Commit Graph

1 Commits

Author SHA1 Message Date
Philip Withnall 876c155efb tests: Add pam_malcontent.so tests
These tests check that the built `pam_malcontent.so` module can be
loaded using `dlopen()` and that it exports the right symbol. This
should mean that PAM can load it and use it.

Unfortunately, we can’t actually run the module, since PAM hard-codes
its configuration path as being in `/etc`, and there seems to be no way
to override that to load a dummy configuration from a test directory. So
the only way to test the PAM module is to use a file system bind mount
to fake `/etc` (which requires privileges); or to actually install it on
your system and integrate it into your real PAM configuration. Neither
of those are acceptable for a unit test.

It might be possible to re-execute a test under `bwrap` (if installed)
to achieve this, bind mounting a dummy `/etc/pam.d/dummy` service file
into the subprocess’ mount namespace, and otherwise bind mounting `/` to
`/`. It would need a mock malcontent D-Bus API to talk to. Something to
experiment with another time.

(See `_pam_init_handlers()` in
https://github.com/linux-pam/linux-pam/blob/master/libpam/pam_handlers.c
for details of how PAM modules are loaded.)

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2020-01-16 13:27:17 +00:00