test/units/testsuite-22.03.sh

   1 #! /bin/bash
   2 #
   3 # Basic tests for types creating/writing files
   4 #
   5
   6 set -e
   7 set -x
   8
   9 rm -fr /tmp/{f,F,w}
  10 mkdir  /tmp/{f,F,w}
  11 touch /tmp/file-owned-by-root
  12
  13 #
  14 # 'f'
  15 #
  16 systemd-tmpfiles --create - <<EOF
  17 f     /tmp/f/1    0644 - - - -
  18 f     /tmp/f/2    0644 - - - This string should be written
  19 EOF
  20
  21 ### '1' should exist and be empty
  22 test -f /tmp/f/1; ! test -s /tmp/f/1
  23 test $(stat -c %U:%G:%a /tmp/f/1) = "root:root:644"
  24
  25 test $(stat -c %U:%G:%a /tmp/f/2) = "root:root:644"
  26 test "$(< /tmp/f/2)" = "This string should be written"
  27
  28 ### The perms are supposed to be updated even if the file already exists.
  29 systemd-tmpfiles --create - <<EOF
  30 f     /tmp/f/1    0666 daemon daemon - This string should not be written
  31 EOF
  32
  33 # file should be empty
  34 ! test -s /tmp/f/1
  35 test $(stat -c %U:%G:%a /tmp/f/1) = "daemon:daemon:666"
  36
  37 ### But we shouldn't try to set perms on an existing file which is not a
  38 ### regular one.
  39 mkfifo /tmp/f/fifo
  40 chmod 644 /tmp/f/fifo
  41
  42 ! systemd-tmpfiles --create - <<EOF
  43 f     /tmp/f/fifo    0666 daemon daemon - This string should not be written
  44 EOF
  45
  46 test -p /tmp/f/fifo
  47 test $(stat -c %U:%G:%a /tmp/f/fifo) = "root:root:644"
  48
  49 ### 'f' should not follow symlinks.
  50 ln -s missing /tmp/f/dangling
  51 ln -s /tmp/file-owned-by-root /tmp/f/symlink
  52
  53 ! systemd-tmpfiles --create - <<EOF
  54 f     /tmp/f/dangling    0644 daemon daemon - -
  55 f     /tmp/f/symlink     0644 daemon daemon - -
  56 EOF
  57 ! test -e /tmp/f/missing
  58 test $(stat -c %U:%G:%a /tmp/file-owned-by-root) = "root:root:644"
  59
  60 ### Handle read-only filesystem gracefully: we shouldn't fail if the target
  61 ### already exists and have the correct perms.
  62 mkdir /tmp/f/rw-fs
  63 mkdir /tmp/f/ro-fs
  64
  65 touch /tmp/f/rw-fs/foo
  66 chmod 644 /tmp/f/rw-fs/foo
  67
  68 mount -o bind,ro /tmp/f/rw-fs /tmp/f/ro-fs
  69
  70 systemd-tmpfiles --create - <<EOF
  71 f     /tmp/f/ro-fs/foo    0644 - - - - This string should not be written
  72 EOF
  73 test -f /tmp/f/ro-fs/foo; ! test -s /tmp/f/ro-fs/foo
  74
  75 ! systemd-tmpfiles --create - <<EOF
  76 f     /tmp/f/ro-fs/foo    0666 - - - -
  77 EOF
  78 test $(stat -c %U:%G:%a /tmp/f/fifo) = "root:root:644"
  79
  80 ! systemd-tmpfiles --create - <<EOF
  81 f     /tmp/f/ro-fs/bar    0644 - - - -
  82 EOF
  83 ! test -e /tmp/f/ro-fs/bar
  84
  85 ### 'f' shouldn't follow unsafe paths.
  86 mkdir /tmp/f/daemon
  87 ln -s /root /tmp/f/daemon/unsafe-symlink
  88 chown -R --no-dereference daemon:daemon /tmp/f/daemon
  89
  90 ! systemd-tmpfiles --create - <<EOF
  91 f     /tmp/f/daemon/unsafe-symlink/exploit    0644 daemon daemon - -
  92 EOF
  93 ! test -e /tmp/f/daemon/unsafe-symlink/exploit
  94
  95 #
  96 # 'F'
  97 #
  98 echo "This should be truncated" >/tmp/F/truncated
  99 echo "This should be truncated" >/tmp/F/truncated-with-content
 100
 101 systemd-tmpfiles --create - <<EOF
 102 F     /tmp/F/created                0644 - - - -
 103 F     /tmp/F/created-with-content   0644 - - - new content
 104 F     /tmp/F/truncated              0666 daemon daemon - -
 105 F     /tmp/F/truncated-with-content 0666 daemon daemon - new content
 106 EOF
 107
 108 test -f /tmp/F/created; ! test -s /tmp/F/created
 109 test -f /tmp/F/created-with-content
 110 test "$(< /tmp/F/created-with-content)" = "new content"
 111 test -f /tmp/F/truncated; ! test -s /tmp/F/truncated
 112 test $(stat -c %U:%G:%a /tmp/F/truncated) = "daemon:daemon:666"
 113 test -s /tmp/F/truncated-with-content
 114 test $(stat -c %U:%G:%a /tmp/F/truncated-with-content) = "daemon:daemon:666"
 115
 116 ### We shouldn't try to truncate anything but regular files since the behavior is
 117 ### unspecified in the other cases.
