security/hakurei
6
3
Fork 0
Code Issues 11 Pull Requests Actions Packages Projects Releases 11 Wiki Activity

cmd/sharefs/test: check option handling
All checks were successful
Test / Sandbox (push) Successful in 46s
Details
Test / Create distribution (push) Successful in 42s
Details
Test / Sandbox (race detector) (push) Successful in 46s
Details
Test / Hpkg (push) Successful in 50s
Details
Test / Hakurei (push) Successful in 55s
Details
Test / Hakurei (race detector) (push) Successful in 56s
Details
Test / ShareFS (push) Successful in 2m27s
Details
Test / Flake checks (push) Successful in 1m43s
Details

Browse Source 
This verifies behaviour related to setuid/setgid when starting as root.

Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra
2025-12-26 05:28:45 +09:00
parent dce5839a79
commit b77c1ecfdb
2 changed files with 34 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
cmd/sharefs/test/configuration.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, ... }: { pkgs, config, ... }:
{ {
users.users = { users.users = {
alice = { alice = {
@@ -14,8 +14,13 @@
# Automatically login on tty1 as a normal user: # Automatically login on tty1 as a normal user:
services.getty.autologinUser = "alice"; services.getty.autologinUser = "alice";
# For benchmarking sharefs: environment = {
environment.systemPackages = [ pkgs.fsmark ]; # For benchmarking sharefs:
systemPackages = [ pkgs.fsmark ];
# For sharefs option checks without adding to PATH:
etc.sharefs.source = "${config.environment.hakurei.package}/libexec/sharefs";
};
virtualisation = { virtualisation = {
diskSize = 6 * 1024; diskSize = 6 * 1024;

27
cmd/sharefs/test/test.py
View File

@@ -1,6 +1,31 @@
start_all() start_all()
machine.wait_for_unit("multi-user.target") machine.wait_for_unit("multi-user.target")
def check_bad_opts_output(opts, want, privileged=False):
output = machine.fail(("" if privileged else "sudo -u alice -i ") + f"/etc/sharefs -f -o source=/proc/nonexistent,{opts} /mnt 2>&1")
if output != want:
raise Exception(f"unexpected output: {output}")
# Malformed setuid/setgid representation:
check_bad_opts_output("setuid=ff", "sharefs: invalid value for option setuid\n")
check_bad_opts_output("setgid=ff", "sharefs: invalid value for option setgid\n")
# Bounds check for setuid/setgid:
check_bad_opts_output("setuid=0", "sharefs: invalid value for option setuid\n")
check_bad_opts_output("setgid=0", "sharefs: invalid value for option setgid\n")
check_bad_opts_output("setuid=-1", "sharefs: invalid value for option setuid\n")
check_bad_opts_output("setgid=-1", "sharefs: invalid value for option setgid\n")
# Non-root setuid/setgid:
check_bad_opts_output("setuid=1023", "sharefs: setuid and setgid has no effect when not starting as root\n")
check_bad_opts_output("setgid=1023", "sharefs: setuid and setgid has no effect when not starting as root\n")
check_bad_opts_output("setuid=1023,setgid=1023", "sharefs: setuid and setgid has no effect when not starting as root\n")
# Starting as root without setuid/setgid:
check_bad_opts_output("allow_other", "sharefs: setuid and setgid must not be 0\n", privileged=True)
check_bad_opts_output("setuid=1023", "sharefs: setuid and setgid must not be 0\n", privileged=True)
check_bad_opts_output("setgid=1023", "sharefs: setuid and setgid must not be 0\n", privileged=True)
# Benchmark sharefs: # Benchmark sharefs:
machine.succeed("fs_mark -v -d /sdcard/fs_mark -l /tmp/fs_log.txt") machine.succeed("fs_mark -v -d /sdcard/fs_mark -l /tmp/fs_log.txt")
machine.copy_from_vm("/tmp/fs_log.txt", "") machine.copy_from_vm("/tmp/fs_log.txt", "")
@@ -11,4 +36,4 @@ machine.succeed("sudo -u alice rm -rf /sdcard/fs_mark")
machine.fail("ls /var/lib/hakurei/sdcard/fs_mark") machine.fail("ls /var/lib/hakurei/sdcard/fs_mark")
# Run hakurei tests on sharefs: # Run hakurei tests on sharefs:
machine.succeed("sudo -u alice sharefs-workload-hakurei-tests") machine.succeed("sudo -u alice -i sharefs-workload-hakurei-tests")