CI: Disable setuid and setgid tests in container

VIDA-NYU · Sep 29, 2023 · 62dbdf8 · 62dbdf8
1 parent 2a9e8da
commit 62dbdf8
Showing 1 changed file with 33 additions and 22 deletions.
diff --git a/tests/functional.py b/tests/functional.py
@@ -757,33 +757,44 @@ def check_simple(args, stream, infile=1):
     # Test set-uid warning
     #
 
-    # Find a set-uid program
-    executable = '/bin/su'
-    if not os.path.exists(executable) and os.path.exists('/usr/bin/su'):
-        executable = '/usr/bin/su'
-    assert os.stat(executable).st_mode & 0o4000 == 0o4000
-    # Trace
-    # Pass a wrong username to su to make it exit without reading a password
-    _, err = call_output(rpz + ['testrun', executable,
-                                '94627ebfafbf81cd77a17d4ed646a80c94bf4202'],
-                         'err')
-    err = err.split(b'\n')
-    assert any(b'executing set-uid binary!' in line for line in err)
+    if os.getuid() != 0:
+        # Find a set-uid program
+        executable = '/bin/su'
+        if not os.path.exists(executable) and os.path.exists('/usr/bin/su'):
+            executable = '/usr/bin/su'
+        assert os.stat(executable).st_mode & 0o4000 == 0o4000
+        # Trace
+        # Pass a wrong username to su to make it exit without reading a
+        # password
+        _, err = call_output(
+            rpz + [
+                'testrun', executable,
+                '94627ebfafbf81cd77a17d4ed646a80c94bf4202',
+            ],
+            'err',
+        )
+        err = err.split(b'\n')
+        assert any(b'executing set-uid binary!' in line for line in err)
 
     # ########################################
     # Test set-gid warning
     #
 
-    # Find a set-gid program
-    executable = '/usr/bin/crontab'
-    if not os.path.exists(executable) and os.path.exists('/bin/crontab'):
-        executable = '/bin/crontab'
-    assert os.stat(executable).st_mode & 0o2000 == 0o2000
-    # Trace
-    # Pass a wrong username to su to make it exit without reading a password
-    _, err = call_output(rpz + ['testrun', executable, '-l'], 'err')
-    err = err.split(b'\n')
-    assert any(b'executing set-gid binary!' in line for line in err)
+    if os.getuid() != 0:
+        # Find a set-gid program
+        executable = '/usr/bin/crontab'
+        if not os.path.exists(executable) and os.path.exists('/bin/crontab'):
+            executable = '/bin/crontab'
+        assert os.stat(executable).st_mode & 0o2000 == 0o2000
+        # Trace
+        # Pass a wrong username to su to make it exit without reading a
+        # password
+        _, err = call_output(
+            rpz + ['testrun', executable, '-l'],
+            'err',
+        )
+        err = err.split(b'\n')
+        assert any(b'executing set-gid binary!' in line for line in err)
 
     # ########################################
     # Test old packages