system/systemd
system/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd synced 2024-07-21 18:24:38 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Merge pull request #5319 from keszybz/test-execute

Browse source 
test-execute without capsh
This commit is contained in:
Lennart Poettering 2017-02-13 15:29:40 +01:00 committed by GitHub
parent fb1ebc442f 303c0bf80c
commit c8c13d35c6
2 changed files with 34 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
README
View file

@ -180,6 +180,7 @@ REQUIREMENTS:
- python3-pyparsing
- python3-evdev (used by hwdb parsing tests)
- strace (used by test/test-functions)
- capsh (optional, used by test-execute)
USERS AND GROUPS:
Default udev rules use the following standard system group

49
src/test/test-execute.c
View file

@ -145,11 +145,11 @@ static void test_exec_privatetmp(Manager *m) {
static void test_exec_privatedevices(Manager *m) {
if (detect_container() > 0) {
log_notice("testing in container, skipping private device tests");
log_notice("testing in container, skipping %s", __func__);
return;
}
if (!is_inaccessible_available()) {
log_notice("testing without inaccessible, skipping private device tests");
log_notice("testing without inaccessible, skipping %s", __func__);
return;
}
@ -158,12 +158,22 @@ static void test_exec_privatedevices(Manager *m) {
}
static void test_exec_privatedevices_capabilities(Manager *m) {
int r;
if (detect_container() > 0) {
log_notice("testing in container, skipping private device tests");
log_notice("testing in container, skipping %s", __func__);
return;
}
if (!is_inaccessible_available()) {
log_notice("testing without inaccessible, skipping private device tests");
log_notice("testing without inaccessible, skipping %s", __func__);
return;
}
/* We use capsh to test if the capabilities are
* properly set, so be sure that it exists */
r = find_binary("capsh", NULL);
if (r < 0) {
log_error_errno(r, "Skipping %s, could not find capsh binary: %m", __func__);
return;
}
@ -174,15 +184,24 @@ static void test_exec_privatedevices_capabilities(Manager *m) {
}
static void test_exec_protectkernelmodules(Manager *m) {
int r;
if (detect_container() > 0) {
log_notice("testing in container, skipping protectkernelmodules tests");
log_notice("testing in container, skipping %s", __func__);
return;
}
if (!is_inaccessible_available()) {
log_notice("testing without inaccessible, skipping protectkernelmodules tests");
log_notice("testing without inaccessible, skipping %s", __func__);
return;
}
r = find_binary("capsh", NULL);
if (r < 0) {
log_error_errno(r, "Skipping %s, could not find capsh binary: %m", __func__);
return;
}
test(m, "exec-protectkernelmodules-no-capabilities.service", 0, CLD_EXITED);
test(m, "exec-protectkernelmodules-yes-capabilities.service", 0, CLD_EXITED);
test(m, "exec-protectkernelmodules-yes-mount-propagation.service", 0, CLD_EXITED);
@ -253,7 +272,7 @@ static void test_exec_systemcall_system_mode_with_user(Manager *m) {
else if (getpwnam("nfsnobody"))
test(m, "exec-systemcallfilter-system-user-nfsnobody.service", 0, CLD_EXITED);
else
log_error_errno(errno, "Skipping test_exec_systemcall_system_mode_with_user, could not find nobody/nfsnobody user: %m");
log_error_errno(errno, "Skipping %s, could not find nobody/nfsnobody user: %m", __func__);
#endif
}
@ -263,7 +282,7 @@ static void test_exec_user(Manager *m) {
else if (getpwnam("nfsnobody"))
test(m, "exec-user-nfsnobody.service", 0, CLD_EXITED);
else
log_error_errno(errno, "Skipping test_exec_user, could not find nobody/nfsnobody user: %m");
log_error_errno(errno, "Skipping %s, could not find nobody/nfsnobody user: %m", __func__);
}
static void test_exec_group(Manager *m) {
@ -272,7 +291,7 @@ static void test_exec_group(Manager *m) {
else if (getgrnam("nfsnobody"))
test(m, "exec-group-nfsnobody.service", 0, CLD_EXITED);
else
log_error_errno(errno, "Skipping test_exec_group, could not find nobody/nfsnobody group: %m");
log_error_errno(errno, "Skipping %s, could not find nobody/nfsnobody group: %m", __func__);
}
static void test_exec_supplementary_groups(Manager *m) {
@ -353,17 +372,15 @@ static void test_exec_runtimedirectory(Manager *m) {
else if (getgrnam("nfsnobody"))
test(m, "exec-runtimedirectory-owner-nfsnobody.service", 0, CLD_EXITED);
else
log_error_errno(errno, "Skipping test_exec_runtimedirectory-owner, could not find nobody/nfsnobody group: %m");
log_error_errno(errno, "Skipping %s, could not find nobody/nfsnobody group: %m", __func__);
}
static void test_exec_capabilityboundingset(Manager *m) {
int r;
/* We use capsh to test if the capabilities are
* properly set, so be sure that it exists */
r = find_binary("capsh", NULL);
if (r < 0) {
log_error_errno(r, "Skipping test_exec_capabilityboundingset, could not find capsh binary: %m");
log_error_errno(r, "Skipping %s, could not find capsh binary: %m", __func__);
return;
}
@ -389,9 +406,9 @@ static void test_exec_capabilityambientset(Manager *m) {
test(m, "exec-capabilityambientset-nfsnobody.service", 0, CLD_EXITED);
test(m, "exec-capabilityambientset-merge-nfsnobody.service", 0, CLD_EXITED);
} else
log_error_errno(errno, "Skipping test_exec_capabilityambientset, could not find nobody/nfsnobody user: %m");
log_error_errno(errno, "Skipping %s, could not find nobody/nfsnobody user: %m", __func__);
} else
log_error_errno(errno, "Skipping test_exec_capabilityambientset, the kernel does not support ambient capabilities: %m");
log_error_errno(errno, "Skipping %s, the kernel does not support ambient capabilities: %m", __func__);
}
static void test_exec_privatenetwork(Manager *m) {
@ -399,7 +416,7 @@ static void test_exec_privatenetwork(Manager *m) {
r = find_binary("ip", NULL);
if (r < 0) {
log_error_errno(r, "Skipping test_exec_privatenetwork, could not find ip binary: %m");
log_error_errno(r, "Skipping %s, could not find ip binary: %m", __func__);
return;
}