From 74139b64b2bfe1d369dadd833d1c5715bb7df3f1 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <cyphar@cyphar.com>
Date: Fri, 13 Sep 2024 17:45:34 +1000
Subject: [PATCH] tests: integration: add setgid mkdirall test

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
---
 tests/integration/mounts.bats | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/tests/integration/mounts.bats b/tests/integration/mounts.bats
index c433c51c41b..a63eadc1c58 100644
--- a/tests/integration/mounts.bats
+++ b/tests/integration/mounts.bats
@@ -211,6 +211,28 @@ function test_mount_order() {
 	[[ "$output" =~ filesystem \\?"proc\\?" must be mounted on ordinary directory ]]
 }
 
+# https://github.com/opencontainers/runc/issues/4401
+@test "runc run [setgid / + mkdirall]" {
+	mkdir rootfs/setgid
+	chmod =7755 rootfs/setgid
+
+	update_config '.mounts += [{
+		type: "tmpfs",
+		source: "tmpfs",
+		destination: "/setgid/a/b/c",
+		options: ["ro", "nodev", "nosuid"]
+	}]'
+
+	runc run test_busybox
+	[ "$status" -eq 0 ]
+
+	# Verify that the setgid bit is inherited.
+	[[ "$(stat -c %a rootfs/setgid)" == 7755 ]]
+	[[ "$(stat -c %a rootfs/setgid/a)" == 2755 ]]
+	[[ "$(stat -c %a rootfs/setgid/b)" == 2755 ]]
+	[[ "$(stat -c %a rootfs/setgid/c)" == 2755 ]]
+}
+
 @test "runc run [ro /sys/fs/cgroup mounts]" {
 	# Without cgroup namespace.
 	update_config '.linux.namespaces -= [{"type": "cgroup"}]'