security/fortify
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 35 Wiki Activity

test/sandbox: check environment
All checks were successful
Test / Create distribution (push) Successful in 19s
Details
Test / Fpkg (push) Successful in 34s
Details
Test / Fortify (push) Successful in 41s
Details
Test / Data race detector (push) Successful in 41s
Details
Test / Flake checks (push) Successful in 56s
Details

Browse Source 
Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra 2025-03-27 03:16:33 +09:00
parent 996b42634d
commit f8502c3ece
Signed by: cat
SSH Key Fingerprint: SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
4 changed files with 70 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
test/sandbox/assert.go
View File

@ -23,6 +23,7 @@ func printf(format string, v ...any) { printfFunc(format, v...) }
func fatalf(format string, v ...any) { fatalfFunc(format, v...) } func fatalf(format string, v ...any) { fatalfFunc(format, v...) }
type TestCase struct { type TestCase struct {
Env []string `json:"env"`
FS *FS `json:"fs"` FS *FS `json:"fs"`
Mount []*MountinfoEntry `json:"mount"` Mount []*MountinfoEntry `json:"mount"`
Seccomp bool `json:"seccomp"` Seccomp bool `json:"seccomp"`
@ -44,6 +45,36 @@ func (t *T) MustCheckFile(wantFilePath, markerPath string) {
} }
func (t *T) MustCheck(want *TestCase) { func (t *T) MustCheck(want *TestCase) {
if want.Env != nil {
var (
fail bool
i int
got string
)
for i, got = range os.Environ() {
if i == len(want.Env) {
fatalf("got more than %d environment variables", len(want.Env))
}
if got != want.Env[i] {
fail = true
printf("[FAIL] %s", got)
} else {
printf("[ OK ] %s", got)
}
}
i++
if i != len(want.Env) {
fatalf("got %d environment variables, want %d", i, len(want.Env))
}
if fail {
fatalf("[FAIL] some environment variables did not match")
}
} else {
printf("[SKIP] skipping environ check")
}
if want.FS != nil && t.FS != nil { if want.FS != nil && t.FS != nil {
if err := want.FS.Compare(".", t.FS); err != nil { if err := want.FS.Compare(".", t.FS); err != nil {
fatalf("%v", err) fatalf("%v", err)

13
test/sandbox/case/mapuid.nix
View File

@ -9,6 +9,19 @@
mapRealUid = true; mapRealUid = true;
want = { want = {
env = [
"DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus"
"HOME=/var/lib/fortify/u0/a3"
"PULSE_SERVER=unix:/run/user/1000/pulse/native"
"SHELL=/run/current-system/sw/bin/bash"
"TERM=linux"
"USER=u0_a3"
"WAYLAND_DISPLAY=wayland-0"
"XDG_RUNTIME_DIR=/run/user/1000"
"XDG_SESSION_CLASS=user"
"XDG_SESSION_TYPE=tty"
];
fs = fs "dead" { fs = fs "dead" {
".fortify" = fs "800001ed" { ".fortify" = fs "800001ed" {
etc = fs "800001ed" null null; etc = fs "800001ed" null null;

13
test/sandbox/case/preset.nix
View File

@ -9,6 +9,19 @@
mapRealUid = false; mapRealUid = false;
want = { want = {
env = [
"DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/65534/bus"
"HOME=/var/lib/fortify/u0/a1"
"PULSE_SERVER=unix:/run/user/65534/pulse/native"
"SHELL=/run/current-system/sw/bin/bash"
"TERM=linux"
"USER=u0_a1"
"WAYLAND_DISPLAY=wayland-0"
"XDG_RUNTIME_DIR=/run/user/65534"
"XDG_SESSION_CLASS=user"
"XDG_SESSION_TYPE=tty"
];
fs = fs "dead" { fs = fs "dead" {
".fortify" = fs "800001ed" { ".fortify" = fs "800001ed" {
etc = fs "800001ed" null null; etc = fs "800001ed" null null;

13
test/sandbox/case/tty.nix
View File

@ -9,6 +9,19 @@
mapRealUid = false; mapRealUid = false;
want = { want = {
env = [
"DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/65534/bus"
"HOME=/var/lib/fortify/u0/a2"
"PULSE_SERVER=unix:/run/user/65534/pulse/native"
"SHELL=/run/current-system/sw/bin/bash"
"TERM=linux"
"USER=u0_a2"
"WAYLAND_DISPLAY=wayland-0"
"XDG_RUNTIME_DIR=/run/user/65534"
"XDG_SESSION_CLASS=user"
"XDG_SESSION_TYPE=tty"
];
fs = fs "dead" { fs = fs "dead" {
".fortify" = fs "800001ed" { ".fortify" = fs "800001ed" {
etc = fs "800001ed" null null; etc = fs "800001ed" null null;