2023-03-21 06:49:24 -06:00
|
|
|
package protect
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"os"
|
2023-03-21 07:22:37 -06:00
|
|
|
"path"
|
2023-03-21 06:49:24 -06:00
|
|
|
"runtime"
|
|
|
|
|
"testing"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func TestLandlockFileWrite(t *testing.T) {
|
|
|
|
|
if runtime.GOOS != "linux" {
|
|
|
|
|
t.Skip("Not running on Linux... skipping landlock test")
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-21 07:22:37 -06:00
|
|
|
dir, err := os.MkdirTemp("", "landlock")
|
2023-03-21 06:49:24 -06:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
2023-03-21 07:22:37 -06:00
|
|
|
defer os.RemoveAll(dir)
|
2023-03-21 06:49:24 -06:00
|
|
|
|
2023-03-21 07:22:37 -06:00
|
|
|
unveil(dir, "r")
|
2023-03-21 06:49:24 -06:00
|
|
|
err = unveilBlock()
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-21 07:22:37 -06:00
|
|
|
f, err := os.OpenFile(path.Join(dir, "deadbeef"), os.O_RDWR|os.O_CREATE, 0600)
|
|
|
|
|
if err == nil {
|
|
|
|
|
t.Fatalf("should not have been able to create %q, but was able to do so\n", f.Name())
|
2023-03-21 06:49:24 -06:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestLandlockRO(t *testing.T) {
|
|
|
|
|
if runtime.GOOS != "linux" {
|
|
|
|
|
t.Skip("Not running on Linux... skipping landlock test")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
unveil("/tmp", "r")
|
|
|
|
|
err := unveilBlock()
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
f, err := os.CreateTemp("", "landlockTest")
|
|
|
|
|
if err == nil {
|
|
|
|
|
t.Fatalf("should not have been able to create %q, but was able to do so\n", f.Name())
|
|
|
|
|
}
|
|
|
|
|
}
|
