(t *testing.T)
| 405 | } |
| 406 | |
| 407 | func TestGetUnprivilegedMountFlags(t *testing.T) { |
| 408 | testutil.RequiresRoot(t) |
| 409 | |
| 410 | td := t.TempDir() |
| 411 | target := filepath.Join(td, "mnt") |
| 412 | require.NoError(t, os.Mkdir(target, 0755)) |
| 413 | |
| 414 | // Mount a tmpfs with noexec,noatime,nodiratime -- these are the flags |
| 415 | // that were previously missed due to iterating over slice indices |
| 416 | // instead of values. |
| 417 | require.NoError(t, unix.Mount("tmpfs", target, "tmpfs", unix.MS_NOEXEC|unix.MS_NOATIME|unix.MS_NODIRATIME, "")) |
| 418 | defer unix.Unmount(target, unix.MNT_DETACH) |
| 419 | |
| 420 | flags, err := getUnprivilegedMountFlags(target) |
| 421 | require.NoError(t, err) |
| 422 | |
| 423 | for _, tc := range []struct { |
| 424 | flag int |
| 425 | name string |
| 426 | }{ |
| 427 | {unix.MS_NOEXEC, "MS_NOEXEC"}, |
| 428 | {unix.MS_NOATIME, "MS_NOATIME"}, |
| 429 | {unix.MS_NODIRATIME, "MS_NODIRATIME"}, |
| 430 | } { |
| 431 | if flags&tc.flag != tc.flag { |
| 432 | t.Errorf("expected %s (0x%x) to be set in flags 0x%x", tc.name, tc.flag, flags) |
| 433 | } |
| 434 | } |
| 435 | |
| 436 | // MS_NOSUID and MS_NODEV should NOT be set since we didn't mount with them. |
| 437 | for _, tc := range []struct { |
| 438 | flag int |
| 439 | name string |
| 440 | }{ |
| 441 | {unix.MS_NOSUID, "MS_NOSUID"}, |
| 442 | {unix.MS_NODEV, "MS_NODEV"}, |
| 443 | {unix.MS_RDONLY, "MS_RDONLY"}, |
| 444 | } { |
| 445 | if flags&tc.flag != 0 { |
| 446 | t.Errorf("expected %s (0x%x) to NOT be set in flags 0x%x", tc.name, tc.flag, flags) |
| 447 | } |
| 448 | } |
| 449 | } |
| 450 | |
| 451 | func setupMounts(t *testing.T) (target string, mounts []Mount) { |
| 452 | dir1 := t.TempDir() |
nothing calls this directly
no test coverage detected
searching dependent graphs…