tests: integration: add setgid mkdirall test

cyphar · cyphar · commit d8844e293901 · 2024-09-13T23:34:33.000+10:00
Signed-off-by: Aleksa Sarai &lt;cyphar@cyphar.com&gt;
diff --git a/tests/integration/mounts.bats b/tests/integration/mounts.bats
@@ -211,6 +211,29 @@ function test_mount_order() {
 	[[ "$output" == *"must be mounted on ordinary directory"* ]]
 }
 
+# https://github.com/opencontainers/runc/issues/4401
+@test "runc run [setgid / + mkdirall]" {
+	mkdir rootfs/setgid
+	chmod '=7755' rootfs/setgid
+
+	update_config '.mounts += [{
+		type: "tmpfs",
+		source: "tmpfs",
+		destination: "/setgid/a/b/c",
+		options: ["ro", "nodev", "nosuid"]
+	}]'
+	update_config '.process.args |= ["true"]'
+
+	runc run test_busybox
+	[ "$status" -eq 0 ]
+
+	# Verify that the setgid bit is inherited.
+	[[ "$(stat -c %a rootfs/setgid)" == 7755 ]]
+	[[ "$(stat -c %a rootfs/setgid/a)" == 2755 ]]
+	[[ "$(stat -c %a rootfs/setgid/a/b)" == 2755 ]]
+	[[ "$(stat -c %a rootfs/setgid/a/b/c)" == 2755 ]]
+}
+
 @test "runc run [ro /sys/fs/cgroup mounts]" {
 	# Without cgroup namespace.
 	update_config '.linux.namespaces -= [{"type": "cgroup"}]'
