test: ensure 'InaccessiblePaths=/proc' option works (#6017)

Test case for PR #5985.

diff --git a/Makefile.am b/Makefile.am
index 1cbb278c68eae5949f9892feb0329a5890f213ec..e95cbe4b975f6e6786f549a418c3fe24cfc7cadb 100644 (file)
--- a/Makefile.am
+++ b/Makefile.am
@@ -1737,6 +1737,7 @@ TEST_DATA_FILES += \
        test/test-execute/exec-readonlypaths-mount-propagation.service \
        test/test-execute/exec-readwritepaths-mount-propagation.service \
        test/test-execute/exec-inaccessiblepaths-mount-propagation.service \
+       test/test-execute/exec-inaccessiblepaths-proc.service \
        test/test-execute/exec-spec-interpolation.service \
        test/test-execute/exec-systemcallerrornumber.service \
        test/test-execute/exec-systemcallfilter-failing2.service \

diff --git a/src/test/test-execute.c b/src/test/test-execute.c
index 90540b884bf8ef78df6064d1baf9ac7145e5ddfb..2dfa90ed19994cb800deb4df4a259f8b349d910a 100644 (file)
--- a/src/test/test-execute.c
+++ b/src/test/test-execute.c
@@ -233,6 +233,10 @@ static void test_exec_inaccessiblepaths(Manager *m) {
         test(m, "exec-inaccessiblepaths-mount-propagation.service", 0, CLD_EXITED);
 }
 
+static void test_exec_inaccessiblepaths_proc(Manager *m) {
+        test(m, "exec-inaccessiblepaths-proc.service", 0, CLD_EXITED);
+}
+
 static void test_exec_systemcallfilter(Manager *m) {
 #ifdef HAVE_SECCOMP
         if (!is_seccomp_available())
@@ -479,6 +483,7 @@ int main(int argc, char *argv[]) {
                 test_exec_readonlypaths,
                 test_exec_readwritepaths,
                 test_exec_inaccessiblepaths,
+                test_exec_inaccessiblepaths_proc,
                 test_exec_privatenetwork,
                 test_exec_systemcallfilter,
                 test_exec_systemcallerrornumber,

diff --git a/test/meson.build b/test/meson.build
index b7fb507c9ca95c43013aa85e8de8a7f7953facf6..55e693ac72c6b7e23191d9fb6c6e5b1b07407fed 100644 (file)
--- a/test/meson.build
+++ b/test/meson.build
@@ -85,6 +85,7 @@ test_data_files = '''
         test-execute/exec-readonlypaths-mount-propagation.service
         test-execute/exec-readwritepaths-mount-propagation.service
         test-execute/exec-inaccessiblepaths-mount-propagation.service
+        test-execute/exec-inaccessiblepaths-proc.service
         test-execute/exec-spec-interpolation.service
         test-execute/exec-systemcallerrornumber.service
         test-execute/exec-systemcallfilter-failing2.service

diff --git a/test/test-execute/exec-inaccessiblepaths-proc.service b/test/test-execute/exec-inaccessiblepaths-proc.service
new file mode 100644 (file)
index 0000000..ebdb484
--- /dev/null
+++ b/test/test-execute/exec-inaccessiblepaths-proc.service
@@ -0,0 +1,7 @@
+[Unit]
+Description=Test to make sure that mount namespace setup works properly with the 'InaccessiblePaths=/proc' option
+
+[Service]
+InaccessiblePaths=/proc
+ExecStart=/bin/sh -x -c 'test "$$(stat -c %%a /proc)" = "0"'
+Type=oneshot