[gentoo-commits] proj/sandbox:master commit in: tests/
commit: e5032c6b89621db0475e36fb06c2905b6a9c024c Author: Michael Orlitzky gentoo org> AuthorDate: Sat Jul 1 20:52:34 2023 + Commit: Mike Gilbert gentoo org> CommitDate: Sat Jul 1 23:51:18 2023 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=e5032c6b tests: use explicit adddeny() calls in fchmod and fchown tests. When running the test suite under portage, the entire build directory will be writable because portage adds PORTAGE_TMPDIR to SANDBOX_WRITE (thanks floppym). This breaks the tests for these two wrappers, since they expect to fail when trying to write above $PWD. To avoid that, we create a new file to call fchown/fchmod on, and then explicitly deny access to it. Closes: https://bugs.gentoo.org/909445 Signed-off-by: Michael Orlitzky gentoo.org> Signed-off-by: Mike Gilbert gentoo.org> tests/fchmod-1.sh | 6 +- tests/fchown-1.sh | 6 +- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/tests/fchmod-1.sh b/tests/fchmod-1.sh index db404ba..140d84f 100755 --- a/tests/fchmod-1.sh +++ b/tests/fchmod-1.sh @@ -4,11 +4,15 @@ # addwrite $PWD +rm -f deny || exit 1 +touch deny || exit 1 +adddeny $PWD/deny # The sandbox doesn't log anything when it returns a junk file # descriptor? It doesn't look like we can test the contents of # sandbox.log here... instead, we just have to count on fchmod # failing, which it does if you use O_RDWR, and it *should* if you use # O_RDONLY (because that won't stop the change of permissions). -fchmod-0 $(stat --format='%#04a' ../..) ../.. && exit 1 +fchmod-0 $(stat --format='%#04a' $PWD/deny) $PWD/deny && exit 1 + exit 0 diff --git a/tests/fchown-1.sh b/tests/fchown-1.sh index 1b4a173..6c1178e 100755 --- a/tests/fchown-1.sh +++ b/tests/fchown-1.sh @@ -4,11 +4,15 @@ # addwrite $PWD +rm -f deny || exit 1 +touch deny || exit 1 +adddeny $PWD/deny # The sandbox doesn't log anything when it returns a junk file # descriptor? It doesn't look like we can test the contents of # sandbox.log here... instead, we just have to count on fchown # failing, which it does if you use O_RDWR, and it *should* if you use # O_RDONLY (because that won't stop the change of ownership). -fchown-0 ${SB_UID} ${SB_GID} ../.. && exit 1 +fchown-0 ${SB_UID} ${SB_GID} $PWD/deny && exit 1 + exit 0
[gentoo-commits] proj/sandbox:master commit in: tests/
commit: 652097eb4228ac9ba9973811b2832fc77f2048a2 Author: Michael Orlitzky gentoo org> AuthorDate: Sun Jan 28 03:38:26 2018 + Commit: Mike Gilbert gentoo org> CommitDate: Thu Jun 22 13:54:38 2023 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=652097eb tests: add more tests to make sure fchown/fchmod are handled correctly. Closes: https://bugs.gentoo.org/599706 Signed-off-by: Michael Orlitzky gentoo.org> Signed-off-by: Mike Gilbert gentoo.org> tests/fchmod-2.sh | 11 +++ tests/fchmod.at | 1 + tests/fchown-2.sh | 11 +++ tests/fchown.at | 1 + 4 files changed, 24 insertions(+) diff --git a/tests/fchmod-2.sh b/tests/fchmod-2.sh new file mode 100755 index 000..96d7cc9 --- /dev/null +++ b/tests/fchmod-2.sh @@ -0,0 +1,11 @@ +#!/bin/sh +# +# Ensure that fchmod() doesn't trigger spurious violations in the most +# basic of cases. +# +addwrite $PWD + +# This should not trigger a violation. +rm -f file +touch file +fchmod-0 0644 file || exit 1 diff --git a/tests/fchmod.at b/tests/fchmod.at index 081d7d2..d364b4b 100644 --- a/tests/fchmod.at +++ b/tests/fchmod.at @@ -1 +1,2 @@ SB_CHECK(1) +SB_CHECK(2) diff --git a/tests/fchown-2.sh b/tests/fchown-2.sh new file mode 100755 index 000..dedfbe4 --- /dev/null +++ b/tests/fchown-2.sh @@ -0,0 +1,11 @@ +#!/bin/sh +# +# Ensure that fchown() doesn't trigger spurious violations in the most +# basic of cases. +# +addwrite $PWD + +# This should not trigger a violation. +rm -f file +touch file +fchown-0 ${SB_UID} ${SB_GID} file || exit 1 diff --git a/tests/fchown.at b/tests/fchown.at index 081d7d2..d364b4b 100644 --- a/tests/fchown.at +++ b/tests/fchown.at @@ -1 +1,2 @@ SB_CHECK(1) +SB_CHECK(2)
[gentoo-commits] proj/sandbox:master commit in: tests/
commit: 05e32f542c145253eb01ae4005ca13c63a1c79d8 Author: Michael Orlitzky gentoo org> AuthorDate: Sun Jan 28 01:05:02 2018 + Commit: Mike Gilbert gentoo org> CommitDate: Thu Jun 22 13:54:38 2023 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=05e32f54 tests: add test case for fchown/fchmod with O_RDONLY. Bug: https://bugs.gentoo.org/599706 Signed-off-by: Michael Orlitzky gentoo.org> Signed-off-by: Mike Gilbert gentoo.org> tests/fchmod-0.c | 35 +++ tests/fchmod-1.sh | 14 ++ tests/fchmod.at | 1 + tests/fchown-0.c | 34 ++ tests/fchown-1.sh | 14 ++ tests/fchown.at | 1 + tests/local.mk| 2 ++ 7 files changed, 101 insertions(+) diff --git a/tests/fchmod-0.c b/tests/fchmod-0.c new file mode 100644 index 000..de0c237 --- /dev/null +++ b/tests/fchmod-0.c @@ -0,0 +1,35 @@ +/* + * https://bugs.gentoo.org/599706 + * + */ + +#include "headers.h" + +int main(int argc, char *argv[]) +{ + if (argc < 2) + return -2; + + int mode = 0; + sscanf(argv[1], "%i", ); + /* The sandbox catches this: +* +* int fd = open(argv[2], O_RDWR); +* +* And it /should/ catch this: +* +*int fd = open(argv[2], O_RDONLY); +* +* ...but the latter only works when /proc/self/fd/%i +* is available. +* +*/ +#ifdef SANDBOX_PROC_SELF_FD + int fd = open(argv[2], O_RDONLY); +#else + int fd = open(argv[2], O_RDWR); +#endif + int fchmod_result = fchmod(fd, (mode_t)mode); + close(fd); + return fchmod_result; +} diff --git a/tests/fchmod-1.sh b/tests/fchmod-1.sh new file mode 100755 index 000..db404ba --- /dev/null +++ b/tests/fchmod-1.sh @@ -0,0 +1,14 @@ +#!/bin/sh +# +# https://bugs.gentoo.org/599706 +# + +addwrite $PWD + +# The sandbox doesn't log anything when it returns a junk file +# descriptor? It doesn't look like we can test the contents of +# sandbox.log here... instead, we just have to count on fchmod +# failing, which it does if you use O_RDWR, and it *should* if you use +# O_RDONLY (because that won't stop the change of permissions). +fchmod-0 $(stat --format='%#04a' ../..) ../.. && exit 1 +exit 0 diff --git a/tests/fchmod.at b/tests/fchmod.at new file mode 100644 index 000..081d7d2 --- /dev/null +++ b/tests/fchmod.at @@ -0,0 +1 @@ +SB_CHECK(1) diff --git a/tests/fchown-0.c b/tests/fchown-0.c new file mode 100644 index 000..7fdca73 --- /dev/null +++ b/tests/fchown-0.c @@ -0,0 +1,34 @@ +/* + * https://bugs.gentoo.org/599706 + * + */ + +#include "headers.h" + +int main(int argc, char *argv[]) +{ + if (argc < 3) + return -2; + + uid_t uid = atoi(argv[1]); + gid_t gid = atoi(argv[2]); + /* The sandbox catches this: +* +* int fd = open(argv[3], O_RDWR); +* +* And it /should/ catch this: +* +*int fd = open(argv[3], O_RDONLY); +* +* ...but the latter only works when /proc/self/fd/%i +* is available. +*/ +#ifdef SANDBOX_PROC_SELF_FD + int fd = open(argv[3], O_RDONLY); +#else + int fd = open(argv[3], O_RDWR); +#endif + int fchown_result = fchown(fd, uid, gid); + close(fd); + return fchown_result; +} diff --git a/tests/fchown-1.sh b/tests/fchown-1.sh new file mode 100755 index 000..1b4a173 --- /dev/null +++ b/tests/fchown-1.sh @@ -0,0 +1,14 @@ +#!/bin/sh +# +# https://bugs.gentoo.org/599706 +# + +addwrite $PWD + +# The sandbox doesn't log anything when it returns a junk file +# descriptor? It doesn't look like we can test the contents of +# sandbox.log here... instead, we just have to count on fchown +# failing, which it does if you use O_RDWR, and it *should* if you use +# O_RDONLY (because that won't stop the change of ownership). +fchown-0 ${SB_UID} ${SB_GID} ../.. && exit 1 +exit 0 diff --git a/tests/fchown.at b/tests/fchown.at new file mode 100644 index 000..081d7d2 --- /dev/null +++ b/tests/fchown.at @@ -0,0 +1 @@ +SB_CHECK(1) diff --git a/tests/local.mk b/tests/local.mk index 046cf6f..f1f4ac0 100644 --- a/tests/local.mk +++ b/tests/local.mk @@ -29,7 +29,9 @@ check_PROGRAMS += \ %D%/execv-0 \ %D%/execvp-0 \ %D%/faccessat-0 \ + %D%/fchmod-0 \ %D%/fchmodat-0 \ + %D%/fchown-0 \ %D%/fchownat-0 \ %D%/fopen-0 \ %D%/fopen64-0 \
