diff options
| author | Giacomo Leidi <therewasa@fishinthecalculator.me> | 2025-11-15 11:18:40 +0100 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2025-12-11 15:43:16 +0100 |
| commit | fdb46ae7b19d45a6a1f5adb660283981bf4b7a1d (patch) | |
| tree | 60efdabf153b672904448ba918f2e97dd19b4856 /tests | |
| parent | 94b26ff2841b90826968386de0b71a46284d2ee0 (diff) | |
system: Relax subordinate ID validation.
https://codeberg.org/guix/guix/issues/3925 raised the inabilityy of the
subordinate IDs service of handling externally managed sub{u,g}id file
entries. This patch relaxes the checks in place for existing ranges,
by allowing subid-range records lower than %subordinate-id-min, leaving
all the space from subid 0 to %subordinate-id-min - 1 to external
users. Generic ranges are still allocated within %subordinate-id-min and
%subordinate-id-max.
* gnu/build/accounts.scm (<unused-id-range>)[min]: Change default value
to 0, allowing subid-ranges with a start lesser than
%subordinate-id-min.
(allocate-generic-range): Allocate generic ranges starting from
%subordinate-id-min, leaving ranges starting before %subordinate-id-min.
(allocate-specific-range): Move bounds check to...
(allocate-subids): ...here. Now bound validation is applied only to user
provided ranges.
* tests/accounts.scm: Test new behavior.
Fixes: guix/guix#3925
Change-Id: Id923b122c97a20f148684f5fb144fd9422810612
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Merges: #4235
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/accounts.scm | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/tests/accounts.scm b/tests/accounts.scm index 41ed706e9ed..60a8f4bf66d 100644 --- a/tests/accounts.scm +++ b/tests/accounts.scm @@ -271,6 +271,23 @@ ada:100600:300\n") (start %subordinate-id-min) (count 100))))) +(test-equal "allocate-subids with externally managed state" + (list (subid-entry (name "guix-daemon") (start 904) (count 1)) + (subid-entry (name "alice") (start 1085) (count 100)) + (subid-entry (name "t") (start %subordinate-id-min) (count 899)) + (subid-entry (name "x") (start 100899) (count 200))) + (allocate-subids (list + (subid-range (name "x") (count 200)) + (subid-range (name "t") (count 899))) + ;; Test use case from + ;; https://codeberg.org/guix/guix/issues/3925 + (list (subid-range (name "guix-daemon") + (start 904) + (count 1)) + (subid-range (name "alice") + (start 1085) + (count 100))))) + (test-equal "allocate-subids with requested IDs ranges" ;; Make sure the requested sub ID for "k" and "root" are honored. (list (subid-entry (name "x") (start %subordinate-id-min) (count 200)) |