diff options
-rw-r--r-- | tests/test_simple.py | 53 |
1 files changed, 34 insertions, 19 deletions
diff --git a/tests/test_simple.py b/tests/test_simple.py index 0c4e2b9..878e985 100644 --- a/tests/test_simple.py +++ b/tests/test_simple.py @@ -228,39 +228,54 @@ class UnshareIdmapTest(unittest.TestCase): @pytest.mark.forked def test_unshare_user_idmap(self) -> None: - overflowuid = int(pathlib.Path("/proc/sys/fs/overflowuid").read_text()) - uidmap = linuxnamespaces.IDMapping( - 0, self.uidalloc.allocate(65536), 65536 - ) - self.assertNotEqual(os.getuid(), uidmap.outerstart) - gidmap = linuxnamespaces.IDMapping( - 0, self.gidalloc.allocate(65536), 65536 - ) + uidmaps = [ + linuxnamespaces.IDMapping( + 0, self.uidalloc.allocate(65536), 65536 + ), + linuxnamespaces.IDMapping(65536, os.getuid(), 1), + ] + self.assertNotEqual(os.getuid(), uidmaps[0].outerstart) + gidmaps = [ + linuxnamespaces.IDMapping( + 0, self.gidalloc.allocate(65536), 65536 + ), + linuxnamespaces.IDMapping(65536, os.getgid(), 1), + ] pid = os.getpid() @linuxnamespaces.run_in_fork def setup() -> None: - linuxnamespaces.newidmaps(pid, [uidmap], [gidmap]) + linuxnamespaces.newidmaps(pid, uidmaps, gidmaps) linuxnamespaces.unshare(linuxnamespaces.CloneFlags.NEWUSER) setup() - self.assertEqual(os.getuid(), overflowuid) + self.assertEqual(os.getuid(), 65536) os.setuid(0) self.assertEqual(os.getuid(), 0) - os.setuid(1) + # Keep root in saved-set for later setuid + os.setresuid(1, 1, 0) self.assertEqual(os.getuid(), 1) + # Regain root and a full set of capabilities to save test coverage + os.setuid(0) @pytest.mark.forked def test_populate_dev(self) -> None: - uidmap = linuxnamespaces.IDMapping( - 0, self.uidalloc.allocate(65536), 65536 - ) - self.assertNotEqual(os.getuid(), uidmap.outerstart) - gidmap = linuxnamespaces.IDMapping( - 0, self.gidalloc.allocate(65536), 65536 - ) + uidmaps = [ + linuxnamespaces.IDMapping( + 0, self.uidalloc.allocate(65536), 65536 + ), + # Also map our own uid to make coverage testing work + linuxnamespaces.IDMapping(65536, os.getuid(), 1), + ] + self.assertNotEqual(os.getuid(), uidmaps[0].outerstart) + gidmaps = [ + linuxnamespaces.IDMapping( + 0, self.gidalloc.allocate(65536), 65536 + ), + linuxnamespaces.IDMapping(65536, os.getgid(), 1), + ] pid = os.getpid() @linuxnamespaces.run_in_fork def setup() -> None: - linuxnamespaces.newidmaps(pid, [uidmap], [gidmap]) + linuxnamespaces.newidmaps(pid, uidmaps, gidmaps) linuxnamespaces.unshare( linuxnamespaces.CloneFlags.NEWUSER | linuxnamespaces.CloneFlags.NEWNS |