[CRIU] [PATCH 2/2] test: security: test that non-root can't restore images with wrong ids or mode

Ruslan Kuprieiev kupruser at gmail.com
Sat Sep 13 03:12:36 PDT 2014


Signed-off-by: Ruslan Kuprieiev <kupruser at gmail.com>
---
 test/security/run.sh | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/test/security/run.sh b/test/security/run.sh
index a159918..f96c767 100755
--- a/test/security/run.sh
+++ b/test/security/run.sh
@@ -30,6 +30,7 @@ function result {
 
 	if [ $1 -ne 0 ]; then
 		echo -e "${BGRED}FAIL${NORMAL}"
+		exit 1
 	else
 		echo -e "${BGGREEN}PASS${NORMAL}"
 	fi
@@ -75,6 +76,39 @@ function test_own {
 	kill -SIGKILL ${PID}
 }
 
+function test_non_root_imgs {
+	echo "==== Check that user1 can't restore images that are not owned by root ===="
+
+	run_as ${USR1}
+
+	dump_as ${USR1} ; result $(($?))
+
+	chown -R ${USR1} ${IMGS}
+
+	rstr_as ${USR1} ; result $((!$?))
+
+	rstr_as ${ROOT} ; result $(($?))
+
+	kill -SIGKILL ${PID}
+}
+
+function test_changed_mode_imgs {
+	echo "==== Check that user1 can't restore images with changed mode ===="
+
+	run_as ${USR1}
+
+	dump_as ${USR1} ; result $(($?))
+
+	chmod -R 666 ${IMGS}
+
+	rstr_as ${USR1} ; result $((!$?))
+
+	rstr_as ${ROOT} ; result $(($?))
+
+	kill -SIGKILL ${PID}
+}
+
 test_root
 test_other
 test_own
+test_non_root_imgs
-- 
1.9.3



More information about the CRIU mailing list