1 files changed, 37 insertions, 0 deletions

diff --git a/internal/jail/jail_test.go b/internal/jail/jail_test.go
index 2acbcd6d..04a00a74 100644
--- a/internal/jail/jail_test.go
+++ b/internal/jail/jail_test.go
@@ -6,6 +6,7 @@ import (
 	"os"
 	"path"
 	"runtime"
+	"syscall"
 	"testing"
 	"time"
 
@@ -113,6 +114,42 @@ func TestJailDisposeDoNotFailOnMissingPath(t *testing.T) {
 	require.NoError(t, err)
 }
 
+func TestJailWithCharacterDevice(t *testing.T) {
+	if os.Geteuid() != 0 {
+		t.Log("This test only works if run as root")
+		t.SkipNow()
+	}
+
+	// Determine the expected rdev
+	fi, err := os.Stat("/dev/urandom")
+	require.NoError(t, err)
+	sys, ok := fi.Sys().(*syscall.Stat_t)
+	if !ok {
+		t.Log("Couldn't determine expected rdev for /dev/urandom, skipping")
+		t.SkipNow()
+	}
+
+	expectedRdev := sys.Rdev
+
+	jailPath := tmpJailPath()
+	cage := jail.New(jailPath, 0755)
+	cage.MkDir("/dev", 0755)
+
+	require.NoError(t, cage.CharDev("/dev/urandom"))
+	require.NoError(t, cage.Build())
+	defer cage.Dispose()
+
+	fi, err = os.Lstat(path.Join(cage.Path(), "/dev/urandom"))
+	require.NoError(t, err)
+
+	isCharDev := fi.Mode()&os.ModeCharDevice == os.ModeCharDevice
+	assert.True(t, isCharDev, "Created file was not a character device")
+
+	sys, ok = fi.Sys().(*syscall.Stat_t)
+	require.True(t, ok, "Couldn't determine rdev of created character device")
+	assert.Equal(t, expectedRdev, sys.Rdev, "Incorrect rdev for /dev/urandom")
+}
+
 func TestJailWithFiles(t *testing.T) {
 	tests := []struct {
 		name        string