diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index bf0e18e90..821a762e3 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -43,14 +43,7 @@ jobs:
- name: Test
run: |
- go test -c ./internals/daemon
- PEBBLE_TEST_USER=runner PEBBLE_TEST_GROUP=runner sudo -E -H ./daemon.test -check.v -check.f ^execSuite\.TestUserGroup$
- PEBBLE_TEST_USER=runner PEBBLE_TEST_GROUP=runner sudo -E -H ./daemon.test -check.v -check.f ^execSuite\.TestUserIDGroupID$
- PEBBLE_TEST_USER=runner PEBBLE_TEST_GROUP=runner sudo -E -H ./daemon.test -check.v -check.f ^filesSuite\.TestWriteUserGroupReal$
- PEBBLE_TEST_USER=runner PEBBLE_TEST_GROUP=runner sudo -E -H ./daemon.test -check.v -check.f ^filesSuite\.TestMakeDirsUserGroupReal$
- go test -c ./internals/osutil
- PEBBLE_TEST_USER=runner PEBBLE_TEST_GROUP=runner sudo -E -H ./osutil.test -check.v -check.f ^mkdirSuite\.TestMakeParentsChmodAndChown$
-
+ PEBBLE_TEST_USER=runner PEBBLE_TEST_GROUP=runner sudo -E -H go test -count=1 -tags=roottest -run=TestWithRoot ./...
go test -c ./internals/overlord/servstate/
PEBBLE_TEST_USER=runner PEBBLE_TEST_GROUP=runner sudo -E -H ./servstate.test -check.v -check.f ^S.TestUserGroup$
diff --git a/internals/daemon/api_exec_root_test.go b/internals/daemon/api_exec_root_test.go
new file mode 100644
index 000000000..a1584325b
--- /dev/null
+++ b/internals/daemon/api_exec_root_test.go
@@ -0,0 +1,179 @@
+//go:build roottest
+
+// Copyright (c) 2024 Canonical Ltd
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License version 3 as
+// published by the Free Software Foundation.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see .
+
+package daemon
+
+import (
+ "bytes"
+ "fmt"
+ "log"
+ "os"
+ "os/user"
+ "regexp"
+ "strconv"
+ "strings"
+ "testing"
+
+ "github.com/canonical/pebble/client"
+ "github.com/canonical/pebble/internals/reaper"
+)
+
+var rootTestDaemon *Daemon
+var rootTestPebbleClient *client.Client
+
+func TestMain(m *testing.M) {
+ err := reaper.Start()
+ if err != nil {
+ fmt.Printf("cannot start reaper: %v", err)
+ os.Exit(1)
+ }
+ tmpDir, err := os.MkdirTemp("", "pebble")
+ if err != nil {
+ fmt.Printf("cannot create temporary directory: %v", err)
+ os.Exit(1)
+ }
+ socketPath := tmpDir + ".pebble.socket"
+ rootTestDaemon, err := New(&Options{
+ Dir: tmpDir,
+ SocketPath: socketPath,
+ })
+ if err != nil {
+ fmt.Printf("cannot create daemon: %v", err)
+ os.Exit(1)
+ }
+ err = rootTestDaemon.Init()
+ if err != nil {
+ fmt.Printf("cannot init daemon: %v", err)
+ os.Exit(1)
+ }
+ rootTestDaemon.Start()
+ rootTestPebbleClient, err = client.New(&client.Config{Socket: socketPath})
+ if err != nil {
+ fmt.Printf("cannot create client: %v", err)
+ os.Exit(1)
+ }
+
+ exitCode := m.Run()
+
+ err = rootTestDaemon.Stop(nil)
+ if err != nil {
+ fmt.Printf("cannot stop daemon: %v", err)
+ os.Exit(1)
+ }
+ err = reaper.Stop()
+ if err != nil {
+ fmt.Printf("cannot stop reaper: %v", err)
+ os.Exit(1)
+ }
+ err = os.RemoveAll(tmpDir)
+ if err != nil {
+ log.Fatalf("cannot remove temporary directory: %v", err)
+ }
+
+ os.Exit(exitCode)
+}
+
+func TestWithRootUserGroup(t *testing.T) {
+ if os.Getuid() != 0 {
+ t.Skip("requires running as root")
+ }
+ username := os.Getenv("PEBBLE_TEST_USER")
+ group := os.Getenv("PEBBLE_TEST_GROUP")
+ if username == "" || group == "" {
+ t.Fatalf("must set PEBBLE_TEST_USER and PEBBLE_TEST_GROUP")
+ }
+ stdout, stderr := pebbleExec(t, "", &client.ExecOptions{
+ Command: []string{"/bin/sh", "-c", "id -n -u && id -n -g"},
+ User: username,
+ Group: group,
+ })
+ expectedStdout := username + "\n" + group + "\n"
+ if stdout != expectedStdout {
+ t.Fatalf("pebble exec stdout error, expected: %v, got %v", expectedStdout, stdout)
+ }
+ if stderr != "" {
+ t.Fatalf("pebble exec stderr is not empty: %v", stderr)
+ }
+
+ _, err := rootTestPebbleClient.Exec(&client.ExecOptions{
+ Command: []string{"pwd"},
+ Environment: map[string]string{"HOME": "/non/existent"},
+ User: username,
+ Group: group,
+ })
+ // c.Assert(err, ErrorMatches, `.*home directory.*does not exist`)
+ if matched, _ := regexp.MatchString(`.*home directory.*does not exist`, err.Error()); !matched {
+ t.Errorf("Error message doesn't match, expected: %v, got: %v", `.*home directory.*does not exist`, err.Error())
+ }
+}
+
+func TestWithRootUserIDGroupID(t *testing.T) {
+ if os.Getuid() != 0 {
+ t.Skip("requires running as root")
