1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
summary: Check file XAUTHORITY env variable points to is migrated into the snap environment
details: |
The XAUTHORITY environment variable points to a file which is located
in HOME, /run or /tmp depending on the distribution and desktop being
used. If the file ends up in /tmp then it wont be visible inside the
snap environment as each snap gets its private /tmp. To ensure the
file XAUTHORITY points to is always available no matter where it is
stored on the host system we migrate the file and copy it into
/run/$USER/.Xauthority and set the XAUTHORITY environment variable
accordingly.
This test verified the correct behaviour of the implemented logic
inside `snap run`.
execute: |
snap install test-snapd-sh
ensure_xauth_path() {
export XAUTHORITY="$1"
# Get rid of things to ensure a clean test bed
rm -f /var/snap/test-snapd-sh/common/xauth-content /run/user/0/.Xauthority
snap run --shell test-snapd-sh.sh <<'EOF'
echo $XAUTHORITY > /var/snap/test-snapd-sh/common/xauth-content
exit
EOF
env_path="$(cat /var/snap/test-snapd-sh/common/xauth-content)"
test "$env_path" = "$2" || exit 1
test "$(sh256sum "$env_path")" = "$(sh256sum "$1")"
unset XAUTHORITY
}
mock_xauthority() {
# Generate valid Xauthority file which `snap run` will accept
rm -f "$1"; touch "$1"
for ((c=0; c<=$2; c++))
do
{
# Family
echo -n -e \\x01\\x00
# Address
echo -n -e \\x00\\x04\\x73\\x6e\\x61\\x70
# Number
echo -n -e \\x00\\x01\\xff
# Name
echo -n -e \\x00\\x05\\x73\\x6e\\x61\\x70\\x64
# Data
echo -n -e \\x00\\x01\\xff
} >> "$1"
done
}
if [ ! -d /run/user/0 ]; then
mkdir -p /run/user/0
chmod 700 /run/user/0
fi
# An invalid Xauthority file should cause the XAUTHORITY
# environment variable to stay untouched.
echo "foo bar" > /tmp/invalid-xauthority
ensure_xauth_path /tmp/invalid-xauthority /tmp/invalid-xauthority
test ! -e /run/user/0/.Xauthority
echo > /tmp/invalid-xauthority
ensure_xauth_path /tmp/invalid-xauthority /tmp/invalid-xauthority
test ! -e /run/user/0/.Xauthority
# Generate valid Xauthority file which `snap run` will accept
mock_xauthority /tmp/valid-xauthority 4
chmod 600 /tmp/valid-xauthority
# Xauthority should be correctly migrated
ensure_xauth_path /tmp/valid-xauthority /run/user/0/.Xauthority
test -e /run/user/0/.Xauthority
# When we switch the owner the input xauth file shouldn't be moved.
chown 1000:1000 /tmp/valid-xauthority
ensure_xauth_path /tmp/valid-xauthority /tmp/valid-xauthority
test ! -e /run/user/0/.Xauthority
# We should not be able to get things like /etc/shadow migrated
# into the snap environment. When `snap run` does the migration
# it will change the content of the XAUTHORITY env variable
# inside the snap environment and otherwise leave the variable
# untouched. This is why the expected content of the XAUTHORITY
# env variable in this case is /etc/shadow
ensure_xauth_path /etc/shadow /etc/shadow
test ! -e /run/user/0/.Xauthority
|