[gentoo-commits] proj/sandbox:master commit in: tests/, libsandbox/
commit: cdc89a00ac0bc3170d4ca7bfc77bc2572ce076b0 Author: Mike Gilbert gentoo org> AuthorDate: Mon Jun 12 14:58:39 2023 + Commit: Mike Gilbert gentoo org> CommitDate: Mon Jun 12 16:00:04 2023 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=cdc89a00 libsandbox: add lutimes to symlink_func lutimes operates on symlinks, so we should not check for access against the symlink target. Bug: https://bugs.gentoo.org/908105 Signed-off-by: Mike Gilbert gentoo.org> libsandbox/libsandbox.c | 1 + tests/lutimes-1.sh | 9 + tests/lutimes.at| 1 + 3 files changed, 11 insertions(+) diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c index 0ca2bc9..b9ef52e 100644 --- a/libsandbox/libsandbox.c +++ b/libsandbox/libsandbox.c @@ -679,6 +679,7 @@ static bool symlink_func(int sb_nr, int flags) sb_nr == SB_NR_LCHOWN || sb_nr == SB_NR_LREMOVEXATTR || sb_nr == SB_NR_LSETXATTR|| + sb_nr == SB_NR_LUTIMES || sb_nr == SB_NR_REMOVE || sb_nr == SB_NR_RENAME || sb_nr == SB_NR_RENAMEAT || diff --git a/tests/lutimes-1.sh b/tests/lutimes-1.sh new file mode 100755 index 000..8638bb2 --- /dev/null +++ b/tests/lutimes-1.sh @@ -0,0 +1,9 @@ +#!/bin/sh + +addwrite "${PWD}" + +sym="lutimes-1.sym" +ln -s /bad/path "${sym}" + +lutimes-0 0 "${sym}" NULL || exit 1 +lutimes-0 -1,EACCES /bin/sh NULL || exit 1 diff --git a/tests/lutimes.at b/tests/lutimes.at new file mode 100644 index 000..081d7d2 --- /dev/null +++ b/tests/lutimes.at @@ -0,0 +1 @@ +SB_CHECK(1)
[gentoo-commits] proj/sandbox:master commit in: tests/
commit: 369fc5965ce5065f2653225627f61442641c5bef Author: Mike Frysinger gentoo org> AuthorDate: Wed Nov 3 19:11:33 2021 + Commit: Mike Frysinger gentoo org> CommitDate: Wed Nov 3 19:11:33 2021 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=369fc596 tests: skip static children tests when YAMA ptrace_scope is enabled Since we can't trace static children under certain YAMA ptrace_scope settings, skip tests that rely on that functionality. Closes: https://bugs.gentoo.org/821418 Signed-off-by: Mike Frysinger gentoo.org> tests/atlocal.in | 9 + tests/script-17.sh | 8 +++- tests/script-8.sh | 3 +++ 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/tests/atlocal.in b/tests/atlocal.in index e8213c0..adf3bad 100644 --- a/tests/atlocal.in +++ b/tests/atlocal.in @@ -42,5 +42,14 @@ case "${MAKEFLAGS}" in ;; esac +# Figure out currently YAMA ptrace_scope restriction level. +at_yama_ptrace_scope=$(cat /proc/sys/kernel/yama/ptrace_scope 2>/dev/null || echo 0) +if [ ${at_yama_ptrace_scope} -gt 0 ] ; then + if [ "$(id -u)" -eq 0 ] ; then + at_yama_ptrace_scope=0 + fi +fi +export at_yama_ptrace_scope + # This script must finish with ($? == 0) else the autotest runner gets upset. : diff --git a/tests/script-17.sh b/tests/script-17.sh index a8a8f51..83c51f9 100755 --- a/tests/script-17.sh +++ b/tests/script-17.sh @@ -10,7 +10,13 @@ adddeny "${PWD}/subdir" for child in 0 1 2 3 4 5 ; do fork-follow_tst ${child} subdir/dyn${child} || exit $? done -for child in 0 1 2 3 4 5 ; do + +depth="0" +# We can't trace static children currently with YAMA ptrace_scope 1+. +if [ ${at_yama_ptrace_scope} -eq 0 ] ; then + depth="${depth} 1 2 3 4 5" +fi +for child in ${depth} ; do fork-follow_static_tst ${child} subdir/static${child} || exit $? done diff --git a/tests/script-8.sh b/tests/script-8.sh index 6d9de55..9d8ca11 100755 --- a/tests/script-8.sh +++ b/tests/script-8.sh @@ -6,6 +6,9 @@ sigsuspend-zsh_tst d=$? echo "ret = $d" +# We can't trace static children currently with YAMA ptrace_scope 1+. +[ ${at_yama_ptrace_scope} -gt 0 ] && exit ${d} + sigsuspend-zsh_static_tst s=$? echo "ret = $s"
[gentoo-commits] proj/sandbox:master commit in: tests/, libsbutil/, libsandbox/
commit: ba41b3b01c573a4f942605142a5a0d2f08b4c799 Author: Mike Frysinger gentoo org> AuthorDate: Mon Oct 18 22:06:39 2021 + Commit: Mike Frysinger gentoo org> CommitDate: Wed Nov 3 00:05:25 2021 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=ba41b3b0 libsandbox: fix ptracing children The ptrace logic was largely built around the assumption of execing a single static binary and that's it. But there's nothing stopping it from also forking & creating children. Today, that means children do not get tracked for problems. One major known issue is that the sandbox env is frozen upon launch. So once we switch to ptrace mode, it's not possible for traced code to disable sandboxing or otherwise reconfigure it. Currently that shouldn't be a big deal as we assume the main execution environment (i.e. bash) is dynamic, and that's where the env will be tweaked, but we'll have to address this before we can deploy ptrace more. Signed-off-by: Mike Frysinger gentoo.org> libsandbox/trace.c | 73 +- libsbutil/sb_efuncs.c | 1 + libsbutil/sbutil.h | 9 ++ tests/fork-follow_static_tst.c | 1 + tests/fork-follow_tst.c| 34 tests/local.mk | 2 ++ tests/script-17.sh | 17 ++ tests/script.at| 3 +- 8 files changed, 131 insertions(+), 9 deletions(-) diff --git a/libsandbox/trace.c b/libsandbox/trace.c index 4ae58aa..0434f96 100644 --- a/libsandbox/trace.c +++ b/libsandbox/trace.c @@ -29,7 +29,7 @@ static long _do_ptrace(sb_ptrace_req_t request, const char *srequest, void *addr # define SBDEBUG 0 #endif #define __sb_debug(fmt, args...) do { if (SBDEBUG) sb_eraw(fmt, ## args); } while (0) -#define _sb_debug(fmt, args...) do { if (SBDEBUG) sb_ewarn("TRACE (pid=%i):%s: " fmt, getpid(), __func__, ## args); } while (0) +#define _sb_debug(fmt, args...) do { if (SBDEBUG) sb_ewarn("TRACE (pid=%i<%i):%s: " fmt, getpid(), trace_pid, __func__, ## args); } while (0) #define sb_debug(fmt, args...) _sb_debug(fmt "\n", ## args) #include "trace/os.c" @@ -397,6 +397,19 @@ static bool trace_check_syscall(const struct syscall_entry *se, void *regs) return ret; } +static void trace_init_tracee(void) +{ + do_ptrace(PTRACE_SETOPTIONS, NULL, (void *)(uintptr_t)( + PTRACE_O_EXITKILL | + PTRACE_O_TRACECLONE | + PTRACE_O_TRACEEXEC | + PTRACE_O_TRACEEXIT | + PTRACE_O_TRACEFORK | + PTRACE_O_TRACEVFORK | + PTRACE_O_TRACESYSGOOD + )); +} + static void trace_loop(void) { trace_regs regs; @@ -471,6 +484,56 @@ static void trace_loop(void) __sb_debug(" exit event!\n"); continue; + case PTRACE_EVENT_CLONE: + case PTRACE_EVENT_FORK: + case PTRACE_EVENT_VFORK: { + /* The tracee is forking, so fork a new tracer to handle it. */ + long newpid; + do_ptrace(PTRACE_GETEVENTMSG, NULL, ); + sb_debug("following forking event %i; pid=%li %i\n", +event, newpid, before_syscall); + + /* Pipe for synchronizing detach & attach events. */ + int fds[2]; + ret = pipe(fds); + sb_assert(ret == 0); + if (fork() == 0) { + /* New tracer needs to take control of new tracee. */ + char ch; + close(fds[1]); + RETRY_EINTR(read(fds[0], , 1)); + close(fds[0]); + trace_pid = newpid; + retry_attach: + ret = do_ptrace(PTRACE_ATTACH, NULL, NULL); + if (ret) { + if (errno == EPERM) + goto retry_attach; + sb_ebort("ISE:PTRACE_ATTACH %s", strerror(errno)); + } + trace_init_tracee(); + before_syscall = true; + continue; + } else { + /* Existing tracer needs to release new tracee. */ + retry_detach: + ret = ptrace(PTRACE_DETACH, newpid, NULL, (void *)SIGSTOP); + if (ret) { + if (errno == ESRCH) { + /* The kernel might not have the proc ready yet. */ + struct timespec ts = {0, 500 * 1000 /* 0.5 millisec */}; +