+ }
+ username := os.Getenv("PEBBLE_TEST_USER")
+ group := os.Getenv("PEBBLE_TEST_GROUP")
+ if username == "" || group == "" {
+ t.Fatalf("must set PEBBLE_TEST_USER and PEBBLE_TEST_GROUP")
+ }
+ u, err := user.Lookup(username)
+ if err != nil {
+ t.Fatalf("cannot look up username: %v", err)
+ }
+ g, err := user.LookupGroup(group)
+ if err != nil {
+ t.Fatalf("cannot look up group: %v", err)
+ }
+ uid, err := strconv.Atoi(u.Uid)
+ if err != nil {
+ t.Fatalf("cannot convert uid to int: %v", err)
+ }
+ gid, err := strconv.Atoi(g.Gid)
+ if err != nil {
+ t.Fatalf("cannot convert gid to int: %v", err)
+ }
+ stdout, stderr := pebbleExec(t, "", &client.ExecOptions{
+ Command: []string{"/bin/sh", "-c", "id -n -u && id -n -g"},
+ UserID: &uid,
+ GroupID: &gid,
+ })
+ expectedStdout := username + "\n" + group + "\n"
+ if stdout != expectedStdout {
+ t.Fatalf("pebble exec stdout error, expected: %v, got %v", expectedStdout, stdout)
+ }
+ if stderr != "" {
+ t.Fatalf("pebble exec stderr is not empty: %v", stderr)
+ }
+}
+
+func pebbleExec(t *testing.T, stdin string, opts *client.ExecOptions) (stdout, stderr string) {
+ t.Helper()
+
+ outBuf := &bytes.Buffer{}
+ errBuf := &bytes.Buffer{}
+ opts.Stdin = strings.NewReader(stdin)
+ opts.Stdout = outBuf
+ opts.Stderr = errBuf
+ process, err := rootTestPebbleClient.Exec(opts)
+ if err != nil {
+ t.Fatalf("pebble exec failed: %v", err)
+ }
+
+ if waitErr := process.Wait(); waitErr != nil {
+ t.Fatalf("pebble exec process wait error: %v", waitErr)
+ }
+ return outBuf.String(), errBuf.String()
+}
diff --git a/internals/daemon/api_exec_test.go b/internals/daemon/api_exec_test.go
index 23ede9ae7..a72638379 100644
--- a/internals/daemon/api_exec_test.go
+++ b/internals/daemon/api_exec_test.go
@@ -23,7 +23,6 @@ import (
"os"
"os/user"
"path/filepath"
- "strconv"
"strings"
"time"
@@ -258,62 +257,6 @@ func (s *execSuite) TestCurrentUserGroup(c *C) {
c.Check(stderr, Equals, "")
}
-// See .github/workflows/tests.yml for how to run this test as root.
-func (s *execSuite) TestUserGroup(c *C) {
- if os.Getuid() != 0 {
- c.Skip("requires running as root")
- }
- username := os.Getenv("PEBBLE_TEST_USER")
- group := os.Getenv("PEBBLE_TEST_GROUP")
- if username == "" || group == "" {
- c.Fatalf("must set PEBBLE_TEST_USER and PEBBLE_TEST_GROUP")
- }
- stdout, stderr, waitErr := s.exec(c, "", &client.ExecOptions{
- Command: []string{"/bin/sh", "-c", "id -n -u && id -n -g"},
- User: username,
- Group: group,
- })
- c.Assert(waitErr, IsNil)
- c.Check(stdout, Equals, username+"\n"+group+"\n")
- c.Check(stderr, Equals, "")
-
- _, err := s.client.Exec(&client.ExecOptions{
- Command: []string{"pwd"},
- Environment: map[string]string{"HOME": "/non/existent"},
- User: username,
- Group: group,
- })
- c.Assert(err, ErrorMatches, `.*home directory.*does not exist`)
-}
-
-// See .github/workflows/tests.yml for how to run this test as root.
-func (s *execSuite) TestUserIDGroupID(c *C) {
- if os.Getuid() != 0 {
- c.Skip("requires running as root")
- }
- username := os.Getenv("PEBBLE_TEST_USER")
- group := os.Getenv("PEBBLE_TEST_GROUP")
- if username == "" || group == "" {
- c.Fatalf("must set PEBBLE_TEST_USER and PEBBLE_TEST_GROUP")
- }
- u, err := user.Lookup(username)
- c.Assert(err, IsNil)
- g, err := user.LookupGroup(group)
- c.Assert(err, IsNil)
- uid, err := strconv.Atoi(u.Uid)
- c.Assert(err, IsNil)
- gid, err := strconv.Atoi(g.Gid)
- c.Assert(err, IsNil)
- stdout, stderr, waitErr := s.exec(c, "", &client.ExecOptions{
- Command: []string{"/bin/sh", "-c", "id -n -u && id -n -g"},
- UserID: &uid,
- GroupID: &gid,
- })
- c.Assert(waitErr, IsNil)
- c.Check(stdout, Equals, username+"\n"+group+"\n")
- c.Check(stderr, Equals, "")
-}
-
func (s *execSuite) exec(c *C, stdin string, opts *client.ExecOptions) (stdout, stderr string, waitErr error) {
outBuf := &bytes.Buffer{}
errBuf := &bytes.Buffer{}
diff --git a/internals/daemon/api_files_root_test.go b/internals/daemon/api_files_root_test.go
new file mode 100644
index 000000000..c9bf878e4
--- /dev/null
+++ b/internals/daemon/api_files_root_test.go
@@ -0,0 +1,480 @@
+//go:build roottest
+
+// Copyright (c) 2024 Canonical Ltd
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License version 3 as
+// published by the Free Software Foundation.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see .
