Vendor dependencies for 0.3.0 release

2025-09-27 10:29:08 -05:00
parent 0c8d39d483
commit 82ab7f317b
26803 changed files with 16134934 additions and 0 deletions
--- a/vendor/nix/test/mount/mod.rs
+++ b/vendor/nix/test/mount/mod.rs
@@ -0,0 +1,6 @@
+#[cfg(target_os = "linux")]
+mod test_mount;
+#[cfg(apple_targets)]
+mod test_mount_apple;
+#[cfg(target_os = "freebsd")]
+mod test_nmount;
--- a/vendor/nix/test/mount/test_mount.rs
+++ b/vendor/nix/test/mount/test_mount.rs
@@ -0,0 +1,189 @@
+use std::fs::{self, File};
+use std::io::{Read, Write};
+use std::os::unix::fs::OpenOptionsExt;
+use std::os::unix::fs::PermissionsExt;
+use std::process::Command;
+
+use libc::{EACCES, EROFS};
+
+use nix::mount::{mount, umount, MsFlags};
+use nix::sys::stat::{self, Mode};
+
+use crate::*;
+
+static SCRIPT_CONTENTS: &[u8] = b"#!/bin/sh
+exit 23";
+
+const EXPECTED_STATUS: i32 = 23;
+
+const NONE: Option<&'static [u8]> = None;
+
+#[test]
+fn test_mount_tmpfs_without_flags_allows_rwx() {
+    require_capability!(
+        "test_mount_tmpfs_without_flags_allows_rwx",
+        CAP_SYS_ADMIN
+    );
+    let tempdir = tempfile::tempdir().unwrap();
+
+    mount(
+        NONE,
+        tempdir.path(),
+        Some(b"tmpfs".as_ref()),
+        MsFlags::empty(),
+        NONE,
+    )
+    .unwrap_or_else(|e| panic!("mount failed: {e}"));
+
+    let test_path = tempdir.path().join("test");
+
+    // Verify write.
+    fs::OpenOptions::new()
+        .create(true)
+        .write(true)
+        .mode((Mode::S_IRWXU | Mode::S_IRWXG | Mode::S_IRWXO).bits())
+        .open(&test_path)
+        .and_then(|mut f| f.write(SCRIPT_CONTENTS))
+        .unwrap_or_else(|e| panic!("write failed: {e}"));
+
+    // Verify read.
+    let mut buf = Vec::new();
+    File::open(&test_path)
+        .and_then(|mut f| f.read_to_end(&mut buf))
+        .unwrap_or_else(|e| panic!("read failed: {e}"));
+    assert_eq!(buf, SCRIPT_CONTENTS);
+
+    // while forking and unmounting prevent other child processes
+    let _m = FORK_MTX.lock();
+    // Verify execute.
+    assert_eq!(
+        EXPECTED_STATUS,
+        Command::new(&test_path)
+            .status()
+            .unwrap_or_else(|e| panic!("exec failed: {e}"))
+            .code()
+            .unwrap_or_else(|| panic!("child killed by signal"))
+    );
+
+    umount(tempdir.path()).unwrap_or_else(|e| panic!("umount failed: {e}"));
+}
+
+#[test]
+fn test_mount_rdonly_disallows_write() {
+    require_capability!("test_mount_rdonly_disallows_write", CAP_SYS_ADMIN);
+    let tempdir = tempfile::tempdir().unwrap();
+
+    mount(
+        NONE,
+        tempdir.path(),
+        Some(b"tmpfs".as_ref()),
+        MsFlags::MS_RDONLY,
+        NONE,
+    )
+    .unwrap_or_else(|e| panic!("mount failed: {e}"));
+
+    // EROFS: Read-only file system
+    assert_eq!(
+        EROFS,
+        File::create(tempdir.path().join("test"))
+            .unwrap_err()
+            .raw_os_error()
+            .unwrap()
+    );
+
+    umount(tempdir.path()).unwrap_or_else(|e| panic!("umount failed: {e}"));
+}
+
+#[test]
+fn test_mount_noexec_disallows_exec() {
+    require_capability!("test_mount_noexec_disallows_exec", CAP_SYS_ADMIN);
+    let tempdir = tempfile::tempdir().unwrap();
+
+    mount(
+        NONE,
+        tempdir.path(),
+        Some(b"tmpfs".as_ref()),
+        MsFlags::MS_NOEXEC,
+        NONE,
+    )
+    .unwrap_or_else(|e| panic!("mount failed: {e}"));
+
+    let test_path = tempdir.path().join("test");
+
+    fs::OpenOptions::new()
+        .create(true)
+        .write(true)
+        .mode((Mode::S_IRWXU | Mode::S_IRWXG | Mode::S_IRWXO).bits())
+        .open(&test_path)
+        .and_then(|mut f| f.write(SCRIPT_CONTENTS))
+        .unwrap_or_else(|e| panic!("write failed: {e}"));
+
+    // Verify that we cannot execute despite a+x permissions being set.
