@@ -1762,6 +1762,7 @@ F: support/testing/tests/package/sample_python_midiutil.py
F: support/testing/tests/package/sample_python_ml_dtypes.py
F: support/testing/tests/package/sample_python_pyalsa.py
F: support/testing/tests/package/sample_python_spake2.py
+F: support/testing/tests/package/test_acl.py
F: support/testing/tests/package/test_acpica.py
F: support/testing/tests/package/test_acpica/
F: support/testing/tests/package/test_apache.py
new file mode 100644
@@ -0,0 +1,87 @@
+import os
+
+import infra.basetest
+
+
+class TestAcl(infra.basetest.BRTest):
+ # Note: this test requires a Kernel with a filesystem on /tmp
+ # supporting ACLs. This is the case for the basetest reference
+ # config. Kernel has CONFIG_TMPFS_POSIX_ACL=y, and /tmp is tmpfs
+ # in the default Buildroot config.
+ config = infra.basetest.BASIC_TOOLCHAIN_CONFIG + \
+ """
+ BR2_PACKAGE_ACL=y
+ BR2_TARGET_ROOTFS_CPIO=y
+ # BR2_TARGET_ROOTFS_TAR is not set
+ """
+
+ def test_run(self):
+ cpio_file = os.path.join(self.builddir, "images", "rootfs.cpio")
+ self.emulator.boot(arch="armv5",
+ kernel="builtin",
+ options=["-initrd", cpio_file])
+ self.emulator.login()
+
+ # Check the programs can execute.
+ self.assertRunOk("getfacl --version")
+ self.assertRunOk("setfacl --version")
+
+ # Constants used in this test.
+ test_user = "acltest"
+ test_data = "Hello Buildroot!"
+ test_file = "/tmp/file.txt"
+
+ # Create a test user:
+ # -D don't set a password
+ # -h set home directory
+ # -H don't create home directory
+ # -s set shell to /bin/sh
+ self.assertRunOk(f"adduser -D -h /tmp -H -s /bin/sh {test_user}")
+
+ # Create a test file, and make sure the owner is "root" with
+ # standard Unix permissions to read/write only for the owner.
+ self.assertRunOk(f"echo '{test_data}' > {test_file}")
+ self.assertRunOk(f"chown root:root {test_file}")
+ self.assertRunOk(f"chmod 0600 {test_file}")
+
+ # Check we have no ACL for the test user.
+ getacl_cmd = f"getfacl -c -p {test_file}"
+ out, ret = self.emulator.run(getacl_cmd)
+ self.assertEqual(ret, 0)
+ self.assertNotIn(f"user:{test_user}:", "\n".join(out))
+
+ # Reading the file as the test user is expected to fail.
+ test_read_cmd = f"su - {test_user} -c 'cat {test_file}'"
+ _, ret = self.emulator.run(test_read_cmd)
+ self.assertNotEqual(ret, 0)
+
+ # We add a special read ACL for the test user.
+ cmd = f"setfacl -m u:{test_user}:r {test_file}"
+ self.assertRunOk(cmd)
+
+ # Check we now have an ACL entry for the test user.
+ out, ret = self.emulator.run(getacl_cmd)
+ self.assertEqual(ret, 0)
+ self.assertIn(f"user:{test_user}:", "\n".join(out))
+
+ # Reading the file as the test user is now expected to
+ # succeed.
+ out, ret = self.emulator.run(test_read_cmd)
+ self.assertEqual(ret, 0)
+ self.assertEqual(out[0], test_data)
+
+ # Attempting to write to the file as the test user is expected
+ # to fail (since we put an ACL only for reading).
+ cmd = f"su - {test_user} -c 'echo WriteTest > {test_file}'"
+ _, ret = self.emulator.run(cmd)
+ self.assertNotEqual(ret, 0)
+
+ # Remove all ACLs. This could have been done with the command
+ # "setfacl -b". Instead, we use the "chacl -B" command which
+ # is doing the same. The reason is to slightly improve the
+ # coverage of this test, by including an execution of "chacl".
+ self.assertRunOk(f"chacl -B {test_file}")
+
+ # Reading the file as the test user is expected to fail again.
+ _, ret = self.emulator.run(test_read_cmd)
+ self.assertNotEqual(ret, 0)
Signed-off-by: Julien Olivain <ju.o@free.fr> --- DEVELOPERS | 1 + support/testing/tests/package/test_acl.py | 87 +++++++++++++++++++++++ 2 files changed, 88 insertions(+) create mode 100644 support/testing/tests/package/test_acl.py