maemachinebroke/hakurei
1
0
Fork 0
forked from security/hakurei
Code Pull Requests Activity

cmd/sharefs: opaque setup state

Browse Source 
This allows unrestricted use of the type system and prepares setup code for cross-process initialisation.

Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra
2025-12-27 03:45:09 +09:00
parent 6d3bd27220
commit 2e5362e536
3 changed files with 106 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
cmd/sharefs/test/test.py
View File

@@ -8,8 +8,8 @@ print(machine.succeed("/etc/sharefs -V"))
machine.wait_for_unit("sharefs.service")
machine.succeed("mkdir /mnt")
def check_bad_opts_output(opts, want, privileged=False):
output = machine.fail(("" if privileged else "sudo -u alice -i ") + f"/etc/sharefs -f -o source=/proc/nonexistent,{opts} /mnt 2>&1")
def check_bad_opts_output(opts, want, source="/etc", privileged=False):
output = machine.fail(("" if privileged else "sudo -u alice -i ") + f"/etc/sharefs -f -o source={source},{opts} /mnt 2>&1")
if output != want:
raise Exception(f"unexpected output: {output}")
@@ -33,6 +33,11 @@ check_bad_opts_output("allow_other", "sharefs: setuid and setgid must not be 0\n
check_bad_opts_output("setuid=1023", "sharefs: setuid and setgid must not be 0\n", privileged=True)
check_bad_opts_output("setgid=1023", "sharefs: setuid and setgid must not be 0\n", privileged=True)
# Bad backing directory:
check_bad_opts_output("clone_fd", "sharefs: cannot open source: no such file or directory\n", source="/proc/nonexistent")
check_bad_opts_output("clone_fd", "sharefs: cannot open source: not a directory\n", source="/proc/self/exe")
check_bad_opts_output("clone_fd", "sharefs: cannot open source: permission denied\n", source="/root")
# Make sure nothing actually got mounted:
machine.fail("umount /mnt")
machine.succeed("rmdir /mnt")