]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
projects / thirdparty / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: aa9d574)
test: add tests for merging RestrictNamespaces=
authorYu Watanabe <watanabe.yu+github@gmail.com>
Fri, 27 Apr 2018 01:48:43 +0000 (10:48 +0900)
committerYu Watanabe <watanabe.yu+github@gmail.com>
Sat, 5 May 2018 02:07:37 +0000 (11:07 +0900)
src/test/test-execute.c patch | blob | blame | history
test/meson.build patch | blob | blame | history
test/test-execute/exec-restrictnamespaces-merge-all.service [new file with mode: 0644] patch | blob
test/test-execute/exec-restrictnamespaces-merge-and.service [new file with mode: 0644] patch | blob
test/test-execute/exec-restrictnamespaces-merge-or.service [new file with mode: 0644] patch | blob

diff --git a/src/test/test-execute.c b/src/test/test-execute.c
index 4943bfa689e75c2bf20b3268fb4b2f662d001874..4c33748fc40181ecbf2d5a35c820ed0bc9fb9d88 100644 (file)
--- a/src/test/test-execute.c
+++ b/src/test/test-execute.c
@@ -358,6 +358,9 @@ static void test_exec_restrictnamespaces(Manager *m) {
         test(m, "exec-restrictnamespaces-yes.service", 1, CLD_EXITED);
         test(m, "exec-restrictnamespaces-mnt.service", 0, CLD_EXITED);
         test(m, "exec-restrictnamespaces-mnt-blacklist.service", 1, CLD_EXITED);
+        test(m, "exec-restrictnamespaces-merge-and.service", 0, CLD_EXITED);
+        test(m, "exec-restrictnamespaces-merge-or.service", 0, CLD_EXITED);
+        test(m, "exec-restrictnamespaces-merge-all.service", 0, CLD_EXITED);
 #endif
 }
 
diff --git a/test/meson.build b/test/meson.build
index 7c20788d0d024bad6af206a3d0f3d00fb3ec831b..162f63f1ed6e544c78848e6be7e5318316b6a75a 100644 (file)
--- a/test/meson.build
+++ b/test/meson.build
@@ -99,6 +99,9 @@ test_data_files = '''
         test-execute/exec-readonlypaths-with-bindpaths.service
         test-execute/exec-readonlypaths.service
         test-execute/exec-readwritepaths-mount-propagation.service
+        test-execute/exec-restrictnamespaces-merge-all.service
+        test-execute/exec-restrictnamespaces-merge-and.service
+        test-execute/exec-restrictnamespaces-merge-or.service
         test-execute/exec-restrictnamespaces-mnt-blacklist.service
         test-execute/exec-restrictnamespaces-mnt.service
         test-execute/exec-restrictnamespaces-no.service
diff --git a/test/test-execute/exec-restrictnamespaces-merge-all.service b/test/test-execute/exec-restrictnamespaces-merge-all.service
new file mode 100644 (file)
index 0000000..de98cd0
--- /dev/null
+++ b/test/test-execute/exec-restrictnamespaces-merge-all.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=Test merging RestrictNamespaces= with all flags
+
+[Service]
+RestrictNamespaces=mnt pid cgroup net uts ipc user
+RestrictNamespaces=net
+ExecStart=unshare -m -u -i -n -p -f
+Type=oneshot
diff --git a/test/test-execute/exec-restrictnamespaces-merge-and.service b/test/test-execute/exec-restrictnamespaces-merge-and.service
new file mode 100644 (file)
index 0000000..6702e6a
--- /dev/null
+++ b/test/test-execute/exec-restrictnamespaces-merge-and.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=Test merging RestrictNamespaces= with AND
+
+[Service]
+RestrictNamespaces=mnt pid
+RestrictNamespaces=~mnt usr
+ExecStart=unshare -p -f
+ExecStart=sh -c '! unshare -m -u -i -n'
+Type=oneshot
diff --git a/test/test-execute/exec-restrictnamespaces-merge-or.service b/test/test-execute/exec-restrictnamespaces-merge-or.service
new file mode 100644 (file)
index 0000000..a524552
--- /dev/null
+++ b/test/test-execute/exec-restrictnamespaces-merge-or.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=Test merging RestrictNamespaces= with OR
+
+[Service]
+RestrictNamespaces=mnt pid
+RestrictNamespaces=mnt uts
+ExecStart=unshare -m -u -p -f
+ExecStart=sh -c '! unshare -u -i -n'
+Type=oneshot
Unnamed repository; edit this file 'description' to name the repository.