tests: integration: add setgid mkdirall test

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
opencontainers · Sep 13, 2024 · 079ebc3 · 079ebc3
1 parent 5f53bf5
commit 079ebc3
Showing 1 changed file with 23 additions and 0 deletions.
diff --git a/tests/integration/mounts.bats b/tests/integration/mounts.bats
@@ -211,6 +211,29 @@ function test_mount_order() {
 	[[ "$output" == *"must be mounted on ordinary directory"* ]]
 }
 
+# https://github.com/opencontainers/runc/issues/4401
+@test "runc run [setgid / + mkdirall]" {
+	mkdir rootfs/setgid
+	chmod '=7755' rootfs/setgid
+
+	update_config '.mounts += [{
+		type: "tmpfs",
+		source: "tmpfs",
+		destination: "/setgid/a/b/c",
+		options: ["ro", "nodev", "nosuid"]
+	}]'
+	update_config '.process.args |= ["true"]'
+
+	runc run test_busybox
+	[ "$status" -eq 0 ]
+
+	# Verify that the setgid bit is inherited.
+	[[ "$(stat -c %a rootfs/setgid)" == 7755 ]]
+	[[ "$(stat -c %a rootfs/setgid/a)" == 2755 ]]
+	[[ "$(stat -c %a rootfs/setgid/a/b)" == 2755 ]]
+	[[ "$(stat -c %a rootfs/setgid/a/b/c)" == 2755 ]]
+}
+
 @test "runc run [ro /sys/fs/cgroup mounts]" {
 	# Without cgroup namespace.
 	update_config '.linux.namespaces -= [{"type": "cgroup"}]'