aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Orlitzky <mjo@gentoo.org>2023-07-01 16:52:34 -0400
committerMike Gilbert <floppym@gentoo.org>2023-07-01 19:51:18 -0400
commite5032c6b89621db0475e36fb06c2905b6a9c024c (patch)
tree96a84ed22ee28b761ce1e5fbeb2a8bdf2937d4ce
parentCI: clean up glibc job (diff)
downloadsandbox-e5032c6b89621db0475e36fb06c2905b6a9c024c.tar.gz
sandbox-e5032c6b89621db0475e36fb06c2905b6a9c024c.tar.bz2
sandbox-e5032c6b89621db0475e36fb06c2905b6a9c024c.zip
tests: use explicit adddeny() calls in fchmod and fchown tests.
When running the test suite under portage, the entire build directory will be writable because portage adds PORTAGE_TMPDIR to SANDBOX_WRITE (thanks floppym). This breaks the tests for these two wrappers, since they expect to fail when trying to write above $PWD. To avoid that, we create a new file to call fchown/fchmod on, and then explicitly deny access to it. Closes: https://bugs.gentoo.org/909445 Signed-off-by: Michael Orlitzky <mjo@gentoo.org> Signed-off-by: Mike Gilbert <floppym@gentoo.org>
-rwxr-xr-xtests/fchmod-1.sh6
-rwxr-xr-xtests/fchown-1.sh6
2 files changed, 10 insertions, 2 deletions
diff --git a/tests/fchmod-1.sh b/tests/fchmod-1.sh
index db404ba..140d84f 100755
--- a/tests/fchmod-1.sh
+++ b/tests/fchmod-1.sh
@@ -4,11 +4,15 @@
#
addwrite $PWD
+rm -f deny || exit 1
+touch deny || exit 1
+adddeny $PWD/deny
# The sandbox doesn't log anything when it returns a junk file
# descriptor? It doesn't look like we can test the contents of
# sandbox.log here... instead, we just have to count on fchmod
# failing, which it does if you use O_RDWR, and it *should* if you use
# O_RDONLY (because that won't stop the change of permissions).
-fchmod-0 $(stat --format='%#04a' ../..) ../.. && exit 1
+fchmod-0 $(stat --format='%#04a' $PWD/deny) $PWD/deny && exit 1
+
exit 0
diff --git a/tests/fchown-1.sh b/tests/fchown-1.sh
index 1b4a173..6c1178e 100755
--- a/tests/fchown-1.sh
+++ b/tests/fchown-1.sh
@@ -4,11 +4,15 @@
#
addwrite $PWD
+rm -f deny || exit 1
+touch deny || exit 1
+adddeny $PWD/deny
# The sandbox doesn't log anything when it returns a junk file
# descriptor? It doesn't look like we can test the contents of
# sandbox.log here... instead, we just have to count on fchown
# failing, which it does if you use O_RDWR, and it *should* if you use
# O_RDONLY (because that won't stop the change of ownership).
-fchown-0 ${SB_UID} ${SB_GID} ../.. && exit 1
+fchown-0 ${SB_UID} ${SB_GID} $PWD/deny && exit 1
+
exit 0