tests: Add a test for bare-user-only failing to commit suid content

We didn't have coverage of this before, and adding the test infrastructure will
help ensure we have coverage for more changes here.

Closes: #913
Approved by: alexlarsson

diff --git a/tests/test-basic-user-only.sh b/tests/test-basic-user-only.sh
index a3e63aac5c91fea771a921d463aaedd26b81ecd2..7184fe94204dcac4a20efc2985d486765a55e918 100755 (executable)
--- a/tests/test-basic-user-only.sh
+++ b/tests/test-basic-user-only.sh
@@ -22,4 +22,28 @@ set -euo pipefail
 . $(dirname $0)/libtest.sh
 
 setup_test_repository "bare-user-only"
+extra_basic_tests=1
 . $(dirname $0)/basic-test.sh
+
+# Reset things so we don't inherit a lot of state from earlier tests
+cd ${test_tmpdir}
+rm repo files -rf
+ostree_repo_init repo init --mode=bare-user-only
+
+# Init an archive repo where we'll store content that can't go into bare-user
+cd ${test_tmpdir}
+rm repo-input -rf
+ostree_repo_init repo-input init --mode=archive
+cd ${test_tmpdir}
+cat > statoverride.txt <<EOF
+2048 /some-setuid
+EOF
+mkdir -p files/
+echo "a setuid file" > files/some-setuid
+chmod 0644 files/some-setuid
+$CMD_PREFIX ostree --repo=repo-input commit -b content-with-suid --statoverride=statoverride.txt --tree=dir=files
+if $CMD_PREFIX ostree pull-local --repo=repo repo-input 2>err.txt; then
+    assert_not_reached "copying suid file into bare-user worked?"
+fi
+assert_file_has_content err.txt "Invalid mode.*with bits 040.*in bare-user-only"
+echo "ok failed to commit suid"