From cfc7d3aaa3f96e5eb8b0476de3d183a73d9d06db Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Thu, 6 Jul 2017 16:37:50 +0100
Subject: [PATCH] test/containers: Exercise connecting to the new socket as the
 wrong uid

Signed-off-by: Simon McVittie <smcv@collabora.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101354
---
 test/containers.c | 45 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)

diff --git a/test/containers.c b/test/containers.c
index 3783688f..d390bd20 100644
--- a/test/containers.c
+++ b/test/containers.c
@@ -267,6 +267,49 @@ test_basic (Fixture *f,
 }
 
 /*
+ * If we are running as root, assert that when one uid (root) creates a
+ * container server, another uid (TEST_USER_OTHER) cannot connect to it
+ */
+static void
+test_wrong_uid (Fixture *f,
+                gconstpointer context)
+{
+#ifdef HAVE_CONTAINERS_TEST
+  GVariant *parameters;
+
+  if (f->skip)
+    return;
+
+  parameters = g_variant_new ("(ssa{sv}a{sv})",
+                              "com.example.NotFlatpak",
+                              "sample-app",
+                              NULL, /* no metadata */
+                              NULL); /* no named arguments */
+  if (!add_container_server (f, g_steal_pointer (&parameters)))
+    return;
+
+  g_test_message ("Connecting to %s...", f->socket_dbus_address);
+  f->confined_conn = test_try_connect_gdbus_as_user (f->socket_dbus_address,
+                                                     TEST_USER_OTHER,
+                                                     &f->error);
+
+  /* That might be skipped if we can't become TEST_USER_OTHER */
+  if (f->error != NULL &&
+      g_error_matches (f->error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED))
+    {
+      g_test_skip (f->error->message);
+      return;
+    }
+
+  /* The connection was unceremoniously closed */
+  g_assert_error (f->error, G_IO_ERROR, G_IO_ERROR_CLOSED);
+
+#else /* !HAVE_CONTAINERS_TEST */
+  g_test_skip ("Containers or gio-unix-2.0 not supported");
+#endif /* !HAVE_CONTAINERS_TEST */
+}
+
+/*
  * Assert that named arguments are validated: passing an unsupported
  * named argument causes an error.
  */
@@ -409,6 +452,8 @@ main (int argc,
               setup, test_get_supported_arguments, teardown);
   g_test_add ("/containers/basic", Fixture, NULL,
               setup, test_basic, teardown);
+  g_test_add ("/containers/wrong-uid", Fixture, NULL,
+              setup, test_wrong_uid, teardown);
   g_test_add ("/containers/unsupported-parameter", Fixture, NULL,
               setup, test_unsupported_parameter, teardown);
   g_test_add ("/containers/invalid-type-name", Fixture, NULL,
-- 
2.13.3