diff options
| author | Jaime Martinez <jmartinez@gitlab.com> | 2021-01-27 09:03:49 +0300 |
|---|---|---|
| committer | Jaime Martinez <jmartinez@gitlab.com> | 2021-02-02 08:06:26 +0300 |
| commit | 76ec6a2f93097a48899bd7ac3d2ca4bbc844daaf (patch) | |
| tree | ec191ff2b08a5da415e52c4e73310d5e08c12705 | |
| parent | 47f48a65ca97ee46a6351c0a53234586ab6ef087 (diff) | |
Add jail test for linux
| -rw-r--r-- | internal/jail/jail.go | 12 | ||||
| -rw-r--r-- | internal/jail/jail_linux_test.go | 33 | ||||
| -rw-r--r-- | internal/jail/jail_test.go | 17 |
3 files changed, 61 insertions, 1 deletions
diff --git a/internal/jail/jail.go b/internal/jail/jail.go index 13c6c76d..096702ce 100644 --- a/internal/jail/jail.go +++ b/internal/jail/jail.go @@ -78,7 +78,17 @@ func (j *Jail) Build() error { } for _, dir := range j.directories { - if err := os.MkdirAll(dir.path, dir.mode); err != nil { + // create all subdirectories when jail.Create is called as all sub dirs will + // be removed on removal + if j.deleteRoot { + if err := os.MkdirAll(dir.path, dir.mode); err != nil { + j.removeAll() + return fmt.Errorf("can't create directory %q. %s", dir.path, err) + } + continue + } + + if err := os.Mkdir(dir.path, dir.mode); err != nil { j.removeAll() return fmt.Errorf("can't create directory %q. %s", dir.path, err) } diff --git a/internal/jail/jail_linux_test.go b/internal/jail/jail_linux_test.go new file mode 100644 index 00000000..8c439d53 --- /dev/null +++ b/internal/jail/jail_linux_test.go @@ -0,0 +1,33 @@ +package jail_test + +import ( + "os" + "path" + "testing" + + "github.com/stretchr/testify/require" + + "gitlab.com/gitlab-org/gitlab-pages/internal/jail" +) + +func TestJailCreateAndCleanSubPaths(t *testing.T) { + jailPath := tmpJailPath() + subPath := "/pages/sub/path" + + require.NoError(t, os.MkdirAll(jailPath+subPath, 0755)) + defer os.RemoveAll(jailPath) + + cage := jail.CreateTimestamped("gitlab-pages", 0755) + + // Bind mount shared folder + cage.MkDir(subPath, 0755) + cage.Bind(subPath, subPath) + + require.NoError(t, cage.Build()) + require.NoError(t, cage.Dispose()) + + _, err := os.Stat(path.Join(jailPath, subPath)) + require.True(t, os.IsNotExist(err), "%s in jail was not removed", subPath) + _, err = os.Stat(jailPath) + require.NoError(t, err, "/ in jail (corresponding to external directory) was removed") +} diff --git a/internal/jail/jail_test.go b/internal/jail/jail_test.go index ed52c39b..2e505803 100644 --- a/internal/jail/jail_test.go +++ b/internal/jail/jail_test.go @@ -295,3 +295,20 @@ func TestJailIntoCleansNestedDirs(t *testing.T) { _, err := os.Stat(jailPath) require.NoError(t, err, "/ in jail (corresponding to external directory) was removed") } + +func TestJailIntoSubpathsFails(t *testing.T) { + jailPath := tmpJailPath() + require.NoError(t, os.MkdirAll(jailPath, 0755)) + defer os.RemoveAll(jailPath) + + pagesRoot := "/pages/sub/path" + + chroot := jail.Into(jailPath) + chroot.MkDir(pagesRoot, 0755) + err := chroot.Build() + require.Error(t, err, "err") + require.Contains(t, err.Error(), "no such file or directory") + + _, err = os.Stat(path.Join(jailPath, pagesRoot)) + require.True(t, os.IsNotExist(err), "%s in jail was not removed", pagesRoot) +} |