diff options
| author | Mattias Nissler <mnissler@chromium.org> | 2018-08-31 09:44:04 +0200 |
|---|---|---|
| committer | Nikolaus Rath <Nikolaus@rath.org> | 2018-10-09 20:36:22 +0100 |
| commit | da7c9b228aaf31f37684e106b75262055ca440de (patch) | |
| tree | 548cb7e54d87af7c2cfdcde3dcb01d0f184f0315 /test/test_examples.py | |
| parent | 64e11073b9347fcf9c6d1eea143763ba9e946f70 (diff) | |
| download | libfuse-da7c9b228aaf31f37684e106b75262055ca440de.tar.gz | |
Add unprivileged option in `mount.fuse3`
The unprivileged option allows to run the FUSE file system process
without privileges by dropping capabilities and preventing them from
being re-acquired via setuid / fscaps etc. To accomplish this,
mount.fuse sets up the `/dev/fuse` file descriptor and mount itself
and passes the file descriptor via the `/dev/fd/%u` mountpoint syntax
to the FUSE file system.
Diffstat (limited to 'test/test_examples.py')
| -rwxr-xr-x | test/test_examples.py | 38 |
1 files changed, 27 insertions, 11 deletions
diff --git a/test/test_examples.py b/test/test_examples.py index 12fe6d7..0224bac 100755 --- a/test/test_examples.py +++ b/test/test_examples.py @@ -19,7 +19,7 @@ from tempfile import NamedTemporaryFile from contextlib import contextmanager from util import (wait_for_mount, umount, cleanup, base_cmdline, safe_sleep, basename, fuse_test_marker, test_printcap, - fuse_proto) + fuse_proto, powerset) from os.path import join as pjoin pytestmark = fuse_test_marker() @@ -33,20 +33,36 @@ def name_generator(__ctr=[0]): __ctr[0] += 1 return 'testfile_%d' % __ctr[0] -options = [ [] ] +options = [] if sys.platform == 'linux': - options.append(['-o', 'clone_fd']) -@pytest.mark.parametrize("options", options) -@pytest.mark.parametrize("name", ('hello', 'hello_ll')) -def test_hello(tmpdir, name, options): - mnt_dir = str(tmpdir) - cmdline = base_cmdline + \ - [ pjoin(basename, 'example', name), - '-f', mnt_dir ] + options + options.append('clone_fd') + +def invoke_directly(mnt_dir, name, options): + cmdline = base_cmdline + [ pjoin(basename, 'example', name), + '-f', mnt_dir, '-o', ','.join(options) ] if name == 'hello_ll': # supports single-threading only cmdline.append('-s') - mount_process = subprocess.Popen(cmdline) + + return cmdline + +def invoke_mount_fuse(mnt_dir, name, options): + return base_cmdline + [ pjoin(basename, 'util', 'mount.fuse3'), + name, mnt_dir, '-o', ','.join(options) ] + +def invoke_mount_fuse_drop_privileges(mnt_dir, name, options): + if os.getuid() != 0: + pytest.skip('drop_privileges requires root, skipping.') + + return invoke_mount_fuse(mnt_dir, name, options + ('drop_privileges',)) + +@pytest.mark.parametrize("cmdline_builder", (invoke_directly, invoke_mount_fuse, + invoke_mount_fuse_drop_privileges)) +@pytest.mark.parametrize("options", powerset(options)) +@pytest.mark.parametrize("name", ('hello', 'hello_ll')) +def test_hello(tmpdir, name, options, cmdline_builder): + mnt_dir = str(tmpdir) + mount_process = subprocess.Popen(cmdline_builder(mnt_dir, name, options)) try: wait_for_mount(mount_process, mnt_dir) assert os.listdir(mnt_dir) == [ 'hello' ] |