From e5fad0714e94f9a5f8fc07d9ed9bf43a0d56d477 Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Mon, 2 May 2016 11:41:32 +0200
Subject: [PATCH] tests: Add namespace and overrides tests

---
 tests/libtest.sh           |  2 +-
 tests/make-test-runtime.sh |  4 +++-
 tests/test-run.sh          | 34 +++++++++++++++++++++++++++++++++-
 3 files changed, 37 insertions(+), 3 deletions(-)

diff --git a/tests/libtest.sh b/tests/libtest.sh
index caae1dd5..57e74d44 100644
--- a/tests/libtest.sh
+++ b/tests/libtest.sh
@@ -160,7 +160,7 @@ run () {
 }
 
 run_sh () {
-    ${CMD_PREFIX} xdg-app run --command=bash org.test.Hello -c "$*"
+    ${CMD_PREFIX} xdg-app run --command=bash ${ARGS-} org.test.Hello -c "$*"
 }
 
 sed s#@testdir@#${test_builddir}# ${test_srcdir}/session.conf.in > session.conf
diff --git a/tests/make-test-runtime.sh b/tests/make-test-runtime.sh
index 500649fb..47c816f9 100755
--- a/tests/make-test-runtime.sh
+++ b/tests/make-test-runtime.sh
@@ -16,12 +16,14 @@ BASH=`which bash`
 LS=`which ls`
 CAT=`which cat`
 ECHO=`which echo`
+READLINK=`which readlink`
 cp ${BASH} ${DIR}/usr/bin
 cp ${LS} ${DIR}/usr/bin
 cp ${CAT} ${DIR}/usr/bin
 cp ${ECHO} ${DIR}/usr/bin
+cp ${READLINK} ${DIR}/usr/bin
 ln -s bash ${DIR}/usr/bin/sh
-for i in `ldd ${BASH} ${LS} ${CAT} ${ECHO} | sed "s/.* => //" | awk '{ print $1}' | grep -v :$ | grep ^/ | sort -u`; do
+for i in `ldd ${BASH} ${LS} ${CAT} ${ECHO} ${READLINK} | sed "s/.* => //" | awk '{ print $1}' | grep -v :$ | grep ^/ | sort -u`; do
     cp "$i" ${DIR}/usr/lib/
 done
 
diff --git a/tests/test-run.sh b/tests/test-run.sh
index 836b2fe3..4a7200ad 100755
--- a/tests/test-run.sh
+++ b/tests/test-run.sh
@@ -21,7 +21,7 @@ set -euo pipefail
 
 . $(dirname $0)/libtest.sh
 
-echo "1..3"
+echo "1..5"
 
 setup_repo
 install_repo
@@ -59,3 +59,35 @@ run_sh cat /run/user/`id -u`/xdg-app-info > xai
 assert_file_has_content xai '^name=org.test.Hello$'
 
 echo "ok xdg-app-info"
+
+run_sh readlink /proc/self/ns/net > unshared_net_ns
+ARGS="--share=network" run_sh readlink /proc/self/ns/net > shared_net_ns
+assert_not_streq `cat unshared_net_ns` `readlink /proc/self/ns/net`
+assert_streq `cat shared_net_ns` `readlink /proc/self/ns/net`
+
+run_sh readlink /proc/self/ns/ipc > unshared_ipc_ns
+ARGS="--share=ipc" run_sh readlink /proc/self/ns/ipc > shared_ipc_ns
+assert_not_streq `cat unshared_ipc_ns` `readlink /proc/self/ns/ipc`
+assert_streq `cat shared_ipc_ns` `readlink /proc/self/ns/ipc`
+
+if run_sh cat $(dirname $0)/package_version.txt; then
+    assert_not_reached "Unexpectedly allowed to access file"
+fi
+
+ARGS="--filesystem=$(dirname $0)" run_sh cat $(dirname $0)/package_version.txt > /dev/null
+ARGS="--filesystem=host" run_sh cat $(dirname $0)/package_version.txt > /dev/null
+
+echo "ok namespaces"
+
+$XDG_APP override --user --filesystem=host org.test.Hello
+run_sh cat $(dirname $0)/package_version.txt > /dev/null
+if ARGS="--nofilesystem=host" run_sh cat $(dirname $0)/package_version.txt > /dev/null; then
+    assert_not_reached "Unexpectedly allowed to access --nofilesystem=host file"
+fi
+$XDG_APP override --user --nofilesystem=host org.test.Hello
+
+if run_sh cat $(dirname $0)/package_version.txt > /dev/null; then
+    assert_not_reached "Unexpectedly allowed to access file"
+fi
+
+echo "ok overrides"