diff options
author | Michael Orlitzky <mjo@gentoo.org> | 2023-07-01 16:52:34 -0400 |
---|---|---|
committer | Mike Gilbert <floppym@gentoo.org> | 2023-07-01 19:51:18 -0400 |
commit | e5032c6b89621db0475e36fb06c2905b6a9c024c (patch) | |
tree | 96a84ed22ee28b761ce1e5fbeb2a8bdf2937d4ce | |
parent | CI: clean up glibc job (diff) | |
download | sandbox-e5032c6b89621db0475e36fb06c2905b6a9c024c.tar.gz sandbox-e5032c6b89621db0475e36fb06c2905b6a9c024c.tar.bz2 sandbox-e5032c6b89621db0475e36fb06c2905b6a9c024c.zip |
tests: use explicit adddeny() calls in fchmod and fchown tests.
When running the test suite under portage, the entire build directory
will be writable because portage adds PORTAGE_TMPDIR to SANDBOX_WRITE
(thanks floppym). This breaks the tests for these two wrappers, since
they expect to fail when trying to write above $PWD.
To avoid that, we create a new file to call fchown/fchmod on, and then
explicitly deny access to it.
Closes: https://bugs.gentoo.org/909445
Signed-off-by: Michael Orlitzky <mjo@gentoo.org>
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
-rwxr-xr-x | tests/fchmod-1.sh | 6 | ||||
-rwxr-xr-x | tests/fchown-1.sh | 6 |
2 files changed, 10 insertions, 2 deletions
diff --git a/tests/fchmod-1.sh b/tests/fchmod-1.sh index db404ba..140d84f 100755 --- a/tests/fchmod-1.sh +++ b/tests/fchmod-1.sh @@ -4,11 +4,15 @@ # addwrite $PWD +rm -f deny || exit 1 +touch deny || exit 1 +adddeny $PWD/deny # The sandbox doesn't log anything when it returns a junk file # descriptor? It doesn't look like we can test the contents of # sandbox.log here... instead, we just have to count on fchmod # failing, which it does if you use O_RDWR, and it *should* if you use # O_RDONLY (because that won't stop the change of permissions). -fchmod-0 $(stat --format='%#04a' ../..) ../.. && exit 1 +fchmod-0 $(stat --format='%#04a' $PWD/deny) $PWD/deny && exit 1 + exit 0 diff --git a/tests/fchown-1.sh b/tests/fchown-1.sh index 1b4a173..6c1178e 100755 --- a/tests/fchown-1.sh +++ b/tests/fchown-1.sh @@ -4,11 +4,15 @@ # addwrite $PWD +rm -f deny || exit 1 +touch deny || exit 1 +adddeny $PWD/deny # The sandbox doesn't log anything when it returns a junk file # descriptor? It doesn't look like we can test the contents of # sandbox.log here... instead, we just have to count on fchown # failing, which it does if you use O_RDWR, and it *should* if you use # O_RDONLY (because that won't stop the change of ownership). -fchown-0 ${SB_UID} ${SB_GID} ../.. && exit 1 +fchown-0 ${SB_UID} ${SB_GID} $PWD/deny && exit 1 + exit 0 |