+
+package daemon
+
+import (
+ "bytes"
+ "encoding/json"
+ "fmt"
+ "io"
+ "net/http"
+ "net/http/httptest"
+ "net/url"
+ "os"
+ "os/user"
+ "strconv"
+ "syscall"
+ "testing"
+
+ "github.com/canonical/pebble/internals/osutil"
+)
+
+func TestWithRootMakeDirsUserGroupReal(t *testing.T) {
+ if os.Getuid() != 0 {
+ t.Skip("requires running as root")
+ }
+ username := os.Getenv("PEBBLE_TEST_USER")
+ group := os.Getenv("PEBBLE_TEST_GROUP")
+ if username == "" || group == "" {
+ t.Fatalf("must set PEBBLE_TEST_USER and PEBBLE_TEST_GROUP")
+ }
+ u, err := user.Lookup(username)
+ if err != nil {
+ t.Fatalf("cannot look up username: %v", err)
+ }
+ g, err := user.LookupGroup(group)
+ if err != nil {
+ t.Fatalf("cannot look up group: %v", err)
+ }
+ uid, err := strconv.Atoi(u.Uid)
+ if err != nil {
+ t.Fatalf("cannot convert uid to int: %v", err)
+ }
+ gid, err := strconv.Atoi(g.Gid)
+ if err != nil {
+ t.Fatalf("cannot convert gid to int: %v", err)
+ }
+
+ tmpDir := testWithRootMakeDirsUserGroup(t, uid, gid, username, group)
+
+ info, err := os.Stat(tmpDir + "/normal")
+ if err != nil {
+ t.Fatalf("cannot stat dir %s: %v", tmpDir+"/normal", err)
+ }
+ statT := info.Sys().(*syscall.Stat_t)
+ if statT.Uid != uint32(0) {
+ t.Fatalf("dir %s uid error, expected: %v, got: %v", tmpDir+"/normal", uint32(0), statT.Uid)
+ }
+ if statT.Gid != uint32(0) {
+ t.Fatalf("dir %s gid error, expected: %v, got: %v", tmpDir+"/normal", uint32(0), statT.Uid)
+ }
+
+ info, err = os.Stat(tmpDir + "/uid-gid")
+ if err != nil {
+ t.Fatalf("cannot stat dir %s: %v", tmpDir+"/uid-gid", err)
+ }
+ statT = info.Sys().(*syscall.Stat_t)
+ if statT.Uid != uint32(uid) {
+ t.Fatalf("dir %s uid error, expected: %v, got: %v", tmpDir+"/uid-gid", uint32(uid), statT.Uid)
+ }
+ if statT.Gid != uint32(gid) {
+ t.Fatalf("dir %s gid error, expected: %v, got: %v", tmpDir+"/uid-gid", uint32(gid), statT.Uid)
+ }
+
+ info, err = os.Stat(tmpDir + "/user-group")
+ if err != nil {
+ t.Fatalf("cannot stat dir %s: %v", tmpDir+"/user-group", err)
+ }
+ statT = info.Sys().(*syscall.Stat_t)
+ if statT.Uid != uint32(uid) {
+ t.Fatalf("dir %s uid error, expected: %v, got: %v", tmpDir+"/user-group", uint32(uid), statT.Uid)
+ }
+ if statT.Gid != uint32(gid) {
+ t.Fatalf("dir %s gid error, expected: %v, got: %v", tmpDir+"/user-group", uint32(gid), statT.Uid)
+ }
+
+ info, err = os.Stat(tmpDir + "/nested1")
+ if err != nil {
+ t.Fatalf("cannot stat dir %s: %v", tmpDir+"/nested1", err)
+ }
+ if int(info.Mode()&os.ModePerm) != 0o755 {
+ t.Fatalf("dir %s mode error, expected: %v, got: %v", tmpDir+"/nested1", 0o755, int(info.Mode()&os.ModePerm))
+ }
+ statT = info.Sys().(*syscall.Stat_t)
+ if statT.Uid != uint32(0) {
+ t.Fatalf("dir %s uid error, expected: %v, got: %v", tmpDir+"/nested1", uint32(0), statT.Uid)
+ }
+ if statT.Gid != uint32(0) {
+ t.Fatalf("dir %s gid error, expected: %v, got: %v", tmpDir+"/nested1", uint32(0), statT.Uid)
+ }
+
+ info, err = os.Stat(tmpDir + "/nested1/normal")
+ if err != nil {
+ t.Fatalf("cannot stat dir %s: %v", tmpDir+"/nested1/normal", err)
+ }
+ statT = info.Sys().(*syscall.Stat_t)
+ if statT.Uid != uint32(0) {
+ t.Fatalf("dir %s uid error, expected: %v, got: %v", tmpDir+"/nested1/normal", uint32(0), statT.Uid)
+ }
+ if statT.Gid != uint32(0) {
+ t.Fatalf("dir %s gid error, expected: %v, got: %v", tmpDir+"/nested1/normal", uint32(0), statT.Uid)
+ }
+
+ info, err = os.Stat(tmpDir + "/nested2")
+ if err != nil {
+ t.Fatalf("cannot stat dir %s: %v", tmpDir+"/nested2", err)
+ }
+ if int(info.Mode()&os.ModePerm) != 0o755 {
+ t.Fatalf("dir %s mode error, expected: %v, got: %v", tmpDir+"/nested2", 0o755, int(info.Mode()&os.ModePerm))
+ }
+ statT = info.Sys().(*syscall.Stat_t)
+ if statT.Uid != uint32(uid) {
+ t.Fatalf("dir %s uid error, expected: %v, got: %v", tmpDir+"/nested2", uint32(uid), statT.Uid)
+ }
+ if statT.Gid != uint32(gid) {
+ t.Fatalf("dir %s gid error, expected: %v, got: %v", tmpDir+"/nested2", uint32(gid), statT.Uid)
+ }
+
+ info, err = os.Stat(tmpDir + "/nested2/user-group")
+ if err != nil {
+ t.Fatalf("cannot stat dir %s: %v", tmpDir+"/nested2/user-group", err)
+ }
+ statT = info.Sys().(*syscall.Stat_t)
+ if statT.Uid != uint32(uid) {
+ t.Fatalf("dir %s uid error, expected: %v, got: %v", tmpDir+"/nested2/user-group", uint32(uid), statT.Uid)
+ }
+ if statT.Gid != uint32(gid) {
+ t.Fatalf("dir %s gid error, expected: %v, got: %v", tmpDir+"/nested2/user-group", uint32(gid), statT.Uid)
+ }
+}
+
+func testWithRootMakeDirsUserGroup(t *testing.T, uid, gid int, user, group string) string {
+ tmpDir := t.TempDir()
+
+ headers := http.Header{
+ "Content-Type": []string{"application/json"},
