linux: never chown devices #1847
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -248,14 +248,48 @@ def test_net_devices(): | |
|
|
||
| for specify_broadcast in [True, False]: | ||
| for specify_name in [True, False]: | ||
| sys.stderr.write("# test_net_devices: creating testdevice with specify_broadcast=%s, specify_name=%s\n" % (specify_broadcast, specify_name)) | ||
| result = subprocess.run(["ip", "link", "add", "testdevice", "type", "dummy"], capture_output=True, text=True) | ||
| if result.returncode != 0: | ||
| sys.stderr.write("# ip link add failed: %s\n" % result.stderr) | ||
| return -1 | ||
| if specify_broadcast: | ||
| result = subprocess.run(["ip", "addr", "add", "10.1.2.3/24", "brd", "10.1.2.254", "dev", "testdevice"], capture_output=True, text=True) | ||
| if result.returncode != 0: | ||
| sys.stderr.write("# ip addr add with broadcast failed: %s\n" % result.stderr) | ||
| return -1 | ||
|
Comment on lines
+258
to
+260
There was a problem hiding this comment. issue (code-quality): Avoid conditionals in tests. ( ExplanationAvoid complex code, like conditionals, in test functions.Google's software engineering guidelines says:
Some ways to fix this:
Software Engineering at Google / Don't Put Logic in Tests |
||
| else: | ||
| result = subprocess.run(["ip", "addr", "add", "10.1.2.3/24", "dev", "testdevice"], capture_output=True, text=True) | ||
| if result.returncode != 0: | ||
| sys.stderr.write("# ip addr add without broadcast failed: %s\n" % result.stderr) | ||
| return -1 | ||
|
Comment on lines
256
to
+265
There was a problem hiding this comment. issue (code-quality): Avoid conditionals in tests. ( ExplanationAvoid complex code, like conditionals, in test functions.Google's software engineering guidelines says:
Some ways to fix this:
Software Engineering at Google / Don't Put Logic in Tests
Comment on lines
+263
to
+265
There was a problem hiding this comment. issue (code-quality): Avoid conditionals in tests. ( ExplanationAvoid complex code, like conditionals, in test functions.Google's software engineering guidelines says:
Some ways to fix this:
Software Engineering at Google / Don't Put Logic in Tests |
||
|
|
||
| conf = base_config() | ||
| add_all_namespaces(conf) | ||
|
|
||
| # Add network capabilities needed for network device operations | ||
| conf['process']['capabilities'] = { | ||
| "bounding": [ | ||
| "CAP_NET_ADMIN", | ||
| "CAP_NET_RAW", | ||
| "CAP_SYS_ADMIN" | ||
| ], | ||
| "effective": [ | ||
| "CAP_NET_ADMIN", | ||
| "CAP_NET_RAW", | ||
| "CAP_SYS_ADMIN" | ||
| ], | ||
| "inheritable": [ | ||
| "CAP_NET_ADMIN", | ||
| "CAP_NET_RAW", | ||
| "CAP_SYS_ADMIN" | ||
| ], | ||
| "permitted": [ | ||
| "CAP_NET_ADMIN", | ||
| "CAP_NET_RAW", | ||
| "CAP_SYS_ADMIN" | ||
| ] | ||
| } | ||
| if specify_name: | ||
| conf['process']['args'] = ['/init', 'ip', 'newtestdevice'] | ||
| conf['linux']['netDevices'] = { | ||
|
|
@@ -272,19 +306,28 @@ def test_net_devices(): | |
|
|
||
| try: | ||
| out = run_and_get_output(conf) | ||
| sys.stderr.write("# test_net_devices: specify_broadcast=%s, specify_name=%s\n" % (specify_broadcast, specify_name)) | ||
| sys.stderr.write("# test_net_devices: output: %s\n" % repr(out[0])) | ||
| if "address: 10.1.2.3" not in out[0]: | ||
| sys.stderr.write("# address not found in output\n") | ||
| sys.stderr.write("# full output: %s\n" % repr(out[0])) | ||
| return 1 | ||
|
Comment on lines
311
to
314
There was a problem hiding this comment. issue (code-quality): Avoid conditionals in tests. ( ExplanationAvoid complex code, like conditionals, in test functions.Google's software engineering guidelines says:
Some ways to fix this:
Software Engineering at Google / Don't Put Logic in Tests |
||
| if specify_broadcast: | ||
| if "broadcast: 10.1.2.254" not in out[0]: | ||
| sys.stderr.write("# broadcast address not found in output\n") | ||
