1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
|
#!/bin/bash
# A thin wrapper that sets up an environment, runs a test, and exits with an
# error if the test does not write a file indicating success.
# Copyright Canonical, 2013. Author: Chad MILLER <chad.miller@canonical.com>
set -o errexit
set -o nounset
#set -o xtrace
failures=""
python3 -u -m http.server 0 >webserver-out 2>webserver-err &
webserver_pid=$!
trap "echo FAILURE" ERR
trap ":" USR1 # Clean-up after every test
trap ":" USR2 # Clean-up after every test
trap "kill -KILL ${webserver_pid} || echo No web server.; kill -USR1 $$ || echo No cleanup 1.; kill -USR2 $$ || echo No cleanup 2." EXIT
retrylimit=100
retry=0
while test "$retry" -lt "$retrylimit"; do
retry=$(($retry + 1))
sleep 0.1
# "Serving HTTP on 0.0.0.0 port 49074 ..."
grep "\\.\\.\\." webserver-out >/dev/null || continue
webserver_port=$(head -1 webserver-out |cut -d\ -f6)
break
done
test "$retry" -lt ${retrylimit}
mkdir profile_storage
# Now everything is set up for a series of tests.
echo -n "Test command-line URL retrieves page from server: "
# TEST one
# Create a file that our web server can read. Run chromium with that URL and
# see that the web server receives a request for that file/resource.
f=one$$.txt
echo proc$$test >$f
chromium-browser --window-size=400,200 --window-position=100,100 --user-data-dir=profile_storage http://localhost:${webserver_port}/$f >browser_stdout 2>browser_stderr &
webclient_pid=$!
trap "kill -KILL ${webclient_pid}" USR1
retrylimit=1000
retry=0
while test "$retry" -lt "$retrylimit"; do
retry=$(($retry + 1))
sleep 1 ## FIXME
grep $f webserver-err >/dev/null || continue
echo okay
break
done
#kill -USR1 $$ # cleanup
test "$retry" -lt ${retrylimit} || echo BAD
test "$retry" -lt ${retrylimit} || failures="one:serveraccess $failures"
# TEST two-a two-b
# While we have a chromium running, let's use it. Test that the processes are constrained by a sandbox.
echo -n "Test security enclosure: "
if ps h --ppid ${webclient_pid} -o label |grep _sandbox\$ >/dev/null; then
# At least one process's security label ends with "_sandbox".
if { ps h -p ${webclient_pid} -o label; ps h --ppid ${webclient_pid} -o label; } |grep unconfined >/dev/null; then
# No processes created immediately by chromium are unconstrained
echo BAD
failures="two-b:unconfined $failures"
else
echo okay
fi
else
echo BAD
failures="two-a:sandbox $failures"
fi
# All tests are done.
#
# Report results
test -z "$failures" && touch result-success || echo "failure list: $failures"
test -z "$failures" || exit 1
|