diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index bff10c8b67..4844e622ac 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -95,17 +95,18 @@ jobs: make ;; check) - ./configure --disable-dl CFLAGS='-fsanitize=address -fsanitize=undefined -fsanitize=null -fsanitize=return -fsanitize=bounds -fsanitize=bool -fsanitize=enum -fsanitize=builtin' + ./configure --disable-dl make make syntax-check echo run tests as root + # check that the working dir is clean + git describe --broken --dirty --all | grep -qv dirty + sudo make check ASAN_OPTIONS=detect_leaks=false || cat test-suite.log echo run tests as rootless - mkdir /tmp/runroot && make check XDG_RUNTIME_DIR=/tmp/runroot ASAN_OPTIONS=detect_leaks=false || cat test-suite.log + make check ASAN_OPTIONS=detect_leaks=false || (cat test-suite.log; exit 1) echo run tests as rootless in a user namespace - mkdir /tmp/runroot && unshare -r make check XDG_RUNTIME_DIR=/tmp/runroot ASAN_OPTIONS=detect_leaks=false || cat test-suite.log - # check that the working dir is clean - git describe --broken --dirty --all | grep -qv dirty + unshare -r make check ASAN_OPTIONS=detect_leaks=false || (cat test-suite.log; exit 1) ;; podman) sudo docker build -t crun-podman tests/podman diff --git a/src/libcrun/utils.c b/src/libcrun/utils.c index 697696afbc..726f091149 100644 --- a/src/libcrun/utils.c +++ b/src/libcrun/utils.c @@ -394,10 +394,10 @@ safe_openat (int dirfd, const char *rootfs, size_t rootfs_len, const char *path, } static ssize_t -safe_readlinkat (int dfd, const char *dirpath, const char *name, char **buffer, ssize_t hint, libcrun_error_t *err) +safe_readlinkat (int dfd, const char *name, char **buffer, ssize_t hint, libcrun_error_t *err) { - cleanup_free char *tmp_buf = NULL; ssize_t buf_size = hint > 0 ? hint + 1 : 512; + cleanup_free char *tmp_buf = NULL; ssize_t size; do @@ -410,7 +410,7 @@ safe_readlinkat (int dfd, const char *dirpath, const char *name, char **buffer, size = readlinkat (dfd, name, tmp_buf, buf_size); if (UNLIKELY (size < 0)) - return crun_make_error (err, errno, "readlink `%s/%s`", dirpath, name); + return crun_make_error (err, errno, "readlink `%s`", name); } while (size == buf_size); /* Always NUL terminate the buffer. */ @@ -490,7 +490,7 @@ crun_safe_ensure_at (bool do_open, bool dir, int dirfd, const char *dirpath, { cleanup_free char *resolved_path = NULL; - ret = safe_readlinkat (dirfd, dirpath, cur, &resolved_path, 0, err); + ret = safe_readlinkat (cwd, cur, &resolved_path, 0, err); if (LIKELY (ret >= 0)) { return crun_safe_ensure_at (do_open, dir, dirfd, @@ -1925,7 +1925,7 @@ copy_recursive_fd_to_fd (int srcdirfd, int dfd, const char *srcname, const char break; case S_IFLNK: - ret = safe_readlinkat (dirfd (dsrcfd), srcname, de->d_name, &target_buf, st_size, err); + ret = safe_readlinkat (dirfd (dsrcfd), de->d_name, &target_buf, st_size, err); if (UNLIKELY (ret < 0)) return ret; diff --git a/tests/test_capabilities.py b/tests/test_capabilities.py index 2ca68eabc6..fec8a0392d 100755 --- a/tests/test_capabilities.py +++ b/tests/test_capabilities.py @@ -126,18 +126,28 @@ def test_some_caps_permitted(): return helper_test_some_caps(0, ["permitted"], 'CapPrm') def test_some_caps_effective_non_root(): + if is_rootless(): + return 77 return helper_test_some_caps(1000, ["effective", "permitted", "inheritable", "ambient"], 'CapEff') def test_some_caps_bounding_non_root(): + if is_rootless(): + return 77 return helper_test_some_caps(1000, ["bounding"], 'CapBnd') def test_some_caps_inheritable_non_root(): + if is_rootless(): + return 77 return helper_test_some_caps(1000, ["inheritable"], 'CapInh') def test_some_caps_ambient_non_root(): + if is_rootless(): + return 77 return helper_test_some_caps(1000, ["ambient", "permitted", "inheritable"], 'CapAmb') def test_some_caps_permitted_non_root(): + if is_rootless(): + return 77 return helper_test_some_caps(1000, ["ambient", "permitted", "inheritable"], 'CapPrm') diff --git a/tests/test_exec.py b/tests/test_exec.py index bc53233be9..66e67dfa10 100755 --- a/tests/test_exec.py +++ b/tests/test_exec.py @@ -62,6 +62,8 @@ def test_exec_detach_not_exists(): return test_exec_not_exists_helper(False) def test_exec_additional_gids(): + if is_rootless(): + return 77 conf = base_config() conf['process']['args'] = ['/init', 'pause'] add_all_namespaces(conf) diff --git a/tests/tests_libcrun_utils.c b/tests/tests_libcrun_utils.c index 359d2be037..35dc0a6362 100644 --- a/tests/tests_libcrun_utils.c +++ b/tests/tests_libcrun_utils.c @@ -387,7 +387,11 @@ int main () { int id = 1; +#ifdef HAVE_SYSTEMD + printf ("1..8\n"); +#else printf ("1..7\n"); +#endif RUN_TEST (test_crun_path_exists); RUN_TEST (test_write_read_file); RUN_TEST (test_run_process);