+ }
+ payload := struct {
+ Action string
+ Dirs []makeDirsItem
+ }{
+ Action: "make-dirs",
+ Dirs: []makeDirsItem{
+ {Path: tmpDir + "/normal"},
+ {Path: tmpDir + "/uid-gid", UserID: &uid, GroupID: &gid},
+ {Path: tmpDir + "/user-group", User: user, Group: group},
+ {Path: tmpDir + "/nested1/normal", MakeParents: true},
+ {Path: tmpDir + "/nested2/user-group", User: user, Group: group, MakeParents: true},
+ },
+ }
+ reqBody, err := json.Marshal(payload)
+ if err != nil {
+ t.Fatalf("cannot marshal payload: %v", err)
+ }
+ body := doRequestRootTest(t, v1PostFiles, "POST", "/v1/files", nil, headers, reqBody)
+
+ var r testFilesResponse
+ if err := json.NewDecoder(body).Decode(&r); err != nil {
+ t.Fatalf("cannot decode response body for /v1/files: %v", err)
+ }
+ if r.StatusCode != http.StatusOK {
+ t.Fatalf("test file response status code error, expected: %v, got %v", http.StatusOK, r.StatusCode)
+
+ }
+ if r.Type != "sync" {
+ t.Fatalf("test file response type error, expected: sync, got %v", r.StatusCode)
+
+ }
+ if len(r.Result) != 5 {
+ t.Fatalf("test file response result length error, expected: 5, got %v", len(r.Result))
+
+ }
+ checkFileResultRootTest(t, r.Result[0], tmpDir+"/normal", "", "")
+ checkFileResultRootTest(t, r.Result[1], tmpDir+"/uid-gid", "", "")
+ checkFileResultRootTest(t, r.Result[2], tmpDir+"/user-group", "", "")
+ checkFileResultRootTest(t, r.Result[3], tmpDir+"/nested1/normal", "", "")
+ checkFileResultRootTest(t, r.Result[4], tmpDir+"/nested2/user-group", "", "")
+
+ if !osutil.IsDir(tmpDir + "/normal") {
+ t.Fatalf("file %s is not a directory", tmpDir+"/normal")
+
+ }
+ if !osutil.IsDir(tmpDir + "/uid-gid") {
+ t.Fatalf("file %s is not a directory", tmpDir+"/uid-gid")
+
+ }
+ if !osutil.IsDir(tmpDir + "/user-group") {
+ t.Fatalf("file %s is not a directory", tmpDir+"/user-group")
+
+ }
+ if !osutil.IsDir(tmpDir + "/nested1/normal") {
+ t.Fatalf("file %s is not a directory", tmpDir+"/nested1/normal")
+
+ }
+ if !osutil.IsDir(tmpDir + "/nested2/user-group") {
+ t.Fatalf("file %s is not a directory", tmpDir+"/nested2/user-group")
+
+ }
+
+ return tmpDir
+}
+
+func doRequestRootTest(t *testing.T, f ResponseFunc, method, url string, query url.Values, headers http.Header, body []byte) *bytes.Buffer {
+ t.Helper()
+
+ var bodyReader io.Reader
+ if body != nil {
+ bodyReader = bytes.NewBuffer(body)
+ }
+ req, err := http.NewRequest(method, url, bodyReader)
+ if err != nil {
+ t.Fatalf("http request error: %s", err)
+ }
+ if query != nil {
+ req.URL.RawQuery = query.Encode()
+ }
+ req.Header = headers
+ handler := f(apiCmd(url), req, nil)
+ recorder := httptest.NewRecorder()
+ handler.ServeHTTP(recorder, req)
+ response := recorder.Result()
+ if response.StatusCode != http.StatusOK {
+ t.Fatalf("http request to %s failed: %v", url, err)
+ }
+ return recorder.Body
+}
+
+func checkFileResultRootTest(t *testing.T, r testFileResult, path, errorKind, errorMsg string) {
+ t.Helper()
+
+ if r.Path != path {
+ t.Fatalf("error checking test file path, eexpected: %v, got: %v", path, r.Path)
+ }
+ if r.Error.Kind != errorKind {
+ t.Fatalf("error checking test file error kind, eexpected: %v, got: %v", errorKind, r.Error.Kind)
+ }
+ if r.Error.Message != errorMsg {
+ t.Fatalf("error checking test file error message, eexpected: %v, got: %v", errorMsg, r.Error.Message)
+ }
+}
+
+func TestWithRootWriteUserGroupReal(t *testing.T) {
+ if os.Getuid() != 0 {
+ t.Skip("requires running as root")
+ }
+ username := os.Getenv("PEBBLE_TEST_USER")
+ group := os.Getenv("PEBBLE_TEST_GROUP")
+ if username == "" || group == "" {
+ t.Fatalf("must set PEBBLE_TEST_USER and PEBBLE_TEST_GROUP")
+ }
+ u, err := user.Lookup(username)
+ if err != nil {
+ t.Fatalf("cannot look up username: %v", err)
+ }
+ g, err := user.LookupGroup(group)
+ if err != nil {
+ t.Fatalf("cannot look up group: %v", err)
+ }
+ uid, err := strconv.Atoi(u.Uid)
+ if err != nil {
+ t.Fatalf("cannot convert uid to int: %v", err)
+ }
+ gid, err := strconv.Atoi(g.Gid)
+ if err != nil {
+ t.Fatalf("cannot convert gid to int: %v", err)
+ }
+
+ tmpDir := testWriteUserGroupRootTest(t, uid, gid, username, group)
+
+ info, err := os.Stat(tmpDir + "/normal")
+ if err != nil {
+ t.Fatalf("cannot stat file %s: %v", tmpDir+"/normal", err)
+ }
+ statT := info.Sys().(*syscall.Stat_t)
+ if statT.Uid != uint32(0) {
+ t.Fatalf("file %s uid error, expected: %v, got: %v", tmpDir+"/normal", uint32(0), statT.Uid)
+ }
+ if statT.Gid != uint32(0) {
+ t.Fatalf("file %s gid error, expected: %v, got: %v", tmpDir+"/normal", uint32(0), statT.Uid)
+ }
+
+ info, err = os.Stat(tmpDir + "/uid-gid")
