diff --git a/tests/test-run.sh b/tests/test-run.sh index c5cff7f1..3621649f 100644 --- a/tests/test-run.sh +++ b/tests/test-run.sh @@ -24,7 +24,7 @@ set -euo pipefail skip_without_bwrap skip_revokefs_without_fuse -echo "1..21" +echo "1..25" # Use stable rather than master as the branch so we can test that the run # command automatically finds the branch correctly @@ -552,3 +552,42 @@ ${FLATPAK} ${U} info -m org.test.App > out assert_file_has_content out "^sdk=org\.test\.Sdk/$(flatpak --default-arch)/stable$" ok "--sdk option" + +rm -fr "$HOME/.var/app/org.test.Hello" +mkdir -p "$HOME/.var/app/org.test.Hello" +run --command=sh --persist=.persist org.test.Hello -c 'echo can-persist > .persist/rc' +sed -e 's,^,#--persist=.persist# ,g' < "$HOME/.var/app/org.test.Hello/.persist/rc" >&2 +assert_file_has_content "$HOME/.var/app/org.test.Hello/.persist/rc" "can-persist" + +ok "--persist=.persist persists a directory" + +rm -fr "$HOME/.var/app/org.test.Hello" +mkdir -p "$HOME/.var/app/org.test.Hello" +# G_DEBUG= to avoid the deprecation warning being fatal +G_DEBUG= run --command=sh --persist=/.persist org.test.Hello -c 'echo can-persist > .persist/rc' +sed -e 's,^,#--persist=/.persist# ,g' < "$HOME/.var/app/org.test.Hello/.persist/rc" >&2 +assert_file_has_content "$HOME/.var/app/org.test.Hello/.persist/rc" "can-persist" + +ok "--persist=/.persist is a deprecated form of --persist=.persist" + +rm -fr "$HOME/.var/app/org.test.Hello" +mkdir -p "$HOME/.var/app/org.test.Hello" +run --command=sh --persist=. org.test.Hello -c 'echo can-persist > .persistrc' +sed -e 's,^,#--persist=.# ,g' < "$HOME/.var/app/org.test.Hello/.persistrc" >&2 +assert_file_has_content "$HOME/.var/app/org.test.Hello/.persistrc" "can-persist" + +ok "--persist=. persists all files" + +mkdir "${TEST_DATA_DIR}/inaccessible" +echo FOO > ${TEST_DATA_DIR}/inaccessible/secret-file +rm -fr "$HOME/.var/app/org.test.Hello" +mkdir -p "$HOME/.var/app/org.test.Hello" +ln -fns "${TEST_DATA_DIR}/inaccessible" "$HOME/.var/app/org.test.Hello/persist" +# G_DEBUG= to avoid the warnings being fatal when we reject a --persist option. +# LC_ALL=C so we get the expected non-localized string. +LC_ALL=C G_DEBUG= run --command=ls --persist=persist --persist=relative/../escape org.test.Hello -la ~/persist &> hello_out || true +sed -e 's,^,#--persist=symlink# ,g' < hello_out >&2 +assert_file_has_content hello_out "not allowed to avoid sandbox escape" +assert_not_file_has_content hello_out "secret-file" + +ok "--persist doesn't allow sandbox escape via a symlink (CVE-2024-42472)"