mirror of
https://github.com/fsquillace/junest.git
synced 2026-01-23 18:45:53 +00:00
234 lines
6.8 KiB
Bash
Executable file
234 lines
6.8 KiB
Bash
Executable file
#!/bin/bash
|
|
# shellcheck disable=SC1091
|
|
|
|
JUNEST_ROOT=$(readlink -f "$(dirname "$0")"/../..)
|
|
|
|
source "$JUNEST_ROOT/tests/utils/utils.sh"
|
|
|
|
source "$JUNEST_ROOT/lib/utils/utils.sh"
|
|
source "$JUNEST_ROOT/lib/core/common.sh"
|
|
|
|
# Disable the exiterr
|
|
set +e
|
|
|
|
function oneTimeSetUp(){
|
|
setUpUnitTests
|
|
junestSetUp
|
|
}
|
|
|
|
function oneTimeTearDown(){
|
|
junestTearDown
|
|
}
|
|
|
|
function setUp(){
|
|
ld_exec_mock() {
|
|
echo "ld_exec $*"
|
|
}
|
|
ld_exec_mock_false() {
|
|
echo "ld_exec $*"
|
|
return 1
|
|
}
|
|
# shellcheck disable=SC2034
|
|
LD_EXEC=ld_exec_mock
|
|
|
|
unshare_mock() {
|
|
echo "unshare $*"
|
|
}
|
|
# shellcheck disable=SC2034
|
|
UNSHARE=unshare_mock
|
|
|
|
bwrap_mock() {
|
|
echo "bwrap $*"
|
|
}
|
|
# shellcheck disable=SC2034
|
|
BWRAP=bwrap_mock
|
|
|
|
}
|
|
|
|
function test_ln(){
|
|
LN="echo" assertCommandSuccess ln_cmd -s ln_file new_file
|
|
assertEquals "-s ln_file new_file" "$(cat "$STDOUTF")"
|
|
|
|
LN=false assertCommandSuccess ln_cmd -s ln_file new_file
|
|
assertEquals "ld_exec ${JUNEST_HOME}/usr/bin/false -s ln_file new_file" "$(cat "$STDOUTF")"
|
|
|
|
LN=false LD_EXEC=false assertCommandFail ln_cmd
|
|
}
|
|
|
|
function test_getent(){
|
|
GETENT="echo" assertCommandSuccess getent_cmd passwd
|
|
assertEquals "passwd" "$(cat "$STDOUTF")"
|
|
|
|
GETENT="false" assertCommandSuccess getent_cmd passwd
|
|
assertEquals "ld_exec ${JUNEST_HOME}/usr/bin/false passwd" "$(cat "$STDOUTF")"
|
|
|
|
GETENT=false LD_EXEC=false assertCommandFail getent_cmd
|
|
}
|
|
|
|
function test_cp(){
|
|
CP="echo" assertCommandSuccess cp_cmd passwd
|
|
assertEquals "passwd" "$(cat "$STDOUTF")"
|
|
|
|
CP=false assertCommandSuccess cp_cmd passwd
|
|
assertEquals "ld_exec ${JUNEST_HOME}/usr/bin/false passwd" "$(cat "$STDOUTF")"
|
|
|
|
CP=false LD_EXEC=false assertCommandFail cp_cmd
|
|
}
|
|
|
|
function test_download(){
|
|
WGET=/bin/true
|
|
CURL=/bin/false
|
|
assertCommandSuccess download_cmd
|
|
|
|
# shellcheck disable=SC2034
|
|
WGET=/bin/false
|
|
# shellcheck disable=SC2034
|
|
CURL=/bin/true
|
|
assertCommandSuccess download_cmd
|
|
|
|
WGET=/bin/false CURL=/bin/false assertCommandFail download_cmd
|
|
}
|
|
|
|
function test_rm(){
|
|
RM="echo" assertCommandSuccess rm_cmd rm_file
|
|