+ if err != nil {
+ t.Fatalf("cannot stat file %s: %v", tmpDir+"/uid-gid", err)
+ }
+ statT = info.Sys().(*syscall.Stat_t)
+ if statT.Uid != uint32(uid) {
+ t.Fatalf("file %s uid error, expected: %v, got: %v", tmpDir+"/uid-gid", uint32(uid), statT.Uid)
+ }
+ if statT.Gid != uint32(gid) {
+ t.Fatalf("file %s gid error, expected: %v, got: %v", tmpDir+"/uid-gid", uint32(gid), statT.Uid)
+ }
+
+ info, err = os.Stat(tmpDir + "/user-group")
+ if err != nil {
+ t.Fatalf("cannot stat file %s: %v", tmpDir+"/user-group", err)
+ }
+ statT = info.Sys().(*syscall.Stat_t)
+ if statT.Uid != uint32(uid) {
+ t.Fatalf("file %s uid error, expected: %v, got: %v", tmpDir+"/user-group", uint32(uid), statT.Uid)
+ }
+ if statT.Gid != uint32(gid) {
+ t.Fatalf("file %s gid error, expected: %v, got: %v", tmpDir+"/user-group", uint32(gid), statT.Uid)
+ }
+
+ info, err = os.Stat(tmpDir + "/nested1")
+ if err != nil {
+ t.Fatalf("cannot stat file %s: %v", tmpDir+"/nested1", err)
+ }
+ if int(info.Mode()&os.ModePerm) != 0o755 {
+ t.Fatalf("file %s mode error, expected: %v, got: %v", tmpDir+"/nested1", 0o755, int(info.Mode()&os.ModePerm))
+ }
+ statT = info.Sys().(*syscall.Stat_t)
+ if statT.Uid != uint32(0) {
+ t.Fatalf("file %s uid error, expected: %v, got: %v", tmpDir+"/nested1", uint32(0), statT.Uid)
+ }
+ if statT.Gid != uint32(0) {
+ t.Fatalf("file %s gid error, expected: %v, got: %v", tmpDir+"/nested1", uint32(0), statT.Uid)
+ }
+
+ info, err = os.Stat(tmpDir + "/nested1/normal")
+ if err != nil {
+ t.Fatalf("cannot stat file %s: %v", tmpDir+"/nested1/normal", err)
+ }
+ statT = info.Sys().(*syscall.Stat_t)
+ if statT.Uid != uint32(0) {
+ t.Fatalf("dir %s uid error, expected: %v, got: %v", tmpDir+"/nested1/normal", uint32(0), statT.Uid)
+ }
+ if statT.Gid != uint32(0) {
+ t.Fatalf("dir %s gid error, expected: %v, got: %v", tmpDir+"/nested1/normal", uint32(0), statT.Uid)
+ }
+
+ info, err = os.Stat(tmpDir + "/nested2")
+ if err != nil {
+ t.Fatalf("cannot stat file %s: %v", tmpDir+"/nested2", err)
+ }
+ if int(info.Mode()&os.ModePerm) != 0o755 {
+ t.Fatalf("file %s mode error, expected: %v, got: %v", tmpDir+"/nested2", 0o755, int(info.Mode()&os.ModePerm))
+ }
+ statT = info.Sys().(*syscall.Stat_t)
+ if statT.Uid != uint32(uid) {
+ t.Fatalf("file %s uid error, expected: %v, got: %v", tmpDir+"/nested2", uint32(uid), statT.Uid)
+ }
+ if statT.Gid != uint32(gid) {
+ t.Fatalf("file %s gid error, expected: %v, got: %v", tmpDir+"/nested2", uint32(gid), statT.Uid)
+ }
+
+ info, err = os.Stat(tmpDir + "/nested2/user-group")
+ if err != nil {
+ t.Fatalf("cannot stat file %s: %v", tmpDir+"/nested2/user-group", err)
+ }
+ statT = info.Sys().(*syscall.Stat_t)
+ if statT.Uid != uint32(uid) {
+ t.Fatalf("file %s uid error, expected: %v, got: %v", tmpDir+"/nested2/user-group", uint32(uid), statT.Uid)
+ }
+ if statT.Gid != uint32(gid) {
+ t.Fatalf("file %s gid error, expected: %v, got: %v", tmpDir+"/nested2/user-group", uint32(gid), statT.Uid)
+ }
+}
+
+func testWriteUserGroupRootTest(t *testing.T, uid, gid int, user, group string) string {
+ tmpDir := t.TempDir()
+ pathNormal := tmpDir + "/normal"
+ pathUidGid := tmpDir + "/uid-gid"
+ pathUserGroup := tmpDir + "/user-group"
+ pathNested := tmpDir + "/nested1/normal"
+ pathNestedUserGroup := tmpDir + "/nested2/user-group"
+
+ headers := http.Header{
+ "Content-Type": []string{"multipart/form-data; boundary=01234567890123456789012345678901"},
+ }
+ body := doRequestRootTest(t, v1PostFiles, "POST", "/v1/files", nil, headers,
+ []byte(fmt.Sprintf(`
+--01234567890123456789012345678901
+Content-Disposition: form-data; name="request"
+
+{
+ "action": "write",
+ "files": [
+ {"path": "%[1]s"},
+ {"path": "%[2]s", "user-id": %[3]d, "group-id": %[4]d},
+ {"path": "%[5]s", "user": "%[6]s", "group": "%[7]s"},
+ {"path": "%[8]s", "make-dirs": true},
+ {"path": "%[9]s", "user": "%[10]s", "group": "%[11]s", "make-dirs": true}
+ ]
+}
+--01234567890123456789012345678901
+Content-Disposition: form-data; name="files"; filename="%[1]s"
+
+normal
+--01234567890123456789012345678901
+Content-Disposition: form-data; name="files"; filename="%[2]s"
+
+uid gid
+--01234567890123456789012345678901
+Content-Disposition: form-data; name="files"; filename="%[5]s"
+
+user group
+--01234567890123456789012345678901
+Content-Disposition: form-data; name="files"; filename="%[8]s"
+
+nested
+--01234567890123456789012345678901
+Content-Disposition: form-data; name="files"; filename="%[9]s"
+
+nested user group
+--01234567890123456789012345678901--
+`, pathNormal, pathUidGid, uid, gid, pathUserGroup, user, group,
+ pathNested, pathNestedUserGroup, user, group)))