+    let mode = stat::Mode::from_bits_truncate(
+        fs::metadata(&test_path)
+            .map(|md| md.permissions().mode())
+            .unwrap_or_else(|e| panic!("metadata failed: {e}")),
+    );
+
+    assert!(
+        mode.contains(Mode::S_IXUSR | Mode::S_IXGRP | Mode::S_IXOTH),
+        "{:?} did not have execute permissions",
+        &test_path
+    );
+
+    // while forking and unmounting prevent other child processes
+    let _m = FORK_MTX.lock();
+    // EACCES: Permission denied
+    assert_eq!(
+        EACCES,
+        Command::new(&test_path)
+            .status()
+            .unwrap_err()
+            .raw_os_error()
+            .unwrap()
+    );
+
+    umount(tempdir.path()).unwrap_or_else(|e| panic!("umount failed: {e}"));
+}
+
+#[test]
+fn test_mount_bind() {
+    require_capability!("test_mount_bind", CAP_SYS_ADMIN);
+    let tempdir = tempfile::tempdir().unwrap();
+    let file_name = "test";
+
+    {
+        let mount_point = tempfile::tempdir().unwrap();
+
+        mount(
+            Some(tempdir.path()),
+            mount_point.path(),
+            NONE,
+            MsFlags::MS_BIND,
+            NONE,
+        )
+        .unwrap_or_else(|e| panic!("mount failed: {e}"));
+
+        fs::OpenOptions::new()
+            .create(true)
+            .write(true)
+            .mode((Mode::S_IRWXU | Mode::S_IRWXG | Mode::S_IRWXO).bits())
+            .open(mount_point.path().join(file_name))
+            .and_then(|mut f| f.write(SCRIPT_CONTENTS))
+            .unwrap_or_else(|e| panic!("write failed: {e}"));
+
+        // wait for child processes to prevent EBUSY
+        let _m = FORK_MTX.lock();
+        umount(mount_point.path())
+            .unwrap_or_else(|e| panic!("umount failed: {e}"));
+    }
+
+    // Verify the file written in the mount shows up in source directory, even
+    // after unmounting.
+
+    let mut buf = Vec::new();
+    File::open(tempdir.path().join(file_name))
+        .and_then(|mut f| f.read_to_end(&mut buf))
+        .unwrap_or_else(|e| panic!("read failed: {e}"));
+    assert_eq!(buf, SCRIPT_CONTENTS);
+}
--- a/vendor/nix/test/mount/test_mount_apple.rs
+++ b/vendor/nix/test/mount/test_mount_apple.rs
@@ -0,0 +1,8 @@
+use nix::errno::Errno;
+use nix::mount::{mount, MntFlags};
+
+#[test]
+fn test_mount() {
+    let res = mount::<str, str, str>("", "", MntFlags::empty(), None);
+    assert_eq!(res, Err(Errno::ENOENT));
+}
--- a/vendor/nix/test/mount/test_nmount.rs
+++ b/vendor/nix/test/mount/test_nmount.rs
@@ -0,0 +1,49 @@
+use crate::*;
+use nix::{
+    errno::Errno,
+    mount::{unmount, MntFlags, Nmount},
+};
+use std::{ffi::CString, fs::File, path::Path};
+use tempfile::tempdir;
+
+#[test]
+fn ok() {
+    require_mount!("nullfs");
+
+    let mountpoint = tempdir().unwrap();
+    let target = tempdir().unwrap();
+    let _sentry = File::create(target.path().join("sentry")).unwrap();
+
+    let fstype = CString::new("fstype").unwrap();
+    let nullfs = CString::new("nullfs").unwrap();
+    Nmount::new()
+        .str_opt(&fstype, &nullfs)
+        .str_opt_owned("fspath", mountpoint.path().to_str().unwrap())
+        .str_opt_owned("target", target.path().to_str().unwrap())
+        .nmount(MntFlags::empty())
+        .unwrap();
+
+    // Now check that the sentry is visible through the mountpoint
+    let exists = Path::exists(&mountpoint.path().join("sentry"));
+
+    // Cleanup the mountpoint before asserting
+    unmount(mountpoint.path(), MntFlags::empty()).unwrap();
+
+    assert!(exists);
+}
+
+#[test]
+fn bad_fstype() {
+    let mountpoint = tempdir().unwrap();
+    let target = tempdir().unwrap();
+    let _sentry = File::create(target.path().join("sentry")).unwrap();
+
+    let e = Nmount::new()
+        .str_opt_owned("fspath", mountpoint.path().to_str().unwrap())
+        .str_opt_owned("target", target.path().to_str().unwrap())
+        .nmount(MntFlags::empty())
+        .unwrap_err();
+
+    assert_eq!(e.error(), Errno::EINVAL);
+    assert_eq!(e.errmsg(), Some("Invalid fstype"));
+}