diff options
Diffstat (limited to 'tests/root_test/root_test.go')
| -rw-r--r-- | tests/root_test/root_test.go | 87 |
1 files changed, 51 insertions, 36 deletions
diff --git a/tests/root_test/root_test.go b/tests/root_test/root_test.go index 23b44d0..9ce1f4b 100644 --- a/tests/root_test/root_test.go +++ b/tests/root_test/root_test.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux // Package root_test contains tests that need root // permissions to run @@ -17,8 +16,6 @@ import ( "github.com/rfjakob/gocryptfs/v2/internal/syscallcompat" - "golang.org/x/sys/unix" - "github.com/rfjakob/gocryptfs/v2/tests/test_helpers" ) @@ -26,36 +23,23 @@ func asUser(uid int, gid int, supplementaryGroups []int, f func() error) error { runtime.LockOSThread() defer runtime.UnlockOSThread() - err := unix.Setgroups(supplementaryGroups) + err := syscallcompat.Setgroups(supplementaryGroups) if err != nil { return err } - defer func() { - err = unix.Setgroups(nil) - if err != nil { - panic(err) - } - }() - err = unix.Setregid(-1, gid) + defer syscallcompat.SetgroupsPanic(nil) + + err = syscallcompat.Setregid(-1, gid) if err != nil { return err } - defer func() { - err = unix.Setregid(-1, 0) - if err != nil { - panic(err) - } - }() - err = unix.Setreuid(-1, uid) + defer syscallcompat.SetregidPanic(-1, 0) + + err = syscallcompat.Setreuid(-1, uid) if err != nil { return err } - defer func() { - err = unix.Setreuid(-1, 0) - if err != nil { - panic(err) - } - }() + defer syscallcompat.SetreuidPanic(-1, 0) ret := f() @@ -67,13 +51,13 @@ func asUser(uid int, gid int, supplementaryGroups []int, f func() error) error { // // How to check: // ps -o tid,pid,euid,ruid,suid,egid,rgid,sgid,cmd -eL - err = unix.Setresuid(0, 0, 0) - if err != nil { - panic(err) + _, _, errno := syscall.RawSyscall(syscall.SYS_SETRESUID, uintptr(0), uintptr(0), uintptr(0)) + if errno != 0 { + panic(errno) } - err = unix.Setresgid(0, 0, 0) - if err != nil { - panic(err) + _, _, errno = syscall.RawSyscall(syscall.SYS_SETRESGID, uintptr(0), uintptr(0), uintptr(0)) + if errno != 0 { + panic(errno) } return ret @@ -83,16 +67,11 @@ func TestSupplementaryGroups(t *testing.T) { if os.Getuid() != 0 { t.Skip("must run as root") } - cDir := test_helpers.InitFS(t) - os.Chmod(cDir, 0755) - pDir := cDir + ".mnt" - test_helpers.MountOrFatal(t, cDir, pDir, "-allow_other", "-extpass=echo test") - defer test_helpers.UnmountPanic(pDir) // We need an unrestricted umask syscall.Umask(0000) - dir1 := pDir + "/dir1" + dir1 := test_helpers.DefaultPlainDir + "/dir1" err := os.Mkdir(dir1, 0770) if err != nil { t.Fatal(err) @@ -400,3 +379,39 @@ func TestOverlay(t *testing.T) { } defer syscall.Unmount(ovlMnt, 0) } + +// Check that mkdir and file create works with force_owner and runnung as root +// https://github.com/rfjakob/gocryptfs/issues/783 +func TestRootForceOwner(t *testing.T) { + if os.Getuid() != 0 { + t.Skip("must run as root") + } + cDir := test_helpers.InitFS(t) + pDir := cDir + ".mnt" + test_helpers.MountOrFatal(t, cDir, pDir, "-allow_other", "-extpass=echo test", "-force_owner=1234:1234") + defer test_helpers.UnmountPanic(pDir) + + err := asUser(1234, 1234, nil, func() error { + return os.Mkdir(pDir+"/dir1", 0700) + }) + if err != nil { + t.Error(err) + } + err = asUser(1234, 1234, nil, func() error { + f, err := os.Create(pDir + "/file1") + if err == nil { + f.Close() + } + return err + }) + if err != nil { + t.Error(err) + } + err = asUser(1234, 1234, nil, func() error { + sock := pDir + "/sock" + return syscall.Mknod(sock, syscall.S_IFSOCK|0600, 0) + }) + if err != nil { + t.Errorf("mknod: %v", err) + } +} |