OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/linux/services/credentials.h" | 5 #include "sandbox/linux/services/credentials.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <stdio.h> |
8 #include <unistd.h> | 9 #include <unistd.h> |
9 | 10 |
10 #include "base/logging.h" | 11 #include "base/logging.h" |
11 #include "base/memory/scoped_ptr.h" | 12 #include "base/memory/scoped_ptr.h" |
12 #include "sandbox/linux/tests/unit_tests.h" | 13 #include "sandbox/linux/tests/unit_tests.h" |
13 #include "testing/gtest/include/gtest/gtest.h" | 14 #include "testing/gtest/include/gtest/gtest.h" |
14 | 15 |
15 namespace sandbox { | 16 namespace sandbox { |
16 | 17 |
17 namespace { | 18 namespace { |
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
61 Credentials creds; | 62 Credentials creds; |
62 CHECK(creds.DropAllCapabilities()); | 63 CHECK(creds.DropAllCapabilities()); |
63 const char kNoCapabilityText[] = "="; | 64 const char kNoCapabilityText[] = "="; |
64 CHECK(*creds.GetCurrentCapString() == kNoCapabilityText); | 65 CHECK(*creds.GetCurrentCapString() == kNoCapabilityText); |
65 } | 66 } |
66 | 67 |
67 SANDBOX_TEST(Credentials, MoveToNewUserNS) { | 68 SANDBOX_TEST(Credentials, MoveToNewUserNS) { |
68 Credentials creds; | 69 Credentials creds; |
69 creds.DropAllCapabilities(); | 70 creds.DropAllCapabilities(); |
70 bool userns_supported = creds.MoveToNewUserNS(); | 71 bool userns_supported = creds.MoveToNewUserNS(); |
71 printf("Unprivileged CLONE_NEWUSER supported: %s\n", | 72 fprintf(stdout, "Unprivileged CLONE_NEWUSER supported: %s\n", |
72 userns_supported ? "true." : "false."); | 73 userns_supported ? "true." : "false."); |
| 74 fflush(stdout); |
73 if (!userns_supported) { | 75 if (!userns_supported) { |
74 printf("This kernel does not support unprivileged namespaces. " | 76 fprintf(stdout, "This kernel does not support unprivileged namespaces. " |
75 "USERNS tests will all pass.\n"); | 77 "USERNS tests will succeed without running.\n"); |
| 78 fflush(stdout); |
76 return; | 79 return; |
77 } | 80 } |
78 CHECK(creds.HasAnyCapability()); | 81 CHECK(creds.HasAnyCapability()); |
79 creds.DropAllCapabilities(); | 82 creds.DropAllCapabilities(); |
80 CHECK(!creds.HasAnyCapability()); | 83 CHECK(!creds.HasAnyCapability()); |
81 } | 84 } |
82 | 85 |
83 SANDBOX_TEST(Credentials, UidIsPreserved) { | 86 SANDBOX_TEST(Credentials, UidIsPreserved) { |
84 Credentials creds; | 87 Credentials creds; |
85 creds.DropAllCapabilities(); | 88 creds.DropAllCapabilities(); |
(...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
159 CHECK(creds.DropAllCapabilities()); | 162 CHECK(creds.DropAllCapabilities()); |
160 | 163 |
161 // The kernel should now prevent us from regaining capabilities because we | 164 // The kernel should now prevent us from regaining capabilities because we |
162 // are in a chroot. | 165 // are in a chroot. |
163 CHECK(!creds.MoveToNewUserNS()); | 166 CHECK(!creds.MoveToNewUserNS()); |
164 } | 167 } |
165 | 168 |
166 } // namespace. | 169 } // namespace. |
167 | 170 |
168 } // namespace sandbox. | 171 } // namespace sandbox. |
OLD | NEW |