 118 mkfifo /tmp/F/fifo
 119
 120 ! systemd-tmpfiles --create - <<EOF
 121 F     /tmp/F/fifo                0644 - - - -
 122 EOF
 123
 124 test -p /tmp/F/fifo
 125
 126 ### 'F' should not follow symlinks.
 127 ln -s missing /tmp/F/dangling
 128 ln -s /tmp/file-owned-by-root /tmp/F/symlink
 129
 130 ! systemd-tmpfiles --create - <<EOF
 131 f     /tmp/F/dangling    0644 daemon daemon - -
 132 f     /tmp/F/symlink     0644 daemon daemon - -
 133 EOF
 134 ! test -e /tmp/F/missing
 135 test $(stat -c %U:%G:%a /tmp/file-owned-by-root) = "root:root:644"
 136
 137 ### Handle read-only filesystem gracefully: we shouldn't fail if the target
 138 ### already exists and is empty.
 139 mkdir /tmp/F/rw-fs
 140 mkdir /tmp/F/ro-fs
 141
 142 touch /tmp/F/rw-fs/foo
 143 chmod 644 /tmp/F/rw-fs/foo
 144
 145 mount -o bind,ro /tmp/F/rw-fs /tmp/F/ro-fs
 146
 147 systemd-tmpfiles --create - <<EOF
 148 F     /tmp/F/ro-fs/foo    0644 - - - -
 149 EOF
 150 test -f /tmp/F/ro-fs/foo; ! test -s /tmp/F/ro-fs/foo
 151
 152 echo "truncating is not allowed anymore" >/tmp/F/rw-fs/foo
 153 ! systemd-tmpfiles --create - <<EOF
 154 F     /tmp/F/ro-fs/foo    0644 - - - -
 155 EOF
 156
 157 ! systemd-tmpfiles --create - <<EOF
 158 F     /tmp/F/ro-fs/foo    0644 - - - - This string should not be written
 159 EOF
 160 test -f /tmp/F/ro-fs/foo; ! test -s /tmp/F/ro-fs/foo
 161
 162 # Trying to change the perms should fail.
 163 >/tmp/F/rw-fs/foo
 164 ! systemd-tmpfiles --create - <<EOF
 165 F     /tmp/F/ro-fs/foo    0666 - - - -
 166 EOF
 167 test $(stat -c %U:%G:%a /tmp/F/ro-fs/foo) = "root:root:644"
 168
 169 ### Try to create a new file.
 170 ! systemd-tmpfiles --create - <<EOF
 171 F     /tmp/F/ro-fs/bar    0644 - - - -
 172 EOF
 173 ! test -e /tmp/F/ro-fs/bar
 174
 175 ### 'F' shouldn't follow unsafe paths.
 176 mkdir /tmp/F/daemon
 177 ln -s /root /tmp/F/daemon/unsafe-symlink
 178 chown -R --no-dereference daemon:daemon /tmp/F/daemon
 179
 180 ! systemd-tmpfiles --create - <<EOF
 181 F     /tmp/F/daemon/unsafe-symlink/exploit    0644 daemon daemon - -
 182 EOF
 183 ! test -e /tmp/F/daemon/unsafe-symlink/exploit
 184
 185 #
 186 # 'w'
 187 #
 188 touch /tmp/w/overwritten
 189
 190 ### nop if the target does not exist.
 191 systemd-tmpfiles --create - <<EOF
 192 w     /tmp/w/unexistent    0644 - - - new content
 193 EOF
 194 ! test -e /tmp/w/unexistent
 195
 196 ### no argument given -> fails.
 197 ! systemd-tmpfiles --create - <<EOF
 198 w     /tmp/w/unexistent    0644 - - - -
 199 EOF
 200
 201 ### write into an empty file.
 202 systemd-tmpfiles --create - <<EOF
 203 w     /tmp/w/overwritten    0644 - - - old content
 204 EOF
 205 test -f /tmp/w/overwritten
 206 test "$(< /tmp/w/overwritten)" = "old content"
 207
 208 ### new content is overwritten
 209 systemd-tmpfiles --create - <<EOF
 210 w     /tmp/w/overwritten    0644 - - - new content
 211 EOF
 212 test -f /tmp/w/overwritten
 213 test "$(< /tmp/w/overwritten)" = "new content"
 214
 215 ### writing into an 'exotic' file should be allowed.
 216 systemd-tmpfiles --create - <<EOF
 217 w     /dev/null    - - - - new content
 218 EOF
 219
 220 ### 'w' follows symlinks
 221 ln -s ./overwritten /tmp/w/symlink
 222 systemd-tmpfiles --create - <<EOF
 223 w     /tmp/w/symlink    - - - - $(readlink -e /tmp/w/symlink)
 224 EOF
 225 readlink -e /tmp/w/symlink
 226 test "$(< /tmp/w/overwritten)" = "/tmp/w/overwritten"
 227
 228 ### 'w' shouldn't follow unsafe paths.
 229 mkdir /tmp/w/daemon
 230 ln -s /root /tmp/w/daemon/unsafe-symlink
 231 chown -R --no-dereference daemon:daemon /tmp/w/daemon
 232
 233 ! systemd-tmpfiles --create - <<EOF
 234 f     /tmp/w/daemon/unsafe-symlink/exploit    0644 daemon daemon - -
 235 EOF
 236 ! test -e /tmp/w/daemon/unsafe-symlink/exploit