From ecaabf5e9dbf85f730d78bc9b318b89f03bdc2dc Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Sun, 16 Jan 2022 17:13:18 +0000 Subject: [PATCH] test-override: Assert pre-1.12.3 behaviour of --nofilesystem=home, host Signed-off-by: Simon McVittie (cherry picked from commit 813e1f0b3bef788553b9d37d1ec89c1124491a65) --- tests/test-override.sh | 81 +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 80 insertions(+), 1 deletion(-) diff --git a/tests/test-override.sh b/tests/test-override.sh index dcec1baf..c22f9b0e 100755 --- a/tests/test-override.sh +++ b/tests/test-override.sh @@ -17,7 +17,7 @@ reset_overrides () { assert_file_empty info } -echo "1..15" +echo "1..17" setup_repo install_repo @@ -309,3 +309,82 @@ if ! skip_one_without_bwrap "persist"; then ok "persist" fi + +reset_overrides + +if ! skip_one_without_bwrap "runtime override --nofilesystem=home"; then + mkdir -p "$HOME/dir" + mkdir -p "$TEST_DATA_DIR/dir1" + mkdir -p "$TEST_DATA_DIR/dir2" + echo "hello" > "$HOME/example" + echo "hello" > "$HOME/dir/example" + echo "hello" > "$TEST_DATA_DIR/dir1/example" + echo "hello" > "$TEST_DATA_DIR/dir2/example" + + ${FLATPAK} override --user --filesystem=home org.test.Hello + ${FLATPAK} override --user --filesystem='~/dir' org.test.Hello + ${FLATPAK} override --user --filesystem="$TEST_DATA_DIR/dir1" org.test.Hello + + ${FLATPAK} run --env=TEST_DATA_DIR="$TEST_DATA_DIR" \ + --command=sh --nofilesystem=home org.test.Hello -c ' + echo overwritten > "$HOME/dir/example" || true + echo overwritten > "$HOME/example" || true + echo overwritten > "$TEST_DATA_DIR/dir1/example" || true + echo overwritten > "$TEST_DATA_DIR/dir2/example" || true + ' + # --nofilesystem=home does not cancel a more narrowly-scoped permission + # such as --filesystem=~/dir + assert_file_has_content "$HOME/dir/example" overwritten + # --nofilesystem=home cancels the --filesystem=home at a lower precedence, + # so $HOME/example was not shared + assert_file_has_content "$HOME/example" hello + # --nofilesystem=home does not affect access to files outside $HOME + assert_file_has_content "$TEST_DATA_DIR/dir1/example" overwritten + assert_file_has_content "$TEST_DATA_DIR/dir2/example" hello + + rm -fr "$HOME/dir" + rm -fr "$HOME/example" + rm -fr "$TEST_DATA_DIR/dir1" + rm -fr "$TEST_DATA_DIR/dir2" + + ok "runtime override --nofilesystem=home" +fi + +reset_overrides + +if ! skip_one_without_bwrap "runtime override --nofilesystem=host"; then + mkdir -p "$HOME/dir" + mkdir -p "$TEST_DATA_DIR/dir1" + mkdir -p "$TEST_DATA_DIR/dir2" + echo "hello" > "$HOME/example" + echo "hello" > "$HOME/dir/example" + echo "hello" > "$TEST_DATA_DIR/dir1/example" + echo "hello" > "$TEST_DATA_DIR/dir2/example" + + ${FLATPAK} override --user --filesystem=host org.test.Hello + ${FLATPAK} override --user --filesystem='~/dir' org.test.Hello + ${FLATPAK} override --user --filesystem="$TEST_DATA_DIR/dir1" org.test.Hello + + ${FLATPAK} run --env=TEST_DATA_DIR="$TEST_DATA_DIR" \ + --command=sh --nofilesystem=host org.test.Hello -c ' + echo overwritten > "$HOME/dir/example" || true + echo overwritten > "$HOME/example" || true + echo overwritten > "$TEST_DATA_DIR/dir1/example" || true + echo overwritten > "$TEST_DATA_DIR/dir2/example" || true + ' + # --nofilesystem=host does not cancel a more narrowly-scoped permission + # such as --filesystem=~/dir + assert_file_has_content "$HOME/dir/example" overwritten + assert_file_has_content "$TEST_DATA_DIR/dir1/example" overwritten + # --nofilesystem=host cancels the --filesystem=host at a lower precedence, + # so $HOME/example was not shared + assert_file_has_content "$HOME/example" hello + assert_file_has_content "$TEST_DATA_DIR/dir2/example" hello + + rm -fr "$HOME/dir" + rm -fr "$HOME/example" + rm -fr "$TEST_DATA_DIR/dir1" + rm -fr "$TEST_DATA_DIR/dir2" + + ok "runtime override --nofilesystem=host" +fi