From da7c9b228aaf31f37684e106b75262055ca440de Mon Sep 17 00:00:00 2001
From: Mattias Nissler <mnissler@chromium.org>
Date: Fri, 31 Aug 2018 09:44:04 +0200
Subject: Add unprivileged option in `mount.fuse3`

The unprivileged option allows to run the FUSE file system process
without privileges by dropping capabilities and preventing them from
being re-acquired via setuid / fscaps etc. To accomplish this,
mount.fuse sets up the `/dev/fuse` file descriptor and mount itself
and passes the file descriptor via the `/dev/fd/%u` mountpoint syntax
to the FUSE file system.
---
 test/travis-build.sh | 25 ++++++++++++++++++++-----
 1 file changed, 20 insertions(+), 5 deletions(-)

(limited to 'test/travis-build.sh')

diff --git a/test/travis-build.sh b/test/travis-build.sh
index dae1a10..6232e74 100755
--- a/test/travis-build.sh
+++ b/test/travis-build.sh
@@ -11,6 +11,19 @@ export CC
 
 TEST_CMD="python3 -m pytest --maxfail=99 test/"
 
+# Make sure binaries can be accessed when invoked by root.
+umask 0022
+
+# There are tests that run as root but without CAP_DAC_OVERRIDE. To allow these
+# to launch built binaries, the directory tree must be accessible to the root
+# user. Since the source directory isn't necessarily accessible to root, we
+# build and run tests in a temporary directory that we can set up to be world
+# readable/executable.
+SOURCE_DIR="$(readlink -f .)"
+TEST_DIR="$(mktemp -dt libfuse-build-XXXXXX)"
+chmod 0755 "${TEST_DIR}"
+cd "${TEST_DIR}"
+
 # Standard build
 for CC in gcc gcc-6 clang; do
     mkdir build-${CC}; cd build-${CC}
@@ -19,7 +32,7 @@ for CC in gcc gcc-6 clang; do
     else
         build_opts=''
     fi
-    meson -D werror=true ${build_opts} ../
+    meson -D werror=true ${build_opts} "${SOURCE_DIR}"
     ninja
 
     sudo chown root:root util/fusermount3
@@ -35,7 +48,7 @@ for san in undefined address; do
     mkdir build-${san}; cd build-${san}
     # b_lundef=false is required to work around clang
     # bug, cf. https://groups.google.com/forum/#!topic/mesonbuild/tgEdAXIIdC4
-    meson -D b_sanitize=${san} -D b_lundef=false -D werror=true ..
+    meson -D b_sanitize=${san} -D b_lundef=false -D werror=true "${SOURCE_DIR}"
     ninja
 
     # Test as root and regular user
@@ -43,12 +56,14 @@ for san in undefined address; do
     sudo chown root:root util/fusermount3
     sudo chmod 4755 util/fusermount3
     # Cleanup temporary files (since they're now owned by root)
-    sudo rm -rf test/.pytest_cache/
+    sudo rm -rf test/.pytest_cache/ test/__pycache__
 
     ${TEST_CMD}
     cd ..
 done
 
-# Documentation
-doxygen doc/Doxyfile
+# Documentation.
+(cd "${SOURCE_DIR}"; doxygen doc/Doxyfile)
 
+# Clean up.
+rm -rf "${TEST_DIR}"
-- 
cgit v1.2.3