[gentoo-commits] proj/sandbox:stable-2.x commit in: tests/

["Mike Gilbert" <floppym@gentoo.org>]

commit:     378995f8efc182f42c4e553eacb081cd67bb2f2a
Author:     Michael Orlitzky <mjo <AT> gentoo <DOT> org>
AuthorDate: Sat Jul  1 20:52:34 2023 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat Jul  1 23:53:01 2023 +0000
URL:        https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=378995f8

tests: use explicit adddeny() calls in fchmod and fchown tests.

When running the test suite under portage, the entire build directory
will be writable because portage adds PORTAGE_TMPDIR to SANDBOX_WRITE
(thanks floppym). This breaks the tests for these two wrappers, since
they expect to fail when trying to write above $PWD.

To avoid that, we create a new file to call fchown/fchmod on, and then
explicitly deny access to it.

Closes: https://bugs.gentoo.org/909445
Signed-off-by: Michael Orlitzky <mjo <AT> gentoo.org>
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
(cherry picked from commit e5032c6b89621db0475e36fb06c2905b6a9c024c)

 tests/fchmod-1.sh | 6 +++++-
 tests/fchown-1.sh | 6 +++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/tests/fchmod-1.sh b/tests/fchmod-1.sh
index db404ba..140d84f 100755
--- a/tests/fchmod-1.sh
+++ b/tests/fchmod-1.sh
@@ -4,11 +4,15 @@
 #
 
 addwrite $PWD
+rm -f deny || exit 1
+touch deny || exit 1
+adddeny $PWD/deny
 
 # The sandbox doesn't log anything when it returns a junk file
 # descriptor? It doesn't look like we can test the contents of
 # sandbox.log here... instead, we just have to count on fchmod
 # failing, which it does if you use O_RDWR, and it *should* if you use
 # O_RDONLY (because that won't stop the change of permissions).
-fchmod-0 $(stat --format='%#04a' ../..) ../.. && exit 1
+fchmod-0 $(stat --format='%#04a' $PWD/deny) $PWD/deny && exit 1
+
 exit 0

diff --git a/tests/fchown-1.sh b/tests/fchown-1.sh
index 1b4a173..6c1178e 100755
--- a/tests/fchown-1.sh
+++ b/tests/fchown-1.sh
@@ -4,11 +4,15 @@
 #
 
 addwrite $PWD
+rm -f deny || exit 1
+touch deny || exit 1
+adddeny $PWD/deny
 
 # The sandbox doesn't log anything when it returns a junk file
 # descriptor? It doesn't look like we can test the contents of
 # sandbox.log here... instead, we just have to count on fchown
 # failing, which it does if you use O_RDWR, and it *should* if you use
 # O_RDONLY (because that won't stop the change of ownership).
-fchown-0 ${SB_UID} ${SB_GID} ../.. && exit 1
+fchown-0 ${SB_UID} ${SB_GID} $PWD/deny && exit 1
+
 exit 0