sandbox/linux/services/credentials_unittest.cc - Issue 59843005: Linux sandbox: print kernel support in credentials unittests.

Side by Side Diff: sandbox/linux/services/credentials_unittest.cc

Issue 59843005: Linux sandbox: print kernel support in credentials unittests. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Created 7 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "sandbox/linux/services/credentials.h"	5 #include "sandbox/linux/services/credentials.h"

6	6

7 #include <errno.h>	7 #include <errno.h>

	8 #include <stdio.h>

8 #include <unistd.h>	9 #include <unistd.h>

9	10

10 #include "base/logging.h"	11 #include "base/logging.h"

11 #include "base/memory/scoped_ptr.h"	12 #include "base/memory/scoped_ptr.h"

12 #include "sandbox/linux/tests/unit_tests.h"	13 #include "sandbox/linux/tests/unit_tests.h"

13 #include "testing/gtest/include/gtest/gtest.h"	14 #include "testing/gtest/include/gtest/gtest.h"

14	15

15 namespace sandbox {	16 namespace sandbox {

16	17

17 namespace {	18 namespace {

(...skipping 43 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
61 Credentials creds;	62 Credentials creds;

62 CHECK(creds.DropAllCapabilities());	63 CHECK(creds.DropAllCapabilities());

63 const char kNoCapabilityText[] = "=";	64 const char kNoCapabilityText[] = "=";

64 CHECK(*creds.GetCurrentCapString() == kNoCapabilityText);	65 CHECK(*creds.GetCurrentCapString() == kNoCapabilityText);

65 }	66 }

66	67

67 SANDBOX_TEST(Credentials, MoveToNewUserNS) {	68 SANDBOX_TEST(Credentials, MoveToNewUserNS) {

68 Credentials creds;	69 Credentials creds;

69 creds.DropAllCapabilities();	70 creds.DropAllCapabilities();

70 bool userns_supported = creds.MoveToNewUserNS();	71 bool userns_supported = creds.MoveToNewUserNS();

71 printf("Unprivileged CLONE_NEWUSER supported: %s\n",	72 fprintf(stdout, "Unprivileged CLONE_NEWUSER supported: %s\n",

72 userns_supported ? "true." : "false.");	73 userns_supported ? "true." : "false.");

	74 fflush(stdout);

73 if (!userns_supported) {	75 if (!userns_supported) {

74 printf("This kernel does not support unprivileged namespaces. "	76 fprintf(stdout, "This kernel does not support unprivileged namespaces. "

75 "USERNS tests will all pass.\n");	77 "USERNS tests will succeed without running.\n");

	78 fflush(stdout);

76 return;	79 return;

77 }	80 }

78 CHECK(creds.HasAnyCapability());	81 CHECK(creds.HasAnyCapability());

79 creds.DropAllCapabilities();	82 creds.DropAllCapabilities();

80 CHECK(!creds.HasAnyCapability());	83 CHECK(!creds.HasAnyCapability());

81 }	84 }

82	85

83 SANDBOX_TEST(Credentials, UidIsPreserved) {	86 SANDBOX_TEST(Credentials, UidIsPreserved) {

84 Credentials creds;	87 Credentials creds;

85 creds.DropAllCapabilities();	88 creds.DropAllCapabilities();

(...skipping 73 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
159 CHECK(creds.DropAllCapabilities());	162 CHECK(creds.DropAllCapabilities());

160	163

161 // The kernel should now prevent us from regaining capabilities because we	164 // The kernel should now prevent us from regaining capabilities because we

162 // are in a chroot.	165 // are in a chroot.

163 CHECK(!creds.MoveToNewUserNS());	166 CHECK(!creds.MoveToNewUserNS());

164 }	167 }

165	168

166 } // namespace.	169 } // namespace.

167	170

168 } // namespace sandbox.	171 } // namespace sandbox.

OLD	NEW

« no previous file with comments | « no previous file | no next file » | no next file with comments »