tests: use setfacl to give $SUDO_USER read permissions on artifacts

We have to invoke the tests as superuser, and not being able to read
the journal as the invoking user is annoying. I don't think there are
any security considerations here, since the invoking user can already
put arbitrary code in the Makefile and test scripts which get executed
with root privileges.

diff --git a/test/test-functions b/test/test-functions
index 8f2ffb13232b444ea3aff1c84f47b3ae62aeffc6..e8d2a5876b144bfcfb713d60a8c0e85ca8e1fab3 100644 (file)
--- a/test/test-functions
+++ b/test/test-functions
@@ -2393,6 +2393,12 @@ do_test() {
     import_testdir
     import_initdir
 
+    if [ -n "${SUDO_USER}" ]; then
+        ddebug "Making ${TESTDIR:?} readable for ${SUDO_USER} (acquired from sudo)"
+        setfacl -m "user:${SUDO_USER:?}:r-X" "${TESTDIR:?}"
+        setfacl -d -m "user:${SUDO_USER:?}:r-X" "${TESTDIR:?}"
+    fi
+
     testname="$(basename "$PWD")"
 
     while (($# > 0)); do