test-execute: add test for PrivateNetwork= with/without mount namespacing

2024-10-04 15:21:01 +00:00 · 2023-02-17 14:26:29 +09:00 · 2023-02-17 14:26:29 +09:00 · 752e92615d
parent c2da3bf237
commit 752e92615d
3 changed files with 22 additions and 3 deletions
--- a/src/test/test-execute.c
+++ b/src/test/test-execute.c
@ -1052,7 +1052,7 @@ static void test_exec_ambientcapabilities(Manager *m) {
 }

 static void test_exec_privatenetwork(Manager *m) {
-        int r;
+        int r, status;

        r = find_executable("ip", NULL);
        if (r < 0) {
@ -1060,7 +1060,9 @@ static void test_exec_privatenetwork(Manager *m) {
                return;
        }

-        test(m, "exec-privatenetwork-yes.service", can_unshare ? 0 : MANAGER_IS_SYSTEM(m) ? EXIT_NETWORK : EXIT_FAILURE, CLD_EXITED);
+        status = can_unshare ? 0 : MANAGER_IS_SYSTEM(m) ? EXIT_NETWORK : EXIT_FAILURE;
+        test(m, "exec-privatenetwork-yes-privatemounts-no.service", status, CLD_EXITED);
+        test(m, "exec-privatenetwork-yes-privatemounts-yes.service", status, CLD_EXITED);
 }

 static void test_exec_oomscoreadjust(Manager *m) {
--- a/test/test-execute/exec-privatenetwork-yes-privatemounts-no.service
+++ b/test/test-execute/exec-privatenetwork-yes-privatemounts-no.service
@ -1,9 +1,13 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later
 [Unit]
-Description=Test for PrivateNetwork
+Description=Test for PrivateNetwork= without mount namespacing

 [Service]
 ExecStart=/bin/sh -x -c '! ip link | grep -E "^[0-9]+: " | grep -Ev ": (lo|(erspan|gre|gretap|ip_vti|ip6_vti|ip6gre|ip6tnl|sit|tunl)0@.*):"'
 ExecStart=/bin/sh -x -c '! ip link | grep -E "^[0-9]+: " | grep -F ": dummy-test-exec:"'
+ExecStart=/bin/sh -x -c 'test ! -e /proc/sys/net/ipv4/conf/dummy-test-exec'
+# Without mount namespacing, we can access the dummy-test-exec interface through sysfs
+ExecStart=/bin/sh -x -c 'test -d /sys/class/net/dummy-test-exec'
 Type=oneshot
 PrivateNetwork=yes
+PrivateMounts=no
--- a/test/test-execute/exec-privatenetwork-yes-privatemounts-yes.service
+++ b/test/test-execute/exec-privatenetwork-yes-privatemounts-yes.service
@ -0,0 +1,13 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+[Unit]
+Description=Test for PrivateNetwork= with mount namespacing
+
+[Service]
+ExecStart=/bin/sh -x -c '! ip link | grep -E "^[0-9]+: " | grep -Ev ": (lo|(erspan|gre|gretap|ip_vti|ip6_vti|ip6gre|ip6tnl|sit|tunl)0@.*):"'
+ExecStart=/bin/sh -x -c '! ip link | grep -E "^[0-9]+: " | grep -F ": dummy-test-exec:"'
+ExecStart=/bin/sh -x -c 'test ! -e /proc/sys/net/ipv4/conf/dummy-test-exec'
+# With mount namespacing, we cannot access the dummy-test-exec interface through sysfs.
+ExecStart=/bin/sh -x -c 'test ! -e /sys/class/net/dummy-test-exec'
+Type=oneshot
+PrivateNetwork=yes
+# PrivateNetwork=yes implies PrivateMounts=yes