From: Simon McVittie <smcv@collabora.com>
Date: Thu, 8 Jun 2017 13:43:43 +0000 (+0100)
Subject: test/containers: Check that connections from containers are unprivileged
X-Git-Tag: dbus-1.13.0~57^2~17
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2c492620573647141679704e659fd64a5783dece;p=thirdparty%2Fdbus.git

test/containers: Check that connections from containers are unprivileged

Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101354
---

diff --git a/test/containers.c b/test/containers.c
index 4b4a944e6..dd5797cbb 100644
--- a/test/containers.c
+++ b/test/containers.c
@@ -333,6 +333,19 @@ test_basic (Fixture *f,
   g_assert_cmpstr (g_variant_get_type_string (tuple), ==, "()");
   g_clear_pointer (&tuple, g_variant_unref);
 
+  g_test_message ("Checking that confined app is not considered privileged...");
+  tuple = g_dbus_connection_call_sync (f->confined_conn, DBUS_SERVICE_DBUS,
+                                       DBUS_PATH_DBUS, DBUS_INTERFACE_DBUS,
+                                       "UpdateActivationEnvironment",
+                                       g_variant_new ("(a{ss})", NULL),
+                                       G_VARIANT_TYPE_UNIT,
+                                       G_DBUS_CALL_FLAGS_NONE, -1, NULL,
+                                       &f->error);
+  g_assert_error (f->error, G_DBUS_ERROR, G_DBUS_ERROR_ACCESS_DENIED);
+  g_test_message ("Access denied as expected: %s", f->error->message);
+  g_clear_error (&f->error);
+  g_assert_null (tuple);
+
   /* Check that the socket is cleaned up when the dbus-daemon is terminated */
   test_kill_pid (f->daemon_pid);
   g_spawn_close_pid (f->daemon_pid);