diff options
Diffstat (limited to 'src/test/shell')
-rw-r--r-- | src/test/shell/BUILD | 1 | ||||
-rw-r--r-- | src/test/shell/bazel/BUILD | 15 | ||||
-rwxr-xr-x | src/test/shell/bazel/bazel_sandboxing_cpp_test.sh | 4 | ||||
-rwxr-xr-x | src/test/shell/bazel/bazel_sandboxing_test.sh | 4 | ||||
-rwxr-xr-x | src/test/shell/bazel/remote_execution_sandboxing_test.sh | 4 | ||||
-rw-r--r-- | src/test/shell/integration/BUILD | 20 | ||||
-rwxr-xr-x | src/test/shell/integration/linux-sandbox_network_test.sh | 59 | ||||
-rwxr-xr-x | src/test/shell/integration/linux-sandbox_test.sh (renamed from src/test/shell/bazel/linux-sandbox_test.sh) | 27 | ||||
-rwxr-xr-x | src/test/shell/integration/process-wrapper_test.sh | 3 | ||||
-rwxr-xr-x | src/test/shell/sandboxing_test_utils.sh (renamed from src/test/shell/bazel/bazel_sandboxing_test_utils.sh) | 0 |
10 files changed, 103 insertions, 34 deletions
diff --git a/src/test/shell/BUILD b/src/test/shell/BUILD index 5ba6474ab7..e6fa79c16a 100644 --- a/src/test/shell/BUILD +++ b/src/test/shell/BUILD @@ -4,6 +4,7 @@ exports_files([ "bin/bazel", "testenv.sh", "integration_test_setup.sh", + "sandboxing_test_utils.sh", "unittest.bash", ]) diff --git a/src/test/shell/bazel/BUILD b/src/test/shell/bazel/BUILD index d5a34b2b40..91b0cf5603 100644 --- a/src/test/shell/bazel/BUILD +++ b/src/test/shell/bazel/BUILD @@ -22,7 +22,6 @@ filegroup( name = "test-deps", testonly = 1, srcs = [ - "bazel_sandboxing_test_utils.sh", "remote_helpers.sh", "testing_server.py", ":langtools-copy", @@ -361,13 +360,6 @@ sh_test( ) sh_test( - name = "linux_sandbox_test", - size = "large", - srcs = ["linux-sandbox_test.sh"], - data = [":test-deps"], -) - -sh_test( name = "cc_integration_test", size = "medium", srcs = ["cc_integration_test.sh"], @@ -387,6 +379,7 @@ sh_test( srcs = ["bazel_sandboxing_test.sh"], data = [ ":test-deps", + "//src/test/shell:sandboxing_test_utils.sh", "@mount_path_toolchain//file", ], tags = ["local"], @@ -395,7 +388,10 @@ sh_test( sh_test( name = "bazel_sandboxing_cpp_test", srcs = ["bazel_sandboxing_cpp_test.sh"], - data = [":test-deps"], + data = [ + ":test-deps", + "//src/test/shell:sandboxing_test_utils.sh", + ], tags = ["local"], ) @@ -443,6 +439,7 @@ sh_test( srcs = ["remote_execution_sandboxing_test.sh"], data = [ ":test-deps", + "//src/test/shell:sandboxing_test_utils.sh", "//src/tools/remote:worker", ], ) diff --git a/src/test/shell/bazel/bazel_sandboxing_cpp_test.sh b/src/test/shell/bazel/bazel_sandboxing_cpp_test.sh index 272351da18..f52077eb69 100755 --- a/src/test/shell/bazel/bazel_sandboxing_cpp_test.sh +++ b/src/test/shell/bazel/bazel_sandboxing_cpp_test.sh @@ -21,8 +21,8 @@ CURRENT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" source "${CURRENT_DIR}/../integration_test_setup.sh" \ || { echo "integration_test_setup.sh not found!" >&2; exit 1; } -source ${CURRENT_DIR}/bazel_sandboxing_test_utils.sh \ - || { echo "bazel_sandboxing_test_utils.sh not found!" >&2; exit 1; } +source ${CURRENT_DIR}/../sandboxing_test_utils.sh \ + || { echo "sandboxing_test_utils.sh not found!" >&2; exit 1; } function set_up { mkdir -p examples/cpp/{bin,lib} diff --git a/src/test/shell/bazel/bazel_sandboxing_test.sh b/src/test/shell/bazel/bazel_sandboxing_test.sh index d0a1272730..cd9347481b 100755 --- a/src/test/shell/bazel/bazel_sandboxing_test.sh +++ b/src/test/shell/bazel/bazel_sandboxing_test.sh @@ -22,8 +22,8 @@ CURRENT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" source "${CURRENT_DIR}/../integration_test_setup.sh" \ || { echo "integration_test_setup.sh not found!" >&2; exit 1; } -source ${CURRENT_DIR}/bazel_sandboxing_test_utils.sh \ - || { echo "bazel_sandboxing_test_utils.sh not found!" >&2; exit 1; } +source ${CURRENT_DIR}/../sandboxing_test_utils.sh \ + || { echo "sandboxing_test_utils.sh not found!" >&2; exit 1; } source ${CURRENT_DIR}/remote_helpers.sh \ || { echo "remote_helpers.sh not found!" >&2; exit 1; } diff --git a/src/test/shell/bazel/remote_execution_sandboxing_test.sh b/src/test/shell/bazel/remote_execution_sandboxing_test.sh index dc3d4a0f00..06dd9cb32b 100755 --- a/src/test/shell/bazel/remote_execution_sandboxing_test.sh +++ b/src/test/shell/bazel/remote_execution_sandboxing_test.sh @@ -21,8 +21,8 @@ CURRENT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" source "${CURRENT_DIR}/../integration_test_setup.sh" \ || { echo "integration_test_setup.sh not found!" >&2; exit 1; } -source "${CURRENT_DIR}/bazel_sandboxing_test_utils.sh" \ - || { echo "bazel_sandboxing_test_utils.sh not found!" >&2; exit 1; } +source "${CURRENT_DIR}/../sandboxing_test_utils.sh" \ + || { echo "sandboxing_test_utils.sh not found!" >&2; exit 1; } function set_up() { work_path=$(mktemp -d "${TEST_TMPDIR}/remote.XXXXXXXX") diff --git a/src/test/shell/integration/BUILD b/src/test/shell/integration/BUILD index 520dd19e3f..3909034183 100644 --- a/src/test/shell/integration/BUILD +++ b/src/test/shell/integration/BUILD @@ -303,6 +303,26 @@ sh_test( ], ) +sh_test( + name = "linux_sandbox_test", + size = "large", + srcs = ["linux-sandbox_test.sh"], + data = [ + ":test-deps", + "//src/test/shell:sandboxing_test_utils.sh", + ], +) + +sh_test( + name = "linux_sandbox_network_test", + size = "large", + srcs = ["linux-sandbox_network_test.sh"], + data = [ + ":test-deps", + "//src/test/shell:sandboxing_test_utils.sh", + ], +) + package_group( name = "spend_cpu_time_users", packages = [ diff --git a/src/test/shell/integration/linux-sandbox_network_test.sh b/src/test/shell/integration/linux-sandbox_network_test.sh new file mode 100755 index 0000000000..141a473d37 --- /dev/null +++ b/src/test/shell/integration/linux-sandbox_network_test.sh @@ -0,0 +1,59 @@ +#!/bin/bash +# +# Copyright 2017 The Bazel Authors. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Integration tests for the network-dependent aspects of the sandboxing +# spawn strategy. In particular, those tests that specify -N should be in +# this file, but general tests can be kept in the more general +# linux-sandbox_test.sh. +# + +set -euo pipefail + +# Load the test setup defined in the parent directory +CURRENT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +source "${CURRENT_DIR}/../integration_test_setup.sh" \ + || { echo "integration_test_setup.sh not found!" >&2; exit 1; } +source "${CURRENT_DIR}/../sandboxing_test_utils.sh" \ + || { echo "sandboxing_test_utils.sh not found!" >&2; exit 1; } + +enable_errexit + +readonly OUT_DIR="${TEST_TMPDIR}/out" +readonly SANDBOX_DIR="${OUT_DIR}/sandbox" + +SANDBOX_DEFAULT_OPTS="-W $SANDBOX_DIR" + +function set_up { + rm -rf $OUT_DIR + mkdir -p $SANDBOX_DIR +} + +function test_network_namespace() { + $linux_sandbox $SANDBOX_DEFAULT_OPTS -N -- /bin/ip link ls &> $TEST_log || fail + expect_log "LOOPBACK,UP" +} + +function test_ping_loopback() { + $linux_sandbox $SANDBOX_DEFAULT_OPTS -N -R -- \ + /bin/sh -c 'ping6 -c 1 ::1 || ping -c 1 127.0.0.1' &>$TEST_log || fail + expect_log "1 received" +} + +# The test shouldn't fail if the environment doesn't support running it. +check_supported_platform || exit 0 +check_sandbox_allowed || exit 0 + +run_suite "linux-sandbox-network" diff --git a/src/test/shell/bazel/linux-sandbox_test.sh b/src/test/shell/integration/linux-sandbox_test.sh index c6642be252..945f74e0c5 100755 --- a/src/test/shell/bazel/linux-sandbox_test.sh +++ b/src/test/shell/integration/linux-sandbox_test.sh @@ -17,18 +17,22 @@ # Test sandboxing spawn strategy # +set -euo pipefail + # Load the test setup defined in the parent directory CURRENT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" source "${CURRENT_DIR}/../integration_test_setup.sh" \ || { echo "integration_test_setup.sh not found!" >&2; exit 1; } -source "${CURRENT_DIR}/bazel_sandboxing_test_utils.sh" \ - || { echo "bazel_sandboxing_test_utils.sh not found!" >&2; exit 1; } +source "${CURRENT_DIR}/../sandboxing_test_utils.sh" \ + || { echo "sandboxing_test_utils.sh not found!" >&2; exit 1; } + +enable_errexit readonly OUT_DIR="${TEST_TMPDIR}/out" readonly OUT="${OUT_DIR}/outfile" readonly ERR="${OUT_DIR}/errfile" readonly SANDBOX_DIR="${OUT_DIR}/sandbox" -readonly MOUNT_TARGET_ROOT="${TEST_SRCDIR}/targets" +readonly MOUNT_TARGET_ROOT="${TEST_TMPDIR}/targets" SANDBOX_DEFAULT_OPTS="-W $SANDBOX_DIR" @@ -49,7 +53,9 @@ function test_execvp_error_message_contains_path() { function test_default_user_is_current_user() { $linux_sandbox $SANDBOX_DEFAULT_OPTS -- /usr/bin/id &> $TEST_log || fail - expect_log "$(id)" + local current_uid_number=$(id -u) + # Expecting something like: uid=485038(ruperts) ... + expect_log "uid=${current_uid_number}(" } function test_user_switched_to_root() { @@ -59,18 +65,7 @@ function test_user_switched_to_root() { function test_user_switched_to_nobody() { $linux_sandbox $SANDBOX_DEFAULT_OPTS -U -- /usr/bin/id &> $TEST_log || fail - expect_log "uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)" -} - -function test_network_namespace() { - $linux_sandbox $SANDBOX_DEFAULT_OPTS -N -- /bin/ip link ls &> $TEST_log || fail - expect_log "LOOPBACK,UP" -} - -function test_ping_loopback() { - $linux_sandbox $SANDBOX_DEFAULT_OPTS -N -R -- \ - /bin/sh -c 'ping6 -c 1 ::1 || ping -c 1 127.0.0.1' &>$TEST_log || fail - expect_log "1 received" + expect_log "uid=[0-9]\+(nobody) gid=[0-9]\+(\(nobody\|nogroup\)) groups=[0-9]\+(\(nobody\|nogroup\))" } function test_exit_code() { diff --git a/src/test/shell/integration/process-wrapper_test.sh b/src/test/shell/integration/process-wrapper_test.sh index e6aeda064e..8ef7e55392 100755 --- a/src/test/shell/integration/process-wrapper_test.sh +++ b/src/test/shell/integration/process-wrapper_test.sh @@ -13,9 +13,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -# -# Test sandboxing spawn strategy -# set -euo pipefail diff --git a/src/test/shell/bazel/bazel_sandboxing_test_utils.sh b/src/test/shell/sandboxing_test_utils.sh index 64b4cb362c..64b4cb362c 100755 --- a/src/test/shell/bazel/bazel_sandboxing_test_utils.sh +++ b/src/test/shell/sandboxing_test_utils.sh |