[gentoo-commits] proj/sandbox:master commit in: tests/, src/
commit: 9a026d957ffc18ab4f4f7d069f4373ddf190eca9 Author: Mike Frysinger gentoo org> AuthorDate: Fri Oct 29 03:50:00 2021 + Commit: Mike Frysinger gentoo org> CommitDate: Fri Oct 29 03:50:00 2021 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=9a026d95 sandbox: change interface to make it easier to pass thru The sandbox command line is passed to a shell for execution. This can be a bit awkward to quote right if you weren't expecting it, and even if you were. Change the default behavior to be more like `env` where the arguments, as they are, get passed through and run. If people want the old shell behavior, they can use the -c option akin to `bash -c`. Bug: https://bugs.gentoo.org/265907 Signed-off-by: Mike Frysinger gentoo.org> src/options.c | 8 +++- src/sandbox.c | 46 +++--- src/sandbox.h | 1 + tests/git-bisector.sh | 15 +-- tests/local.at| 2 +- 5 files changed, 49 insertions(+), 23 deletions(-) diff --git a/src/options.c b/src/options.c index 03cffda..64cd750 100644 --- a/src/options.c +++ b/src/options.c @@ -20,6 +20,7 @@ int opt_use_ns_sysv = -1; int opt_use_ns_time = -1; int opt_use_ns_user = -1; int opt_use_ns_uts = -1; +bool opt_use_bash = false; static const struct { const char *name; @@ -76,7 +77,7 @@ static void show_version(void) exit(0); } -#define PARSE_FLAGS "+hV" +#define PARSE_FLAGS "+chV" #define a_argument required_argument static struct option const long_opts[] = { {"ns-on", no_argument, _use_namespaces, true}, @@ -99,6 +100,7 @@ static struct option const long_opts[] = { {"ns-user-off", no_argument, _use_ns_user, false}, {"ns-uts-on", no_argument, _use_ns_uts, true}, {"ns-uts-off",no_argument, _use_ns_uts, false}, + {"bash", no_argument, NULL, 'c'}, {"help", no_argument, NULL, 'h'}, {"version", no_argument, NULL, 'V'}, {"run-configure", no_argument, NULL, 0x800}, @@ -125,6 +127,7 @@ static const char * const opts_help[] = { "Disable the use of user namespaces", "Enable the use of UTS (hostname/uname) namespaces", "Disable the use of UTS (hostname/uname) namespaces", + "Run command through bash shell", "Print this help and exit", "Print version and exit", "Run local sandbox configure in same way and exit (developer only)", @@ -201,6 +204,9 @@ void parseargs(int argc, char *argv[]) while ((i = getopt_long(argc, argv, PARSE_FLAGS, long_opts, NULL)) != -1) { switch (i) { + case 'c': + opt_use_bash = true; + break; case 'V': show_version(); case 'h': diff --git a/src/sandbox.c b/src/sandbox.c index 7e8a769..7d6b03f 100644 --- a/src/sandbox.c +++ b/src/sandbox.c @@ -175,7 +175,9 @@ static int spawn_shell(char *argv_bash[], char **env, int debug) /* Child's process */ if (0 == child_pid) { - int ret = execve(argv_bash[0], argv_bash, env); + /* Would be nice if execvpe were in POSIX. */ + environ = env; + int ret = execvp(argv_bash[0], argv_bash); sb_pwarn("failed to exec child"); _exit(ret); } else if (child_pid < 0) { @@ -258,25 +260,31 @@ int main(int argc, char **argv) goto oom_error; /* Setup bash argv */ - str_list_add_item_copy(argv_bash, "/bin/bash", oom_error); - str_list_add_item_copy(argv_bash, "-rcfile", oom_error); - str_list_add_item_copy(argv_bash, sandbox_info.sandbox_rc, oom_error); - if (argc >= 2) { - int i; - size_t cmdlen; - char *cmd = NULL; - - str_list_add_item_copy(argv_bash, run_str, oom_error); - str_list_add_item_copy(argv_bash, argv[1], oom_error); - cmdlen = strlen(argv_bash[4]); - for (i = 2; i < argc; i++) { - size_t arglen = strlen(argv[i]); - argv_bash[4] = xrealloc(argv_bash[4], cmdlen + arglen + 2); - argv_bash[4][cmdlen] = ' '; - memcpy(argv_bash[4] + cmdlen + 1, argv[i], arglen); - cmdlen += arglen + 1; - argv_bash[4][cmdlen] = '\0'; + if (opt_use_bash || argc == 1) { + str_list_add_item_copy(argv_bash, "/bin/bash", oom_error); + str_list_add_item_copy(argv_bash, "-rcfile", oom_error); + str_list_add_item_copy(argv_bash, sandbox_info.sandbox_rc, oom_error); + if (argc >= 2) { + int i; + size_t cmdlen; + char *cmd = NULL; + +
[gentoo-commits] proj/sandbox:master commit in: tests/
commit: 192ed5f48b728877a46c39523717363df87dec82 Author: Mike Frysinger gentoo org> AuthorDate: Sun Oct 24 00:53:48 2021 + Commit: Mike Frysinger gentoo org> CommitDate: Sun Oct 24 00:53:48 2021 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=192ed5f4 tests: fix lremovexattr typo Signed-off-by: Mike Frysinger gentoo.org> tests/lremovexattr-0.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/lremovexattr-0.c b/tests/lremovexattr-0.c index 4abdfff..ca925f1 100644 --- a/tests/lremovexattr-0.c +++ b/tests/lremovexattr-0.c @@ -1,5 +1,5 @@ -#define FUNC removexattr -#define SFUNC "removexattr" +#define FUNC lremovexattr +#define SFUNC "lremovexattr" #define FUNC_STR "\"%s\", \"%s\"" #define FUNC_IMP path, name #define ARG_CNT 2
[gentoo-commits] proj/sandbox:master commit in: tests/
commit: 38348c15ee54a9d5a6aefeaef9dd41e031271dc0 Author: Mike Frysinger gentoo org> AuthorDate: Sat Oct 23 22:01:04 2021 + Commit: Mike Frysinger gentoo org> CommitDate: Sat Oct 23 22:17:09 2021 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=38348c15 tests: fix handling of srcdir vs abs_srcdir for dist creation The paths listed in EXTRA_DIST must be the targets that we define exactly, or running distcheck can fail with stale targets -- they should have been generated before creating the dist, but they get updated afterwards. This is easy to repro with: touch tests/testsuite.at && make distcheck Let's split the relative & absolute path logic a bit to help with this. We should only use relative paths in dependency related settings, but use absolute paths when running tools after a cd to a different location. Also add testsuite.list.at to the dist explicitly. We were getting this implicitly via testsuite depending on it, but better to list all the files exactly. Signed-off-by: Mike Frysinger gentoo.org> tests/local.mk | 20 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/tests/local.mk b/tests/local.mk index 0aac4f1..aa2acac 100644 --- a/tests/local.mk +++ b/tests/local.mk @@ -1,12 +1,16 @@ AT_FILES = $(wildcard $(top_srcdir)/%D%/*.at) -TESTSUITE = $(abs_top_srcdir)/%D%/testsuite DISTCLEANFILES += %D%/atconfig +# Use top_srcdir for dependencies, and abs_top_srcdir to execute it. +TESTSUITE = $(top_srcdir)/%D%/testsuite +ABS_TESTSUITE = $(abs_top_srcdir)/%D%/testsuite + EXTRA_DIST += \ $(AT_FILES) \ + $(TESTSUITE) \ + $(TESTSUITE_LIST) \ %D%/atlocal.in \ %D%/package.m4.in \ - %D%/testsuite \ %D%/test-skel-0.c \ %D%/tests.h \ %D%/xattr-0 @@ -118,23 +122,23 @@ TESTSUITEFLAGS = --jobs=`getconf _NPROCESSORS_ONLN || echo 1` tests: $(check_PROGRAMS) $(TESTSUITE) check-local: %D%/atconfig %D%/atlocal $(TESTSUITE) - cd %D% && $(SHELL) '$(TESTSUITE)' AUTOTEST_PATH='src:tests' $(TESTSUITEFLAGS) + cd %D% && $(SHELL) '$(ABS_TESTSUITE)' AUTOTEST_PATH='src:tests' $(TESTSUITEFLAGS) installcheck-local: %D%/atconfig %D%/atlocal $(TESTSUITE) - cd %D% && $(SHELL) '$(TESTSUITE)' AUTOTEST_PATH='src:tests:$(bindir)' $(TESTSUITEFLAGS) + cd %D% && $(SHELL) '$(ABS_TESTSUITE)' AUTOTEST_PATH='src:tests:$(bindir)' $(TESTSUITEFLAGS) clean-local: - test ! -f '$(TESTSUITE)' || { cd %D% && $(SHELL) '$(TESTSUITE)' --clean; } + test ! -f '$(TESTSUITE)' || { cd %D% && $(SHELL) '$(ABS_TESTSUITE)' --clean; } TESTSUITE_LIST = $(top_srcdir)/%D%/testsuite.list.at AUTOTEST = $(AUTOM4TE) --language=autotest $(TESTSUITE): $(AT_FILES) $(TESTSUITE_LIST) - @$(MKDIR_P) $(abs_top_srcdir)/%D% - $(AM_V_GEN)cd $(abs_top_srcdir)/%D% && $(AUTOTEST) -I. -o $@.tmp $@.at + @$(MKDIR_P) $(top_srcdir)/%D% + $(AM_V_GEN)cd $(top_srcdir)/%D% && $(AUTOTEST) -I. -o testsuite.tmp testsuite.at $(AM_V_at)mv $@.tmp $@ $(TESTSUITE_LIST): $(AT_FILES) - @$(MKDIR_P) $(abs_top_srcdir)/%D% + @$(MKDIR_P) $(top_srcdir)/%D% $(AM_V_GEN)( echo "dnl DO NOT EDIT: GENERATED BY MAKEFILE.AM"; \ $(GREP) -l -e '^SB_CHECK' -e '^AT_CHECK' $(AT_FILES) | LC_ALL=C sort | \ $(SED) -e 's:^[^/]*/%D%/:sb_inc([:' -e 's:[.]at$$:]):' ) > $@
[gentoo-commits] proj/sandbox:master commit in: /, tests/
commit: 8cda01a02f00f271050050823e6facae0a730da6 Author: Mike Frysinger gentoo org> AuthorDate: Sat Oct 23 05:12:47 2021 + Commit: Mike Frysinger gentoo org> CommitDate: Sat Oct 23 05:12:47 2021 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=8cda01a0 tests: merge into top level makefile too This kills off recursive make entirely. Closes: https://bugs.gentoo.org/819411 Signed-off-by: Mike Frysinger gentoo.org> .gitignore| 4 +- Makefile.am | 9 ++-- configure.ac | 1 - tests/Makefile| 4 ++ tests/Makefile.am | 134 --- tests/local.mk| 140 ++ 6 files changed, 151 insertions(+), 141 deletions(-) diff --git a/.gitignore b/.gitignore index 04a0f20..7704390 100644 --- a/.gitignore +++ b/.gitignore @@ -8,8 +8,7 @@ a.out .libs .dirstamp /Makefile -/tests/Makefile -Makefile.in +/Makefile.in f f2 @@ -43,7 +42,6 @@ core /ltmain.sh /missing /stamp-h1 -/test.sh /m4/libtool.m4 /m4/ltoptions.m4 diff --git a/Makefile.am b/Makefile.am index cd5e3b3..07b1c6d 100644 --- a/Makefile.am +++ b/Makefile.am @@ -4,12 +4,13 @@ AM_CPPFLAGS = \ $(SANDBOX_DEFINES) \ -I$(top_srcdir) -SUBDIRS = tests - confdir = $(sysconfdir) confddir = $(sysconfdir)/sandbox.d bin_PROGRAMS = +check_PROGRAMS = +check_SCRIPTS = +dist_check_SCRIPTS = dist_conf_DATA = etc/sandbox.conf confd_DATA = etc/sandbox.d/00default dist_pkgdata_DATA = data/sandbox.bashrc @@ -17,6 +18,7 @@ lib_LTLIBRARIES = noinst_LTLIBRARIES = CLEANFILES = +DISTCLEANFILES = EXTRA_DIST = \ headers.h \ @@ -47,5 +49,6 @@ dist-hook: include libsandbox/local.mk include libsbutil/local.mk include src/local.mk +include tests/local.mk -DISTCLEANFILES = $(CLEANFILES) +DISTCLEANFILES += $(CLEANFILES) diff --git a/configure.ac b/configure.ac index 96c602f..0f2b0ea 100644 --- a/configure.ac +++ b/configure.ac @@ -471,7 +471,6 @@ AC_CONFIG_FILES([ Makefile etc/sandbox.d/00default tests/atlocal - tests/Makefile tests/package.m4 ]) AC_OUTPUT diff --git a/tests/Makefile b/tests/Makefile new file mode 100644 index 000..2eed23e --- /dev/null +++ b/tests/Makefile @@ -0,0 +1,4 @@ +# Helper for developers. +all: tests ; +clean: clean-checkPROGRAMS ; rm -f *.o *.l[ao] .libs/* +%: ; $(MAKE) -C .. $@ diff --git a/tests/Makefile.am b/tests/Makefile.am deleted file mode 100644 index 5bb476d..000 --- a/tests/Makefile.am +++ /dev/null @@ -1,134 +0,0 @@ -AT_FILES = $(wildcard $(srcdir)/*.at) -TESTSUITE = $(srcdir)/testsuite -DISTCLEANFILES = atconfig -EXTRA_DIST = atlocal.in package.m4.in $(AT_FILES) $(TESTSUITE) \ - test-skel-0.c \ - tests.h \ - xattr-0 - -AM_CPPFLAGS = -I$(top_srcdir) $(SANDBOX_DEFINES) - -check_PROGRAMS = \ - get-group \ - get-user \ - sb_true \ - sb_true_static \ - \ - access-0 \ - chmod-0 \ - chown-0 \ - creat-0 \ - creat64-0 \ - execv-0 \ - execvp-0 \ - faccessat-0 \ - fchmodat-0 \ - fchownat-0 \ - fopen-0 \ - fopen64-0 \ - futimesat-0 \ - lchown-0 \ - link-0 \ - linkat-0 \ - linkat_static-0 \ - lremovexattr-0 \ - lsetxattr-0 \ - lutimes-0 \ - mkdtemp-0 \ - mkdir-0 \ - mkdir_static-0 \ - mkdirat-0 \ - mkfifo-0 \ - mkfifoat-0 \ - mknod-0 \ - mknodat-0 \ - mkostemp-0 \ - mkostemp64-0 \ - mkostemps-0 \ - mkostemps64-0 \ - mkstemp-0 \ - mkstemp64-0 \ - mkstemps-0 \ - mkstemps64-0 \ - open-0 \ - open_static-0 \ - open64-0 \ - openat-0 \ - openat_static-0 \ - openat64-0 \ - opendir-0 \ - remove-0 \ - removexattr-0 \ - rename-0 \ - renameat-0 \ - renameat2-0 \ - rmdir-0 \ - setxattr-0 \ - signal_static-0 \ - symlink-0 \ - symlinkat-0 \ - truncate-0 \ - truncate64-0 \ - unlink-0 \ - unlink_static-0 \ - unlinkat-0 \ - utime-0 \ - utimensat-0 \ - utimensat_static-0 \ - utimes-0 \ - vfork-0 \ - \ - getcwd-gnulib_tst \ - libsigsegv_tst \ - malloc_hooked_tst \ - malloc_mmap_tst \ - pipe-fork_tst \ - pipe-fork_static_tst \ - sb_printf_tst \ - sigsuspend-zsh_tst \ - sigsuspend-zsh_static_tst \ - trace-memory_static_tst - -dist_check_SCRIPTS = \ - $(wildcard $(srcdir)/*-[0-9]*.sh) \ - malloc-0 \ - script-0 \ - trace-0 - -AM_LDFLAGS = `expr $@ : .*_static >/dev/null && echo -all-static` - -sb_printf_tst_CFLAGS = -I$(top_srcdir)/libsbutil -I$(top_srcdir)/libsbutil/include -sb_printf_tst_LDADD = $(top_builddir)/libsbutil/libsbutil.la - -malloc_hooked_tst_LDFLAGS = $(AM_LDFLAGS) -pthread -
[gentoo-commits] proj/sandbox:master commit in: tests/
commit: 4283dce8529d7423e8dc7584dc3b5e3b110c48e9 Author: Michał Górny gentoo org> AuthorDate: Fri Oct 22 07:14:57 2021 + Commit: Michał Górny gentoo org> CommitDate: Fri Oct 22 07:14:57 2021 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=4283dce8 tests: Add missing EXTRA_DIST for xattr-0 Signed-off-by: Michał Górny gentoo.org> tests/Makefile.am | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/Makefile.am b/tests/Makefile.am index 846a8f6..5bb476d 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -3,7 +3,8 @@ TESTSUITE = $(srcdir)/testsuite DISTCLEANFILES = atconfig EXTRA_DIST = atlocal.in package.m4.in $(AT_FILES) $(TESTSUITE) \ test-skel-0.c \ - tests.h + tests.h \ + xattr-0 AM_CPPFLAGS = -I$(top_srcdir) $(SANDBOX_DEFINES)
[gentoo-commits] proj/sandbox:master commit in: tests/
commit: 9cdd208c660ac8c01f43bbcffaf9c786c31be59b Author: Mike Frysinger gentoo org> AuthorDate: Fri Oct 22 04:53:43 2021 + Commit: Mike Frysinger gentoo org> CommitDate: Fri Oct 22 04:53:43 2021 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=9cdd208c tests: add missing xattr-0 program Needed for new xattr tests. Signed-off-by: Mike Frysinger gentoo.org> tests/xattr-0 | 7 +++ 1 file changed, 7 insertions(+) diff --git a/tests/xattr-0 b/tests/xattr-0 new file mode 100755 index 000..5504443 --- /dev/null +++ b/tests/xattr-0 @@ -0,0 +1,7 @@ +#!/bin/sh +# Make sure the filesystem supports xattrs. +file=".test.xattrs" +touch "${file}" +setxattr-0 0 "${file}" user.sandbox test 4 0 && ret=0 || ret=77 +rm -f "${file}" +exit "${ret}"