| sys.stderr.write("# full output: %s\n" % repr(out[0])) | ||
| return 1 | ||
|
Comment on lines
316
to
319
There was a problem hiding this comment. issue (code-quality): Avoid conditionals in tests. ( ExplanationAvoid complex code, like conditionals, in test functions.Google's software engineering guidelines says:
Some ways to fix this:
Software Engineering at Google / Don't Put Logic in Tests |
||
| else: | ||
| if "broadcast" in out[0]: | ||
| sys.stderr.write("# broadcast address found in output when it shouldn't be\n") | ||
| sys.stderr.write("# full output: %s\n" % repr(out[0])) | ||
| return 1 | ||
|
Comment on lines
315
to
324
There was a problem hiding this comment. issue (code-quality): Avoid conditionals in tests. ( ExplanationAvoid complex code, like conditionals, in test functions.Google's software engineering guidelines says:
Some ways to fix this:
Software Engineering at Google / Don't Put Logic in Tests
Comment on lines
321
to
324
There was a problem hiding this comment. issue (code-quality): Avoid conditionals in tests. ( ExplanationAvoid complex code, like conditionals, in test functions.Google's software engineering guidelines says:
Some ways to fix this:
Software Engineering at Google / Don't Put Logic in Tests |
||
| except Exception as e: | ||
| sys.stderr.write("# test_net_devices exception: %s\n" % str(e)) | ||
| return -1 | ||
| finally: | ||
| # Clean up the test device | ||
| subprocess.run(["ip", "link", "del", "testdevice"], capture_output=True) | ||
| finally: | ||
| os.setns(current_netns, os.CLONE_NEWNET) | ||
| os.close(current_netns) | ||
|
|
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -21,14 +21,15 @@ | |
| from tests_utils import * | ||
| import tempfile | ||
| import re | ||
| from typing import List, Optional | ||
|
|
||
| try: | ||
| import libmount | ||
| except Exception: | ||
| print("1..0") | ||
| sys.exit(0) | ||
|
|
||
| def helper_mount(options: str, tmpfs: bool = True, userns: bool = False, is_file: bool = False) -> List[Optional[str]]: | ||
| conf = base_config() | ||
| conf['process']['args'] = ['/init', 'cat', '/proc/self/mountinfo'] | ||
| add_all_namespaces(conf, userns=userns) | ||
|
|
@@ -54,12 +55,12 @@ def helper_mount(options, tmpfs=True, userns=False, is_file=False): | |
| sys.stderr.write("# helper_mount failed: mount target '%s' not found in mountinfo\n" % target) | ||
| sys.stderr.write("# mount options: %s, tmpfs=%s, userns=%s, is_file=%s\n" % (options, tmpfs, userns, is_file)) | ||
| sys.stderr.write("# mountinfo output: %s\n" % out[:300]) | ||
| return [None, None] | ||
| return [m.vfs_options, m.fs_options] | ||
| except Exception as e: | ||
| sys.stderr.write("# helper_mount failed with exception: %s\n" % str(e)) | ||
| sys.stderr.write("# mount options: %s, tmpfs=%s, userns=%s, is_file=%s\n" % (options, tmpfs, userns, is_file)) | ||
| return [None, None] | ||
|
|
||
| def test_mount_symlink(): | ||
| conf = base_config() | ||
|
|
@@ -285,157 +286,157 @@ def test_mount_path_with_multiple_slashes(): | |
| def test_mount_ro(): | ||
| for userns in [True, False]: | ||
| a = helper_mount("ro", userns=userns, is_file=True)[0] | ||
| if a is None or "ro" not in a: | ||
| return -1 | ||
|
Comment on lines
+289
to
290
There was a problem hiding this comment. issue (code-quality): Avoid conditionals in tests. ( ExplanationAvoid complex code, like conditionals, in test functions.Google's software engineering guidelines says:
Some ways to fix this:
Software Engineering at Google / Don't Put Logic in Tests |
||
| a = helper_mount("ro", userns=userns)[0] | ||
| if a is None or "ro" not in a: | ||
| return -1 | ||
|
Comment on lines
+292
to
293
There was a problem hiding this comment. issue (code-quality): Avoid conditionals in tests. ( ExplanationAvoid complex code, like conditionals, in test functions.Google's software engineering guidelines says:
