internal/pipewire: integrate pw_security_context
All checks were successful
Test / Create distribution (push) Successful in 37s
Test / Sandbox (push) Successful in 2m28s
Test / Hakurei (push) Successful in 3m26s
Test / Hpkg (push) Successful in 4m15s
Test / Sandbox (race detector) (push) Successful in 4m24s
Test / Hakurei (race detector) (push) Successful in 5m14s
Test / Flake checks (push) Successful in 1m31s
All checks were successful
Test / Create distribution (push) Successful in 37s
Test / Sandbox (push) Successful in 2m28s
Test / Hakurei (push) Successful in 3m26s
Test / Hpkg (push) Successful in 4m15s
Test / Sandbox (race detector) (push) Successful in 4m24s
Test / Hakurei (race detector) (push) Successful in 5m14s
Test / Flake checks (push) Successful in 1m31s
This is required for securely providing access to PipeWire. This change has already been manually tested and confirmed to work correctly. This unfortunately cannot be upstreamed in its current state as libpipewire-0.3 breaks static linking. Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
66
internal/pipewire/conn_test.go
Normal file
66
internal/pipewire/conn_test.go
Normal file
@@ -0,0 +1,66 @@
|
||||
package pipewire
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"os"
|
||||
"path"
|
||||
"reflect"
|
||||
"syscall"
|
||||
"testing"
|
||||
|
||||
"hakurei.app/container/check"
|
||||
)
|
||||
|
||||
func TestSecurityContextClose(t *testing.T) {
|
||||
// do not parallel: fd test not thread safe
|
||||
|
||||
if err := (*SecurityContext)(nil).Close(); !reflect.DeepEqual(err, os.ErrInvalid) {
|
||||
t.Fatalf("Close: error = %v", err)
|
||||
}
|
||||
|
||||
var ctx SecurityContext
|
||||
if err := syscall.Pipe2(ctx.closeFds[0:], syscall.O_CLOEXEC); err != nil {
|
||||
t.Fatalf("Pipe: error = %v", err)
|
||||
}
|
||||
if f, err := os.Create(path.Join(t.TempDir(), "remove")); err != nil {
|
||||
t.Fatal(err)
|
||||
} else {
|
||||
ctx.bindPath = check.MustAbs(f.Name())
|
||||
}
|
||||
t.Cleanup(func() { _ = syscall.Close(ctx.closeFds[0]); _ = syscall.Close(ctx.closeFds[1]) })
|
||||
|
||||
if err := ctx.Close(); err != nil {
|
||||
t.Fatalf("Close: error = %v", err)
|
||||
} else if _, err = os.Stat(ctx.bindPath.String()); err == nil || !errors.Is(err, os.ErrNotExist) {
|
||||
t.Fatalf("Did not remove %q", ctx.bindPath)
|
||||
}
|
||||
|
||||
wantErr := &Error{Cause: RCleanup, Path: ctx.bindPath.String(), Errno: errors.Join(syscall.EBADF, syscall.EBADF, &os.PathError{
|
||||
Op: "remove",
|
||||
Path: ctx.bindPath.String(),
|
||||
Err: syscall.ENOENT,
|
||||
})}
|
||||
if err := ctx.Close(); !reflect.DeepEqual(err, wantErr) {
|
||||
t.Fatalf("Close: error = %#v, want %#v", err, wantErr)
|
||||
}
|
||||
}
|
||||
|
||||
func TestNewEnsure(t *testing.T) {
|
||||
existingDirPath := check.MustAbs(t.TempDir()).Append("dir")
|
||||
if err := os.MkdirAll(existingDirPath.String(), 0700); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
nonexistent := check.MustAbs("/proc/nonexistent")
|
||||
|
||||
wantErr := &Error{RCreate, existingDirPath.String(), &os.PathError{
|
||||
Op: "open",
|
||||
Path: existingDirPath.String(),
|
||||
Err: syscall.EISDIR,
|
||||
}}
|
||||
if _, err := New(
|
||||
nonexistent,
|
||||
existingDirPath,
|
||||
); !reflect.DeepEqual(err, wantErr) {
|
||||
t.Fatalf("New: error = %#v, want %#v", err, wantErr)
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user