[gentoo-commits] proj/sandbox:master commit in: tests/
commit: be55fcb37786f6d29ac3db0c9c98bad5b1de5d94 Author: Mike Frysinger gentoo org> AuthorDate: Fri Oct 22 02:38:12 2021 + Commit: Mike Frysinger gentoo org> CommitDate: Fri Oct 22 04:15:04 2021 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=be55fcb3 libsandbox: add renameat2 wrapper It's basically renameat at this point as we don't care about the flags. Signed-off-by: Mike Frysinger gentoo.org> tests/renameat2-2.sh | 12 tests/renameat2-3.sh | 11 +++ 2 files changed, 23 insertions(+) diff --git a/tests/renameat2-2.sh b/tests/renameat2-2.sh new file mode 100755 index 000..420b36d --- /dev/null +++ b/tests/renameat2-2.sh @@ -0,0 +1,12 @@ +#!/bin/sh +# make sure we can clobber symlinks #612202 + +addwrite $PWD + +ln -s /asdf sym || exit 1 +touch file +renameat2-0 0 AT_FDCWD file AT_FDCWD sym || exit 1 +[ ! -e file ] +[ ! -L sym ] +[ -e sym ] +test ! -s "${SANDBOX_LOG}" diff --git a/tests/renameat2-3.sh b/tests/renameat2-3.sh new file mode 100755 index 000..ca945a5 --- /dev/null +++ b/tests/renameat2-3.sh @@ -0,0 +1,11 @@ +#!/bin/sh +# make sure we reject bad renames #612202 + +addwrite $PWD +mkdir deny +adddeny $PWD/deny + +touch file +renameat2-0 -1,EACCES AT_FDCWD file AT_FDCWD deny/file || exit 1 +[ -e file ] +test -s "${SANDBOX_LOG}"
[gentoo-commits] proj/sandbox:master commit in: tests/, libsbutil/, libsandbox/
commit: b79b3a4be4d18a551831a680fbf73c6af169e0d9 Author: Mike Frysinger gentoo org> AuthorDate: Thu Oct 21 07:41:44 2021 + Commit: Mike Frysinger gentoo org> CommitDate: Thu Oct 21 07:41:44 2021 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=b79b3a4b tests: add a convenience build target This makes it easy to quickly compile all the tools without actually running the testsuite. Signed-off-by: Mike Frysinger gentoo.org> libsandbox/Makefile | 2 +- libsbutil/Makefile | 2 +- tests/Makefile.am | 3 +++ 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/libsandbox/Makefile b/libsandbox/Makefile index ab08445..2db82ff 100644 --- a/libsandbox/Makefile +++ b/libsandbox/Makefile @@ -1,4 +1,4 @@ # Helper for developers. -all libsandbox: libsandbox/libsandbox.la ; +all libsandbox libsandbox.la: libsandbox/libsandbox.la ; clean: ; rm -f *.o *.l[ao] .libs/* %: ; $(MAKE) -C .. $@ diff --git a/libsbutil/Makefile b/libsbutil/Makefile index 608bccf..f5638c7 100644 --- a/libsbutil/Makefile +++ b/libsbutil/Makefile @@ -1,4 +1,4 @@ # Helper for developers. -all libsbutil: libsbutil/libsbutil.la ; +all libsbutil libsbutil.la: libsbutil/libsbutil.la ; clean: ; rm -f *.o *.l[ao] .libs/* %: ; $(MAKE) -C .. $@ diff --git a/tests/Makefile.am b/tests/Makefile.am index 52746ee..c899603 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -104,6 +104,9 @@ endif TESTSUITEFLAGS = --jobs=`getconf _NPROCESSORS_ONLN || echo 1` +# Helper target for devs to precompile. +tests: $(check_PROGRAMS) + check-local: atconfig atlocal $(TESTSUITE) $(SHELL) '$(TESTSUITE)' AUTOTEST_PATH='src:tests' $(TESTSUITEFLAGS)
[gentoo-commits] proj/sandbox:master commit in: tests/
commit: ac981df3077edde8bfc95dc54d8a82943986042f Author: Mike Frysinger gentoo org> AuthorDate: Thu Oct 21 02:40:59 2021 + Commit: Mike Frysinger gentoo org> CommitDate: Thu Oct 21 02:40:59 2021 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=ac981df3 tests: handle fd leakage from GNU make jobservers Current versions of GNU make (at least v4.3) seem to be leaking its jobserver fds to children which breaks some tests that expect fd 3 and higher to be free. Add some startup logic to clean those to fix `make -j check` failures. Signed-off-by: Mike Frysinger gentoo.org> tests/atlocal.in | 18 ++ tests/script-1.sh | 5 - 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/tests/atlocal.in b/tests/atlocal.in index 91b41b2..e8213c0 100644 --- a/tests/atlocal.in +++ b/tests/atlocal.in @@ -24,5 +24,23 @@ export SANDBOX_VERBOSE=0 # If the terminal has this flag set, the tests get all messed up. stty -tostop 2>/dev/null || : +# Some tests want this internal path. +for devfd in /proc/self/fd /dev/fd ; do + [ -e "${devfd}" ] && break +done + +# GNU make likes to leak fds when using jobservers (i.e. using -j). +case "${MAKEFLAGS}" in +*--jobserver-auth=*) + flags=${MAKEFLAGS#*--jobserver-auth=} + flags=${flags%% *} + for fd in $(echo "${flags}" | tr ',' ' ') ; do + if [ -e "${devfd}/${fd}" ] ; then + eval "exec ${fd}>&-" + fi + done + ;; +esac + # This script must finish with ($? == 0) else the autotest runner gets upset. : diff --git a/tests/script-1.sh b/tests/script-1.sh index 3ac6252..8b18114 100755 --- a/tests/script-1.sh +++ b/tests/script-1.sh @@ -1,5 +1,8 @@ #!/bin/sh # http://bugs.gentoo.org/257418 [ "${at_xfail}" = "yes" ] && exit 77 # see script-0 -(>/dev/fd/3) +( +cd "${devfd}" +>3 +) exit 0
[gentoo-commits] proj/sandbox:master commit in: tests/
commit: 422e3666f6118448062defccab99af6c9b40d5d0 Author: Mike Frysinger gentoo org> AuthorDate: Mon Oct 18 04:36:04 2021 + Commit: Mike Frysinger gentoo org> CommitDate: Mon Oct 18 04:36:04 2021 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=422e3666 tests: add missing +x on scripts Signed-off-by: Mike Frysinger gentoo.org> tests/script-14.sh | 0 tests/script-15.sh | 0 2 files changed, 0 insertions(+), 0 deletions(-) diff --git a/tests/script-14.sh b/tests/script-14.sh old mode 100644 new mode 100755 diff --git a/tests/script-15.sh b/tests/script-15.sh old mode 100644 new mode 100755
[gentoo-commits] proj/sandbox:master commit in: tests/, /
commit: 7962de6a71a4f8c99df1ad448a455c96ee4c33b3 Author: Michał Górny gentoo org> AuthorDate: Thu Mar 11 08:45:52 2021 + Commit: Michał Górny gentoo org> CommitDate: Thu Mar 11 08:55:49 2021 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=7962de6a Fix detecting libsigsegv Apparently the hack to pretend that libsigsegv's headers do not exist does not work anymore. Fix the test to actually respect library check status instead. Signed-off-by: Michał Górny gentoo.org> configure.ac | 1 - tests/Makefile.am | 2 ++ tests/libsigsegv_tst.c | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index d0f46e2..b3bc10d 100644 --- a/configure.ac +++ b/configure.ac @@ -90,7 +90,6 @@ AM_CONDITIONAL([SB_SCHIZO], [test "x$enable_schizo" != "xno"]) dnl this test fills up the stack and then triggers a segfault ... dnl but it's hard to wrap things without a stack, so let's ignore dnl this test for now ... -ac_cv_header_sigsegv_h=no ac_cv_lib_sigsegv_stackoverflow_install_handler=false dnl Checks for libraries. diff --git a/tests/Makefile.am b/tests/Makefile.am index 3baf5b1..52746ee 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -96,7 +96,9 @@ sb_printf_tst_LDADD = $(top_builddir)/libsbutil/libsbutil.la malloc_hooked_tst_LDFLAGS = $(AM_LDFLAGS) -pthread +libsigsegv_tst_CPPFLAGS = ${AM_CPPFLAGS} if HAVE_LIBSIGSEGV +libsigsegv_tst_CPPFLAGS += -DHAVE_LIBSIGSEGV libsigsegv_tst_LDADD = -lsigsegv endif diff --git a/tests/libsigsegv_tst.c b/tests/libsigsegv_tst.c index 82ed21b..2b17fa4 100644 --- a/tests/libsigsegv_tst.c +++ b/tests/libsigsegv_tst.c @@ -11,7 +11,7 @@ #define WRITE(msg) ({ ssize_t w = write(1, msg, sizeof(msg) - 1); w; }) -#ifdef HAVE_SIGSEGV_H +#if defined(HAVE_SIGSEGV_H) && defined(HAVE_LIBSIGSEGV) #include static int segv_handler(void *address, int serious)
