[CRIU] [PATCH 2/2] test: security: test that non-root can't restore images with wrong ids or mode
Ruslan Kuprieiev
kupruser at gmail.com
Sat Sep 13 03:12:36 PDT 2014
Signed-off-by: Ruslan Kuprieiev <kupruser at gmail.com>
---
test/security/run.sh | 34 ++++++++++++++++++++++++++++++++++
1 file changed, 34 insertions(+)
diff --git a/test/security/run.sh b/test/security/run.sh
index a159918..f96c767 100755
--- a/test/security/run.sh
+++ b/test/security/run.sh
@@ -30,6 +30,7 @@ function result {
if [ $1 -ne 0 ]; then
echo -e "${BGRED}FAIL${NORMAL}"
+ exit 1
else
echo -e "${BGGREEN}PASS${NORMAL}"
fi
@@ -75,6 +76,39 @@ function test_own {
kill -SIGKILL ${PID}
}
+function test_non_root_imgs {
+ echo "==== Check that user1 can't restore images that are not owned by root ===="
+
+ run_as ${USR1}
+
+ dump_as ${USR1} ; result $(($?))
+
+ chown -R ${USR1} ${IMGS}
+
+ rstr_as ${USR1} ; result $((!$?))
+
+ rstr_as ${ROOT} ; result $(($?))
+
+ kill -SIGKILL ${PID}
+}
+
+function test_changed_mode_imgs {
+ echo "==== Check that user1 can't restore images with changed mode ===="
+
+ run_as ${USR1}
+
+ dump_as ${USR1} ; result $(($?))
+
+ chmod -R 666 ${IMGS}
+
+ rstr_as ${USR1} ; result $((!$?))
+
+ rstr_as ${ROOT} ; result $(($?))
+
+ kill -SIGKILL ${PID}
+}
+
test_root
test_other
test_own
+test_non_root_imgs
--
1.9.3
More information about the CRIU
mailing list