+
+ var r testFilesResponse
+ if err := json.NewDecoder(body).Decode(&r); err != nil {
+ t.Fatalf("cannot decode response body for /v1/files: %v", err)
+ }
+ if r.StatusCode != http.StatusOK {
+ t.Fatalf("test file response status code error, expected: %v, got %v", http.StatusOK, r.StatusCode)
+
+ }
+ if r.Type != "sync" {
+ t.Fatalf("test file response type error, expected: sync, got %v", r.StatusCode)
+
+ }
+ if len(r.Result) != 5 {
+ t.Fatalf("test file response result length error, expected: 5, got %v", len(r.Result))
+
+ }
+ checkFileResultRootTest(t, r.Result[0], pathNormal, "", "")
+ checkFileResultRootTest(t, r.Result[1], pathUidGid, "", "")
+ checkFileResultRootTest(t, r.Result[2], pathUserGroup, "", "")
+ checkFileResultRootTest(t, r.Result[3], pathNested, "", "")
+ checkFileResultRootTest(t, r.Result[4], pathNestedUserGroup, "", "")
+
+ assertFileRootTest(t, pathNormal, 0o644, "normal")
+ assertFileRootTest(t, pathUidGid, 0o644, "uid gid")
+ assertFileRootTest(t, pathUserGroup, 0o644, "user group")
+ assertFileRootTest(t, pathNested, 0o644, "nested")
+ assertFileRootTest(t, pathNestedUserGroup, 0o644, "nested user group")
+
+ return tmpDir
+}
+
+func assertFileRootTest(t *testing.T, path string, perm os.FileMode, content string) {
+ b, err := os.ReadFile(path)
+ if err != nil {
+ t.Fatalf("cannot read file %s: %v", path, err)
+ }
+ if string(b) != content {
+ t.Fatalf("file content error, expected: %v, got: %v", content, string(b))
+ }
+ info, err := os.Stat(path)
+ if err != nil {
+ t.Fatalf("cannot stat file %s: %v", path, err)
+ }
+ if info.Mode().Perm() != perm {
+ t.Fatalf("error checking permission, expected: %v, got: %v", perm, info.Mode().Perm())
+ }
+}
diff --git a/internals/daemon/api_files_test.go b/internals/daemon/api_files_test.go
index 79c0f97e7..2f4ba673a 100644
--- a/internals/daemon/api_files_test.go
+++ b/internals/daemon/api_files_test.go
@@ -531,72 +531,6 @@ func (s *filesSuite) testMakeDirsUserGroup(c *C, uid, gid int, user, group strin
return tmpDir
}
-// See .github/workflows/tests.yml for how to run this test as root.
-func (s *filesSuite) TestMakeDirsUserGroupReal(c *C) {
- if os.Getuid() != 0 {
- c.Skip("requires running as root")
- }
- username := os.Getenv("PEBBLE_TEST_USER")
- group := os.Getenv("PEBBLE_TEST_GROUP")
- if username == "" || group == "" {
- c.Fatalf("must set PEBBLE_TEST_USER and PEBBLE_TEST_GROUP")
- }
- u, err := user.Lookup(username)
- c.Assert(err, IsNil)
- g, err := user.LookupGroup(group)
- c.Assert(err, IsNil)
- uid, err := strconv.Atoi(u.Uid)
- c.Assert(err, IsNil)
- gid, err := strconv.Atoi(g.Gid)
- c.Assert(err, IsNil)
-
- tmpDir := s.testMakeDirsUserGroup(c, uid, gid, username, group)
-
- info, err := os.Stat(tmpDir + "/normal")
- c.Assert(err, IsNil)
- statT := info.Sys().(*syscall.Stat_t)
- c.Check(statT.Uid, Equals, uint32(0))
- c.Check(statT.Gid, Equals, uint32(0))
-
- info, err = os.Stat(tmpDir + "/uid-gid")
- c.Assert(err, IsNil)
- statT = info.Sys().(*syscall.Stat_t)
- c.Check(statT.Uid, Equals, uint32(uid))
- c.Check(statT.Gid, Equals, uint32(uid))
-
- info, err = os.Stat(tmpDir + "/user-group")
- c.Assert(err, IsNil)
- statT = info.Sys().(*syscall.Stat_t)
- c.Check(statT.Uid, Equals, uint32(uid))
- c.Check(statT.Gid, Equals, uint32(uid))
-
- info, err = os.Stat(tmpDir + "/nested1")
- c.Assert(err, IsNil)
- c.Check(int(info.Mode()&os.ModePerm), Equals, 0o755)
- statT = info.Sys().(*syscall.Stat_t)
- c.Check(statT.Uid, Equals, uint32(0))
- c.Check(statT.Gid, Equals, uint32(0))
-
- info, err = os.Stat(tmpDir + "/nested1/normal")
- c.Assert(err, IsNil)
- statT = info.Sys().(*syscall.Stat_t)
- c.Check(statT.Uid, Equals, uint32(0))
- c.Check(statT.Gid, Equals, uint32(0))
-
- info, err = os.Stat(tmpDir + "/nested2")
- c.Assert(err, IsNil)
- c.Check(int(info.Mode()&os.ModePerm), Equals, 0o755)
- statT = info.Sys().(*syscall.Stat_t)
- c.Check(statT.Uid, Equals, uint32(uid))
- c.Check(statT.Gid, Equals, uint32(gid))
-
- info, err = os.Stat(tmpDir + "/nested2/user-group")
- c.Assert(err, IsNil)
- statT = info.Sys().(*syscall.Stat_t)
- c.Check(statT.Uid, Equals, uint32(uid))
- c.Check(statT.Gid, Equals, uint32(gid))
-}
-
func (s *filesSuite) TestRemoveSingle(c *C) {
tmpDir := c.MkDir()
writeTempFile(c, tmpDir, "file", "a", 0o644)
@@ -988,72 +922,6 @@ func (s *filesSuite) TestWriteUserGroupMocked(c *C) {
c.Check(mkdirCalls[1], Equals, mkdirArgs{tmpDir + "/nested2", 0o755, osutil.MkdirOptions{MakeParents: true, ExistOK: true, Chmod: true, Chown: true, UserID: 56, GroupID: 78}})
}
-// See .github/workflows/tests.yml for how to run this test as root.