Some ways to fix this:
Software Engineering at Google / Don't Put Logic in Tests |
||
| a = helper_mount("ro", userns=userns, tmpfs=False)[0] | ||
| if a is None or "ro" not in a: | ||
| return -1 | ||
|
Comment on lines
287
to
296
There was a problem hiding this comment. issue (code-quality): Avoid loops in tests. ( ExplanationAvoid complex code, like loops, in test functions.Google's software engineering guidelines says:
Some ways to fix this:
Software Engineering at Google / Don't Put Logic in Tests
Comment on lines
+295
to
296
There was a problem hiding this comment. issue (code-quality): Avoid conditionals in tests. ( ExplanationAvoid complex code, like conditionals, in test functions.Google's software engineering guidelines says:
Some ways to fix this:
Software Engineering at Google / Don't Put Logic in Tests |
||
| return 0 | ||
|
|
||
| def test_mount_rro(): | ||
| for userns in [True, False]: | ||
| a = helper_mount("rro", userns=userns, is_file=True)[0] | ||
| if a is None or "ro" not in a: | ||
| return -1 | ||
|
Comment on lines
+302
to
303
There was a problem hiding this comment. issue (code-quality): Avoid conditionals in tests. ( ExplanationAvoid complex code, like conditionals, in test functions.Google's software engineering guidelines says:
Some ways to fix this:
Software Engineering at Google / Don't Put Logic in Tests |
||
| a = helper_mount("rro", userns=userns)[0] | ||
| if a is None or "ro" not in a: | ||
| return -1 | ||
|
Comment on lines
+305
to
306
There was a problem hiding this comment. issue (code-quality): Avoid conditionals in tests. ( ExplanationAvoid complex code, like conditionals, in test functions.Google's software engineering guidelines says:
Some ways to fix this:
Software Engineering at Google / Don't Put Logic in Tests |
||
| a = helper_mount("rro", userns=userns, tmpfs=False)[0] | ||
| if a is None or "ro" not in a: | ||
| return -1 | ||
|
Comment on lines
300
to
309
There was a problem hiding this comment. issue (code-quality): Avoid loops in tests. ( ExplanationAvoid complex code, like loops, in test functions.Google's software engineering guidelines says:
Some ways to fix this:
Software Engineering at Google / Don't Put Logic in Tests
Comment on lines
+308
to
309
There was a problem hiding this comment. issue (code-quality): Avoid conditionals in tests. ( ExplanationAvoid complex code, like conditionals, in test functions.Google's software engineering guidelines says:
Some ways to fix this:
Software Engineering at Google / Don't Put Logic in Tests |
||
| return 0 | ||
|
|
||
| def test_mount_rw(): | ||
| for userns in [True, False]: | ||
| a = helper_mount("rw", tmpfs=False, userns=userns)[0] | ||
| if a is None or "rw" not in a: | ||
| return -1 | ||
|
Comment on lines
+315
to
316
There was a problem hiding this comment. issue (code-quality): Avoid conditionals in tests. ( ExplanationAvoid complex code, like conditionals, in test functions.Google's software engineering guidelines says:
Some ways to fix this:
Software Engineering at Google / Don't Put Logic in Tests |
||
| a = helper_mount("rw", userns=userns, is_file=True)[0] | ||
| if a is None or "rw" not in a: | ||
| return -1 | ||
|
Comment on lines
+318
to
319
There was a problem hiding this comment. issue (code-quality): Avoid conditionals in tests. ( ExplanationAvoid complex code, like conditionals, in test functions.Google's software engineering guidelines says:
Some ways to fix this:
Software Engineering at Google / Don't Put Logic in Tests |
||
| a = helper_mount("rw", userns=userns)[0] | ||
| if a is None or "rw" not in a: | ||
| return -1 | ||
|
Comment on lines
313
to
322
There was a problem hiding this comment. issue (code-quality): Avoid loops in tests. ( ExplanationAvoid complex code, like loops, in test functions.Google's software engineering guidelines says:
