]>
git.ipfire.org Git - thirdparty/systemd.git/blob - src/test/test-ns.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 This file is part of systemd.
5 Copyright 2010 Lennart Poettering
13 #include "namespace.h"
15 int main(int argc
, char *argv
[]) {
16 const char * const writable
[] = {
18 "-/home/lennart/projects/foobar", /* this should be masked automatically */
22 const char * const readonly
[] = {
33 const char *inaccessible
[] = {
34 "/home/lennart/projects",
38 static const NamespaceInfo ns_info
= {
40 .protect_control_groups
= true,
41 .protect_kernel_tunables
= true,
42 .protect_kernel_modules
= true,
46 char *projects_directory
;
48 char tmp_dir
[] = "/tmp/systemd-private-XXXXXX",
49 var_tmp_dir
[] = "/var/tmp/systemd-private-XXXXXX";
51 log_set_max_level(LOG_DEBUG
);
53 assert_se(mkdtemp(tmp_dir
));
54 assert_se(mkdtemp(var_tmp_dir
));
56 root_directory
= getenv("TEST_NS_CHROOT");
57 projects_directory
= getenv("TEST_NS_PROJECTS");
59 if (projects_directory
)
60 inaccessible
[0] = projects_directory
;
62 log_info("Inaccessible directory: '%s'", inaccessible
[0]);
64 log_info("Chroot: '%s'", root_directory
);
66 log_info("Not chrooted");
68 r
= setup_namespace(root_directory
,
73 (char **) inaccessible
,
75 &(BindMount
) { .source
= (char*) "/usr/bin", .destination
= (char*) "/etc/systemd", .read_only
= true }, 1,
76 &(TemporaryFileSystem
) { .path
= (char*) "/var", .options
= (char*) "ro" }, 1,
84 log_error_errno(r
, "Failed to setup namespace: %m");
87 " sudo TEST_NS_PROJECTS=/home/lennart/projects ./test-ns\n"
88 " sudo TEST_NS_CHROOT=/home/alban/debian-tree TEST_NS_PROJECTS=/home/alban/debian-tree/home/alban/Documents ./test-ns");
93 execl("/bin/sh", "/bin/sh", NULL
);
94 log_error_errno(errno
, "execl(): %m");