| Index: minijail_unittest.cc
|
| diff --git a/minijail_unittest.cc b/minijail_unittest.cc
|
| index bd7d004b203cd56923171d49331f436b8c90599a..a9698080e585da5141d0506f82820b1fb5d1bf8f 100644
|
| --- a/minijail_unittest.cc
|
| +++ b/minijail_unittest.cc
|
| @@ -1,4 +1,4 @@
|
| -// Copyright (c) 2009-2010 The Chromium OS Authors. All rights reserved.
|
| +// Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
|
| // Use of this source code is governed by a BSD-style license that can be
|
| // found in the LICENSE file.
|
| // Some portions Copyright (c) 2009 The Chromium Authors.
|
| @@ -120,6 +120,33 @@ TEST_F(MiniJailTest, NamespaceFlagsAll) {
|
| EXPECT_TRUE(jail.Jail()); // all works on first call
|
| }
|
|
|
| +TEST_F(MiniJailTest, UseCapabilities) {
|
| + MiniJail jail;
|
| + jail.Initialize(options_.get());
|
| +
|
| + uint64 caps = 7;
|
| + EXPECT_CALL(*env_, EnterNamespace(CLONE_NEWPID))
|
| + .WillOnce(Return(true));
|
| + EXPECT_CALL(*env_, KeepRootCapabilities())
|
| + .WillOnce(Return(true));
|
| + EXPECT_CALL(*env_, DisableDefaultRootPrivileges())
|
| + .WillOnce(Return(true));
|
| + EXPECT_CALL(*env_, SanitizeCapabilities(caps))
|
| + .WillOnce(Return(true));
|
| + EXPECT_CALL(*env_, SanitizeBoundingSet(caps))
|
| + .WillOnce(Return(true));
|
| +
|
| + EXPECT_CALL(*options_, namespace_pid())
|
| + .WillRepeatedly(Return(true));
|
| + EXPECT_CALL(*options_, namespace_vfs())
|
| + .WillRepeatedly(Return(false));
|
| + EXPECT_CALL(*options_, use_capabilities())
|
| + .WillRepeatedly(Return(true));
|
| + EXPECT_CALL(*options_, caps_bitmask())
|
| + .WillRepeatedly(Return(caps));
|
| + EXPECT_TRUE(jail.Jail());
|
| +}
|
| +
|
| // TODO(wad) finish up test cases for each conditional
|
|
|
|
|
|
|
Chromium Code Reviews
Issue 6881066:
[minijail] Add the ability to set capabilities from the command line (Closed)
Base URL: http://git.chromium.org/git/minijail.git@master