diff options
author | Simon McVittie <smcv@collabora.com> | 2019-07-03 13:42:07 +0000 |
---|---|---|
committer | Simon McVittie <smcv@collabora.com> | 2019-07-03 13:42:07 +0000 |
commit | f73b40b88355eb895fb0654c85938b3e0925ca98 (patch) | |
tree | d3c5072d4a9d319eb0406c7a7178ae500139ab5d | |
parent | b8912cf770410a3b3ea183cd03de950a8f0d5991 (diff) | |
parent | 8421d887aa696c0ddcf4a8dc8ac8a7886dc2b42a (diff) |
Merge branch 'pass-tests-if-root' into 'master'
Fix test failures when running as root
See merge request dbus/dbus!117
-rw-r--r-- | bus/audit.c | 9 | ||||
-rw-r--r-- | test/bus/dispatch-sha1.c | 3 | ||||
-rw-r--r-- | test/bus/dispatch.c | 3 | ||||
-rw-r--r-- | test/bus/main.c | 3 | ||||
-rw-r--r-- | test/dbus-daemon.c | 2 | ||||
-rw-r--r-- | test/test-utils-glib.c | 36 | ||||
-rw-r--r-- | test/test-utils-glib.h | 9 |
7 files changed, 61 insertions, 4 deletions
diff --git a/bus/audit.c b/bus/audit.c index 91f2c5cf..9bfe456a 100644 --- a/bus/audit.c +++ b/bus/audit.c @@ -54,6 +54,9 @@ bus_audit_init (BusContext *context) #ifdef HAVE_LIBAUDIT int i; + if (audit_fd >= 0) + return; + capng_get_caps_process (); /* Work around a bug in libcap-ng < 0.7.7: it leaks a fd, which isn't @@ -105,7 +108,11 @@ void bus_audit_shutdown (void) { #ifdef HAVE_LIBAUDIT - audit_close (audit_fd); + if (audit_fd >= 0) + { + audit_close (audit_fd); + audit_fd = -1; + } #endif /* HAVE_LIBAUDIT */ } diff --git a/test/bus/dispatch-sha1.c b/test/bus/dispatch-sha1.c index 36430012..a32508bc 100644 --- a/test/bus/dispatch-sha1.c +++ b/test/bus/dispatch-sha1.c @@ -27,6 +27,7 @@ #include <dbus/dbus-test-tap.h> +#include "bus/audit.h" #include "bus/selinux.h" #include "test/test-utils.h" @@ -44,6 +45,8 @@ test_post_hook (void) { if (_dbus_getenv ("DBUS_TEST_SELINUX")) bus_selinux_shutdown (); + + bus_audit_shutdown (); } static DBusTestCase test = { "dispatch-sha1", bus_dispatch_sha1_test }; diff --git a/test/bus/dispatch.c b/test/bus/dispatch.c index 52bf363d..ad6718fe 100644 --- a/test/bus/dispatch.c +++ b/test/bus/dispatch.c @@ -27,6 +27,7 @@ #include <dbus/dbus-test-tap.h> +#include "bus/audit.h" #include "bus/selinux.h" #include "test/test-utils.h" @@ -44,6 +45,8 @@ test_post_hook (void) { if (_dbus_getenv ("DBUS_TEST_SELINUX")) bus_selinux_shutdown (); + + bus_audit_shutdown (); } static DBusTestCase test = { "dispatch", bus_dispatch_test }; diff --git a/test/bus/main.c b/test/bus/main.c index 77065430..445e9269 100644 --- a/test/bus/main.c +++ b/test/bus/main.c @@ -28,6 +28,7 @@ #include <dbus/dbus-test-tap.h> +#include "bus/audit.h" #include "bus/selinux.h" #include "test/test-utils.h" @@ -45,6 +46,8 @@ test_post_hook (void) { if (_dbus_getenv ("DBUS_TEST_SELINUX")) bus_selinux_shutdown (); + + bus_audit_shutdown (); } static DBusTestCase tests[] = diff --git a/test/dbus-daemon.c b/test/dbus-daemon.c index 66447955..e8bdace3 100644 --- a/test/dbus-daemon.c +++ b/test/dbus-daemon.c @@ -2653,7 +2653,7 @@ static Config as_another_user_config = { NULL, 1, "valid-config-files/as-another-user.conf", /* We start the dbus-daemon as root and drop privileges, like the * real system bus does */ - TEST_USER_ROOT, SPECIFY_ADDRESS + TEST_USER_ROOT_DROP_TO_MESSAGEBUS, SPECIFY_ADDRESS }; #ifdef