mirror of
https://github.com/systemd/systemd
synced 2024-10-04 15:21:01 +00:00
test: add test to make sure that CAP_SYS_RAWIO was removed on PrivateDevices=yes
This commit is contained in:
parent
2cd0a73547
commit
625d8769fa
|
@ -140,6 +140,8 @@ static void test_exec_privatedevices_capabilities(Manager *m) {
|
|||
}
|
||||
test(m, "exec-privatedevices-yes-capability-mknod.service", 0, CLD_EXITED);
|
||||
test(m, "exec-privatedevices-no-capability-mknod.service", 0, CLD_EXITED);
|
||||
test(m, "exec-privatedevices-yes-capability-sys-rawio.service", 0, CLD_EXITED);
|
||||
test(m, "exec-privatedevices-no-capability-sys-rawio.service", 0, CLD_EXITED);
|
||||
}
|
||||
|
||||
static void test_exec_protectkernelmodules_capabilities(Manager *m) {
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
[Unit]
|
||||
Description=Test CAP_SYS_RAWIO capability for PrivateDevices=no
|
||||
|
||||
[Service]
|
||||
PrivateDevices=no
|
||||
ExecStart=/bin/sh -x -c 'capsh --print | grep cap_sys_rawio'
|
||||
Type=oneshot
|
|
@ -0,0 +1,7 @@
|
|||
[Unit]
|
||||
Description=Test CAP_SYS_RAWIO capability for PrivateDevices=yes
|
||||
|
||||
[Service]
|
||||
PrivateDevices=yes
|
||||
ExecStart=/bin/sh -x -c '! capsh --print | grep cap_sys_rawio'
|
||||
Type=oneshot
|
Loading…
Reference in a new issue