mirror of
https://github.com/systemd/systemd
synced 2024-10-15 20:45:09 +00:00
test: also test nspawn system→service inheritance of creds
This commit is contained in:
parent
6d085447fa
commit
42a3f23cc1
|
@ -3,6 +3,7 @@
|
|||
set -e
|
||||
|
||||
TEST_DESCRIPTION="test credentials"
|
||||
NSPAWN_ARGUMENTS="--set-credential=mynspawncredential:strangevalue"
|
||||
|
||||
# shellcheck source=test/test-functions
|
||||
. "${TEST_BASE_DIR:?}/test-functions"
|
||||
|
|
|
@ -22,6 +22,20 @@ echo piff > /tmp/ts54-fallback
|
|||
rm /tmp/ts54-fallback
|
||||
[ "$(systemd-run -p LoadCredential=paff:/tmp/ts54-fallback -p SetCredential=paff:poff --pipe --wait systemd-creds cat paff)" = "poff" ]
|
||||
|
||||
if systemd-detect-virt -q -c ; then
|
||||
# If this test is run in nspawn a credential should have been passed to us. See test/TEST-54-CREDS/test.sh
|
||||
[ "$(systemd-creds --system cat mynspawncredential)" = "strangevalue" ]
|
||||
|
||||
# Test that propagation from system credential to service credential works
|
||||
[ "$(systemd-run -p LoadCredential=mynspawncredential --pipe --wait systemd-creds cat mynspawncredential)" = "strangevalue" ]
|
||||
|
||||
# Check it also works, if we rename it while propagating it
|
||||
[ "$(systemd-run -p LoadCredential=miau:mynspawncredential --pipe --wait systemd-creds cat miau)" = "strangevalue" ]
|
||||
|
||||
# Combine it with a fallback (which should have no effect, given the cred should be passed down)
|
||||
[ "$(systemd-run -p LoadCredential=mynspawncredential -p SetCredential=mynspawncredential:zzz --pipe --wait systemd-creds cat mynspawncredential)" = "strangevalue" ]
|
||||
fi
|
||||
|
||||
# Verify that the creds are immutable
|
||||
systemd-run -p LoadCredential=passwd:/etc/passwd \
|
||||
-p DynamicUser=1 \
|
||||
|
|
Loading…
Reference in a new issue