diff options
| author |   Michael Orlitzky <mjo@gentoo.org> | 2023-07-01 16:52:34 -0400 |
|---|---|---|
| committer |   Mike Gilbert <floppym@gentoo.org> | 2023-07-01 19:53:01 -0400 |
| commit | 378995f8efc182f42c4e553eacb081cd67bb2f2a (patch) | |
| tree | 3f361392cbc769eae8091d07c9dbf27797ae5853 | |
| parent | v2.33 (diff) | |
| download | sandbox-378995f8efc182f42c4e553eacb081cd67bb2f2a.tar.gz sandbox-378995f8efc182f42c4e553eacb081cd67bb2f2a.tar.bz2 sandbox-378995f8efc182f42c4e553eacb081cd67bb2f2a.zip | |
tests: use explicit adddeny() calls in fchmod and fchown tests.
When running the test suite under portage, the entire build directory
will be writable because portage adds PORTAGE_TMPDIR to SANDBOX_WRITE
(thanks floppym). This breaks the tests for these two wrappers, since
they expect to fail when trying to write above $PWD.
To avoid that, we create a new file to call fchown/fchmod on, and then
explicitly deny access to it.
Closes: https://bugs.gentoo.org/909445
Signed-off-by: Michael Orlitzky <mjo@gentoo.org>
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
(cherry picked from commit e5032c6b89621db0475e36fb06c2905b6a9c024c)
| -rwxr-xr-x | tests/fchmod-1.sh | 6 | ||||
| -rwxr-xr-x | tests/fchown-1.sh | 6 |
2 files changed, 10 insertions, 2 deletions
diff --git a/tests/fchmod-1.sh b/tests/fchmod-1.sh index db404ba..140d84f 100755 --- a/tests/fchmod-1.sh +++ b/tests/fchmod-1.sh @@ -4,11 +4,15 @@ # addwrite $PWD +rm -f deny || exit 1 +touch deny || exit 1 +adddeny $PWD/deny # The sandbox doesn't log anything when it returns a junk file # descriptor? It doesn't look like we can test the contents of # sandbox.log here... instead, we just have to count on fchmod # failing, which it does if you use O_RDWR, and it *should* if you use # O_RDONLY (because that won't stop the change of permissions). -fchmod-0 $(stat --format='%#04a' ../..) ../.. && exit 1 +fchmod-0 $(stat --format='%#04a' $PWD/deny) $PWD/deny && exit 1 + exit 0 diff --git a/tests/fchown-1.sh b/tests/fchown-1.sh index 1b4a173..6c1178e 100755 --- a/tests/fchown-1.sh +++ b/tests/fchown-1.sh @@ -4,11 +4,15 @@ # addwrite $PWD +rm -f deny || exit 1 +touch deny || exit 1 +adddeny $PWD/deny # The sandbox doesn't log anything when it returns a junk file # descriptor? It doesn't look like we can test the contents of # sandbox.log here... instead, we just have to count on fchown # failing, which it does if you use O_RDWR, and it *should* if you use # O_RDONLY (because that won't stop the change of ownership). -fchown-0 ${SB_UID} ${SB_GID} ../.. && exit 1 +fchown-0 ${SB_UID} ${SB_GID} $PWD/deny && exit 1 + exit 0 |