Message ID | 20210505191344.2108832-1-arnout@mind.be |
---|---|
State | Accepted |
Headers | show |
Series | support/testing: add sudo package test | expand |
>>>>> "Arnout" == Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> writes: > Create a new user 'sudotest' to validate that sudo really works (i.e. > properly has setuid). > Creating the user and adding it to sudoers is done at runtime, otherwise > we'd need to add extra files to the config which complicates things a > little bit. > Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> > --- > support/testing/tests/package/test_sudo.py | 36 ++++++++++++++++++++++ > 1 file changed, 36 insertions(+) > create mode 100644 support/testing/tests/package/test_sudo.py > diff --git a/support/testing/tests/package/test_sudo.py b/support/testing/tests/package/test_sudo.py > new file mode 100644 > index 0000000000..f9d0a6f301 > --- /dev/null > +++ b/support/testing/tests/package/test_sudo.py > @@ -0,0 +1,36 @@ > +import os > + > +import infra.basetest > + > + > +class TestSudo(infra.basetest.BRTest): > + config = infra.basetest.BASIC_TOOLCHAIN_CONFIG + \ > + """ > + BR2_PACKAGE_SUDO=y > + BR2_TARGET_ROOTFS_CPIO=y > + # BR2_TARGET_ROOTFS_TAR is not set > + """ initrd, so that implies writable rootfs - So we don't really need those special adduser flags, but OK. Committed, thanks.
On 10/05/2021 22:14, Peter Korsgaard wrote: >>>>>> "Arnout" == Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> writes: > > > Create a new user 'sudotest' to validate that sudo really works (i.e. > > properly has setuid). > > > Creating the user and adding it to sudoers is done at runtime, otherwise > > we'd need to add extra files to the config which complicates things a > > little bit. > > > Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> > > --- > > support/testing/tests/package/test_sudo.py | 36 ++++++++++++++++++++++ > > 1 file changed, 36 insertions(+) > > create mode 100644 support/testing/tests/package/test_sudo.py > > > diff --git a/support/testing/tests/package/test_sudo.py b/support/testing/tests/package/test_sudo.py > > new file mode 100644 > > index 0000000000..f9d0a6f301 > > --- /dev/null > > +++ b/support/testing/tests/package/test_sudo.py > > @@ -0,0 +1,36 @@ > > +import os > > + > > +import infra.basetest > > + > > + > > +class TestSudo(infra.basetest.BRTest): > > + config = infra.basetest.BASIC_TOOLCHAIN_CONFIG + \ > > + """ > > + BR2_PACKAGE_SUDO=y > > + BR2_TARGET_ROOTFS_CPIO=y > > + # BR2_TARGET_ROOTFS_TAR is not set > > + """ > > initrd, so that implies writable rootfs - So we don't really need those > special adduser flags, but OK. I'm not sure what you mean. Do you mean the flags to use /tmp as a home directory? There was a reason I added those for a reason I think, but I forgot why :-( Regards, Arnout > > Committed, thanks. >
>>>>> "Arnout" == Arnout Vandecappelle <arnout@mind.be> writes: Hi, >> initrd, so that implies writable rootfs - So we don't really need those >> special adduser flags, but OK. > I'm not sure what you mean. Do you mean the flags to use /tmp as a home > directory? There was a reason I added those for a reason I think, but I forgot > why :-( Yes, exactly. When I saw those flags I thought you were trying to make it work with a read only rootfs, but given the cpio that cannot have been it. Anyway, this works.
diff --git a/support/testing/tests/package/test_sudo.py b/support/testing/tests/package/test_sudo.py new file mode 100644 index 0000000000..f9d0a6f301 --- /dev/null +++ b/support/testing/tests/package/test_sudo.py @@ -0,0 +1,36 @@ +import os + +import infra.basetest + + +class TestSudo(infra.basetest.BRTest): + config = infra.basetest.BASIC_TOOLCHAIN_CONFIG + \ + """ + BR2_PACKAGE_SUDO=y + BR2_TARGET_ROOTFS_CPIO=y + # BR2_TARGET_ROOTFS_TAR is not set + """ + + def test_run(self): + img = os.path.join(self.builddir, "images", "rootfs.cpio") + self.emulator.boot(arch="armv5", + kernel="builtin", + options=["-initrd", img]) + self.emulator.login() + + # -D don't set a password + # -h set home directory + # -H don't create home directory + # -s set shell + _, exit_code = self.emulator.run("adduser -D -h /tmp -H -s /bin/sh sudotest") + self.assertEqual(exit_code, 0) + + _, exit_code = self.emulator.run("echo 'sudotest ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers") + self.assertEqual(exit_code, 0) + + output, exit_code = self.emulator.run("su - sudotest -c 'echo hello world'") + self.assertEqual(output, ["hello world"]) + + output, exit_code = self.emulator.run("su - sudotest -c 'sudo echo hello world'") + self.assertEqual(exit_code, 0) + self.assertEqual(output, ["hello world"])
Create a new user 'sudotest' to validate that sudo really works (i.e. properly has setuid). Creating the user and adding it to sudoers is done at runtime, otherwise we'd need to add extra files to the config which complicates things a little bit. Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> --- support/testing/tests/package/test_sudo.py | 36 ++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 support/testing/tests/package/test_sudo.py