colin/bubblewrap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

bash: Fix shellcheck warnings

Browse Source 
Signed-off-by: a1346054 <36859588+a1346054@users.noreply.github.com>
This commit is contained in:
a1346054
2021-08-19 14:04:20 +00:00
committed by Alexander Larsson
parent f2a2dbbeb9
commit d69d21b036
6 changed files with 23 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
autogen.sh
View File

@@ -1,10 +1,10 @@
#!/bin/sh #!/bin/sh
test -n "$srcdir" || srcdir=`dirname "$0"` test -n "$srcdir" || srcdir=$(dirname "$0")
test -n "$srcdir" || srcdir=. test -n "$srcdir" || srcdir=.
olddir=`pwd` olddir=$(pwd)
cd $srcdir cd "$srcdir"
if ! (autoreconf --version >/dev/null 2>&1); then if ! (autoreconf --version >/dev/null 2>&1); then
echo "*** No autoreconf found, please install it ***" echo "*** No autoreconf found, please install it ***"
@@ -15,5 +15,5 @@ mkdir -p m4
autoreconf --force --install --verbose autoreconf --force --install --verbose
cd $olddir cd "$olddir"
test -n "$NOCONFIGURE" || "$srcdir/configure" "$@" test -n "$NOCONFIGURE" || "$srcdir/configure" "$@"

2
ci/builddeps.sh
View File

@@ -5,7 +5,7 @@
set -eux set -eux
set -o pipefail set -o pipefail
usage () { usage() {
if [ "${1-2}" -ne 0 ]; then if [ "${1-2}" -ne 0 ]; then
exec >&2 exec >&2
fi fi

8
completions/bash/bwrap
View File

@@ -60,11 +60,11 @@ _bwrap() {
--userns-block-fd --userns-block-fd
" "
if [[ "$cur" == -* ]]; then if [[ "$cur" == -* ]]; then
COMPREPLY=( $( compgen -W "$boolean_options $options_with_args" -- "$cur" ) ) COMPREPLY=( $( compgen -W "$boolean_options $options_with_args" -- "$cur" ) )
fi fi
return 0 return 0
} }
complete -F _bwrap bwrap complete -F _bwrap bwrap

4
tests/libtest.sh
View File

@@ -42,11 +42,11 @@ PATH="$PATH:/usr/sbin:/sbin"
tempdir=$(mktemp -d /var/tmp/tap-test.XXXXXX) tempdir=$(mktemp -d /var/tmp/tap-test.XXXXXX)
touch "${tempdir}/.testtmp" touch "${tempdir}/.testtmp"
function cleanup () { cleanup() {
if test -n "${TEST_SKIP_CLEANUP:-}"; then if test -n "${TEST_SKIP_CLEANUP:-}"; then
echo "Skipping cleanup of ${tempdir}" echo "Skipping cleanup of ${tempdir}"
elif test -f "${tempdir}/.testtmp"; then elif test -f "${tempdir}/.testtmp"; then
rm "${tempdir}" -rf rm -rf "${tempdir}"
fi fi
} }
trap cleanup EXIT trap cleanup EXIT

