diff options
Diffstat (limited to '')
| -rw-r--r-- | src/test/test-acl-util.c | 2 | ||||
| -rw-r--r-- | src/test/test-capability.c | 7 | ||||
| -rw-r--r-- | src/test/test-chase.c | 4 | ||||
| -rw-r--r-- | src/test/test-chown-rec.c | 4 | ||||
| -rw-r--r-- | src/test/test-condition.c | 7 | ||||
| -rw-r--r-- | src/test/test-fs-util.c | 4 | ||||
| -rw-r--r-- | src/test/test-macro.c | 12 | ||||
| -rw-r--r-- | src/test/test-rm-rf.c | 3 | ||||
| -rw-r--r-- | src/test/test-socket-util.c | 2 |
9 files changed, 35 insertions, 10 deletions
diff --git a/src/test/test-acl-util.c b/src/test/test-acl-util.c index 0cc9afc..daab75e 100644 --- a/src/test/test-acl-util.c +++ b/src/test/test-acl-util.c @@ -41,7 +41,7 @@ TEST_RET(add_acls_for_user) { cmd = strjoina("getfacl -p ", fn); assert_se(system(cmd) == 0); - if (getuid() == 0) { + if (getuid() == 0 && !userns_has_single_user()) { const char *nobody = NOBODY_USER_NAME; r = get_user_creds(&nobody, &uid, NULL, NULL, NULL, 0); if (r < 0) diff --git a/src/test/test-capability.c b/src/test/test-capability.c index 34f3a91..51bd806 100644 --- a/src/test/test-capability.c +++ b/src/test/test-capability.c @@ -318,10 +318,13 @@ int main(int argc, char *argv[]) { show_capabilities(); - test_drop_privileges(); + if (!userns_has_single_user()) + test_drop_privileges(); + test_update_inherited_set(); - fork_test(test_have_effective_cap); + if (!userns_has_single_user()) + fork_test(test_have_effective_cap); if (run_ambient) fork_test(test_apply_ambient_caps); diff --git a/src/test/test-chase.c b/src/test/test-chase.c index 13ee702..c7ca3fd 100644 --- a/src/test/test-chase.c +++ b/src/test/test-chase.c @@ -183,7 +183,7 @@ TEST(chase) { /* Paths underneath the "root" with different UIDs while using CHASE_SAFE */ - if (geteuid() == 0) { + if (geteuid() == 0 && !userns_has_single_user()) { p = strjoina(temp, "/user"); ASSERT_OK(mkdir(p, 0755)); ASSERT_OK(chown(p, UID_NOBODY, GID_NOBODY)); @@ -313,7 +313,7 @@ TEST(chase) { r = chase(p, NULL, 0, &result, NULL); assert_se(r == -ENOENT); - if (geteuid() == 0) { + if (geteuid() == 0 && !userns_has_single_user()) { p = strjoina(temp, "/priv1"); ASSERT_OK(mkdir(p, 0755)); diff --git a/src/test/test-chown-rec.c b/src/test/test-chown-rec.c index 5d83f59..7558de7 100644 --- a/src/test/test-chown-rec.c +++ b/src/test/test-chown-rec.c @@ -153,8 +153,8 @@ TEST(chown_recursive) { } static int intro(void) { - if (geteuid() != 0) - return log_tests_skipped("not running as root"); + if (geteuid() != 0 || userns_has_single_user()) + return log_tests_skipped("not running as root or in userns with single user"); return EXIT_SUCCESS; } diff --git a/src/test/test-condition.c b/src/test/test-condition.c index be83690..76b2af9 100644 --- a/src/test/test-condition.c +++ b/src/test/test-condition.c @@ -1003,6 +1003,13 @@ TEST(condition_test_group) { condition_free(condition); free(gid); + /* In an unprivileged user namespace with the current user mapped to root, all the auxiliary groups + * of the user will be mapped to the nobody group, which means the user in the user namespace is in + * both the root and the nobody group, meaning the next test can't work, so let's skip it in that + * case. */ + if (in_group(NOBODY_GROUP_NAME) && in_group("root")) + return (void) log_tests_skipped("user is in both root and nobody group"); + groupname = (char*)(getegid() == 0 ? NOBODY_GROUP_NAME : "root"); condition = condition_new(CONDITION_GROUP, groupname, false, false); assert_se(condition); diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c index f2fa51f..09fd995 100644 --- a/src/test/test-fs-util.c +++ b/src/test/test-fs-util.c @@ -368,8 +368,8 @@ TEST(chmod_and_chown) { struct stat st; const char *p; - if (geteuid() != 0) - return; + if (geteuid() != 0 || userns_has_single_user()) + return (void) log_tests_skipped("not running as root or in userns with single user"); BLOCK_WITH_UMASK(0000); diff --git a/src/test/test-macro.c b/src/test/test-macro.c index 3d5b0cf..b56f5b8 100644 --- a/src/test/test-macro.c +++ b/src/test/test-macro.c @@ -1117,6 +1117,18 @@ TEST(ASSERT) { ASSERT_SIGNAL(ASSERT_OK(-1), SIGABRT); ASSERT_SIGNAL(ASSERT_OK(-ENOANO), SIGABRT); + ASSERT_OK_POSITIVE(1); + ASSERT_OK_POSITIVE(255); + ASSERT_SIGNAL(ASSERT_OK_POSITIVE(0), SIGABRT); + ASSERT_SIGNAL(ASSERT_OK_POSITIVE(-1), SIGABRT); + ASSERT_SIGNAL(ASSERT_OK_POSITIVE(-ENOANO), SIGABRT); + + ASSERT_OK_ZERO(0); + ASSERT_SIGNAL(ASSERT_OK_ZERO(1), SIGABRT); + ASSERT_SIGNAL(ASSERT_OK_ZERO(255), SIGABRT); + ASSERT_SIGNAL(ASSERT_OK_ZERO(-1), SIGABRT); + ASSERT_SIGNAL(ASSERT_OK_ZERO(-ENOANO), SIGABRT); + ASSERT_OK_ERRNO(0 >= 0); ASSERT_OK_ERRNO(255 >= 0); ASSERT_OK_ERRNO(printf("Hello world\n")); diff --git a/src/test/test-rm-rf.c b/src/test/test-rm-rf.c index 4c69bd2..e4a4263 100644 --- a/src/test/test-rm-rf.c +++ b/src/test/test-rm-rf.c @@ -89,6 +89,9 @@ static void test_rm_rf_chmod_inner(void) { TEST(rm_rf_chmod) { int r; + if (getuid() == 0 && userns_has_single_user()) + return (void) log_tests_skipped("running as root or in userns with single user"); + if (getuid() == 0) { /* This test only works unpriv (as only then the access mask for the owning user matters), * hence drop privs here */ diff --git a/src/test/test-socket-util.c b/src/test/test-socket-util.c index e34aa10..967ba9d 100644 --- a/src/test/test-socket-util.c +++ b/src/test/test-socket-util.c @@ -170,7 +170,7 @@ TEST(getpeercred_getpeergroups) { struct ucred ucred; int pair[2] = EBADF_PAIR; - if (geteuid() == 0) { + if (geteuid() == 0 && !userns_has_single_user()) { test_uid = 1; test_gid = 2; test_gids = (gid_t*) gids; |