system/systemd
system/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd synced 2024-07-21 10:17:21 +00:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity

test-execute: add tests for credentials directory with mount namespace

Browse source 
This also adds cases that open_tree() and move_mount() are filtered, to
emulate old kernel behavior.
This commit is contained in:
Yu Watanabe 2023-08-12 22:08:47 +09:00
parent 94fe4cf255
commit 9ae3624889
5 changed files with 40 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/test/test-execute.c
View file

@ -282,7 +282,11 @@ static void test_exec_cpuaffinity(Manager *m) {
static void test_exec_credentials(Manager *m) {
test(m, "exec-set-credential.service", 0, CLD_EXITED);
test(m, "exec-set-credential-with-mount-namespace.service", 0, CLD_EXITED);
test(m, "exec-set-credential-with-seccomp.service", 0, CLD_EXITED);
test(m, "exec-load-credential.service", MANAGER_IS_SYSTEM(m) ? 0 : EXIT_CREDENTIALS, CLD_EXITED);
test(m, "exec-load-credential-with-mount-namespace.service", MANAGER_IS_SYSTEM(m) ? 0 : EXIT_CREDENTIALS, CLD_EXITED);
test(m, "exec-load-credential-with-seccomp.service", MANAGER_IS_SYSTEM(m) ? 0 : EXIT_CREDENTIALS, CLD_EXITED);
test(m, "exec-credentials-dir-specifier.service", MANAGER_IS_SYSTEM(m) ? 0 : EXIT_CREDENTIALS, CLD_EXITED);
}

9
test/test-execute/exec-load-credential-with-mount-namespace.service Normal file
View file

@ -0,0 +1,9 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Unit]
Description=Test for LoadCredential=
[Service]
ExecStart=/bin/sh -x -c 'test "$$(cat %d/test-execute.load-credential)" = "foo"'
Type=oneshot
LoadCredential=test-execute.load-credential
PrivateMounts=yes

9
test/test-execute/exec-load-credential-with-seccomp.service Normal file
View file

@ -0,0 +1,9 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Unit]
Description=Test for LoadCredential=
[Service]
ExecStart=/bin/sh -x -c 'test "$$(cat %d/test-execute.load-credential)" = "foo"'
Type=oneshot
LoadCredential=test-execute.load-credential
SystemCallFilter=~open_tree move_mount

9
test/test-execute/exec-set-credential-with-mount-namespace.service Normal file
View file

@ -0,0 +1,9 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Unit]
Description=Test for SetCredential=
[Service]
ExecStart=/bin/sh -x -c 'test "$$(cat %d/test-execute.set-credential)" = "hoge"'
Type=oneshot
SetCredential=test-execute.set-credential:hoge
PrivateMounts=yes

9
test/test-execute/exec-set-credential-with-seccomp.service Normal file
View file

@ -0,0 +1,9 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Unit]
Description=Test for SetCredential=
[Service]
ExecStart=/bin/sh -x -c 'test "$$(cat %d/test-execute.set-credential)" = "hoge"'
Type=oneshot
SetCredential=test-execute.set-credential:hoge
SystemCallFilter=~open_tree move_mount