2023-05-17 15:31:52 +02:00
|
|
|
package cli
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"fmt"
|
2023-05-17 16:08:49 +02:00
|
|
|
"os"
|
2023-05-17 15:31:52 +02:00
|
|
|
"strings"
|
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
|
|
"github.com/moby/sys/mountinfo"
|
|
|
|
|
|
|
|
|
|
"github.com/rfjakob/gocryptfs/v2/tests/test_helpers"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// TestDirectMount checks that the effective mount options are what we expect.
|
|
|
|
|
//
|
|
|
|
|
// This test should be run twice:
|
|
|
|
|
// 1) As a normal user (uses fusermount): make test
|
|
|
|
|
// 2) As root (mount syscall is called directly): make root_test
|
|
|
|
|
func TestDirectMount(t *testing.T) {
|
|
|
|
|
type testCase struct {
|
|
|
|
|
allow_other bool
|
2023-05-17 16:08:49 +02:00
|
|
|
noexec bool
|
|
|
|
|
suid bool
|
|
|
|
|
dev bool
|
2023-05-17 15:31:52 +02:00
|
|
|
}
|
|
|
|
|
table := []testCase{
|
2023-05-17 16:08:49 +02:00
|
|
|
{ /* all false */ },
|
2023-05-17 15:31:52 +02:00
|
|
|
{allow_other: true},
|
2023-05-17 16:08:49 +02:00
|
|
|
{noexec: true},
|
|
|
|
|
{suid: true},
|
|
|
|
|
{dev: true},
|
2023-05-17 15:31:52 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
dir := test_helpers.InitFS(t)
|
|
|
|
|
mnt := dir + ".mnt"
|
|
|
|
|
|
2023-05-17 16:08:49 +02:00
|
|
|
checkOptionPresent := func(t *testing.T, opts string, option string, want bool) {
|
|
|
|
|
split := strings.Split(opts, ",")
|
|
|
|
|
have := false
|
|
|
|
|
for _, v := range split {
|
|
|
|
|
if strings.HasPrefix(v, option) {
|
|
|
|
|
have = true
|
|
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if want != have {
|
|
|
|
|
t.Errorf("checkOptionPresent: %s: want=%v have=%v. Full string: %s", option, want, have, opts)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-05-17 15:31:52 +02:00
|
|
|
doTestMountInfo := func(t *testing.T, row testCase) {
|
2023-05-17 16:08:49 +02:00
|
|
|
test_helpers.MountOrFatal(t, dir, mnt,
|
|
|
|
|
"-extpass=echo test",
|
|
|
|
|
fmt.Sprintf("-allow_other=%v", row.allow_other),
|
|
|
|
|
fmt.Sprintf("-noexec=%v", row.noexec),
|
|
|
|
|
fmt.Sprintf("-dev=%v", row.dev),
|
|
|
|
|
fmt.Sprintf("-suid=%v", row.suid))
|
2023-05-17 15:31:52 +02:00
|
|
|
defer test_helpers.UnmountErr(mnt)
|
|
|
|
|
|
|
|
|
|
mounts, err := mountinfo.GetMounts(mountinfo.SingleEntryFilter(mnt))
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
if len(mounts) != 1 {
|
|
|
|
|
t.Fatalf("Could not find mountpoint %q in /proc/self/mountinfo", mnt)
|
|
|
|
|
}
|
|
|
|
|
info := mounts[0]
|
|
|
|
|
|
|
|
|
|
if info.FSType != "fuse.gocryptfs" {
|
|
|
|
|
t.Errorf("wrong FSType: %q", info.FSType)
|
|
|
|
|
}
|
|
|
|
|
if info.Source != dir {
|
|
|
|
|
t.Errorf("wrong Source: have %q, want %q", info.Source, dir)
|
|
|
|
|
}
|
2023-05-17 16:08:49 +02:00
|
|
|
checkOptionPresent(t, info.VFSOptions, "max_read=", true)
|
|
|
|
|
checkOptionPresent(t, info.VFSOptions, "allow_other", row.allow_other)
|
|
|
|
|
checkOptionPresent(t, info.Options, "noexec", row.noexec)
|
|
|
|
|
// Enabling suid and dev only works as root
|
|
|
|
|
if os.Getuid() == 0 {
|
|
|
|
|
checkOptionPresent(t, info.Options, "nosuid", !row.suid)
|
|
|
|
|
checkOptionPresent(t, info.Options, "nodev", !row.dev)
|
2023-05-17 15:31:52 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for _, row := range table {
|
|
|
|
|
doTestMountInfo(t, row)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
