source: mod_gnutls/test/common.bash @ 78b75b3

debian/masterdebian/stretch-backportsupstream
Last change on this file since 78b75b3 was 4d2d182, checked in by Thomas Klute <thomas2.klute@…>, 4 years ago

Test suite: Switch to non-root user namespace before running Apache

Apache tries to switch permissions to a non-root user when started as
root. However, inside a namespace with pseudo root access (needed to
bring up the loopback device of the network namespace) this fails
because no such user exists inside the namespace. Changing to a
non-root user namespace beforehand avoids the issue.

  • Property mode set to 100644
File size: 1.3 KB
Line 
1#!/bin/bash
2
3# Usage: wait_pid_gone ${FILE}
4#
5# Wait until $FILE disappears, but no longer than $TEST_LOCK_WAIT
6# seconds
7function wait_pid_gone
8{
9    local pid_file="${1}"
10    local pid_wait=0
11    while [ -e "${pid_file}" ]; do
12        if [ "$((pid_wait++))" -gt "${TEST_LOCK_WAIT}" ]; then
13            return 1
14        fi
15        sleep 1
16    done
17}
18
19
20
21# Usage: netns_reexec ${@}
22#
23# If USE_TEST_NAMESPACE is set and MGS_NETNS_ACTIVE is not, exec the
24# running command inside a new namespace with active loopback
25# interface and MGS_NETNS_ACTIVE defined. This function can be used to
26# isolate each testcase inside its own network namespace. Since
27# MGS_NETNS_ACTIVE is used to track status, there's no harm in calling
28# it multiple times (e.g. in the test-* script and runtests).
29#
30# Note that once the network is up, the reexec is wrapped in another
31# user namespace to get rid of pseudo "root" access. The reason for
32# this is that Apache tries to switch permissions to a non-root user
33# when apparently started as root, and fails because no such user
34# exists inside the namespace. Changing to a non-root user beforehand
35# avoids that issue.
36function netns_reexec
37{
38    if [ -n "${USE_TEST_NAMESPACE}" ] && [ -z "${MGS_NETNS_ACTIVE}" ]; then
39        exec "${UNSHARE}" --net -r /bin/bash -c \
40             "export MGS_NETNS_ACTIVE=1; ip link set up lo; exec ${UNSHARE} --user ${0} ${@}"
41    fi
42    return 0
43}
Note: See TracBrowser for help on using the repository browser.