github.com/singularityware/singularity@v3.1.1+incompatible/docs/2.x-tests/40-privblock.sh (about) 1 #!/bin/bash 2 # 3 # Copyright (c) 2017, Michael W. Bauer. All rights reserved. 4 # Copyright (c) 2017, Gregory M. Kurtzer. All rights reserved. 5 # 6 # "Singularity" Copyright (c) 2016, The Regents of the University of California, 7 # through Lawrence Berkeley National Laboratory (subject to receipt of any 8 # required approvals from the U.S. Dept. of Energy). All rights reserved. 9 # 10 # This software is licensed under a customized 3-clause BSD license. Please 11 # consult LICENSE file distributed with the sources of this project regarding 12 # your rights to use or distribute this software. 13 # 14 # NOTICE. This Software was developed under funding from the U.S. Department of 15 # Energy and the U.S. Government consequently retains certain rights. As such, 16 # the U.S. Government has been granted for itself and others acting on its 17 # behalf a paid-up, nonexclusive, irrevocable, worldwide license in the Software 18 # to reproduce, distribute copies to the public, prepare derivative works, and 19 # perform publicly and display publicly, and to permit other to do so. 20 # 21 # 22 23 24 . ./functions 25 26 test_init "Checking escalation block" 27 28 29 30 CONTAINER="$SINGULARITY_TESTDIR/container.img" 31 32 stest 0 sudo singularity build "$CONTAINER" docker://centos:7 33 stest 0 singularity exec "$CONTAINER" true 34 stest 1 singularity exec "$CONTAINER" false 35 36 # Checking no new privs with capabilities 37 stest 0 sudo singularity exec "$CONTAINER" ping -c 1 127.0.0.1 38 stest 1 singularity exec "$CONTAINER" ping -c 1 127.0.0.1 39 40 # Checking no new privs with setuid root 41 stest 0 sudo singularity exec "$CONTAINER" /usr/sbin/pam_timestamp_check -k root 42 stest 1 singularity exec "$CONTAINER" /usr/sbin/pam_timestamp_check -k root 43 44 test_cleanup 45