From 4ff88efc500cdd7fd0a407c21087c4479390246a Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Thu, 29 Oct 2020 21:20:38 +0100 Subject: [PATCH] netns: add address binding test Proposed by Jonas Nick. --- test/tests.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/test/tests.py b/test/tests.py index dd1d886..0179034 100644 --- a/test/tests.py +++ b/test/tests.py @@ -259,6 +259,12 @@ def _(): assert_unreachable("bitcoind", ["btcpayserver", "spark-wallet", "lightning-loop"]) assert_unreachable("btcpayserver", ["bitcoind", "lightning-loop", "liquidd"]) + # netns addresses can not be bound to in the main netns. + # This prevents processes in the main netns from impersonating nix-bitcoin services. + assert_matches( + f"nc -l {ip('bitcoind')} 1080 2>&1 || true", "nc: Cannot assign requested address" + ) + if "joinmarket" in enabled_tests: # netns-exec should drop capabilities assert_full_match(