[gentoo-commits] proj/sandbox:master commit in: tests/
commit: 818d14f59a5bcf3cc9e8e88a993abc5605ed0b26 Author: Sergei Trofimovich gentoo org> AuthorDate: Sun May 31 09:55:41 2020 + Commit: Michał Górny gentoo org> CommitDate: Sun May 31 10:31:10 2020 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=818d14f5 tests/script-16.sh: mark as passing only for native ABI All scripts assume that ran tools matck tested sandbox's ABI. Most scripts have a guard against ABI check, but script-16 was missing it. It's afollow-up commit to 24fd102c9976 ("check_syscall(): turn internal sandbox violation into denywrite") Reported-by: Michał Górny Signed-off-by: Sergei Trofimovich gentoo.org> Closes: https://bugs.gentoo.org/590084 Signed-off-by: Michał Górny gentoo.org> tests/script-16.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/script-16.sh b/tests/script-16.sh index c668cfa..1622694 100755 --- a/tests/script-16.sh +++ b/tests/script-16.sh @@ -1,5 +1,6 @@ #!/bin/sh - +# http://bugs.gentoo.org/139591 +[ "${at_xfail}" = "yes" ] && exit 77 # see script-0 addwrite $PWD mkdir -p to-be/deleted
[gentoo-commits] proj/sandbox:master commit in: tests/
commit: 604927f331829f971d3a32c2e67e0ad5ce3d8ee4 Author: Sergei Trofimovich gentoo org> AuthorDate: Thu Jun 27 09:09:56 2019 + Commit: Sergei Trofimovich gentoo org> CommitDate: Thu Jun 27 09:09:56 2019 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=604927f3 tests: disable utimensat-3 on *-linux-musl x86_64-gentoo-linux-musl fails a single test: 83: utimensat/3 FAILED (utimensat.at:3) The test checks if sandbox does not crash when utimensat(, NULL, NULL, 0) is called. The behaviour is not specified by POSIX but glibc returns EINVAL for such a case. Thus the test behaves differently on varius libs. https://www.openwall.com/lists/musl/2019/06/25/1 has a conversation with musl upstream. The change restricts test down to glibc targets. Bug: https://bugs.gentoo.org/549108 Signed-off-by: Sergei Trofimovich gentoo.org> tests/atlocal.in | 1 + tests/utimensat-3.sh | 11 +++ 2 files changed, 12 insertions(+) diff --git a/tests/atlocal.in b/tests/atlocal.in index b9a631b..91b41b2 100644 --- a/tests/atlocal.in +++ b/tests/atlocal.in @@ -2,6 +2,7 @@ export abs_top_srcdir abs_top_builddir abs_srcdir abs_builddir export AWK="@AWK@" +export HOST="@host@" if ! ${at_clean} ; then export SB_UID=$(./get-user) diff --git a/tests/utimensat-3.sh b/tests/utimensat-3.sh index 4ecd4b3..a7b9843 100755 --- a/tests/utimensat-3.sh +++ b/tests/utimensat-3.sh @@ -1,6 +1,17 @@ #!/bin/sh # make sure NULL filename is handled correctly +# Note: this test is dependent on glibc internals +# other libcs chose not to validate invalid parameters: +#https://bugs.gentoo.org/549108#c28 +#https://www.openwall.com/lists/musl/2019/06/25/1 +# Run this test only on glibc systems. + +case $HOST in +*-linux-gnu);; +*) exit 77;; +esac + addwrite $PWD exec utimensat-0 -1:22 'f:O_WRONLY|O_CREAT:0666' NULL NULL 0
[gentoo-commits] proj/sandbox:master commit in: tests/
commit: 3cc39bfc6387d1f1f61dd2a8533f5dc6a6edc42c Author: Michał Górny gentoo org> AuthorDate: Mon Feb 19 05:49:45 2018 + Commit: Michał Górny gentoo org> CommitDate: Mon Feb 19 05:49:45 2018 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=3cc39bfc tests: Add a test for LD_PRELOAD non-preserving (SANDBOX_ON=0) tests/script-15.sh | 21 + tests/script.at| 1 + 2 files changed, 22 insertions(+) diff --git a/tests/script-15.sh b/tests/script-15.sh new file mode 100644 index 000..b2acddc --- /dev/null +++ b/tests/script-15.sh @@ -0,0 +1,21 @@ +#!/bin/sh +# check that sandbox stops cloberring LD_PRELOAD when it's disabled +[ "${at_xfail}" = "yes" ] && exit 77 # see script-0 + +SANDBOX_ON=0 + +# keep in sync with script-4! +checkit() { + if eval "$@" | grep -q '^LD_PRELOAD=.*libsandbox.so.*' ; then + echo "LD_PRELOAD was reset when running (w/ SANDBOX_ON=0):" + echo " $*" + exit 1 + fi +} + +checkit "env -uLD_PRELOAD env" +checkit "(unset LD_PRELOAD; env)" +checkit "env LD_PRELOAD= env" +checkit "env LD_PRELOAD=libc.so env" + +exit $? diff --git a/tests/script.at b/tests/script.at index 9134ac1..8837bda 100644 --- a/tests/script.at +++ b/tests/script.at @@ -12,3 +12,4 @@ SB_CHECK(11) SB_CHECK(12) SB_CHECK(13) SB_CHECK(14) +SB_CHECK(15)
[gentoo-commits] proj/sandbox:master commit in: tests/
commit: a0285db815b3604899453c215cce93df74066fdc Author: Mike Frysinger gentoo org> AuthorDate: Wed Feb 17 00:22:29 2016 + Commit: Mike Frysinger gentoo org> CommitDate: Wed Feb 17 00:22:29 2016 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=a0285db8 tests: add test for overriding mmap URL: http://bugs.gentoo.org/290249 Reported-by: Diego E. Pettenò gentoo.org> Signed-off-by: Mike Frysinger gentoo.org> tests/Makefile.am | 3 +++ tests/execvp-0.c| 15 +++ tests/malloc-0 | 7 +++ tests/malloc-1.sh | 4 tests/malloc.at | 1 + tests/malloc_mmap_tst.c | 26 ++ 6 files changed, 56 insertions(+) diff --git a/tests/Makefile.am b/tests/Makefile.am index 3627344..943ce3b 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -18,6 +18,7 @@ check_PROGRAMS = \ chown-0 \ creat-0 \ creat64-0 \ + execvp-0 \ faccessat-0 \ fchmodat-0 \ fchownat-0 \ @@ -72,6 +73,7 @@ check_PROGRAMS = \ \ getcwd-gnulib_tst \ libsigsegv_tst \ + malloc_mmap_tst \ pipe-fork_tst \ pipe-fork_static_tst \ sb_printf_tst \ @@ -81,6 +83,7 @@ check_PROGRAMS = \ dist_check_SCRIPTS = \ $(wildcard $(srcdir)/*-[0-9]*.sh) \ + malloc-0 \ script-0 \ trace-0 diff --git a/tests/execvp-0.c b/tests/execvp-0.c new file mode 100644 index 000..6cfce13 --- /dev/null +++ b/tests/execvp-0.c @@ -0,0 +1,15 @@ +/* + * A simple wrapper for execvp. Useful when most host programs don't match + * the ABI of the active libsandbox.so (e.g. 64bit vs 32bit). + */ + +#include "tests.h" + +int main(int argc, char *argv[]) +{ + if (argc < 2) { + printf("usage: execvp [argv0 [argvN] ...]\n"); + return 0; + } + return execvp(argv[1], argv + 2); +} diff --git a/tests/malloc-0 b/tests/malloc-0 new file mode 100755 index 000..9a4190b --- /dev/null +++ b/tests/malloc-0 @@ -0,0 +1,7 @@ +#!/bin/sh +# make sure `timeout` is available. +if timeout --help >/dev/null ; then + exit 0 +else + exit 77 +fi diff --git a/tests/malloc-1.sh b/tests/malloc-1.sh new file mode 100755 index 000..2b5623d --- /dev/null +++ b/tests/malloc-1.sh @@ -0,0 +1,4 @@ +#!/bin/sh +# Since the malloc binary is in the target ABI, make sure the exec is +# launched from the same ABI so the same libsandbox.so is used. +timeout -s KILL 10 execvp-0 malloc_mmap_tst malloc_mmap_tst diff --git a/tests/malloc.at b/tests/malloc.at new file mode 100644 index 000..081d7d2 --- /dev/null +++ b/tests/malloc.at @@ -0,0 +1 @@ +SB_CHECK(1) diff --git a/tests/malloc_mmap_tst.c b/tests/malloc_mmap_tst.c new file mode 100644 index 000..a1a15e1 --- /dev/null +++ b/tests/malloc_mmap_tst.c @@ -0,0 +1,26 @@ +/* Make sure programs that override mmap don't mess us up. #290249 */ + +#include "headers.h" + +/* A few basic stubs that do nothing. */ +void *mmap(void *addr, size_t length, int prot, int flags, int fd, off_t offset) +{ + errno = ENOMEM; + return MAP_FAILED; +} +int munmap(void *addr, size_t length) +{ + errno = ENOMEM; + return -1; +} + +int main(int argc, char *argv[]) +{ + /* Don't loop forever. */ + alarm(10); + + /* Make sure we do an operation to trigger the sandbox. */ + open("/dev/null", 0); + + return 0; +}
