From 9a5647f66ce699c9a9d93e7c1b2ccec6d87703a4 Mon Sep 17 00:00:00 2001
From: Lukas Pirl <github@lukas-pirl.de>
Date: Mon, 11 Jul 2016 16:48:25 +0200
Subject: [PATCH] added test FILE-6337: check if /proc mounted with
 hidepid=(1|2) (#225)

to hide users' sensitive files in /proc from other users
  (see `man proc` for details)
---
 include/tests_filesystems | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/include/tests_filesystems b/include/tests_filesystems
index 849c34e9..5c943a61 100644
--- a/include/tests_filesystems
+++ b/include/tests_filesystems
@@ -290,6 +290,32 @@
     fi
 #
 #################################################################################
+#
+    # Test        : FILE-6337
+    # Description : Check proc mount options  (Linux >=3.3 only)
+    # Examples    : proc /proc proc defaults,hidepid=2 0 0
+    # Goal        : Users should not be able to see processes of other users
+
+    if [ -f /proc/version ] && [ "$(cat /proc/version | cut -d" " -f3)" \> "3.2" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no FILE-6337 --preqs-met ${PREQS_MET}  --os Linux --weight L --network NO --description "Checking proc mount options"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        # Proc should be mounted with 'hidepid=2' or 'hidepid=1' at least
+        LogText "Test: check proc mount with incorrect mount options"
+        FIND=`mount | grep proc | egrep -o "hidepid=[0-9]"`
+        if [ "${FIND}" = "hidepid=2" ]; then
+            Display --indent 2 --text "- Testing proc mount" --result "${STATUS_OK}" --color GREEN
+            LogText "Result: proc mount mounted with hidepid=2"
+          else
+            if [ "${FIND}" = "" ]; then
+                HIDEPID1_SUGGESTION=" (or at least hidepid=1)"
+            fi
+            Display --indent 2 --text "- Testing proc mount" --result "${STATUS_SUGGESTION}" --color YELLOW
+            LogText "Result: proc file system not mounted with option hidepid=2$HIDEPID1_SUGGESTION"
+            ReportSuggestion ${TEST_NO} "Consider mounting /proc via /etc/fstab with mount option hidepid=2$HIDEPID1_SUGGESTION"
+        fi
+    fi
+#
+#################################################################################
 #
     # Test        : FILE-6354
     # Description : Search files within /tmp which are older than 3 months