != x ]; then - $RUN $ALT --proc /proc --dev /dev --bind $FUSE_DIR /tmp/foo true + if [ "x$FUSE_DIR" != "x" ]; then + $RUN $ALT --proc /proc --dev /dev --bind $FUSE_DIR /tmp/foo true echo "ok - can bind-mount a FUSE directory with $ALT" else echo "ok # SKIP no FUSE support" @@ -39,14 +39,14 @@ for ALT in "" "--unshare-user-try" "--unshare-pid" "--unshare-user-try --unshar CAP="" fi - if ! ${is_uidzero} && $RUN $CAP $ALT --unshare-net --proc /proc --bind /etc/shadow /tmp/foo cat /etc/shadow; then + if ! ${is_uidzero} && $RUN $CAP $ALT --unshare-net --proc /proc --bind /etc/shadow /tmp/foo cat /etc/shadow; then assert_not_reached Could read /etc/shadow fi echo "ok - cannot read /etc/shadow with $ALT" # Unreadable dir - if [ x$UNREADABLE != x ]; then + if [ "x$UNREADABLE" != "x" ]; then echo -n "expect EPERM: " >&2 - if $RUN $ALT --unshare-net --proc /proc --dev /dev --bind $UNREADABLE /tmp/foo cat /tmp/foo ; then + if $RUN $ALT --unshare-net --proc /proc --dev /dev --bind $UNREADABLE /tmp/foo cat /tmp/foo; then assert_not_reached Could read $UNREADABLE fi echo "ok - cannot read $UNREADABLE with $ALT" @@ -113,13 +113,13 @@ else assert_file_has_content recursive_proc.txt "hello" echo "ok - can mount /proc recursively" - $BWRAP_RECURSE -- /proc/self/exe --unshare-all ${BWRAP_RO_HOST_ARGS} findmnt > recursive-newroot.txt + $BWRAP_RECURSE -- /proc/self/exe --unshare-all ${BWRAP_RO_HOST_ARGS} findmnt > recursive-newroot.txt assert_file_has_content recursive-newroot.txt "/usr" echo "ok - can pivot to new rootfs recursively" fi # Test error prefixing -if $RUN --unshare-pid --bind /source-enoent /dest true 2>err.txt; then +if $RUN --unshare-pid --bind /source-enoent /dest true 2>err.txt; then assert_not_reached "bound nonexistent source" fi assert_file_has_content err.txt "^bwrap: Can't find source path.*source-enoent" @@ -147,12 +147,12 @@ else # Check for dropping kill/fowner (we assume all uid 0 callers have this) # But we should still have net_bind_service for example $RUN $OPT --cap-drop CAP_KILL --cap-drop CAP_FOWNER --unshare-pid capsh --print >caps.test - # capsh's output format changed from v2.29 -> drops are now indicated with -eip - if grep 'Current: =.*+eip$' caps.test; then + # capsh's output format changed from v2.29 -> drops are now indicated with -eip + if grep 'Current: =.*+eip$' caps.test; then assert_not_file_has_content caps.test '^Current: =.*cap_kill.*+eip$' assert_not_file_has_content caps.test '^Current: =.*cap_fowner.*+eip$' assert_file_has_content caps.test '^Current: =.*cap_net_bind_service.*+eip$' - else + else assert_file_has_content caps.test '^Current: =eip.*cap_kill.*-eip$' assert_file_has_content caps.test '^Current: =eip.*cap_fowner.*-eip$' assert_not_file_has_content caps.test '^Current: =.*cap_net_bind_service.*-eip$' diff --git a/tests/test-specifying-userns.sh b/tests/test-specifying-userns.sh index 94654a5..07c5b4a 100755 --- a/tests/test-specifying-userns.sh +++ b/tests/test-specifying-userns.sh @@ -17,7 +17,7 @@ else while ! test -f sandbox-userns; do sleep 1; done SANDBOX1PID=$(extract_child_pid info.json) - $RUN --userns 11 readlink /proc/self/ns/user > sandbox2-userns 11< /proc/$SANDBOX1PID/ns/user + $RUN --userns 11 readlink /proc/self/ns/user > sandbox2-userns 11< /proc/$SANDBOX1PID/ns/user echo foo > donepipe assert_files_equal sandbox-userns sandbox2-userns