[Buildroot] [PATCH 1/1] support/testing: new acl runtime test

* [Buildroot] [PATCH 1/1] support/testing: new acl runtime test
@ 2024-02-06 19:52 Julien Olivain
  2024-02-06 21:48 ` Peter Korsgaard
  0 siblings, 1 reply; 2+ messages in thread
From: Julien Olivain @ 2024-02-06 19:52 UTC (permalink / raw)
  To: buildroot; +Cc: Julien Olivain

Signed-off-by: Julien Olivain <ju.o@free.fr>
---
 DEVELOPERS                                |  1 +
 support/testing/tests/package/test_acl.py | 87 +++++++++++++++++++++++
 2 files changed, 88 insertions(+)
 create mode 100644 support/testing/tests/package/test_acl.py

diff --git a/DEVELOPERS b/DEVELOPERS
index 4b8d195f9f..ce248e8706 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -1762,6 +1762,7 @@ F:	support/testing/tests/package/sample_python_midiutil.py
 F:	support/testing/tests/package/sample_python_ml_dtypes.py
 F:	support/testing/tests/package/sample_python_pyalsa.py
 F:	support/testing/tests/package/sample_python_spake2.py
+F:	support/testing/tests/package/test_acl.py
 F:	support/testing/tests/package/test_acpica.py
 F:	support/testing/tests/package/test_acpica/
 F:	support/testing/tests/package/test_apache.py
diff --git a/support/testing/tests/package/test_acl.py b/support/testing/tests/package/test_acl.py
new file mode 100644
index 0000000000..e4827c7bec
--- /dev/null
+++ b/support/testing/tests/package/test_acl.py
@@ -0,0 +1,87 @@
+import os
+
+import infra.basetest
+
+
+class TestAcl(infra.basetest.BRTest):
+    # Note: this test requires a Kernel with a filesystem on /tmp
+    # supporting ACLs. This is the case for the basetest reference
+    # config. Kernel has CONFIG_TMPFS_POSIX_ACL=y, and /tmp is tmpfs
+    # in the default Buildroot config.
+    config = infra.basetest.BASIC_TOOLCHAIN_CONFIG + \
+        """
+        BR2_PACKAGE_ACL=y
+        BR2_TARGET_ROOTFS_CPIO=y
+        # BR2_TARGET_ROOTFS_TAR is not set
+        """
+
+    def test_run(self):
+        cpio_file = os.path.join(self.builddir, "images", "rootfs.cpio")
+        self.emulator.boot(arch="armv5",
+                           kernel="builtin",
+                           options=["-initrd", cpio_file])
+        self.emulator.login()
+
+        # Check the programs can execute.
+        self.assertRunOk("getfacl --version")
+        self.assertRunOk("setfacl --version")
+
+        # Constants used in this test.
+        test_user = "acltest"
+        test_data = "Hello Buildroot!"
+        test_file = "/tmp/file.txt"
+
+        # Create a test user:
+        # -D    don't set a password
+        # -h    set home directory
+        # -H    don't create home directory
+        # -s    set shell to /bin/sh
+        self.assertRunOk(f"adduser -D -h /tmp -H -s /bin/sh {test_user}")
+
+        # Create a test file, and make sure the owner is "root" with
+        # standard Unix permissions to read/write only for the owner.
+        self.assertRunOk(f"echo '{test_data}' > {test_file}")
+        self.assertRunOk(f"chown root:root {test_file}")
+        self.assertRunOk(f"chmod 0600 {test_file}")
+
+        # Check we have no ACL for the test user.
+        getacl_cmd = f"getfacl -c -p {test_file}"
+        out, ret = self.emulator.run(getacl_cmd)
+        self.assertEqual(ret, 0)
+        self.assertNotIn(f"user:{test_user}:", "\n".join(out))
+
+        # Reading the file as the test user is expected to fail.
+        test_read_cmd = f"su - {test_user} -c 'cat {test_file}'"
+        _, ret = self.emulator.run(test_read_cmd)
+        self.assertNotEqual(ret, 0)
+
+        # We add a special read ACL for the test user.
+        cmd = f"setfacl -m u:{test_user}:r {test_file}"
+        self.assertRunOk(cmd)
+
+        # Check we now have an ACL entry for the test user.
+        out, ret = self.emulator.run(getacl_cmd)
+        self.assertEqual(ret, 0)
+        self.assertIn(f"user:{test_user}:", "\n".join(out))
+
+        # Reading the file as the test user is now expected to
+        # succeed.
+        out, ret = self.emulator.run(test_read_cmd)
+        self.assertEqual(ret, 0)
+        self.assertEqual(out[0], test_data)
+
+        # Attempting to write to the file as the test user is expected
+        # to fail (since we put an ACL only for reading).
+        cmd = f"su - {test_user} -c 'echo WriteTest > {test_file}'"
+        _, ret = self.emulator.run(cmd)
+        self.assertNotEqual(ret, 0)
+
+        # Remove all ACLs. This could have been done with the command
+        # "setfacl -b". Instead, we use the "chacl -B" command which
+        # is doing the same. The reason is to slightly improve the
+        # coverage of this test, by including an execution of "chacl".
+        self.assertRunOk(f"chacl -B {test_file}")
+
+        # Reading the file as the test user is expected to fail again.
+        _, ret = self.emulator.run(test_read_cmd)
+        self.assertNotEqual(ret, 0)
-- 
2.43.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 2+ messages in thread