From b77c1ecfdb545f41fbf847681ac75f29d7998ad9 Mon Sep 17 00:00:00 2001
From: Ophestra <cat@gensokyo.uk>
Date: Fri, 26 Dec 2025 05:28:45 +0900
Subject: [PATCH] cmd/sharefs/test: check option handling

This verifies behaviour related to setuid/setgid when starting as root.

Signed-off-by: Ophestra <cat@gensokyo.uk>
---
 cmd/sharefs/test/configuration.nix | 11 ++++++++---
 cmd/sharefs/test/test.py           | 27 ++++++++++++++++++++++++++-
 2 files changed, 34 insertions(+), 4 deletions(-)

diff --git a/cmd/sharefs/test/configuration.nix b/cmd/sharefs/test/configuration.nix
index d9c011b..388071b 100644
--- a/cmd/sharefs/test/configuration.nix
+++ b/cmd/sharefs/test/configuration.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ pkgs, config, ... }:
 {
   users.users = {
     alice = {
@@ -14,8 +14,13 @@
   # Automatically login on tty1 as a normal user:
   services.getty.autologinUser = "alice";
 
-  # For benchmarking sharefs:
-  environment.systemPackages = [ pkgs.fsmark ];
+  environment = {
+    # For benchmarking sharefs:
+    systemPackages = [ pkgs.fsmark ];
+
+    # For sharefs option checks without adding to PATH:
+    etc.sharefs.source = "${config.environment.hakurei.package}/libexec/sharefs";
+  };
 
   virtualisation = {
     diskSize = 6 * 1024;
diff --git a/cmd/sharefs/test/test.py b/cmd/sharefs/test/test.py
index 58062e0..9b30379 100644
--- a/cmd/sharefs/test/test.py
+++ b/cmd/sharefs/test/test.py
@@ -1,6 +1,31 @@
 start_all()
 machine.wait_for_unit("multi-user.target")
 
+def check_bad_opts_output(opts, want, privileged=False):
+    output = machine.fail(("" if privileged else "sudo -u alice -i ") + f"/etc/sharefs -f -o source=/proc/nonexistent,{opts} /mnt 2>&1")
+    if output != want:
+        raise Exception(f"unexpected output: {output}")
+
+# Malformed setuid/setgid representation:
+check_bad_opts_output("setuid=ff", "sharefs: invalid value for option setuid\n")
+check_bad_opts_output("setgid=ff", "sharefs: invalid value for option setgid\n")
+
+# Bounds check for setuid/setgid:
+check_bad_opts_output("setuid=0", "sharefs: invalid value for option setuid\n")
+check_bad_opts_output("setgid=0", "sharefs: invalid value for option setgid\n")
+check_bad_opts_output("setuid=-1", "sharefs: invalid value for option setuid\n")
+check_bad_opts_output("setgid=-1", "sharefs: invalid value for option setgid\n")
+
+# Non-root setuid/setgid:
+check_bad_opts_output("setuid=1023", "sharefs: setuid and setgid has no effect when not starting as root\n")
+check_bad_opts_output("setgid=1023", "sharefs: setuid and setgid has no effect when not starting as root\n")
+check_bad_opts_output("setuid=1023,setgid=1023", "sharefs: setuid and setgid has no effect when not starting as root\n")
+
+# Starting as root without setuid/setgid:
+check_bad_opts_output("allow_other", "sharefs: setuid and setgid must not be 0\n", privileged=True)
+check_bad_opts_output("setuid=1023", "sharefs: setuid and setgid must not be 0\n", privileged=True)
+check_bad_opts_output("setgid=1023", "sharefs: setuid and setgid must not be 0\n", privileged=True)
+
 # Benchmark sharefs:
 machine.succeed("fs_mark -v -d /sdcard/fs_mark -l /tmp/fs_log.txt")
 machine.copy_from_vm("/tmp/fs_log.txt", "")
@@ -11,4 +36,4 @@ machine.succeed("sudo -u alice rm -rf /sdcard/fs_mark")
 machine.fail("ls /var/lib/hakurei/sdcard/fs_mark")
 
 # Run hakurei tests on sharefs:
-machine.succeed("sudo -u alice sharefs-workload-hakurei-tests")
+machine.succeed("sudo -u alice -i sharefs-workload-hakurei-tests")