ENABLE_TRADITIONAL_ACTIVATION diff --git a/test/test-utils-glib.c b/test/test-utils-glib.c index 083c9bfc..cac62e35 100644 --- a/test/test-utils-glib.c +++ b/test/test-utils-glib.c @@ -126,6 +126,7 @@ spawn_dbus_daemon (const gchar *binary, case TEST_USER_ROOT: break; + case TEST_USER_ROOT_DROP_TO_MESSAGEBUS: case TEST_USER_MESSAGEBUS: pwd = getpwnam (DBUS_USER); @@ -139,6 +140,13 @@ spawn_dbus_daemon (const gchar *binary, return NULL; } + if (user == TEST_USER_ROOT_DROP_TO_MESSAGEBUS) + { + /* Let the dbus-daemon start as root and drop privileges + * itself */ + pwd = NULL; + } + break; case TEST_USER_OTHER: @@ -201,6 +209,24 @@ spawn_dbus_daemon (const gchar *binary, &address_fd, NULL, /* child's stderr = our stderr */ &error); + + /* The other uid might not have access to our build directory if we + * are building in /root or something */ + if (user != TEST_USER_ME && + g_getenv ("DBUS_TEST_UNINSTALLED") != NULL && + error != NULL && + error->domain == G_SPAWN_ERROR && + (error->code == G_SPAWN_ERROR_CHDIR || + error->code == G_SPAWN_ERROR_ACCES || + error->code == G_SPAWN_ERROR_PERM)) + { + g_prefix_error (&error, "Unable to launch %s as other user: ", + binary); + g_test_skip (error->message); + g_clear_error (&error); + return NULL; + } + g_assert_no_error (error); g_ptr_array_free (argv, TRUE); @@ -399,6 +425,11 @@ become_other_user (TestUser user, username = DBUS_TEST_USER; break; + /* TEST_USER_ROOT_DROP_TO_MESSAGEBUS is only meaningful for + * test_get_dbus_daemon(), not as a client */ + case TEST_USER_ROOT_DROP_TO_MESSAGEBUS: + g_return_val_if_reached (FALSE); + case TEST_USER_ME: default: g_return_val_if_reached (FALSE); @@ -445,6 +476,11 @@ become_other_user (TestUser user, "credentials-passing semantics on this platform"); return FALSE; + /* TEST_USER_ROOT_DROP_TO_MESSAGEBUS is only meaningful for + * test_get_dbus_daemon(), not as a client */ + case TEST_USER_ROOT_DROP_TO_MESSAGEBUS: + g_return_val_if_reached (FALSE); + case TEST_USER_ME: default: g_return_val_if_reached (FALSE); diff --git a/test/test-utils-glib.h b/test/test-utils-glib.h index ce8171bd..c4a2c543 100644 --- a/test/test-utils-glib.h +++ b/test/test-utils-glib.h @@ -45,8 +45,8 @@ * be run as an arbitrary non-root user, as above. * * Certain tests can usefully be run again, as root. When this is done, - * tests using TEST_USER_ROOT, TEST_USER_MESSAGEBUS and/or TEST_USER_OTHER - * can exercise situations that only arise when there's more than one uid. + * tests using a TestUser other than TEST_USER_ME can exercise situations + * that only arise when there's more than one uid. */ typedef enum { /* Whatever user happens to be running the regression test; @@ -58,6 +58,11 @@ typedef enum { * from configure.ac, usually 'messagebus' but perhaps 'dbus' or * '_dbus'. */ TEST_USER_MESSAGEBUS, + /* Run as uid 0, expecting to drop privileges to the user who would + * normally run the system bus (so we must skip the test if that user + * doesn't exist). Only valid for test_get_dbus_daemon(), not for + * test_connect_to_bus_as_user(). */ + TEST_USER_ROOT_DROP_TO_MESSAGEBUS, /* An unprivileged user who is neither root nor DBUS_USER. * This is DBUS_TEST_USER from configure.ac, usually 'nobody'. */ TEST_USER_OTHER |