Ophestra
cf38a00ecc
All checks were successful
Test / Flake checks (push) Successful in 1m40s
Test / Create distribution (push) Successful in 33s
Test / Sandbox (push) Successful in 2m24s
Test / Hakurei (push) Successful in 3m18s
Test / Hpkg (push) Successful in 4m11s
Test / Sandbox (race detector) (push) Successful in 4m23s
Test / Hakurei (race detector) (push) Successful in 5m4s
The socket is typically owned by the priv-user, and inaccessible by the target user, so just allowing access to the directory is not enough. This change fixes this oversight and add checks that will also be useful for merging #1. Signed-off-by: Ophestra <cat@gensokyo.uk>
92 lines
2.9 KiB
Go
92 lines
2.9 KiB
Go
package system
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"hakurei.app/container"
|
|
"hakurei.app/system/acl"
|
|
)
|
|
|
|
func TestUpdatePerm(t *testing.T) {
|
|
testCases := []struct {
|
|
path string
|
|
perms []acl.Perm
|
|
}{
|
|
{"/run/user/1971/hakurei", []acl.Perm{acl.Execute}},
|
|
{"/tmp/hakurei.1971/tmpdir/150", []acl.Perm{acl.Read, acl.Write, acl.Execute}},
|
|
}
|
|
|
|
for _, tc := range testCases {
|
|
t.Run(tc.path+permSubTestSuffix(tc.perms), func(t *testing.T) {
|
|
sys := New(150)
|
|
sys.UpdatePerm(tc.path, tc.perms...)
|
|
(&tcOp{Process, tc.path}).test(t, sys.ops, []Op{&ACL{Process, tc.path, tc.perms, false}}, "UpdatePerm")
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestUpdatePermType(t *testing.T) {
|
|
testCases := []struct {
|
|
perms []acl.Perm
|
|
tcOp
|
|
}{
|
|
{[]acl.Perm{acl.Execute}, tcOp{User, "/tmp/hakurei.1971/tmpdir"}},
|
|
{[]acl.Perm{acl.Read, acl.Write, acl.Execute}, tcOp{User, "/tmp/hakurei.1971/tmpdir/150"}},
|
|
{[]acl.Perm{acl.Execute}, tcOp{Process, "/run/user/1971/hakurei/fcb8a12f7c482d183ade8288c3de78b5"}},
|
|
{[]acl.Perm{acl.Read}, tcOp{Process, "/tmp/hakurei.1971/fcb8a12f7c482d183ade8288c3de78b5/passwd"}},
|
|
{[]acl.Perm{acl.Read}, tcOp{Process, "/tmp/hakurei.1971/fcb8a12f7c482d183ade8288c3de78b5/group"}},
|
|
{[]acl.Perm{acl.Read, acl.Write, acl.Execute}, tcOp{EWayland, "/run/user/1971/wayland-0"}},
|
|
}
|
|
|
|
for _, tc := range testCases {
|
|
t.Run(tc.path+"_"+TypeString(tc.et)+permSubTestSuffix(tc.perms), func(t *testing.T) {
|
|
sys := New(150)
|
|
sys.UpdatePermType(tc.et, tc.path, tc.perms...)
|
|
tc.test(t, sys.ops, []Op{&ACL{tc.et, tc.path, tc.perms, false}}, "UpdatePermType")
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestACLString(t *testing.T) {
|
|
testCases := []struct {
|
|
want string
|
|
et Enablement
|
|
perms []acl.Perm
|
|
}{
|
|
{`--- type: process path: "/proc/nonexistent"`, Process, []acl.Perm{}},
|
|
{`r-- type: user path: "/proc/nonexistent"`, User, []acl.Perm{acl.Read}},
|
|
{`-w- type: wayland path: "/proc/nonexistent"`, EWayland, []acl.Perm{acl.Write}},
|
|
{`--x type: x11 path: "/proc/nonexistent"`, EX11, []acl.Perm{acl.Execute}},
|
|
{`rw- type: dbus path: "/proc/nonexistent"`, EDBus, []acl.Perm{acl.Read, acl.Write}},
|
|
{`r-x type: pulseaudio path: "/proc/nonexistent"`, EPulse, []acl.Perm{acl.Read, acl.Execute}},
|
|
{`rwx type: user path: "/proc/nonexistent"`, User, []acl.Perm{acl.Read, acl.Write, acl.Execute}},
|
|
{`rwx type: process path: "/proc/nonexistent"`, Process, []acl.Perm{acl.Read, acl.Write, acl.Write, acl.Execute}},
|
|
}
|
|
|
|
for _, tc := range testCases {
|
|
t.Run(tc.want, func(t *testing.T) {
|
|
a := &ACL{et: tc.et, perms: tc.perms, path: container.Nonexistent}
|
|
if got := a.String(); got != tc.want {
|
|
t.Errorf("String() = %v, want %v",
|
|
got, tc.want)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func permSubTestSuffix(perms []acl.Perm) (suffix string) {
|
|
for _, perm := range perms {
|
|
switch perm {
|
|
case acl.Read:
|
|
suffix += "_read"
|
|
case acl.Write:
|
|
suffix += "_write"
|
|
case acl.Execute:
|
|
suffix += "_execute"
|
|
default:
|
|
panic("unreachable")
|
|
}
|
|
}
|
|
return
|
|
}
|