[gentoo-commits] proj/sandbox:master commit in: tests/
commit: e10203aa97bae3060606a9115cd42aaf0c5e0bd9 Author: Mike Frysinger gentoo org> AuthorDate: Tue Mar 29 09:22:56 2016 + Commit: Mike Frysinger gentoo org> CommitDate: Tue Mar 29 09:22:56 2016 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=e10203aa tests: make all shell scripts executable Signed-off-by: Mike Frysinger gentoo.org> tests/mkdtemp-1.sh | 0 tests/mkostemp-1.sh| 0 tests/mkostemp64-1.sh | 0 tests/mkostemps-1.sh | 0 tests/mkostemps64-1.sh | 0 tests/mkstemp-1.sh | 0 tests/mkstemp64-1.sh | 0 tests/mkstemps-1.sh| 0 tests/mkstemps64-1.sh | 0 9 files changed, 0 insertions(+), 0 deletions(-) diff --git a/tests/mkdtemp-1.sh b/tests/mkdtemp-1.sh old mode 100644 new mode 100755 diff --git a/tests/mkostemp-1.sh b/tests/mkostemp-1.sh old mode 100644 new mode 100755 diff --git a/tests/mkostemp64-1.sh b/tests/mkostemp64-1.sh old mode 100644 new mode 100755 diff --git a/tests/mkostemps-1.sh b/tests/mkostemps-1.sh old mode 100644 new mode 100755 diff --git a/tests/mkostemps64-1.sh b/tests/mkostemps64-1.sh old mode 100644 new mode 100755 diff --git a/tests/mkstemp-1.sh b/tests/mkstemp-1.sh old mode 100644 new mode 100755 diff --git a/tests/mkstemp64-1.sh b/tests/mkstemp64-1.sh old mode 100644 new mode 100755 diff --git a/tests/mkstemps-1.sh b/tests/mkstemps-1.sh old mode 100644 new mode 100755 diff --git a/tests/mkstemps64-1.sh b/tests/mkstemps64-1.sh old mode 100644 new mode 100755
[gentoo-commits] proj/sandbox:master commit in: tests/
commit: 4f000d9c228474b6e34c9ce9e84bcce781271914 Author: Mike Frysinger gentoo org> AuthorDate: Sun Dec 20 21:32:26 2015 + Commit: Mike Frysinger gentoo org> CommitDate: Sun Dec 20 21:32:26 2015 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=4f000d9c tests: check errno with more static tests This verifies the error code setting with ptrace logic -- if the ptrace code is broken, the errno will often be ENOSYS instead of EPERM. Signed-off-by: Mike Frysinger gentoo.org> tests/open_static-1.sh | 2 +- tests/openat_static-1.sh | 2 +- tests/unlink_static-1.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/open_static-1.sh b/tests/open_static-1.sh index faf91d0..e815b57 100755 --- a/tests/open_static-1.sh +++ b/tests/open_static-1.sh @@ -8,5 +8,5 @@ open_static-0 3 ok O_RDONLY 0666 || exit 1 mkdir deny || exit 1 adddeny $PWD/deny -open_static-0 -1 deny/not-ok "O_WRONLY|O_CREAT" 0666 +open_static-0 -1,EPERM deny/not-ok "O_WRONLY|O_CREAT" 0666 || exit 1 test -e sandbox.log diff --git a/tests/openat_static-1.sh b/tests/openat_static-1.sh index 929fc51..a4d1b90 100755 --- a/tests/openat_static-1.sh +++ b/tests/openat_static-1.sh @@ -8,5 +8,5 @@ openat_static-0 3 AT_FDCWD ok O_RDONLY 0666 || exit 1 mkdir deny || exit 1 adddeny $PWD/deny -openat_static-0 -1 AT_FDCWD deny/not-ok "O_WRONLY|O_CREAT" 0666 +openat_static-0 -1,EPERM AT_FDCWD deny/not-ok "O_WRONLY|O_CREAT" 0666 || exit 1 test -e sandbox.log diff --git a/tests/unlink_static-1.sh b/tests/unlink_static-1.sh index 9585862..2281a98 100755 --- a/tests/unlink_static-1.sh +++ b/tests/unlink_static-1.sh @@ -5,5 +5,5 @@ touch f test -e f || exit 1 adddeny "${PWD}" -unlink_static-0 -1,EPERM f +unlink_static-0 -1,EPERM f || exit 1 test -e sandbox.log -a -e f
[gentoo-commits] proj/sandbox:master commit in: tests/
commit: 6b0db7d9abfded8bdf8c7d061b261f053eec886d Author: Mike Frysinger gentoo org> AuthorDate: Mon Sep 28 20:00:17 2015 + Commit: Mike Frysinger gentoo org> CommitDate: Mon Sep 28 20:00:17 2015 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=6b0db7d9 tests: add basic parsing of timespec fields Signed-off-by: Mike Frysinger gentoo.org> tests/test-skel-0.c | 23 ++- tests/tests.h | 3 +++ tests/utimensat-0.c | 2 +- 3 files changed, 26 insertions(+), 2 deletions(-) diff --git a/tests/test-skel-0.c b/tests/test-skel-0.c index dbe60db..96e42ae 100644 --- a/tests/test-skel-0.c +++ b/tests/test-skel-0.c @@ -9,7 +9,6 @@ const char *color_red= "\033[31;01m"; # define CONFIG 1 #endif -#define V_TIMESPEC "NULL" #define V_STRMODE "[+bcemx] (see `man 3 fopen`)" static bool _strtoul(const char *sul, unsigned long *ul) @@ -132,6 +131,28 @@ int at_get_fd(const char *str_dirfd) return open(str_path, f_get_flags(str_flags), sscanf_mode_t(str_mode)); } +#define V_TIMESPEC "NULL | NOW | #[,#]" +struct timespec *parse_timespec(const char *s) +{ + struct timespec *times; + + if (!strcmp(s, "NULL")) + return NULL; + + times = xzalloc(sizeof(*times)); + + if (!strcmp(s, "NOW")) { + times->tv_sec = time(0); + } else { + long sec = 0, nsec = 0; + sscanf(s, "%li,%li", , ); + times->tv_sec = sec; + times->tv_nsec = nsec; + } + + return times; +} + #define V_ACCESS_MODE "r | w | x | f" int access_mode(const char *s) { diff --git a/tests/tests.h b/tests/tests.h index 51dc68a..22733ca 100644 --- a/tests/tests.h +++ b/tests/tests.h @@ -10,6 +10,9 @@ #define err(fmt, args...) ({ _stderr_msg(fmt, ##args); exit(1); }) #define errp(fmt, args...) ({ _stderr_pmsg(fmt, ##args); exit(1); }) +#define xmalloc(size) ({ void *ret = malloc(size); assert(ret); ret; }) +#define xzalloc(size) ({ void *ret = xmalloc(size); memset(ret, 0, size); ret; }) + typedef struct { const char *name; int val; diff --git a/tests/utimensat-0.c b/tests/utimensat-0.c index 431d179..99c3fa4 100644 --- a/tests/utimensat-0.c +++ b/tests/utimensat-0.c @@ -14,7 +14,7 @@ const char *file = f_get_file(s); \ \ s = argv[i++]; \ - const struct timespec *times = NULL; \ + const struct timespec *times = parse_timespec(s); \ \ s = argv[i++]; \ int flags = at_get_flags(s);
[gentoo-commits] proj/sandbox:master commit in: tests/, libsandbox/
commit: 4377a68df2a20cda06aadb58c179ce2e8d78f7cd Author: Mike Frysinger gentoo org> AuthorDate: Mon Sep 28 20:01:33 2015 + Commit: Mike Frysinger gentoo org> CommitDate: Mon Sep 28 20:01:33 2015 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=4377a68d libsandbox: do not unnecessarily dereference symlinks When the target uses a func that operates on a symlink, we should not dereference that symlink when trying to validate the call. It's both a waste of time and it subtly breaks code that checks atime updates. The act of reading symlinks is enough to cause their atime to change. URL: https://bugs.gentoo.org/415475 Reported-by: Marien Zwart gentoo.org> Signed-off-by: Mike Frysinger gentoo.org> libsandbox/libsandbox.c | 15 --- tests/utimensat-4.sh| 30 ++ tests/utimensat.at | 1 + 3 files changed, 43 insertions(+), 3 deletions(-) diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c index 1d9fa04..2bcff95 100644 --- a/libsandbox/libsandbox.c +++ b/libsandbox/libsandbox.c @@ -909,7 +909,14 @@ static int check_syscall(sbcontext_t *sbcontext, int sb_nr, const char *func, bool access, debug, verbose, set; absolute_path = resolve_path(file, 0); - resolved_path = resolve_path(file, 1); + /* Do not bother dereferencing symlinks when we are using a function that +* itself does not dereference. This speeds things up and avoids updating +* the atime implicitly. #415475 +*/ + if (symlink_func(sb_nr, flags, absolute_path)) + resolved_path = absolute_path; + else + resolved_path = resolve_path(file, 1); if (!absolute_path || !resolved_path) goto error; sb_debug_dyn("absolute_path: %s\n", absolute_path); @@ -955,7 +962,8 @@ static int check_syscall(sbcontext_t *sbcontext, int sb_nr, const char *func, } free(absolute_path); - free(resolved_path); + if (absolute_path != resolved_path) + free(resolved_path); errno = old_errno; @@ -967,7 +975,8 @@ static int check_syscall(sbcontext_t *sbcontext, int sb_nr, const char *func, */ if (errno_is_too_long()) { free(absolute_path); - free(resolved_path); + if (absolute_path != resolved_path) + free(resolved_path); return 2; } diff --git a/tests/utimensat-4.sh b/tests/utimensat-4.sh new file mode 100755 index 000..731c7d1 --- /dev/null +++ b/tests/utimensat-4.sh @@ -0,0 +1,30 @@ +#!/bin/sh +# make sure we don't accidentally trip atime updates on files +# through symlinks #415475 +[ "${at_xfail}" = "yes" ] && exit 77 # see script-0 + +# We assume $PWD supports atimes, and the granularity is more than 1 second. +# If it doesn't, this test will still pass, but not really because the code +# was proven to be correct. + +# XXX: Maybe we need to add our own stat shim to avoid portability issues ? +get_atime() { + # This shows the full atime field (secs, msecs, nsecs). + stat -c %x "$1" +} + +# Create a symlink. +sym="sym" +ln -s atime "${sym}" + +# Get the state before we test it. +before=$(get_atime "${sym}") + +# A quick sleep of a few msecs. +sleep 0.1 + +# See if the atime changes -- it should not. +utimensat-0 -1,EINVAL AT_FDCWD "${sym}" -1,-1 AT_SYMLINK_NOFOLLOW || exit 1 +after=$(get_atime "${sym}") + +[ "${after}" = "${before}" ] diff --git a/tests/utimensat.at b/tests/utimensat.at index eec4638..1909650 100644 --- a/tests/utimensat.at +++ b/tests/utimensat.at @@ -1,3 +1,4 @@ SB_CHECK(1) SB_CHECK(2) SB_CHECK(3) +SB_CHECK(4)
[gentoo-commits] proj/sandbox:master commit in: tests/
commit: 314587590c5ab7204171606cadac52933a49f89d Author: Mike Frysinger gentoo org> AuthorDate: Sun Sep 20 23:23:10 2015 + Commit: Mike Frysinger gentoo org> CommitDate: Sun Sep 20 23:23:10 2015 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=31458759 tests: avoid overflowing exit codes Signed-off-by: Mike Frysinger gentoo.org> tests/script-8.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/script-8.sh b/tests/script-8.sh index 685d5d3..6d9de55 100755 --- a/tests/script-8.sh +++ b/tests/script-8.sh @@ -10,4 +10,4 @@ sigsuspend-zsh_static_tst s=$? echo "ret = $s" -exit $(( d + s )) +exit $(( d | s ))
[gentoo-commits] proj/sandbox:master commit in: tests/, libsbutil/
commit: 13a9a7d17d80b9dae0543e54167d4bca7656e48b Author: Mike Frysinger gentoo org> AuthorDate: Sun Mar 3 10:38:43 2013 + Commit: Mike Frysinger gentoo org> CommitDate: Sun Mar 3 10:38:43 2013 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=13a9a7d1 sandbox: use a non-shell var for the message path By allowing the SANDBOX_MESSAGE_PATH var to be stored in the shell environment and then modified on the fly, we run into a fun edge case with the PM. When a phase has finished running, it saves the current environment. When the next phase runs, it loads the env from the previous run. Since the message path var can contain a pid, the previous run will no longer be valid. Since we want this to simply be a way for the active sandbox to pass information to the active libsandbox.so's, there's no need to use an env var that the shell can save/reload. As such, use a variable name that the shell will skip. Non-shell programs have no problem with this. Signed-off-by: Mike Frysinger gentoo.org> libsbutil/sbutil.h | 2 +- tests/script-10.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/libsbutil/sbutil.h b/libsbutil/sbutil.h index 479734b..c76465f 100644 --- a/libsbutil/sbutil.h +++ b/libsbutil/sbutil.h @@ -46,7 +46,7 @@ #define ENV_SANDBOX_BASHRC "SANDBOX_BASHRC" #define ENV_SANDBOX_LOG"SANDBOX_LOG" #define ENV_SANDBOX_DEBUG_LOG "SANDBOX_DEBUG_LOG" -#define ENV_SANDBOX_MESSAGE_PATH "SANDBOX_MESSAGE_PATH" +#define ENV_SANDBOX_MESSAGE_PATH "SANDBOX_MESSAGE_P@TH" /* @ is not a typo */ #define ENV_SANDBOX_WORKDIR"SANDBOX_WORKDIR" #define ENV_SANDBOX_DENY "SANDBOX_DENY" diff --git a/tests/script-10.sh b/tests/script-10.sh index 801730e..aa62b01 100755 --- a/tests/script-10.sh +++ b/tests/script-10.sh @@ -5,7 +5,7 @@ ret=0 out=$(env -i env) -for var in LOG DEBUG_LOG MESSAGE_PATH DENY READ WRITE PREDICT ON ACTIVE ; do +for var in LOG DEBUG_LOG MESSAGE_P@TH DENY READ WRITE PREDICT ON ACTIVE ; do var="SANDBOX_${var}" oval=$(env | grep "^${var}=" | sed 's:^[^=]*=::')
[gentoo-commits] proj/sandbox:master commit in: tests/
commit: 3559ba4b30934da041801f1a150fd28d2d64002c Author: Mike Frysinger gentoo org> AuthorDate: Fri Sep 11 06:47:17 2015 + Commit: Mike Frysinger gentoo org> CommitDate: Fri Sep 11 06:47:17 2015 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=3559ba4b tests: make sure we ignore stty exit status If the stty step fails (for any reason really), the main testrunner will abort with a weird error message: $ make check ... /bin/sh './testsuite' AUTOTEST_PATH='src:tests' --jobs=`getconf _NPROCESSORS_ONLN || echo 1` testsuite: error: invalid content: atlocal ... Make sure we ignore stty's exit status, and we put a final comment/$? reset at the end of the script. Signed-off-by: Mike Frysinger gentoo.org> tests/atlocal.in | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tests/atlocal.in b/tests/atlocal.in index 8435f61..b9a631b 100644 --- a/tests/atlocal.in +++ b/tests/atlocal.in @@ -21,4 +21,7 @@ fi export SANDBOX_VERBOSE=0 # If the terminal has this flag set, the tests get all messed up. -stty -tostop 2>/dev/null +stty -tostop 2>/dev/null || : + +# This script must finish with ($? == 0) else the autotest runner gets upset. +:
[gentoo-commits] proj/sandbox:master commit in: tests/
commit: 441c11d5c5f628d2be20972b023d908bf6c39fc8 Author: Mike Frysinger gentoo org> AuthorDate: Fri Sep 11 07:10:51 2015 + Commit: Mike Frysinger gentoo org> CommitDate: Fri Sep 11 07:10:51 2015 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=441c11d5 tests: add dynamic/static categories This way we can quickly execute the tests that run dynamic or static binaries. We leave scripts out as they're a bit of a special case. Signed-off-by: Mike Frysinger gentoo.org> tests/local.at | 4 1 file changed, 4 insertions(+) diff --git a/tests/local.at b/tests/local.at index f937ff1..95db774 100644 --- a/tests/local.at +++ b/tests/local.at @@ -17,6 +17,10 @@ m4_defun([AT_SB_CHECK],[AT_CHECK([SB_RUN $1],[$2],[$3],[$4],[$5],[$6])]) m4_defun([SB_CHECK],[dnl AT_SETUP([SB_SECTION/$1]) AT_KEYWORDS([SB_SECTION]) +m4_bmatch(SB_SECTION, + [_static$], [AT_KEYWORDS([static])], + [^script$], [], + [AT_KEYWORDS([dynamic])]) AT_XFAIL_IF([( ]SB_SECTION[-0 >/dev/null ; test $? -eq 77 && exit 0 if expr ]SB_SECTION[ : .*_static >/dev/null ; then