Some ways to fix this:
Software Engineering at Google / Don't Put Logic in Tests
Comment on lines
+321
to
322
There was a problem hiding this comment. issue (code-quality): Avoid conditionals in tests. ( ExplanationAvoid complex code, like conditionals, in test functions.Google's software engineering guidelines says:
Some ways to fix this:
Software Engineering at Google / Don't Put Logic in Tests |
||
| return 0 | ||
|
|
||
| def test_mount_relatime(): | ||
| for userns in [True, False]: | ||
| a = helper_mount("relatime", tmpfs=False, userns=userns)[0] | ||
| if a is None or "relatime" not in a: | ||
| return -1 | ||
|
Comment on lines
+328
to
329
There was a problem hiding this comment. issue (code-quality): Avoid conditionals in tests. ( ExplanationAvoid complex code, like conditionals, in test functions.Google's software engineering guidelines says:
Some ways to fix this:
Software Engineering at Google / Don't Put Logic in Tests |
||
| a = helper_mount("relatime", is_file=True, userns=userns)[0] | ||
| if a is None or "relatime" not in a: | ||
| return -1 | ||
|
Comment on lines
+331
to
332
There was a problem hiding this comment. issue (code-quality): Avoid conditionals in tests. ( ExplanationAvoid complex code, like conditionals, in test functions.Google's software engineering guidelines says:
Some ways to fix this:
Software Engineering at Google / Don't Put Logic in Tests |
||
| a = helper_mount("relatime", userns=userns)[0] | ||
| if a is None or "relatime" not in a: | ||
| return -1 | ||
|
Comment on lines
326
to
335
There was a problem hiding this comment. issue (code-quality): Avoid loops in tests. ( ExplanationAvoid complex code, like loops, in test functions.Google's software engineering guidelines says:
Some ways to fix this:
Software Engineering at Google / Don't Put Logic in Tests
Comment on lines
+334
to
335
There was a problem hiding this comment. issue (code-quality): Avoid conditionals in tests. ( ExplanationAvoid complex code, like conditionals, in test functions.Google's software engineering guidelines says:
Some ways to fix this:
Software Engineering at Google / Don't Put Logic in Tests |
||
| return 0 | ||
|
|
||
| def test_mount_strictatime(): | ||
| for userns in [True, False]: | ||
| a = helper_mount("strictatime", is_file=True, userns=userns)[0] | ||
| if a is None or "relatime" not in a: | ||
| return 0 | ||
|
Comment on lines
+341
to
342
There was a problem hiding this comment. issue (code-quality): Avoid conditionals in tests. ( ExplanationAvoid complex code, like conditionals, in test functions.Google's software engineering guidelines says:
Some ways to fix this:
Software Engineering at Google / Don't Put Logic in Tests |
||
| a = helper_mount("strictatime", tmpfs=False, userns=userns)[0] | ||
| if a is None or "relatime" not in a: | ||
| return 0 | ||
|
Comment on lines
+344
to
345
There was a problem hiding this comment. issue (code-quality): Avoid conditionals in tests. ( ExplanationAvoid complex code, like conditionals, in test functions.Google's software engineering guidelines says:
Some ways to fix this:
Software Engineering at Google / Don't Put Logic in Tests |
||
| a = helper_mount("strictatime", userns=userns)[0] | ||
| if a is None or "relatime" not in a: | ||
| return 0 | ||
|
Comment on lines
339
to
348
There was a problem hiding this comment. issue (code-quality): Avoid loops in tests. ( ExplanationAvoid complex code, like loops, in test functions.Google's software engineering guidelines says:
Some ways to fix this:
Software Engineering at Google / Don't Put Logic in Tests
Comment on lines
+347
to
348
There was a problem hiding this comment. issue (code-quality): Avoid conditionals in tests. ( ExplanationAvoid complex code, like conditionals, in test functions.Google's software engineering guidelines says:
Some ways to fix this:
Software Engineering at Google / Don't Put Logic in Tests |
||
| return -1 | ||
|
|
||
| def test_mount_exec(): | ||
| for userns in [True, False]: | ||
| a = helper_mount("exec", is_file=True, userns=userns)[0] | ||
| if a is not None and "noexec" in a: | ||
| return -1 | ||
| a = helper_mount("exec", tmpfs=False, userns=userns)[0] | ||
| if a is not None and "noexec" in a: | ||
| return -1 | ||
| a = helper_mount("exec", userns=userns)[0] | ||
| if a is not None and "noexec" in a: | ||
| return -1 | ||
|
Comment on lines
352
to
361
There was a problem hiding this comment. issue (code-quality): Avoid loops in tests. ( ExplanationAvoid complex code, like loops, in test functions.Google's software engineering guidelines says:
Some ways to fix this:
Software Engineering at Google / Don't Put Logic in Tests |
||
| return 0 | ||
|
|
||
| def test_mount_noexec(): | ||
| for userns in [True, False]: | ||
| a = helper_mount("noexec", is_file=True, userns=userns)[0] | ||
| if a is None or "noexec" not in a: | ||
| return -1 | ||
| a = helper_mount("noexec", tmpfs=False, userns=userns)[0] | ||
| if a is None or "noexec" not in a: | ||
| return -1 | ||
| a = helper_mount("noexec", userns=userns)[0] | ||
| if a is None or "noexec" not in a: | ||
| return -1 | ||
| return 0 | ||
|
|
||
| def test_mount_suid(): | ||
| for userns in [True, False]: | ||
| a = helper_mount("suid", is_file=True, userns=userns)[0] | ||
| if a is not None and "nosuid" in a: | ||
| return -1 | ||
| a = helper_mount("suid", tmpfs=False, userns=userns)[0] | ||
| if a is not None and "nosuid" in a: | ||
| return -1 | ||
| a = helper_mount("suid", userns=userns)[0] | ||
| if a is not None and "nosuid" in a: | ||
| return -1 | ||
| return 0 | ||
|
|
||
| def test_mount_nosuid(): | ||
| for userns in [True, False]: | ||
| a = helper_mount("nosuid", is_file=True, userns=userns)[0] | ||
| if a is None or "nosuid" not in a: | ||
| return -1 | ||
| a = helper_mount("nosuid", tmpfs=False, userns=userns)[0] | ||
| if a is None or "nosuid" not in a: | ||
| return -1 | ||
| a = helper_mount("nosuid", userns=userns)[0] | ||
| if a is None or "nosuid" not in a: | ||
| return -1 | ||
| return 0 | ||
|
|
||
| def test_mount_sync(): | ||
| for userns in [True, False]: | ||
| a = helper_mount("sync", userns=userns)[1] | ||
| if a is None or "sync" not in a: | ||
| return -1 | ||
| return 0 | ||
|
|
||
| def test_mount_dirsync(): | ||
| for userns in [True, False]: | ||
| a = helper_mount("dirsync", userns=userns)[1] | ||
| if a is None or "dirsync" not in a: | ||
| return -1 | ||
| return 0 | ||
|
|
||
| def test_mount_nodev(): | ||
| for userns in [True, False]: | ||
| a = helper_mount("nodev", is_file=True)[0] | ||
| if a is None or "nodev" not in a: | ||
| return -1 | ||
| a = helper_mount("nodev", tmpfs=False)[0] | ||
| if a is None or "nodev" not in a: | ||
| return -1 | ||
| a = helper_mount("nodev", userns=userns)[0] | ||
| if a is None or "nodev" not in a: | ||
| return -1 | ||
| return 0 | ||
|
|
||
| def test_mount_dev(): | ||
| for userns in [True, False]: | ||
| a = helper_mount("dev", userns=userns, tmpfs=False)[0] | ||
| if a is not None and "nodev" in a: | ||
| return -1 | ||
| a = helper_mount("dev", userns=userns, is_file=True)[0] | ||
| if a is not None and "nodev" in a: | ||
| return -1 | ||
| a = helper_mount("dev", userns=userns)[0] | ||
| if a is not None and "nodev" in a: | ||
| return -1 | ||
| return 0 | ||
|
|
||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
issue (code-quality): Avoid conditionals in tests. (
no-conditionals-in-tests)Explanation
Avoid complex code, like conditionals, in test functions.Google's software engineering guidelines says:
"Clear tests are trivially correct upon inspection"
To reach that avoid complex code in tests:
Some ways to fix this:
Software Engineering at Google / Don't Put Logic in Tests