22
tests/test-run.sh
View File

@@ -15,10 +15,10 @@ ${BWRAP} --help > help.txt
assert_file_has_content help.txt "usage: ${BWRAP}" assert_file_has_content help.txt "usage: ${BWRAP}"
echo "ok - Help works" echo "ok - Help works"
for ALT in "" "--unshare-user-try" "--unshare-pid" "--unshare-user-try --unshare-pid"; do for ALT in "" "--unshare-user-try" "--unshare-pid" "--unshare-user-try --unshare-pid"; do
# Test fuse fs as bind source # Test fuse fs as bind source
if [ x$FUSE_DIR != x ]; then if [ "x$FUSE_DIR" != "x" ]; then
$RUN $ALT --proc /proc --dev /dev --bind $FUSE_DIR /tmp/foo true $RUN $ALT --proc /proc --dev /dev --bind $FUSE_DIR /tmp/foo true
echo "ok - can bind-mount a FUSE directory with $ALT" echo "ok - can bind-mount a FUSE directory with $ALT"
else else
echo "ok # SKIP no FUSE support" echo "ok # SKIP no FUSE support"
@@ -39,14 +39,14 @@ for ALT in "" "--unshare-user-try" "--unshare-pid" "--unshare-user-try --unshar
CAP="" CAP=""
fi fi
if ! ${is_uidzero} && $RUN $CAP $ALT --unshare-net --proc /proc --bind /etc/shadow /tmp/foo cat /etc/shadow; then if ! ${is_uidzero} && $RUN $CAP $ALT --unshare-net --proc /proc --bind /etc/shadow /tmp/foo cat /etc/shadow; then
assert_not_reached Could read /etc/shadow assert_not_reached Could read /etc/shadow
fi fi
echo "ok - cannot read /etc/shadow with $ALT" echo "ok - cannot read /etc/shadow with $ALT"
# Unreadable dir # Unreadable dir
if [ x$UNREADABLE != x ]; then if [ "x$UNREADABLE" != "x" ]; then
echo -n "expect EPERM: " >&2 echo -n "expect EPERM: " >&2
if $RUN $ALT --unshare-net --proc /proc --dev /dev --bind $UNREADABLE /tmp/foo cat /tmp/foo ; then if $RUN $ALT --unshare-net --proc /proc --dev /dev --bind $UNREADABLE /tmp/foo cat /tmp/foo; then
assert_not_reached Could read $UNREADABLE assert_not_reached Could read $UNREADABLE
fi fi
echo "ok - cannot read $UNREADABLE with $ALT" echo "ok - cannot read $UNREADABLE with $ALT"
@@ -113,13 +113,13 @@ else
assert_file_has_content recursive_proc.txt "hello" assert_file_has_content recursive_proc.txt "hello"
echo "ok - can mount /proc recursively" echo "ok - can mount /proc recursively"
$BWRAP_RECURSE -- /proc/self/exe --unshare-all ${BWRAP_RO_HOST_ARGS} findmnt > recursive-newroot.txt $BWRAP_RECURSE -- /proc/self/exe --unshare-all ${BWRAP_RO_HOST_ARGS} findmnt > recursive-newroot.txt
assert_file_has_content recursive-newroot.txt "/usr" assert_file_has_content recursive-newroot.txt "/usr"
echo "ok - can pivot to new rootfs recursively" echo "ok - can pivot to new rootfs recursively"
fi fi
# Test error prefixing # Test error prefixing
if $RUN --unshare-pid --bind /source-enoent /dest true 2>err.txt; then if $RUN --unshare-pid --bind /source-enoent /dest true 2>err.txt; then
assert_not_reached "bound nonexistent source" assert_not_reached "bound nonexistent source"
fi fi
assert_file_has_content err.txt "^bwrap: Can't find source path.*source-enoent" assert_file_has_content err.txt "^bwrap: Can't find source path.*source-enoent"
@@ -147,12 +147,12 @@ else
# Check for dropping kill/fowner (we assume all uid 0 callers have this) # Check for dropping kill/fowner (we assume all uid 0 callers have this)
# But we should still have net_bind_service for example # But we should still have net_bind_service for example
$RUN $OPT --cap-drop CAP_KILL --cap-drop CAP_FOWNER --unshare-pid capsh --print >caps.test $RUN $OPT --cap-drop CAP_KILL --cap-drop CAP_FOWNER --unshare-pid capsh --print >caps.test
# capsh's output format changed from v2.29 -> drops are now indicated with -eip # capsh's output format changed from v2.29 -> drops are now indicated with -eip
if grep 'Current: =.*+eip$' caps.test; then if grep 'Current: =.*+eip$' caps.test; then
assert_not_file_has_content caps.test '^Current: =.*cap_kill.*+eip$' assert_not_file_has_content caps.test '^Current: =.*cap_kill.*+eip$'
assert_not_file_has_content caps.test '^Current: =.*cap_fowner.*+eip$' assert_not_file_has_content caps.test '^Current: =.*cap_fowner.*+eip$'
assert_file_has_content caps.test '^Current: =.*cap_net_bind_service.*+eip$' assert_file_has_content caps.test '^Current: =.*cap_net_bind_service.*+eip$'
else else
assert_file_has_content caps.test '^Current: =eip.*cap_kill.*-eip$' assert_file_has_content caps.test '^Current: =eip.*cap_kill.*-eip$'
assert_file_has_content caps.test '^Current: =eip.*cap_fowner.*-eip$' assert_file_has_content caps.test '^Current: =eip.*cap_fowner.*-eip$'
assert_not_file_has_content caps.test '^Current: =.*cap_net_bind_service.*-eip$' assert_not_file_has_content caps.test '^Current: =.*cap_net_bind_service.*-eip$'

2
tests/test-specifying-userns.sh
View File

@@ -17,7 +17,7 @@ else
while ! test -f sandbox-userns; do sleep 1; done while ! test -f sandbox-userns; do sleep 1; done
SANDBOX1PID=$(extract_child_pid info.json) SANDBOX1PID=$(extract_child_pid info.json)
$RUN --userns 11 readlink /proc/self/ns/user > sandbox2-userns 11< /proc/$SANDBOX1PID/ns/user $RUN --userns 11 readlink /proc/self/ns/user > sandbox2-userns 11< /proc/$SANDBOX1PID/ns/user
echo foo > donepipe echo foo > donepipe
assert_files_equal sandbox-userns sandbox2-userns assert_files_equal sandbox-userns sandbox2-userns