Merge pull request #136 from asomers/securelevel

Convert chflags/09.t
saidsay-so · Feb 19, 2024 · 6827423 · 6827423
2 parents a745bdd + d4743eb
commit 6827423
Show file tree

Hide file tree

Showing 4 changed files with 190 additions and 7 deletions.
diff --git a/rust/Cargo.lock b/rust/Cargo.lock
diff --git a/rust/Cargo.toml b/rust/Cargo.toml
@@ -20,6 +20,9 @@ inventory = "0.3.0"
 walkdir = "2.3.2"
 sysctl = "0.5.2"
 
+[target.'cfg(target_os = "freebsd")'.dependencies]
+jail = "0.2.0"
+
 [target.'cfg(target_os = "linux")'.dependencies]
 caps = "0.5.4"
 

diff --git a/rust/src/context.rs b/rust/src/context.rs
@@ -77,6 +77,8 @@ pub struct TestContext<'a> {
     temp_dir: &'a Path,
     features_config: &'a FeaturesConfig,
     auth_entries: DummyAuthEntries<'a>,
+    #[cfg(target_os = "freebsd")]
+    jail: Option<jail::RunningJail>
 }
 
 pub struct SerializedTestContext<'a> {
@@ -162,6 +164,8 @@ impl<'a> TestContext<'a> {
             temp_dir,
             features_config: &config.features,
             auth_entries: DummyAuthEntries::new(entries),
+            #[cfg(target_os = "freebsd")]
+            jail: None
         }
     }
 
@@ -275,6 +279,12 @@ impl<'a> TestContext<'a> {
     pub fn nap(&self) {
         thread::sleep(self.naptime)
     }
+
+    /// Set this Context's jail, so it will be destroyed during teardown.
+    #[cfg(target_os = "freebsd")]
+    pub fn set_jail(&mut self, jail: jail::RunningJail) {
+        self.jail = Some(jail)
+    }
 }
 
 // We implement Drop to circumvent the errors which arise from unlinking a directory for which
@@ -325,6 +335,12 @@ impl<'a> Drop for TestContext<'a> {
                         let _ = lchflags(entry.path(), FileFlag::empty());
                     }
                 }
+
+                // Shut down any jails
+                #[cfg(target_os = "freebsd")]
+                if let Some(jail) = self.jail.take() {
+                    let _ = jail.kill();
+                }
             }
         }
     }

diff --git a/rust/src/tests/chflags.rs b/rust/src/tests/chflags.rs
@@ -236,5 +236,43 @@ enoent_comp_test_case!(chflags(~path, FileFlag::empty()));
 // chflags/06.t
 eloop_comp_test_case!(chflags(~path, FileFlag::empty()));
 
+// chflags/09.t
+#[cfg(target_os = "freebsd")]
+crate::test_case! {
+    /// chflags returns EPERM when one of SF_IMMUTABLE, SF_APPEND, or SF_NOUNLINK is set and
+    /// securelevel is greater than 0
+    securelevel, root, FileSystemFeature::Chflags =>
+        [Regular, Dir, Fifo, Block, Char, Socket, Symlink(None)]
+}
+#[cfg(target_os = "freebsd")]
+fn securelevel(ctx: &mut TestContext, ft: FileType) {
+    use jail::process::Jailed;
+    use std::ffi::OsStr;
+    use std::os::unix::ffi::OsStrExt;
+
+    let jail = jail::StoppedJail::new("/")
+        .name("pjdfstest_chflags_securelevel")
+        .param("allow.chflags", jail::param::Value::Int(1))
+        .param("securelevel", jail::param::Value::Int(1));
+    let jail = jail.start().unwrap();
+    ctx.set_jail(jail);
+
+    for flag in [FileFlags::SF_IMMUTABLE, FileFlags::SF_APPEND, FileFlags::SF_NOUNLINK] {
+        let file = ctx.create(ft.clone()).unwrap();
+        lchflags(&file, flag.into()).unwrap();
+
+        // Since this is a multithreaded application, we can't simply fork and chflags().  Instead,
+        // execute a child process to test the operation.
+        let r = std::process::Command::new("/bin/chflags")
+            .args(["-h", "0"])
+            .arg(ctx.base_path().join(&file))
+            .jail(&jail)
+            .output()
+            .unwrap();
+        assert!(!r.status.success());
+        assert!(OsStr::from_bytes(&r.stderr).to_string_lossy().contains("Operation not permitted"));
+    }
+}
+
 // chflags/13.t
 efault_path_test_case!(chflags, |ptr| nix::libc::chflags(ptr, 0));