bunpen: backfill some integration tests for dbus operation inside the sandbox

the proxy appears not to work (yet)
2025-01-03 22:59:56 +00:00
parent 4260909d2d
commit b005897d84
3 changed files with 54 additions and 0 deletions
--- a/pkgs/by-name/bunpen/integration_test
+++ b/pkgs/by-name/bunpen/integration_test
@@ -270,6 +270,37 @@ test_10_tmpfs_root_is_introspectable() {
  test "$test_file1" = from_sandbox
 }

+test_11_dbus_01_whitelisted_by_path() {
+  export DBUS_SESSION_BUS_ADDRESS=unix:path=$PWD/dbus/bus
+  mkdir -p $PWD/dbus
+  dbus-daemon --address="$DBUS_SESSION_BUS_ADDRESS" --config-file $PWD/test/dbus-session.conf --fork
+  # busctl exits clean if it can reach the bus
+  bunpen --bunpen-path /nix/store --bunpen-path $PWD busctl --user list
+  # sanity check that it would exit falsey if it fails to reach the bus
+  ! env -u DBUS_SESSION_BUS_ADDRESS \
+    bunpen --bunpen-path /nix/store --bunpen-path $PWD busctl --user list
+}
+
+test_11_dbus_02_doesnt_bridge_bus_by_default() {
+  export DBUS_SESSION_BUS_ADDRESS=unix:path=$PWD/dbus/bus
+  mkdir -p $PWD/dbus
+  dbus-daemon --address="$DBUS_SESSION_BUS_ADDRESS" --config-file $PWD/test/dbus-session.conf --fork
+  ! bunpen --bunpen-path /nix/store busctl --user list
+}
+
+test_11_dbus_03_doesnt_spawn_bus() {
+  export DBUS_SESSION_BUS_ADDRESS=unix:path=$PWD/dbus/bus
+  ! bunpen --bunpen-path /nix/store --bunpen-path $PWD busctl --user list
+}
+
+DISABLED_TODO_FIX_test_11_dbus_04_proxy_all() {
+  export DBUS_SESSION_BUS_ADDRESS=unix:path=$PWD/dbus/bus
+  mkdir -p $PWD/dbus
+  dbus-daemon --address="$DBUS_SESSION_BUS_ADDRESS" --config-file $PWD/test/dbus-session.conf --fork
+  bunpen --bunpen-path /nix/store --bunpen-dbus-talk '*' busctl --user list
+  bunpen --bunpen-path /nix/store --bunpen-dbus-own '*' busctl --user list
+}
+
 runTests() {
  local testsToRun=("$@")
  rc=0
@@ -278,6 +309,7 @@ runTests() {
  basedir=$PWD
  for f in "${testsToRun[@]}"; do
    mkdir "$basedir/$f"
+    cp -r ./test "$basedir/$f/test"
    echo -n "$f: ..."
    cd "$basedir/$f"
    if $SELF "$f" > "$basedir/$f/stdall" 2>&1; then
--- a/pkgs/by-name/bunpen/package.nix
+++ b/pkgs/by-name/bunpen/package.nix
@@ -1,4 +1,5 @@
 {
+  dbus,
  hareHook,
  iproute2,
  iptables,
@@ -6,6 +7,7 @@
  passt,
  procps,
  stdenv,
+  systemdMinimal,
  util-linux,
  which,
  xdg-dbus-proxy,
@@ -28,8 +30,10 @@
  ];

  nativeCheckInputs = [
+    dbus  # for `dbus-daemon`
    iproute2  # for `ip`
    procps  # for `ps`
+    systemdMinimal  # for `busctl`
    util-linux  # for `setsid`
    which
  ];
--- a/pkgs/by-name/bunpen/test/dbus-session.conf
+++ b/pkgs/by-name/bunpen/test/dbus-session.conf
@@ -0,0 +1,18 @@
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+  <type>session</type>
+
+  <listen>unix:tmpdir=/tmp</listen>
+
+  <auth>EXTERNAL</auth>
+
+  <policy context="default">
+    <!-- Allow everything to be sent -->
+    <allow send_destination="*" eavesdrop="true"/>
+    <!-- Allow everything to be received -->
+    <allow eavesdrop="true"/>
+    <!-- Allow anyone to own anything -->
+    <allow own="*"/>
+  </policy>
+</busconfig>