diff options
| author | Doron Behar <doron.behar@gmail.com> | 2020-08-15 21:41:54 +0300 |
|---|---|---|
| committer | Doron Behar <doron.behar@gmail.com> | 2020-08-15 22:21:30 +0300 |
| commit | 2519e54befed7bb3fdec8c8be69acbb9f0a2dd7d (patch) | |
| tree | 6288e344b30d922cad7138aca0af74e6f8804f96 | |
| parent | a854b77b08f5fe82efeaca9f819b92308968ca96 (diff) | |
| download | nixpkgs-2519e54befed7bb3fdec8c8be69acbb9f0a2dd7d.tar nixpkgs-2519e54befed7bb3fdec8c8be69acbb9f0a2dd7d.tar.gz nixpkgs-2519e54befed7bb3fdec8c8be69acbb9f0a2dd7d.tar.bz2 nixpkgs-2519e54befed7bb3fdec8c8be69acbb9f0a2dd7d.tar.lz nixpkgs-2519e54befed7bb3fdec8c8be69acbb9f0a2dd7d.tar.xz nixpkgs-2519e54befed7bb3fdec8c8be69acbb9f0a2dd7d.tar.zst nixpkgs-2519e54befed7bb3fdec8c8be69acbb9f0a2dd7d.zip | |
tests/misc: Test mount +s permission
For #95444 Co-authored-by: Florian Klink <flokli@flokli.de>
| -rw-r--r-- | nixos/tests/misc.nix | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/nixos/tests/misc.nix b/nixos/tests/misc.nix index 17260ce6406..ae150553273 100644 --- a/nixos/tests/misc.nix +++ b/nixos/tests/misc.nix @@ -20,12 +20,24 @@ import ./make-test-python.nix ({ pkgs, ...} : rec { { fsType = "tmpfs"; options = [ "mode=1777" "noauto" ]; }; + # Tests https://discourse.nixos.org/t/how-to-make-a-derivations-executables-have-the-s-permission/8555 + "/user-mount/point" = { + device = "/user-mount/source"; + fsType = "none"; + options = [ "bind" "rw" "user" "noauto" ]; + }; + "/user-mount/denied-point" = { + device = "/user-mount/denied-source"; + fsType = "none"; + options = [ "bind" "rw" "noauto" ]; + }; }; systemd.automounts = singleton { wantedBy = [ "multi-user.target" ]; where = "/tmp2"; }; users.users.sybil = { isNormalUser = true; group = "wheel"; }; + users.users.alice = { isNormalUser = true; }; security.sudo = { enable = true; wheelNeedsPassword = false; }; boot.kernel.sysctl."vm.swappiness" = 1; boot.kernelParams = [ "vsyscall=emulate" ]; @@ -112,6 +124,26 @@ import ./make-test-python.nix ({ pkgs, ...} : rec { machine.succeed("touch /tmp2/x") machine.succeed("grep '/tmp2 tmpfs' /proc/mounts") + with subtest( + "Whether mounting by a user is possible with the `user` option in fstab (#95444)" + ): + machine.succeed("mkdir -p /user-mount/source") + machine.succeed("touch /user-mount/source/file") + machine.succeed("chmod -R a+Xr /user-mount/source") + machine.succeed("mkdir /user-mount/point") + machine.succeed("chown alice:users /user-mount/point") + machine.succeed("su - alice -c 'mount /user-mount/point'") + machine.succeed("su - alice -c 'ls /user-mount/point/file'") + with subtest( + "Whether mounting by a user is denied without the `user` option in fstab" + ): + machine.succeed("mkdir -p /user-mount/denied-source") + machine.succeed("touch /user-mount/denied-source/file") + machine.succeed("chmod -R a+Xr /user-mount/denied-source") + machine.succeed("mkdir /user-mount/denied-point") + machine.succeed("chown alice:users /user-mount/denied-point") + machine.fail("su - alice -c 'mount /user-mount/denied-point'") + with subtest("shell-vars"): machine.succeed('[ -n "$NIX_PATH" ]') |