summaryrefslogtreecommitdiffstats
path: root/t/lib-sudo.sh
diff options
context:
space:
mode:
authorCarlo Marcelo Arenas Belón <carenas@gmail.com>2022-05-13 03:00:19 +0200
committerJunio C Hamano <gitster@pobox.com>2022-05-13 03:12:23 +0200
commitb9063afda17a2aa6310423c9f7b776c41f753091 (patch)
treefa061cb540fb4ca325c20a4b20e377490985c764 /t/lib-sudo.sh
parentgit-compat-util: avoid failing dir ownership checks if running privileged (diff)
downloadgit-b9063afda17a2aa6310423c9f7b776c41f753091.tar.xz
git-b9063afda17a2aa6310423c9f7b776c41f753091.zip
t0034: add negative tests and allow git init to mostly work under sudo
Add a support library that provides one function that can be used to run a "scriplet" of commands through sudo and that helps invoking sudo in the slightly awkward way that is required to ensure it doesn't block the call (if shell was allowed as tested in the prerequisite) and it doesn't run the command through a different shell than the one we intended. Add additional negative tests as suggested by Junio and that use a new workspace that is owned by root. Document a regression that was introduced by previous commits where root won't be able anymore to access directories they own unless SUDO_UID is removed from their environment. The tests document additional ways that this new restriction could be worked around and the documentation explains why it might be instead considered a feature, but a "fix" is planned for a future change. Helped-by: Junio C Hamano <gitster@pobox.com> Helped-by: Phillip Wood <phillip.wood123@gmail.com> Signed-off-by: Carlo Marcelo Arenas Belón <carenas@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 't/lib-sudo.sh')
-rw-r--r--t/lib-sudo.sh15
1 files changed, 15 insertions, 0 deletions
diff --git a/t/lib-sudo.sh b/t/lib-sudo.sh
new file mode 100644
index 0000000000..b4d7788f4e
--- /dev/null
+++ b/t/lib-sudo.sh
@@ -0,0 +1,15 @@
+# Helpers for running git commands under sudo.
+
+# Runs a scriplet passed through stdin under sudo.
+run_with_sudo () {
+ local ret
+ local RUN="$TEST_DIRECTORY/$$.sh"
+ write_script "$RUN" "$TEST_SHELL_PATH"
+ # avoid calling "$RUN" directly so sudo doesn't get a chance to
+ # override the shell, add aditional restrictions or even reject
+ # running the script because its security policy deem it unsafe
+ sudo "$TEST_SHELL_PATH" -c "\"$RUN\""
+ ret=$?
+ rm -f "$RUN"
+ return $ret
+}