assertEquals "rm_file" "$(cat "$STDOUTF")"
|
|
|
|
RM="false" assertCommandSuccess rm_cmd rm_file
|
|
assertEquals "ld_exec ${JUNEST_HOME}/usr/bin/false rm_file" "$(cat "$STDOUTF")"
|
|
|
|
RM=false LD_EXEC=false assertCommandFail rm_cmd rm_file
|
|
}
|
|
|
|
function test_chown(){
|
|
local id
|
|
id=$(id -u)
|
|
|
|
CHOWN="echo" assertCommandSuccess chown_cmd "$id" chown_file
|
|
assertEquals "$id chown_file" "$(cat "$STDOUTF")"
|
|
|
|
CHOWN="false" assertCommandSuccess chown_cmd "$id" chown_file
|
|
assertEquals "ld_exec ${JUNEST_HOME}/usr/bin/false $id chown_file" "$(cat "$STDOUTF")"
|
|
|
|
CHOWN=false LD_EXEC=false assertCommandFail chown_cmd "$id" chown_file
|
|
}
|
|
|
|
function test_mkdir(){
|
|
MKDIR="echo" assertCommandSuccess mkdir_cmd -p new_dir/new_dir
|
|
assertEquals "-p new_dir/new_dir" "$(cat "$STDOUTF")"
|
|
|
|
MKDIR=false assertCommandSuccess mkdir_cmd -p new_dir/new_dir
|
|
assertEquals "ld_exec ${JUNEST_HOME}/usr/bin/false -p new_dir/new_dir" "$(cat "$STDOUTF")"
|
|
|
|
MKDIR=false LD_EXEC=false assertCommandFail mkdir_cmd -p new_dir/new_dir
|
|
}
|
|
|
|
function test_zgrep(){
|
|
ZGREP="echo" assertCommandSuccess zgrep_cmd new_file
|
|
assertEquals "new_file" "$(cat "$STDOUTF")"
|
|
|
|
mkdir -p "${JUNEST_HOME}"/usr/bin
|
|
touch "${JUNEST_HOME}"/usr/bin/false
|
|
chmod +x "${JUNEST_HOME}"/usr/bin/false
|
|
|
|
echo -e "#!/bin/bash\necho zgrep" > "${JUNEST_HOME}"/usr/bin/false
|
|
ZGREP=false assertCommandSuccess zgrep_cmd new_file
|
|
assertEquals "zgrep" "$(cat "$STDOUTF")"
|
|
|
|
echo -e "#!/bin/bash\nexit 1" > "${JUNEST_HOME}"/usr/bin/false
|
|
ZGREP=false assertCommandFail zgrep_cmd new_file
|
|
}
|
|
|
|
function test_unshare(){
|
|
assertCommandSuccess unshare_cmd new_program
|
|
assertEquals "$(echo -e "ld_exec ${JUNEST_HOME}/usr/bin/$UNSHARE --user /bin/sh -c :\nld_exec ${JUNEST_HOME}/usr/bin/$UNSHARE new_program")" "$(cat "$STDOUTF")"
|
|
|
|
LD_EXEC=ld_exec_mock_false assertCommandSuccess unshare_cmd new_program
|
|
assertEquals "$(echo -e "ld_exec ${JUNEST_HOME}/usr/bin/unshare_mock --user /bin/sh -c :\nunshare --user /bin/sh -c :\nunshare new_program")" "$(cat "$STDOUTF")"
|
|
|
|
UNSHARE=false LD_EXEC=false assertCommandFail unshare_cmd new_program
|
|
}
|
|
|
|
function test_bwrap(){
|
|
assertCommandSuccess bwrap_cmd new_program
|
|
assertEquals "$(echo -e "ld_exec $BWRAP --dev-bind / / /bin/sh -c :\nld_exec $BWRAP new_program")" "$(cat "$STDOUTF")"
|
|
|
|
BWRAP=false LD_EXEC=false assertCommandFail bwrap_cmd new_program
