src/test/test-ns.c

   1 /***
   2   This file is part of systemd.
   3
   4   Copyright 2010 Lennart Poettering
   5
   6   systemd is free software; you can redistribute it and/or modify it
   7   under the terms of the GNU Lesser General Public License as published by
   8   the Free Software Foundation; either version 2.1 of the License, or
   9   (at your option) any later version.
  10
  11   systemd is distributed in the hope that it will be useful, but
  12   WITHOUT ANY WARRANTY; without even the implied warranty of
  13   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  14   Lesser General Public License for more details.
  15
  16   You should have received a copy of the GNU Lesser General Public License
  17   along with systemd; If not, see <http://www.gnu.org/licenses/>.
  18 ***/
  19
  20 #include <stdlib.h>
  21 #include <unistd.h>
  22
  23 #include "log.h"
  24 #include "namespace.h"
  25
  26 int main(int argc, char *argv[]) {
  27         const char * const writable[] = {
  28                 "/home",
  29                 "-/home/lennart/projects/foobar", /* this should be masked automatically */
  30                 NULL
  31         };
  32
  33         const char * const readonly[] = {
  34                 /* "/", */
  35                 /* "/usr", */
  36                 "/boot",
  37                 "/lib",
  38                 "/usr/lib",
  39                 "-/lib64",
  40                 "-/usr/lib64",
  41                 NULL
  42         };
  43
  44         const char *inaccessible[] = {
  45                 "/home/lennart/projects",
  46                 NULL
  47         };
  48         char *root_directory;
  49         char *projects_directory;
  50         int r;
  51         char tmp_dir[] = "/tmp/systemd-private-XXXXXX",
  52              var_tmp_dir[] = "/var/tmp/systemd-private-XXXXXX";
  53
  54         log_set_max_level(LOG_DEBUG);
  55
  56         assert_se(mkdtemp(tmp_dir));
  57         assert_se(mkdtemp(var_tmp_dir));
  58
  59         root_directory = getenv("TEST_NS_CHROOT");
  60         projects_directory = getenv("TEST_NS_PROJECTS");
  61
  62         if (projects_directory)
  63                 inaccessible[0] = projects_directory;
  64
  65         log_info("Inaccessible directory: '%s'", inaccessible[0]);
  66         if (root_directory)
  67                 log_info("Chroot: '%s'", root_directory);
  68         else
  69                 log_info("Not chrooted");
  70
  71         r = setup_namespace(root_directory,
  72                             (char **) writable,
  73                             (char **) readonly,
  74                             (char **) inaccessible,
  75                             tmp_dir,
  76                             var_tmp_dir,
  77                             true,
  78                             true,
  79                             true,
  80                             PROTECT_HOME_NO,
  81                             PROTECT_SYSTEM_NO,
  82                             0);
  83         if (r < 0) {
  84                 log_error_errno(r, "Failed to setup namespace: %m");
  85
  86                 log_info("Usage:\n"
  87                          "  sudo TEST_NS_PROJECTS=/home/lennart/projects ./test-ns\n"
  88                          "  sudo TEST_NS_CHROOT=/home/alban/debian-tree TEST_NS_PROJECTS=/home/alban/debian-tree/home/alban/Documents ./test-ns");
  89
  90                 return 1;
  91         }
  92
  93         execl("/bin/sh", "/bin/sh", NULL);
  94         log_error_errno(errno, "execl(): %m");
  95
  96         return 1;
  97 }