diff options
| author | Simon McVittie <smcv@collabora.com> | 2017-07-06 16:37:50 +0100 |
|---|---|---|
| committer | Simon McVittie <smcv@collabora.com> | 2017-12-11 16:03:21 +0000 |
| commit | 7188db6a20667d2c706817e07724ac1f30c6ba2e (patch) | |
| tree | 282e86a499979d9e46a749bad90810c71216a509 | |
| parent | 5619b6f99ea73a6610f764bec9e548d8834af2d0 (diff) | |
test/containers: Exercise connecting to the new socket as the wrong uid
Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101354
| -rw-r--r-- | test/containers.c | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/test/containers.c b/test/containers.c index b3710123..6d8ca067 100644 --- a/test/containers.c +++ b/test/containers.c @@ -267,6 +267,49 @@ test_basic (Fixture *f, } /* + * If we are running as root, assert that when one uid (root) creates a + * container server, another uid (TEST_USER_OTHER) cannot connect to it + */ +static void +test_wrong_uid (Fixture *f, + gconstpointer context) +{ +#ifdef HAVE_CONTAINERS_TEST + GVariant *parameters; + + if (f->skip) + return; + + parameters = g_variant_new ("(ssa{sv}a{sv})", + "com.example.NotFlatpak", + "sample-app", + NULL, /* no metadata */ + NULL); /* no named arguments */ + if (!add_container_server (f, g_steal_pointer (¶meters))) + return; + + g_test_message ("Connecting to %s...", f->socket_dbus_address); + f->confined_conn = test_try_connect_gdbus_as_user (f->socket_dbus_address, + TEST_USER_OTHER, + &f->error); + + /* That might be skipped if we can't become TEST_USER_OTHER */ + if (f->error != NULL && + g_error_matches (f->error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED)) + { + g_test_skip (f->error->message); + return; + } + + /* The connection was unceremoniously closed */ + g_assert_error (f->error, G_IO_ERROR, G_IO_ERROR_CLOSED); + +#else /* !HAVE_CONTAINERS_TEST */ + g_test_skip ("Containers or gio-unix-2.0 not supported"); +#endif /* !HAVE_CONTAINERS_TEST */ +} + +/* * Assert that named arguments are validated: passing an unsupported * named argument causes an error. */ @@ -432,6 +475,8 @@ main (int argc, setup, test_get_supported_arguments, teardown); g_test_add ("/containers/basic", Fixture, NULL, setup, test_basic, teardown); + g_test_add ("/containers/wrong-uid", Fixture, NULL, + setup, test_wrong_uid, teardown); g_test_add ("/containers/unsupported-parameter", Fixture, NULL, setup, test_unsupported_parameter, teardown); g_test_add ("/containers/invalid-type-name", Fixture, NULL, |