|
|
}
|
|
|
|
function test_chroot(){
|
|
CLASSIC_CHROOT="echo" assertCommandSuccess chroot_cmd root
|
|
assertEquals "root" "$(cat "$STDOUTF")"
|
|
|
|
CLASSIC_CHROOT=false assertCommandSuccess chroot_cmd root
|
|
assertEquals "ld_exec $JUNEST_HOME/usr/bin/false root" "$(cat "$STDOUTF")"
|
|
|
|
CLASSIC_CHROOT=false LD_EXEC=false assertCommandFail chroot_cmd root
|
|
}
|
|
|
|
function test_proot_cmd_compat(){
|
|
PROOT="/bin/true" assertCommandSuccess proot_cmd "" ""
|
|
|
|
PROOT="/bin/false" assertCommandFail proot_cmd --helps
|
|
}
|
|
|
|
function test_proot_cmd_seccomp(){
|
|
envv(){
|
|
env
|
|
}
|
|
PROOT=envv
|
|
assertCommandSuccess proot_cmd cmd
|
|
assertEquals "" "$(grep "^PROOT_NO_SECCOMP" "$STDOUTF")"
|
|
|
|
envv(){
|
|
env | grep "^PROOT_NO_SECCOMP"
|
|
}
|
|
# shellcheck disable=SC2034
|
|
PROOT=envv
|
|
assertCommandSuccess proot_cmd cmd
|
|
# The variable PROOT_NO_SECCOMP will be produced
|
|
# twice due to the fallback mechanism
|
|
assertEquals "PROOT_NO_SECCOMP=1
|
|
PROOT_NO_SECCOMP=1" "$(grep "^PROOT_NO_SECCOMP" "$STDOUTF")"
|
|
}
|
|
|
|
function test_copy_passwd_and_group(){
|
|
getent_cmd_mock() {
|
|
echo "$*"
|
|
}
|
|
GETENT=getent_cmd_mock assertCommandSuccess copy_passwd_and_group
|
|
assertEquals "$(echo -e "passwd\npasswd $USER")" "$(cat "$JUNEST_HOME"/etc/passwd)"
|
|
assertEquals "group" "$(cat "$JUNEST_HOME"/etc/group)"
|
|
}
|
|
|
|
function test_copy_passwd_and_group_fallback(){
|
|
cp_cmd_mock() {
|
|
echo "$*"
|
|
}
|
|
CP=cp_cmd_mock GETENT=false LD_EXEC=false assertCommandSuccess copy_passwd_and_group
|
|
assertEquals "$(echo -e "-f /etc/passwd $JUNEST_HOME//etc/passwd\n-f /etc/group $JUNEST_HOME//etc/group")" "$(cat "$STDOUTF")"
|
|
}
|
|
|
|
function test_copy_passwd_and_group_failure(){
|
|
CP=false GETENT=false LD_EXEC=false assertCommandFailOnStatus 1 copy_passwd_and_group
|
|
}
|
|
|
|
function test_nested_env(){
|
|
JUNEST_ENV=1 assertCommandFailOnStatus 106 check_nested_env
|
|
}
|
|
|
|
function test_nested_env_not_set_variable(){
|
|
JUNEST_ENV=aaa assertCommandFailOnStatus 107 check_nested_env
|
|
}
|
|
|
|
function test_check_same_arch_not_same(){
|
|
echo "JUNEST_ARCH=XXX" > "${JUNEST_HOME}"/etc/junest/info
|
|
assertCommandFailOnStatus 104 check_same_arch
|
|
}
|
|
|
|
function test_check_same_arch(){
|
|
echo "JUNEST_ARCH=$ARCH" > "${JUNEST_HOME}"/etc/junest/info
|
|
assertCommandSuccess check_same_arch
|
|
}
|
|
|
|
|
|
source "$JUNEST_ROOT"/tests/utils/shunit2
|