Commit 1b7ac9fa authored by Simon Ruderich's avatar Simon Ruderich
Browse files

slsm: t: add two more link tests

parent 06305643
......@@ -119,6 +119,7 @@ test_expect_success 'disallow exec access to /tmp/slsm' "
rules p=/tmp/slsm a=$BASH m=6 &&
test_must_fail $BASH /tmp/slsm/test-me
"
test_expect_success 'no circumvention via hardlinks' "
test_when_finished cleanup && setup &&
touch /tmp/slsm/test-me &&
......@@ -137,6 +138,15 @@ test_expect_success 'no circumvention via hardlinks (inherit)' "
test_must_fail ln /tmp/slsm/test-me /tmp/slsm/test-me2
"
test_expect_success 'no circumvention via hardlinks (confine)' "
test_when_finished cleanup && setup &&
touch /tmp/slsm/test-me &&
\
rules p=/tmp/slsm/test-me m=5 f=2 '' \
p=/tmp/slsm/test-me2 m=5 &&
test_must_fail ln /tmp/slsm/test-me /tmp/slsm/test-me2
"
test_expect_success 'disallow all access to file' "
test_when_finished cleanup && setup &&
echo test-me >/tmp/slsm/test-me &&
......@@ -340,6 +350,15 @@ test_expect_success 'multiple files per node' "
test_cmp expected /tmp/slsm/e
"
test_expect_success 'symlinks and hardlinks' "
test_when_finished cleanup && setup &&
touch /tmp/slsm/x
\
rules p=/tmp/slsm a=$LN m=5 &&
test_must_fail $LN -s y /tmp/slsm/y &&
test_must_fail $LN /tmp/slsm/x /tmp/slsm/y
"
# The idea here is that ~/.ssh/private contains the private keys, symlinks in
# ~/.ssh point to those files. Access to ~/.ssh/private is restricted for all
# programs except `ssh-agent` (`head` in the test). The rules must be
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment