From 8970b43c42197378e93339584d27063d082a512d Mon Sep 17 00:00:00 2001
From: Brian Silverman <brian@peloton-tech.com>
Date: Tue, 9 May 2017 10:12:34 -0400
Subject: Add a test that /proc works correctly in the sandbox

While investigating #1972, I wrote this test to evaluate a potential
solution. This test caught the fact that the solution didn't work, which
makes it valuable for future changes to the sandbox.

Change-Id: I435e9b9543374554c09d8d7c0918c24d9dc8f19d
PiperOrigin-RevId: 155500491
---
 src/test/shell/bazel/bazel_sandboxing_test.sh | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

(limited to 'src')

diff --git a/src/test/shell/bazel/bazel_sandboxing_test.sh b/src/test/shell/bazel/bazel_sandboxing_test.sh
index 080794d330..3357d27862 100755
--- a/src/test/shell/bazel/bazel_sandboxing_test.sh
+++ b/src/test/shell/bazel/bazel_sandboxing_test.sh
@@ -157,6 +157,11 @@ genrule(
   cmd = "ls -l $$(dirname \"$$(pwd)\") &> $@",
 )
 
+genrule(
+  name = "check_proc_works",
+  outs = [ "check_proc_works.txt" ],
+  cmd = "sh -c 'cd /proc/self && echo $$$$ && exec cat stat | sed \"s/\\([^ ]*\\) .*/\\1/g\"' > $@",
+)
 EOF
   cat << 'EOF' >> examples/genrule/datafile
 this is a datafile
@@ -439,6 +444,20 @@ bazel build examples/genrule:works &> ${TEST_log}
 EOF
 }
 
+# Tests that /proc/self == /proc/$$. This should always be true unless the PID namespace is active without /proc being remounted correctly.
+function test_sandbox_proc_self() {
+  bazel build examples/genrule:check_proc_works >& $TEST_log || fail "build should have succeeded"
+
+  (
+    # Catch the head and tail commands failing.
+    set -e
+    if [[ "$(head -n1 "${BAZEL_GENFILES_DIR}/examples/genrule/check_proc_works.txt")" \
+          != "$(tail -n1 "${BAZEL_GENFILES_DIR}/examples/genrule/check_proc_works.txt")" ]] ; then
+      fail "Reading PID from /proc/self/stat should have worked, instead have these: $(cat "${BAZEL_GENFILES_DIR}/examples/genrule/check_proc_works.txt")"
+    fi
+  )
+}
+
 function test_succeeding_action_with_ioexception_while_copying_outputs_throws_correct_exception() {
   cat > BUILD <<'EOF'
 genrule(
-- 
cgit v1.2.3