diff options
| author | Roger Leigh <rleigh@debian.org> | 2009-09-27 20:54:49 +0100 |
|---|---|---|
| committer | Roger Leigh <rleigh@debian.org> | 2009-09-27 20:54:49 +0100 |
| commit | 15f37205a1ac958eb94cf23e30042455d85af049 (patch) | |
| tree | a97852c890b314b91ea0f5bf871e33d37846415e /test | |
| parent | 4cf19754d5225f516898ead8644255aeb40d12bb (diff) | |
| download | schroot-15f37205a1ac958eb94cf23e30042455d85af049.tar.gz | |
sbuild::chroot_facet_session_clonable: Only allow session creator to access session
Previously, any user who had access to a chroot automatically gained
access to any sessions created from the chroot. This has now changed.
Only the user creating the session will be granted access, in order
to improve the security of sessions.
The chroot clone_session method takes two additional arguments: the
user who will own the session, and whether or not the user is to
have root access. This is used by the session code, and eventually
passed to the session clone_session_setup method which will update
the properties to match what was requested.
Diffstat (limited to 'test')
| -rw-r--r-- | test/sbuild-chroot-block-device.cc | 4 | ||||
| -rw-r--r-- | test/sbuild-chroot-directory.cc | 4 | ||||
| -rw-r--r-- | test/sbuild-chroot-file.cc | 2 | ||||
| -rw-r--r-- | test/sbuild-chroot-loopback.cc | 4 | ||||
| -rw-r--r-- | test/sbuild-chroot-lvm-snapshot.cc | 2 | ||||
| -rw-r--r-- | test/sbuild-chroot.cc | 4 | ||||
| -rw-r--r-- | test/test-sbuild-chroot.h | 18 |
7 files changed, 27 insertions, 11 deletions
diff --git a/test/sbuild-chroot-block-device.cc b/test/sbuild-chroot-block-device.cc index 618742c1..20415c0b 100644 --- a/test/sbuild-chroot-block-device.cc +++ b/test/sbuild-chroot-block-device.cc @@ -240,7 +240,7 @@ public: { sbuild::keyfile expected; const std::string group(session->get_name()); - setup_keyfile_chroot(expected, group); + setup_keyfile_session(expected, group); setup_keyfile_block(expected, group); expected.set_value(group, "name", "test-session-name"); expected.set_value(group, "mount-device", "/dev/testdev"); @@ -270,7 +270,7 @@ public: { sbuild::keyfile expected; const std::string group(session_union->get_name()); - setup_keyfile_chroot(expected, group); + setup_keyfile_session(expected, group); setup_keyfile_block(expected, group); expected.set_value(group, "name", "test-union-session-name"); expected.set_value(group, "mount-device", "/dev/testdev"); diff --git a/test/sbuild-chroot-directory.cc b/test/sbuild-chroot-directory.cc index f4b53762..791d93c8 100644 --- a/test/sbuild-chroot-directory.cc +++ b/test/sbuild-chroot-directory.cc @@ -217,7 +217,7 @@ public: { sbuild::keyfile expected; const std::string group(session->get_name()); - setup_keyfile_chroot(expected, group); + setup_keyfile_session(expected, group); expected.set_value(group, "type", "directory"); expected.set_value(group, "name", "test-session-name"); expected.set_value(group, "directory", "/srv/chroot/example-chroot"); @@ -248,7 +248,7 @@ public: { sbuild::keyfile expected; const std::string group(session_union->get_name()); - setup_keyfile_chroot(expected, group); + setup_keyfile_session(expected, group); expected.set_value(group, "type", "directory"); expected.set_value(group, "name", "test-union-session-name"); expected.set_value(group, "directory", "/srv/chroot/example-chroot"); diff --git a/test/sbuild-chroot-file.cc b/test/sbuild-chroot-file.cc index ecd01d8e..39196fe9 100644 --- a/test/sbuild-chroot-file.cc +++ b/test/sbuild-chroot-file.cc @@ -190,7 +190,7 @@ public: { sbuild::keyfile expected; const std::string group(session->get_name()); - setup_keyfile_chroot(expected, group); + setup_keyfile_session(expected, group); setup_keyfile_file(expected, group); expected.set_value(group, "name", "test-session-name"); expected.set_value(group, "file-repack", "false"); diff --git a/test/sbuild-chroot-loopback.cc b/test/sbuild-chroot-loopback.cc index a575e221..896537ff 100644 --- a/test/sbuild-chroot-loopback.cc +++ b/test/sbuild-chroot-loopback.cc @@ -240,7 +240,7 @@ public: { sbuild::keyfile expected; const std::string group(session->get_name()); - setup_keyfile_chroot(expected, group); + setup_keyfile_session(expected, group); setup_keyfile_loop(expected, group); expected.set_value(group, "name", "test-session-name"); expected.set_value(group, "mount-device", loopback_file); @@ -270,7 +270,7 @@ public: { sbuild::keyfile expected; const std::string group(session_union->get_name()); - setup_keyfile_chroot(expected, group); + setup_keyfile_session(expected, group); setup_keyfile_loop(expected, group); expected.set_value(group, "name", "test-union-session-name"); expected.set_value(group, "mount-device", loopback_file); diff --git a/test/sbuild-chroot-lvm-snapshot.cc b/test/sbuild-chroot-lvm-snapshot.cc index cc7330a6..f64049cb 100644 --- a/test/sbuild-chroot-lvm-snapshot.cc +++ b/test/sbuild-chroot-lvm-snapshot.cc @@ -203,7 +203,7 @@ public: { sbuild::keyfile expected; const std::string group(session->get_name()); - setup_keyfile_chroot(expected, group); + setup_keyfile_session(expected, group); setup_keyfile_lvm(expected, group); expected.set_value(group, "type", "lvm-snapshot"); expected.set_value(group, "name", "test-session-name"); diff --git a/test/sbuild-chroot.cc b/test/sbuild-chroot.cc index 65432b96..8796baa9 100644 --- a/test/sbuild-chroot.cc +++ b/test/sbuild-chroot.cc @@ -45,7 +45,9 @@ public: { return ptr(new basic_chroot(*this)); } virtual ptr - clone_session (std::string const& session_id) const + clone_session (std::string const& session_id, + std::string const& user, + bool root) const { return ptr(); } diff --git a/test/test-sbuild-chroot.h b/test/test-sbuild-chroot.h index 14e16c46..e8c3f130 100644 --- a/test/test-sbuild-chroot.h +++ b/test/test-sbuild-chroot.h @@ -80,7 +80,9 @@ public: (this->chroot->template get_facet<sbuild::chroot_facet_session_clonable>()); if (psess) { - this->session = this->chroot->clone_session("test-session-name"); + this->session = this->chroot->clone_session("test-session-name", + "user1", + false); if (this->session) { CPPUNIT_ASSERT(this->session->get_active() == true); @@ -124,7 +126,9 @@ public: un->set_union_mount_options("union-mount-options"); this->session_union = - this->chroot_union->clone_session("test-union-session-name"); + this->chroot_union->clone_session("test-union-session-name", + "user1", + false); this->source_union = chroot_union->clone_source(); CPPUNIT_ASSERT(this->session_union); @@ -192,6 +196,16 @@ public: keyfile.set_value(group, "script-config", "script-defaults"); } + void setup_keyfile_session (sbuild::keyfile& keyfile, + std::string const& group) + { + setup_keyfile_chroot(keyfile, group); + keyfile.set_value(group, "users", "user1"); + keyfile.set_value(group, "root-users", ""); + keyfile.set_value(group, "groups", ""); + keyfile.set_value(group, "root-groups", ""); + } + void setup_keyfile_union_unconfigured (sbuild::keyfile& keyfile, std::string const& group) { |