-func (s *filesSuite) TestWriteUserGroupReal(c *C) {
- if os.Getuid() != 0 {
- c.Skip("requires running as root")
- }
- username := os.Getenv("PEBBLE_TEST_USER")
- group := os.Getenv("PEBBLE_TEST_GROUP")
- if username == "" || group == "" {
- c.Fatalf("must set PEBBLE_TEST_USER and PEBBLE_TEST_GROUP")
- }
- u, err := user.Lookup(username)
- c.Assert(err, IsNil)
- g, err := user.LookupGroup(group)
- c.Assert(err, IsNil)
- uid, err := strconv.Atoi(u.Uid)
- c.Assert(err, IsNil)
- gid, err := strconv.Atoi(g.Gid)
- c.Assert(err, IsNil)
-
- tmpDir := s.testWriteUserGroup(c, uid, gid, username, group)
-
- info, err := os.Stat(tmpDir + "/normal")
- c.Assert(err, IsNil)
- statT := info.Sys().(*syscall.Stat_t)
- c.Check(statT.Uid, Equals, uint32(0))
- c.Check(statT.Gid, Equals, uint32(0))
-
- info, err = os.Stat(tmpDir + "/uid-gid")
- c.Assert(err, IsNil)
- statT = info.Sys().(*syscall.Stat_t)
- c.Check(statT.Uid, Equals, uint32(uid))
- c.Check(statT.Gid, Equals, uint32(uid))
-
- info, err = os.Stat(tmpDir + "/user-group")
- c.Assert(err, IsNil)
- statT = info.Sys().(*syscall.Stat_t)
- c.Check(statT.Uid, Equals, uint32(uid))
- c.Check(statT.Gid, Equals, uint32(uid))
-
- info, err = os.Stat(tmpDir + "/nested1")
- c.Assert(err, IsNil)
- c.Check(int(info.Mode()&os.ModePerm), Equals, 0o755)
- statT = info.Sys().(*syscall.Stat_t)
- c.Check(statT.Uid, Equals, uint32(0))
- c.Check(statT.Gid, Equals, uint32(0))
-
- info, err = os.Stat(tmpDir + "/nested1/normal")
- c.Assert(err, IsNil)
- statT = info.Sys().(*syscall.Stat_t)
- c.Check(statT.Uid, Equals, uint32(0))
- c.Check(statT.Gid, Equals, uint32(0))
-
- info, err = os.Stat(tmpDir + "/nested2")
- c.Assert(err, IsNil)
- c.Check(int(info.Mode()&os.ModePerm), Equals, 0o755)
- statT = info.Sys().(*syscall.Stat_t)
- c.Check(statT.Uid, Equals, uint32(uid))
- c.Check(statT.Gid, Equals, uint32(gid))
-
- info, err = os.Stat(tmpDir + "/nested2/user-group")
- c.Assert(err, IsNil)
- statT = info.Sys().(*syscall.Stat_t)
- c.Check(statT.Uid, Equals, uint32(uid))
- c.Check(statT.Gid, Equals, uint32(gid))
-}
-
func (s *filesSuite) testWriteUserGroup(c *C, uid, gid int, user, group string) string {
tmpDir := c.MkDir()
pathNormal := tmpDir + "/normal"
diff --git a/internals/osutil/mkdir_root_test.go b/internals/osutil/mkdir_root_test.go
new file mode 100644
index 000000000..d3148e5f6
--- /dev/null
+++ b/internals/osutil/mkdir_root_test.go
@@ -0,0 +1,111 @@
+//go:build roottest
+
+// Copyright (c) 2024 Canonical Ltd
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License version 3 as
+// published by the Free Software Foundation.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see .
