]>
git.ipfire.org Git - thirdparty/systemd.git/blob - src/test/test-ns.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 Copyright 2010 Lennart Poettering
11 #include "namespace.h"
13 int main(int argc
, char *argv
[]) {
14 const char * const writable
[] = {
16 "-/home/lennart/projects/foobar", /* this should be masked automatically */
20 const char * const readonly
[] = {
31 const char *inaccessible
[] = {
32 "/home/lennart/projects",
36 static const NamespaceInfo ns_info
= {
38 .protect_control_groups
= true,
39 .protect_kernel_tunables
= true,
40 .protect_kernel_modules
= true,
44 char *projects_directory
;
46 char tmp_dir
[] = "/tmp/systemd-private-XXXXXX",
47 var_tmp_dir
[] = "/var/tmp/systemd-private-XXXXXX";
49 log_set_max_level(LOG_DEBUG
);
51 assert_se(mkdtemp(tmp_dir
));
52 assert_se(mkdtemp(var_tmp_dir
));
54 root_directory
= getenv("TEST_NS_CHROOT");
55 projects_directory
= getenv("TEST_NS_PROJECTS");
57 if (projects_directory
)
58 inaccessible
[0] = projects_directory
;
60 log_info("Inaccessible directory: '%s'", inaccessible
[0]);
62 log_info("Chroot: '%s'", root_directory
);
64 log_info("Not chrooted");
66 r
= setup_namespace(root_directory
,
71 (char **) inaccessible
,
73 &(BindMount
) { .source
= (char*) "/usr/bin", .destination
= (char*) "/etc/systemd", .read_only
= true }, 1,
74 &(TemporaryFileSystem
) { .path
= (char*) "/var", .options
= (char*) "ro" }, 1,
82 log_error_errno(r
, "Failed to setup namespace: %m");
85 " sudo TEST_NS_PROJECTS=/home/lennart/projects ./test-ns\n"
86 " sudo TEST_NS_CHROOT=/home/alban/debian-tree TEST_NS_PROJECTS=/home/alban/debian-tree/home/alban/Documents ./test-ns");
91 execl("/bin/sh", "/bin/sh", NULL
);
92 log_error_errno(errno
, "execl(): %m");