]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/test/test-execute.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
test-execute: cleanup
[thirdparty/systemd.git] / src / test / test-execute.c
CommitLineData
53e1b683 1/* SPDX-License-Identifier: LGPL-2.1+ */
281e05b6
RC		 2/***
3 This file is part of systemd.
4
5 Copyright 2014 Ronny Chevalier
6
7 systemd is free software; you can redistribute it and/or modify it
8 under the terms of the GNU Lesser General Public License as published by
9 the Free Software Foundation; either version 2.1 of the License, or
10 (at your option) any later version.
11
12 systemd is distributed in the hope that it will be useful, but
13 WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 Lesser General Public License for more details.
16
17 You should have received a copy of the GNU Lesser General Public License
18 along with systemd; If not, see <http://www.gnu.org/licenses/>.
19***/
20
cc7fa4fb
RC		 21#include <grp.h>
22#include <pwd.h>
ff4ca461 23#include <stdio.h>
70d7aea5 24#include <sys/prctl.h>
ff4ca461 25#include <sys/types.h>
281e05b6 26
b4891260 27#include "errno-list.h"
03bd70dd 28#include "fileio.h"
f4f15635 29#include "fs-util.h"
281e05b6 30#include "macro.h"
f4f15635 31#include "manager.h"
281e05b6 32#include "mkdir.h"
ff4ca461 33#include "path-util.h"
c6878637 34#include "rm-rf.h"
349cc4a5 35#if HAVE_SECCOMP
83f12b27
FS		 36#include "seccomp-util.h"
37#endif
34b86909 38#include "stat-util.h"
8b3aa503 39#include "test-helper.h"
cc100a5a 40#include "tests.h"
f4f15635
LP		 41#include "unit.h"
42#include "util.h"
4dd4cb8f 43#include "virt.h"
281e05b6
RC		 44
45typedef void (*test_function_t)(Manager *m);
46
47static void check(Manager *m, Unit *unit, int status_expected, int code_expected) {
48 Service *service = NULL;
49 usec_t ts;
8adb3d63 50 usec_t timeout = 2 * USEC_PER_MINUTE;
281e05b6
RC		 51
52 assert_se(m);
53 assert_se(unit);
54
55 service = SERVICE(unit);
56 printf("%s\n", unit->id);
57 exec_context_dump(&service->exec_context, stdout, "\t");
58 ts = now(CLOCK_MONOTONIC);
ec2ce0c5 59 while (!IN_SET(service->state, SERVICE_DEAD, SERVICE_FAILED)) {
281e05b6
RC		 60 int r;
61 usec_t n;
62
63 r = sd_event_run(m->event, 100 * USEC_PER_MSEC);
64 assert_se(r >= 0);
65
66 n = now(CLOCK_MONOTONIC);
67 if (ts + timeout < n) {
68 log_error("Test timeout when testing %s", unit->id);
69 exit(EXIT_FAILURE);
70 }
71 }
72 exec_status_dump(&service->main_exec_status, stdout, "\t");
73 assert_se(service->main_exec_status.status == status_expected);
74 assert_se(service->main_exec_status.code == code_expected);
75}
76
6086d2da
DP		 77static bool is_inaccessible_available(void) {
78 char *p;
79
80 FOREACH_STRING(p,
81 "/run/systemd/inaccessible/reg",
82 "/run/systemd/inaccessible/dir",
83 "/run/systemd/inaccessible/chr",
84 "/run/systemd/inaccessible/blk",
85 "/run/systemd/inaccessible/fifo",
86 "/run/systemd/inaccessible/sock"
87 ) {
88 if (access(p, F_OK) < 0)
89 return false;
90 }
91
92 return true;
93}
94
281e05b6
RC		 95static void test(Manager *m, const char *unit_name, int status_expected, int code_expected) {
96 Unit *unit;
97
98 assert_se(unit_name);
99
100 assert_se(manager_load_unit(m, unit_name, NULL, NULL, &unit) >= 0);
101 assert_se(UNIT_VTABLE(unit)->start(unit) >= 0);
102 check(m, unit, status_expected, code_expected);
103}
104
f0e018e7
YW		 105static void test_exec_bindpaths(Manager *m) {
106 assert_se(mkdir_p("/tmp/test-exec-bindpaths", 0755) >= 0);
107 assert_se(mkdir_p("/tmp/test-exec-bindreadonlypaths", 0755) >= 0);
d053b72b 108
f0e018e7 109 test(m, "exec-bindpaths.service", 0, CLD_EXITED);
d053b72b 110
f0e018e7
YW		 111 (void) rm_rf("/tmp/test-exec-bindpaths", REMOVE_ROOT|REMOVE_PHYSICAL);
112 (void) rm_rf("/tmp/test-exec-bindreadonlypaths", REMOVE_ROOT|REMOVE_PHYSICAL);
d053b72b
YW		 113}
114
281e05b6
RC		 115static void test_exec_workingdirectory(Manager *m) {
116 assert_se(mkdir_p("/tmp/test-exec_workingdirectory", 0755) >= 0);
117
