diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2021-10-21 23:20:21 -0400 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2021-10-22 00:15:04 -0400 |
| commit | 701486a499631955c150344559762ac301147833 (patch) | |
| tree | 9fb98f74d36da0b6a48f3f20b4e7319f0b9e85d6 /tests | |
| parent | libsandbox: use wide readelf output (diff) | |
| download | sandbox-701486a499631955c150344559762ac301147833.tar.gz sandbox-701486a499631955c150344559762ac301147833.tar.bz2 sandbox-701486a499631955c150344559762ac301147833.zip | |
libsandbox: add xattr wrappers #672566
These modify the filesystem, so don't let them do their business.
Fixes: https://bugs.gentoo.org/672566
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/Makefile.am | 4 | ||||
| -rw-r--r-- | tests/lremovexattr-0.c | 15 | ||||
| -rw-r--r-- | tests/lsetxattr-0.c | 24 | ||||
| -rw-r--r-- | tests/removexattr-0.c | 15 | ||||
| -rwxr-xr-x | tests/removexattr-1.sh | 13 | ||||
| -rw-r--r-- | tests/removexattr.at | 1 | ||||
| -rw-r--r-- | tests/setxattr-0.c | 24 | ||||
| -rwxr-xr-x | tests/setxattr-1.sh | 13 | ||||
| -rw-r--r-- | tests/setxattr.at | 1 | ||||
| -rw-r--r-- | tests/tests.h | 1 |
10 files changed, 111 insertions, 0 deletions
diff --git a/tests/Makefile.am b/tests/Makefile.am index e47c996..846a8f6 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -30,6 +30,8 @@ check_PROGRAMS = \ link-0 \ linkat-0 \ linkat_static-0 \ + lremovexattr-0 \ + lsetxattr-0 \ lutimes-0 \ mkdtemp-0 \ mkdir-0 \ @@ -55,10 +57,12 @@ check_PROGRAMS = \ openat64-0 \ opendir-0 \ remove-0 \ + removexattr-0 \ rename-0 \ renameat-0 \ renameat2-0 \ rmdir-0 \ + setxattr-0 \ signal_static-0 \ symlink-0 \ symlinkat-0 \ diff --git a/tests/lremovexattr-0.c b/tests/lremovexattr-0.c new file mode 100644 index 0000000..4abdfff --- /dev/null +++ b/tests/lremovexattr-0.c @@ -0,0 +1,15 @@ +#define FUNC removexattr +#define SFUNC "removexattr" +#define FUNC_STR "\"%s\", \"%s\"" +#define FUNC_IMP path, name +#define ARG_CNT 2 +#define ARG_USE "<path> <name>" + +#define process_args() \ + s = argv[i++]; \ + char *path = s; \ + \ + s = argv[i++]; \ + char *name = s; + +#include "test-skel-0.c" diff --git a/tests/lsetxattr-0.c b/tests/lsetxattr-0.c new file mode 100644 index 0000000..b1ed475 --- /dev/null +++ b/tests/lsetxattr-0.c @@ -0,0 +1,24 @@ +#define FUNC lsetxattr +#define SFUNC "lsetxattr" +#define FUNC_STR "\"%s\", \"%s\", \"%s\", %zu, %i" +#define FUNC_IMP path, name, value, size, flags +#define ARG_CNT 5 +#define ARG_USE "<path> <name> <value> <size> <flags>" + +#define process_args() \ + s = argv[i++]; \ + char *path = s; \ + \ + s = argv[i++]; \ + char *name = s; \ + \ + s = argv[i++]; \ + char *value = s; \ + \ + s = argv[i++]; \ + size_t size = atoi(s); \ + \ + s = argv[i++]; \ + int flags = atoi(s); + +#include "test-skel-0.c" diff --git a/tests/removexattr-0.c b/tests/removexattr-0.c new file mode 100644 index 0000000..4abdfff --- /dev/null +++ b/tests/removexattr-0.c @@ -0,0 +1,15 @@ +#define FUNC removexattr +#define SFUNC "removexattr" +#define FUNC_STR "\"%s\", \"%s\"" +#define FUNC_IMP path, name +#define ARG_CNT 2 +#define ARG_USE "<path> <name>" + +#define process_args() \ + s = argv[i++]; \ + char *path = s; \ + \ + s = argv[i++]; \ + char *name = s; + +#include "test-skel-0.c" diff --git a/tests/removexattr-1.sh b/tests/removexattr-1.sh new file mode 100755 index 0000000..327f4dd --- /dev/null +++ b/tests/removexattr-1.sh @@ -0,0 +1,13 @@ +#!/bin/sh +# Make sure we catch removexattr. +[ "${at_xfail}" = "yes" ] && exit 77 # see trace-0 +xattr-0 ; ret=$? ; [ ${ret} -eq 0 ] || exit ${ret} + +# Set it to something to make sure it works. +touch f +setxattr-0 0 f user.sandbox test 4 0 || exit 1 + +# Try to remove it and get rejected. +adddeny "${PWD}" +removexattr-0 0 f user.sandbox +test -e sandbox.log diff --git a/tests/removexattr.at b/tests/removexattr.at new file mode 100644 index 0000000..081d7d2 --- /dev/null +++ b/tests/removexattr.at @@ -0,0 +1 @@ +SB_CHECK(1) diff --git a/tests/setxattr-0.c b/tests/setxattr-0.c new file mode 100644 index 0000000..2717b85 --- /dev/null +++ b/tests/setxattr-0.c @@ -0,0 +1,24 @@ +#define FUNC setxattr +#define SFUNC "setxattr" +#define FUNC_STR "\"%s\", \"%s\", \"%s\", %zu, %i" +#define FUNC_IMP path, name, value, size, flags +#define ARG_CNT 5 +#define ARG_USE "<path> <name> <value> <size> <flags>" + +#define process_args() \ + s = argv[i++]; \ + char *path = s; \ + \ + s = argv[i++]; \ + char *name = s; \ + \ + s = argv[i++]; \ + char *value = s; \ + \ + s = argv[i++]; \ + size_t size = atoi(s); \ + \ + s = argv[i++]; \ + int flags = atoi(s); + +#include "test-skel-0.c" diff --git a/tests/setxattr-1.sh b/tests/setxattr-1.sh new file mode 100755 index 0000000..6bbe1df --- /dev/null +++ b/tests/setxattr-1.sh @@ -0,0 +1,13 @@ +#!/bin/sh +# Make sure we catch setxattr. +[ "${at_xfail}" = "yes" ] && exit 77 # see trace-0 +xattr-0 ; ret=$? ; [ ${ret} -eq 0 ] || exit ${ret} + +# Set it to something to make sure it works. +touch f +setxattr-0 0 f user.sandbox test 4 0 || exit 1 + +# Try to set it again and get rejected. +adddeny "${PWD}" +setxattr-0 0 f user.sandbox test 4 0 +test -e sandbox.log diff --git a/tests/setxattr.at b/tests/setxattr.at new file mode 100644 index 0000000..081d7d2 --- /dev/null +++ b/tests/setxattr.at @@ -0,0 +1 @@ +SB_CHECK(1) diff --git a/tests/tests.h b/tests/tests.h index 22733ca..610388d 100644 --- a/tests/tests.h +++ b/tests/tests.h @@ -73,6 +73,7 @@ const value_pair tbl_errno[] = { PAIR(EMLINK) PAIR(ENAMETOOLONG) PAIR(ENOBUFS) + PAIR(ENODATA) PAIR(ENODEV) PAIR(ENOENT) PAIR(ENOEXEC) |