asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
|
Last change
on this file since 9e56602 was
4d2d182,
checked in by Thomas Klute <thomas2.klute@…>, 5 years ago
|
|
Test suite: Switch to non-root user namespace before running Apache
Apache tries to switch permissions to a non-root user when started as
root. However, inside a namespace with pseudo root access (needed to
bring up the loopback device of the network namespace) this fails
because no such user exists inside the namespace. Changing to a
non-root user namespace beforehand avoids the issue.
|
-
Property mode set to
100644
|
|
File size:
1.3 KB
|
| Rev | Line | |
|---|
| [412ee84] | 1 | #!/bin/bash |
|---|
| 2 | |
|---|
| 3 | # Usage: wait_pid_gone ${FILE} |
|---|
| 4 | # |
|---|
| 5 | # Wait until $FILE disappears, but no longer than $TEST_LOCK_WAIT |
|---|
| 6 | # seconds |
|---|
| 7 | function wait_pid_gone |
|---|
| 8 | { |
|---|
| 9 | local pid_file="${1}" |
|---|
| 10 | local pid_wait=0 |
|---|
| 11 | while [ -e "${pid_file}" ]; do |
|---|
| 12 | if [ "$((pid_wait++))" -gt "${TEST_LOCK_WAIT}" ]; then |
|---|
| 13 | return 1 |
|---|
| 14 | fi |
|---|
| 15 | sleep 1 |
|---|
| 16 | done |
|---|
| 17 | } |
|---|
| [cf4e708] | 18 | |
|---|
| 19 | |
|---|
| 20 | |
|---|
| 21 | # Usage: netns_reexec ${@} |
|---|
| 22 | # |
|---|
| 23 | # If USE_TEST_NAMESPACE is set and MGS_NETNS_ACTIVE is not, exec the |
|---|
| 24 | # running command inside a new namespace with active loopback |
|---|
| 25 | # interface and MGS_NETNS_ACTIVE defined. This function can be used to |
|---|
| 26 | # isolate each testcase inside its own network namespace. Since |
|---|
| 27 | # MGS_NETNS_ACTIVE is used to track status, there's no harm in calling |
|---|
| 28 | # it multiple times (e.g. in the test-* script and runtests). |
|---|
| [4d2d182] | 29 | # |
|---|
| 30 | # Note that once the network is up, the reexec is wrapped in another |
|---|
| 31 | # user namespace to get rid of pseudo "root" access. The reason for |
|---|
| 32 | # this is that Apache tries to switch permissions to a non-root user |
|---|
| 33 | # when apparently started as root, and fails because no such user |
|---|
| 34 | # exists inside the namespace. Changing to a non-root user beforehand |
|---|
| 35 | # avoids that issue. |
|---|
| [cf4e708] | 36 | function netns_reexec |
|---|
| 37 | { |
|---|
| 38 | if [ -n "${USE_TEST_NAMESPACE}" ] && [ -z "${MGS_NETNS_ACTIVE}" ]; then |
|---|
| 39 | exec "${UNSHARE}" --net -r /bin/bash -c \ |
|---|
| [4d2d182] | 40 | "export MGS_NETNS_ACTIVE=1; ip link set up lo; exec ${UNSHARE} --user ${0} ${@}" |
|---|
| [cf4e708] | 41 | fi |
|---|
| 42 | return 0 |
|---|
| 43 | } |
|---|
Note: See
TracBrowser
for help on using the repository browser.