+
+package osutil_test
+
+import (
+ "os"
+ "os/user"
+ "strconv"
+ "syscall"
+ "testing"
+
+ "github.com/canonical/pebble/internals/osutil"
+ "github.com/canonical/pebble/internals/osutil/sys"
+)
+
+func TestWithRootMakeParentsChmodAndChown(t *testing.T) {
+ if os.Getuid() != 0 {
+ t.Skip("requires running as root")
+ }
+
+ username := os.Getenv("PEBBLE_TEST_USER")
+ group := os.Getenv("PEBBLE_TEST_GROUP")
+ if username == "" || group == "" {
+ t.Fatalf("must set PEBBLE_TEST_USER and PEBBLE_TEST_GROUP")
+ }
+
+ u, err := user.Lookup(username)
+ if err != nil {
+ t.Fatalf("cannot look up username: %v", err)
+ }
+ g, err := user.LookupGroup(group)
+ if err != nil {
+ t.Fatalf("cannot look up group: %v", err)
+ }
+ uid, err := strconv.Atoi(u.Uid)
+ if err != nil {
+ t.Fatalf("cannot convert uid to int: %v", err)
+ }
+ gid, err := strconv.Atoi(g.Gid)
+ if err != nil {
+ t.Fatalf("cannot convert gid to int: %v", err)
+ }
+ tmpDir := t.TempDir()
+
+ err = osutil.Mkdir(tmpDir+"/foo/bar", 0o777, &osutil.MkdirOptions{
+ MakeParents: true,
+ Chmod: true,
+ Chown: true,
+ UserID: sys.UserID(uid),
+ GroupID: sys.GroupID(gid),
+ })
+ if err != nil {
+ t.Fatalf(": %v", err)
+ }
+ if !osutil.IsDir(tmpDir + "/foo") {
+ t.Fatalf("file %s is not a directory", tmpDir+"/foo")
+ }
+ if !osutil.IsDir(tmpDir + "/foo/bar") {
+ t.Fatalf("file %s is not a directory", tmpDir+"/foo/bar")
+ }
+
+ info, err := os.Stat(tmpDir + "/foo")
+ if err != nil {
+ t.Fatalf("cannot stat dir %s: %v", tmpDir+"/foo", err)
+ }
+ if info.Mode().Perm() != os.FileMode(0o777) {
+ t.Fatalf("error checking dir %s permission, expected: %v, got: %v", tmpDir+"/foo", 0o777, info.Mode().Perm())
+ }
+ stat, ok := info.Sys().(*syscall.Stat_t)
+ if !ok {
+ t.Fatalf("syscall stat on dir %s error", tmpDir+"/foo")
+ }
+ if int(stat.Uid) != uid {
+ t.Fatalf("dir %s uid error, expected: %v, got: %v", tmpDir+"/foo", uid, int(stat.Uid))
+ }
+ if int(stat.Uid) != uid {
+ t.Fatalf("dir %s gid error, expected: %v, got: %v", tmpDir+"/foo", gid, int(stat.Gid))
+ }
+
+ info, err = os.Stat(tmpDir + "/foo/bar")
+ if err != nil {
+ t.Fatalf(": %v", err)
+ }
+ if info.Mode().Perm() != os.FileMode(0o777) {
+ t.Fatalf("error checking dir %s permission, expected: %v, got: %v", tmpDir+"/foo/bar", 0o777, info.Mode().Perm())
+ }
+ stat, ok = info.Sys().(*syscall.Stat_t)
+ if !ok {
+ t.Fatalf("syscall stat on dir %s error", tmpDir+"/foo/bar")
+ }
+ if int(stat.Uid) != uid {
+ t.Fatalf("dir %s uid error, expected: %v, got: %v", tmpDir+"/foo/bar", uid, int(stat.Uid))
+ }
+ if int(stat.Uid) != uid {
+ t.Fatalf("dir %s gid error, expected: %v, got: %v", tmpDir+"/foo/bar", gid, int(stat.Gid))
+ }
+}
diff --git a/internals/osutil/mkdir_test.go b/internals/osutil/mkdir_test.go
index 6983e26da..668a31ba9 100644
--- a/internals/osutil/mkdir_test.go
+++ b/internals/osutil/mkdir_test.go
@@ -16,14 +16,11 @@ package osutil_test
import (
"os"
- "os/user"
- "strconv"
"syscall"
"gopkg.in/check.v1"
"github.com/canonical/pebble/internals/osutil"
- "github.com/canonical/pebble/internals/osutil/sys"
)
type mkdirSuite struct{}
@@ -207,53 +204,3 @@ func (mkdirSuite) TestMakeParentsAndNoChmod(c *check.C) {
c.Assert(err, check.IsNil)
c.Assert(info.Mode().Perm(), check.Equals, os.FileMode(0o755))
}
-
-// See .github/workflows/tests.yml for how to run this test as root.
-func (mkdirSuite) TestMakeParentsChmodAndChown(c *check.C) {
- if os.Getuid() != 0 {
- c.Skip("requires running as root")
- }
-
- username := os.Getenv("PEBBLE_TEST_USER")
- group := os.Getenv("PEBBLE_TEST_GROUP")
- if username == "" || group == "" {
- c.Fatalf("must set PEBBLE_TEST_USER and PEBBLE_TEST_GROUP")
- }
-
- u, err := user.Lookup(username)
- c.Assert(err, check.IsNil)
- g, err := user.LookupGroup(group)
- c.Assert(err, check.IsNil)
- uid, err := strconv.Atoi(u.Uid)
- c.Assert(err, check.IsNil)
- gid, err := strconv.Atoi(g.Gid)
- c.Assert(err, check.IsNil)
- tmpDir := c.MkDir()
-
- err = osutil.Mkdir(tmpDir+"/foo/bar", 0o777, &osutil.MkdirOptions{
- MakeParents: true,
- Chmod: true,
- Chown: true,
- UserID: sys.UserID(uid),
- GroupID: sys.GroupID(gid),
- })
- c.Assert(err, check.IsNil)
- c.Assert(osutil.IsDir(tmpDir+"/foo"), check.Equals, true)
- c.Assert(osutil.IsDir(tmpDir+"/foo/bar"), check.Equals, true)
-
- info, err := os.Stat(tmpDir + "/foo")
- c.Assert(err, check.IsNil)
- c.Assert(info.Mode().Perm(), check.Equals, os.FileMode(0o777))
- stat, ok := info.Sys().(*syscall.Stat_t)
- c.Assert(ok, check.Equals, true)
- c.Assert(int(stat.Uid), check.Equals, uid)
- c.Assert(int(stat.Gid), check.Equals, gid)
-
- info, err = os.Stat(tmpDir + "/foo/bar")
- c.Assert(err, check.IsNil)
- c.Assert(info.Mode().Perm(), check.Equals, os.FileMode(0o777))
- stat, ok = info.Sys().(*syscall.Stat_t)
- c.Assert(ok, check.Equals, true)
- c.Assert(int(stat.Uid), check.Equals, uid)
- c.Assert(int(stat.Gid), check.Equals, gid)
-}