Commit eea47b7eab5ae60db6af643e9518a0b691d13bc6
2019-01-04T18:22:11
apply unveil(2) to worktree tests
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53
diff --git a/regress/worktree/worktree_test.c b/regress/worktree/worktree_test.c
index ecfab51..cdad09e 100644
--- a/regress/worktree/worktree_test.c
+++ b/regress/worktree/worktree_test.c
@@ -35,6 +35,7 @@
#include "got_repository.h"
#include "got_worktree.h"
#include "got_opentemp.h"
+#include "got_privsep.h"
#include "got_lib_worktree.h"
#include "got_lib_path.h"
@@ -395,11 +396,12 @@ main(int argc, char *argv[])
{
int test_ok = 0, failure = 0;
const char *repo_path;
+ char *cwd = NULL;
int ch;
#ifndef PROFILE
- if (pledge("stdio rpath wpath cpath flock proc exec sendfd", NULL)
- == -1)
+ if (pledge("stdio rpath wpath cpath flock proc exec sendfd unveil",
+ NULL) == -1)
err(1, "pledge");
#endif
@@ -425,6 +427,25 @@ main(int argc, char *argv[])
return 1;
}
+ cwd = getcwd(NULL, 0);
+ if (cwd == NULL)
+ err(1, "getcwd");
+ if (unveil(cwd, "rwc") != 0)
+ err(1, "unvail");
+ free(cwd);
+
+ if (unveil("/tmp", "rwc") != 0)
+ err(1, "unveil");
+
+ if (unveil(repo_path, "r") != 0)
+ err(1, "unveil");
+
+ if (got_privsep_unveil_exec_helpers() != NULL)
+ return 1;
+
+ if (unveil(NULL, NULL) != 0)
+ err(1, "unveil");
+
RUN_TEST(worktree_init(repo_path), "init");
RUN_TEST(worktree_init_exists(repo_path), "init exists");
RUN_TEST(worktree_checkout(repo_path), "checkout");