Repositories / jai.git
jai.git
Clone (read-only): git clone http://git.guha-anderson.com/git/jai.git
@@ -11,8 +11,8 @@ UPPER_FILE=$CONFIG_DIR/default.changes/$(basename "$HOST_HOME_FILE") register_cleanup_path "$HOST_HOME_FILE" -printf 'host-home' >"$HOST_HOME_FILE" -printf 'host-cwd' >"$CWD_FILE" +real_user_write_file "$HOST_HOME_FILE" "host-home" +real_user_write_file "$CWD_FILE" "host-cwd" capture_in_dir "$WORKDIR" run_jai /bin/sh -c ' printf "%s\n%s\n" "$JAI_MODE" "$JAI_JAIL"
@@ -200,6 +200,40 @@ run_root() { esac } +run_real_user() { + case $TEST_PRIVILEGE_MODE in + root) + if command -v runuser >/dev/null 2>&1; then + env HOME="$REAL_HOME" USER="$REAL_USER" LOGNAME="$REAL_USER" \ + runuser -m -u "$REAL_USER" -- "$@" + elif command -v su >/dev/null 2>&1; then + env HOME="$REAL_HOME" USER="$REAL_USER" LOGNAME="$REAL_USER" \ + su -m -s /bin/sh "$REAL_USER" -c 'cd "$1" && shift && exec "$@"' sh \ + "$PWD" "$@" + else + fail "need runuser or su to run setup as $REAL_USER" + fi + ;; + setuid) + "$@" + ;; + esac +} + +real_user_mkdir_p() { + run_real_user mkdir -p "$@" +} + +real_user_rm_f() { + run_real_user rm -f -- "$@" +} + +real_user_write_file() { + path=$1 + contents=$2 + run_real_user sh -c 'printf %s "$1" >"$2"' sh "$contents" "$path" +} + run_jai_launcher() { case $TEST_PRIVILEGE_MODE in setuid)
@@ -6,7 +6,7 @@ setup_test xfail-config-dir-hidden CONFIG_DIR=$REAL_HOME/jai-test-config-hidden-$$ register_cleanup_path "$CONFIG_DIR" -mkdir -p "$CONFIG_DIR" +real_user_mkdir_p "$CONFIG_DIR" init_config ensure_untrusted_user
@@ -10,7 +10,7 @@ TARGET_PATH=$REAL_HOME/$TARGET_NAME register_cleanup_path "$TARGET_PATH" -printf 'mask-me' >"$TARGET_PATH" +real_user_write_file "$TARGET_PATH" "mask-me" cat >"$CONFIG_DIR/mask-on.conf" <<EOF conf .defaults
@@ -11,7 +11,7 @@ STRICT_GRANTED=$WORKDIR/strict-granted.txt register_cleanup_path "$HOST_HOME_FILE" -printf 'secret' >"$HOST_HOME_FILE" +real_user_write_file "$HOST_HOME_FILE" "secret" capture_in_dir "$WORKDIR" run_jai -j named /usr/bin/env assert_status 0
@@ -6,7 +6,7 @@ setup_test xfail-storage-from-conf init_config STORAGE=$TEST_ROOT/storage -mkdir -p "$STORAGE" +real_user_mkdir_p "$STORAGE" cat >"$CONFIG_DIR/probe.conf" <<EOF conf .defaults
@@ -12,9 +12,9 @@ UPPER_FILE=$STORAGE/default.changes/$(basename "$HOST_HOME_FILE") register_cleanup_path "$STORAGE" register_cleanup_path "$HOST_HOME_FILE" -mkdir -p "$STORAGE" -printf 'sentinel' >"$STORAGE/.sentinel" -printf 'host' >"$HOST_HOME_FILE" +real_user_mkdir_p "$STORAGE" +real_user_write_file "$STORAGE/.sentinel" "sentinel" +real_user_write_file "$HOST_HOME_FILE" "host" capture_in_dir "$WORKDIR" run_jai --storage "$STORAGE" /bin/sh -c ' printf overlay > "$1"
@@ -12,8 +12,8 @@ WRITE_FILE=$REAL_HOME/jai-strict-home-write-$$ register_cleanup_path "$READ_FILE" register_cleanup_path "$WRITE_FILE" -printf 'visible-from-home' >"$READ_FILE" -rm -f "$WRITE_FILE" +real_user_write_file "$READ_FILE" "visible-from-home" +real_user_rm_f "$WRITE_FILE" capture_in_dir "$REAL_HOME" run_jai -m strict -D /bin/sh -c \ '[ -e "$1" ] && printf visible || printf hidden' sh "$READ_FILE"
@@ -10,7 +10,7 @@ UPPER_FILE=$CONFIG_DIR/default.changes/$(basename "$HOST_HOME_FILE") register_cleanup_path "$HOST_HOME_FILE" -printf 'host' >"$HOST_HOME_FILE" +real_user_write_file "$HOST_HOME_FILE" "host" capture_in_dir "$WORKDIR" run_jai /bin/sh -c ' printf overlay > "$1"