diff options
| author | Mattias Nissler <mnissler@chromium.org> | 2018-08-31 09:44:04 +0200 |
|---|---|---|
| committer | Nikolaus Rath <Nikolaus@rath.org> | 2018-10-09 20:36:22 +0100 |
| commit | da7c9b228aaf31f37684e106b75262055ca440de (patch) | |
| tree | 548cb7e54d87af7c2cfdcde3dcb01d0f184f0315 /test/travis-build.sh | |
| parent | 64e11073b9347fcf9c6d1eea143763ba9e946f70 (diff) | |
| download | libfuse-da7c9b228aaf31f37684e106b75262055ca440de.tar.gz | |
Add unprivileged option in `mount.fuse3`
The unprivileged option allows to run the FUSE file system process
without privileges by dropping capabilities and preventing them from
being re-acquired via setuid / fscaps etc. To accomplish this,
mount.fuse sets up the `/dev/fuse` file descriptor and mount itself
and passes the file descriptor via the `/dev/fd/%u` mountpoint syntax
to the FUSE file system.
Diffstat (limited to 'test/travis-build.sh')
| -rwxr-xr-x | test/travis-build.sh | 25 |
1 files changed, 20 insertions, 5 deletions
diff --git a/test/travis-build.sh b/test/travis-build.sh index dae1a10..6232e74 100755 --- a/test/travis-build.sh +++ b/test/travis-build.sh @@ -11,6 +11,19 @@ export CC TEST_CMD="python3 -m pytest --maxfail=99 test/" +# Make sure binaries can be accessed when invoked by root. +umask 0022 + +# There are tests that run as root but without CAP_DAC_OVERRIDE. To allow these +# to launch built binaries, the directory tree must be accessible to the root +# user. Since the source directory isn't necessarily accessible to root, we +# build and run tests in a temporary directory that we can set up to be world +# readable/executable. +SOURCE_DIR="$(readlink -f .)" +TEST_DIR="$(mktemp -dt libfuse-build-XXXXXX)" +chmod 0755 "${TEST_DIR}" +cd "${TEST_DIR}" + # Standard build for CC in gcc gcc-6 clang; do mkdir build-${CC}; cd build-${CC} @@ -19,7 +32,7 @@ for CC in gcc gcc-6 clang; do else build_opts='' fi - meson -D werror=true ${build_opts} ../ + meson -D werror=true ${build_opts} "${SOURCE_DIR}" ninja sudo chown root:root util/fusermount3 @@ -35,7 +48,7 @@ for san in undefined address; do mkdir build-${san}; cd build-${san} # b_lundef=false is required to work around clang # bug, cf. https://groups.google.com/forum/#!topic/mesonbuild/tgEdAXIIdC4 - meson -D b_sanitize=${san} -D b_lundef=false -D werror=true .. + meson -D b_sanitize=${san} -D b_lundef=false -D werror=true "${SOURCE_DIR}" ninja # Test as root and regular user @@ -43,12 +56,14 @@ for san in undefined address; do sudo chown root:root util/fusermount3 sudo chmod 4755 util/fusermount3 # Cleanup temporary files (since they're now owned by root) - sudo rm -rf test/.pytest_cache/ + sudo rm -rf test/.pytest_cache/ test/__pycache__ ${TEST_CMD} cd .. done -# Documentation -doxygen doc/Doxyfile +# Documentation. +(cd "${SOURCE_DIR}"; doxygen doc/Doxyfile) +# Clean up. +rm -rf "${TEST_DIR}" |