Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(517)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: minijail_unittest.cc

Issue 6881066: [minijail] Add the ability to set capabilities from the command line (Closed) Base URL: http://git.chromium.org/git/minijail.git@master
Patch Set: Created 9 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « minijail_main.cc ('k') | mock_options.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2009-2010 The Chromium OS Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 // Some portions Copyright (c) 2009 The Chromium Authors. 4 // Some portions Copyright (c) 2009 The Chromium Authors.
5 // 5 //
6 // Tests for MiniJail 6 // Tests for MiniJail
7 #include "mock_env.h" 7 #include "mock_env.h"
8 #include "mock_options.h" 8 #include "mock_options.h"
9 #include "minijail.h" 9 #include "minijail.h"
10 #include <gmock/gmock.h> 10 #include <gmock/gmock.h>
11 #include <gtest/gtest.h> 11 #include <gtest/gtest.h>
(...skipping 101 matching lines...) Expand 10 before | Expand all | Expand 10 after
113 EXPECT_CALL(*options_, namespace_vfs()) 113 EXPECT_CALL(*options_, namespace_vfs())
114 .Times(2) 114 .Times(2)
115 .WillOnce(Return(true)) 115 .WillOnce(Return(true))
116 .WillOnce(Return(true)); 116 .WillOnce(Return(true));
117 EXPECT_CALL(*env_, EnterNamespace(CLONE_NEWNS|CLONE_NEWPID)) 117 EXPECT_CALL(*env_, EnterNamespace(CLONE_NEWNS|CLONE_NEWPID))
118 .Times(1) 118 .Times(1)
119 .WillOnce(Return(true)); 119 .WillOnce(Return(true));
120 EXPECT_TRUE(jail.Jail()); // all works on first call 120 EXPECT_TRUE(jail.Jail()); // all works on first call
121 } 121 }
122 122
123 TEST_F(MiniJailTest, UseCapabilities) {
124 MiniJail jail;
125 jail.Initialize(options_.get());
126
127 uint64 caps = 7;
128 EXPECT_CALL(*env_, EnterNamespace(CLONE_NEWPID))
129 .WillOnce(Return(true));
130 EXPECT_CALL(*env_, KeepRootCapabilities())
131 .WillOnce(Return(true));
132 EXPECT_CALL(*env_, DisableDefaultRootPrivileges())
133 .WillOnce(Return(true));
134 EXPECT_CALL(*env_, SanitizeCapabilities(caps))
135 .WillOnce(Return(true));
136 EXPECT_CALL(*env_, SanitizeBoundingSet(caps))
137 .WillOnce(Return(true));
138
139 EXPECT_CALL(*options_, namespace_pid())
140 .WillRepeatedly(Return(true));
141 EXPECT_CALL(*options_, namespace_vfs())
142 .WillRepeatedly(Return(false));
143 EXPECT_CALL(*options_, use_capabilities())
144 .WillRepeatedly(Return(true));
145 EXPECT_CALL(*options_, caps_bitmask())
146 .WillRepeatedly(Return(caps));
147 EXPECT_TRUE(jail.Jail());
148 }
149
123 // TODO(wad) finish up test cases for each conditional 150 // TODO(wad) finish up test cases for each conditional
124 151
125 152
126 } // namespace chromeos 153 } // namespace chromeos
OLDNEW
« no previous file with comments | « minijail_main.cc ('k') | mock_options.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698