also run unshare with --propagation unchanged in root mode
This commit is contained in:
parent
f8fc7d9bbf
commit
067daaf4c2
2 changed files with 42 additions and 2 deletions
37
coverage.sh
37
coverage.sh
|
@ -120,7 +120,7 @@ if [ ! -e shared/hooks/eatmydata/customize.sh ] || [ hooks/eatmydata/customize.s
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
starttime=
|
starttime=
|
||||||
total=190
|
total=191
|
||||||
skipped=0
|
skipped=0
|
||||||
runtests=0
|
runtests=0
|
||||||
i=1
|
i=1
|
||||||
|
@ -556,6 +556,41 @@ else
|
||||||
runtests=$((runtests+1))
|
runtests=$((runtests+1))
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Same as above but this time we run mmdebstrap in root mode from inside a
|
||||||
|
# chroot.
|
||||||
|
print_header "mode=root,variant=apt: root mode inside chroot"
|
||||||
|
cat << END > shared/test.sh
|
||||||
|
#!/bin/sh
|
||||||
|
set -eu
|
||||||
|
export LC_ALL=C.UTF-8
|
||||||
|
[ "\$(whoami)" = "root" ]
|
||||||
|
cat << 'SCRIPT' > script.sh
|
||||||
|
#!/bin/sh
|
||||||
|
set -eu
|
||||||
|
rootfs="\$1"
|
||||||
|
mkdir -p "\$rootfs/mnt"
|
||||||
|
[ -e /usr/bin/mmdebstrap ] && cp -aT /usr/bin/mmdebstrap "\$rootfs/usr/bin/mmdebstrap"
|
||||||
|
[ -e ./mmdebstrap ] && cp -aT ./mmdebstrap "\$rootfs/mnt/mmdebstrap"
|
||||||
|
chroot "\$rootfs" env --chdir=/mnt \
|
||||||
|
$CMD --mode=root --variant=apt \
|
||||||
|
$DEFAULT_DIST /tmp/debian-chroot.tar $mirror
|
||||||
|
SCRIPT
|
||||||
|
chmod +x script.sh
|
||||||
|
$CMD --mode=root --variant=apt --include=perl,mount \
|
||||||
|
--customize-hook=./script.sh \
|
||||||
|
--customize-hook="download /tmp/debian-chroot.tar /tmp/debian-chroot.tar" \
|
||||||
|
$DEFAULT_DIST /dev/null $mirror
|
||||||
|
tar -tf /tmp/debian-chroot.tar | sort | diff -u tar1.txt -
|
||||||
|
rm /tmp/debian-chroot.tar script.sh
|
||||||
|
END
|
||||||
|
if [ "$HAVE_QEMU" = "yes" ]; then
|
||||||
|
./run_qemu.sh
|
||||||
|
runtests=$((runtests+1))
|
||||||
|
else
|
||||||
|
./run_null.sh SUDO
|
||||||
|
runtests=$((runtests+1))
|
||||||
|
fi
|
||||||
|
|
||||||
print_header "mode=root,variant=apt: fail with root without cap_sys_admin"
|
print_header "mode=root,variant=apt: fail with root without cap_sys_admin"
|
||||||
cat << END > shared/test.sh
|
cat << END > shared/test.sh
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
|
@ -4555,7 +4555,12 @@ sub main() {
|
||||||
# To test whether we can use mount without actually trying to mount
|
# To test whether we can use mount without actually trying to mount
|
||||||
# something we try unsharing the mount namespace. If this is allowed,
|
# something we try unsharing the mount namespace. If this is allowed,
|
||||||
# then we are also allowed to mount.
|
# then we are also allowed to mount.
|
||||||
if (0 == system 'unshare --mount true 2>/dev/null') {
|
#
|
||||||
|
# We need to call unshare with "--propagation unchanged" or otherwise
|
||||||
|
# we get 'cannot change root filesystem propagation' when running
|
||||||
|
# mmdebstrap inside a chroot for which the root of the chroot is not
|
||||||
|
# its own mount point.
|
||||||
|
if (0 == system 'unshare --mount --propagation unchanged -- true') {
|
||||||
$options->{canmount} = 1;
|
$options->{canmount} = 1;
|
||||||
} else {
|
} else {
|
||||||
# if we cannot unshare the mount namespace as root, then we also
|
# if we cannot unshare the mount namespace as root, then we also
|
||||||
|
|
Loading…
Reference in a new issue