mirror of
https://github.com/projectatomic/bubblewrap.git
synced 2026-02-07 03:47:18 +01:00
d43752a2ef
This runs a set of very basic operations that use the host root fs as the sandbox root. Ensuring that we're at least able to start a sandbox with various options, and that a setuid bwrap can't read files that should otherwise not be readable. Note, this SKIPs the test instead of FAILing if the most basic operation doesn't work, because our test suite doesn't support running the setuid test. Closes: #116 Approved by: cgwalters
36 lines
790 B
Bash
Executable File
36 lines
790 B
Bash
Executable File
#!/bin/bash
|
|
|
|
set -xeuo pipefail
|
|
|
|
srcd=$(cd $(dirname $0) && pwd)
|
|
bn=$(basename $0)
|
|
tempdir=$(mktemp -d /var/tmp/tap-test.XXXXXX)
|
|
touch ${tempdir}/.testtmp
|
|
function cleanup () {
|
|
if test -n "${TEST_SKIP_CLEANUP:-}"; then
|
|
echo "Skipping cleanup of ${test_tmpdir}"
|
|
else if test -f ${tempdir}/.test; then
|
|
rm "${tempdir}" -rf
|
|
fi
|
|
fi
|
|
}
|
|
trap cleanup EXIT
|
|
cd ${tempdir}
|
|
|
|
assert_not_reached () {
|
|
echo $@ 1>&2; exit 1
|
|
}
|
|
|
|
assert_file_has_content () {
|
|
if ! grep -q -e "$2" "$1"; then
|
|
echo 1>&2 "File '$1' doesn't match regexp '$2'"; exit 1
|
|
fi
|
|
}
|
|
|
|
# At the moment we're testing in Travis' container infrastructure
|
|
# which also uses PR_SET_NO_NEW_PRIVS...but let's at least
|
|
# verify --help works!
|
|
test-bwrap --help >out.txt 2>&1
|
|
assert_file_has_content out.txt "--lock-file"
|
|
|