118 test(m, "exec-workingdirectory.service", 0, CLD_EXITED);
119
c6878637 120 (void) rm_rf("/tmp/test-exec_workingdirectory", REMOVE_ROOT|REMOVE_PHYSICAL);
281e05b6
RC		 121}
122
123static void test_exec_personality(Manager *m) {
281e05b6
RC		 124#if defined(__x86_64__)
125 test(m, "exec-personality-x86-64.service", 0, CLD_EXITED);
7517f51e
HB		 126
127#elif defined(__s390__)
128 test(m, "exec-personality-s390.service", 0, CLD_EXITED);
129
12591863
JS		 130#elif defined(__powerpc64__)
131# if __BYTE_ORDER == __BIG_ENDIAN
132 test(m, "exec-personality-ppc64.service", 0, CLD_EXITED);
133# else
134 test(m, "exec-personality-ppc64le.service", 0, CLD_EXITED);
135# endif
136
137#elif defined(__aarch64__)
138 test(m, "exec-personality-aarch64.service", 0, CLD_EXITED);
139
5798eb4c 140#elif defined(__i386__)
7517f51e 141 test(m, "exec-personality-x86.service", 0, CLD_EXITED);
f0e018e7
YW		 142#else
143 log_notice("Unknown personality, skipping %s", __func__);
281e05b6
RC		 144#endif
145}
146
147static void test_exec_ignoresigpipe(Manager *m) {
148 test(m, "exec-ignoresigpipe-yes.service", 0, CLD_EXITED);
149 test(m, "exec-ignoresigpipe-no.service", SIGPIPE, CLD_KILLED);
150}
151
152static void test_exec_privatetmp(Manager *m) {
153 assert_se(touch("/tmp/test-exec_privatetmp") >= 0);
154
155 test(m, "exec-privatetmp-yes.service", 0, CLD_EXITED);
156 test(m, "exec-privatetmp-no.service", 0, CLD_EXITED);
157
158 unlink("/tmp/test-exec_privatetmp");
159}
160
161static void test_exec_privatedevices(Manager *m) {
f0e018e7
YW		 162 int r;
163
4dd4cb8f 164 if (detect_container() > 0) {
f0e018e7 165 log_notice("Testing in container, skipping %s", __func__);
4dd4cb8f
SM		 166 return;
167 }
6086d2da 168 if (!is_inaccessible_available()) {
f0e018e7 169 log_notice("Testing without inaccessible, skipping %s", __func__);
6086d2da
DP		 170 return;
171 }
172
281e05b6
RC		 173 test(m, "exec-privatedevices-yes.service", 0, CLD_EXITED);
174 test(m, "exec-privatedevices-no.service", 0, CLD_EXITED);
6086d2da 175
0608ba98
ZJS		 176 /* We use capsh to test if the capabilities are
177 * properly set, so be sure that it exists */
178 r = find_binary("capsh", NULL);
179 if (r < 0) {
f0e018e7 180 log_error_errno(r, "Could not find capsh binary, skipping remaining tests in %s: %m", __func__);
6086d2da
DP		 181 return;
182 }
183
615a1f4b
DH		 184 test(m, "exec-privatedevices-yes-capability-mknod.service", 0, CLD_EXITED);
185 test(m, "exec-privatedevices-no-capability-mknod.service", 0, CLD_EXITED);
625d8769
DH		 186 test(m, "exec-privatedevices-yes-capability-sys-rawio.service", 0, CLD_EXITED);
187 test(m, "exec-privatedevices-no-capability-sys-rawio.service", 0, CLD_EXITED);
615a1f4b
DH		 188}
189
4982dbcc 190static void test_exec_protectkernelmodules(Manager *m) {
0608ba98
ZJS		 191 int r;
192
3ae33295 193 if (detect_container() > 0) {
f0e018e7 194 log_notice("Testing in container, skipping %s", __func__);
3ae33295
DH		 195 return;
196 }
6086d2da 197 if (!is_inaccessible_available()) {
f0e018e7 198 log_notice("Testing without inaccessible, skipping %s", __func__);
6086d2da
DP		 199 return;
200 }
3ae33295 201
0608ba98
ZJS		 202 r = find_binary("capsh", NULL);
203 if (r < 0) {
204 log_error_errno(r, "Skipping %s, could not find capsh binary: %m", __func__);
205 return;
206 }
207
3ae33295
DH		 208 test(m, "exec-protectkernelmodules-no-capabilities.service", 0, CLD_EXITED);
209 test(m, "exec-protectkernelmodules-yes-capabilities.service", 0, CLD_EXITED);
4982dbcc 210 test(m, "exec-protectkernelmodules-yes-mount-propagation.service", 0, CLD_EXITED);
3ae33295
DH		 211}
212
f78b36f0 213static void test_exec_readonlypaths(Manager *m) {
34b86909 214
f0e018e7
YW		 215 test(m, "exec-readonlypaths-simple.service", 0, CLD_EXITED);
216
217 if (path_is_read_only_fs("/var") > 0) {
218 log_notice("Directory /var is readonly, skipping remaining tests in %s", __func__);
34b86909 219 return;
f0e018e7 220 }
34b86909 221
f78b36f0 222 test(m, "exec-readonlypaths.service", 0, CLD_EXITED);
cdfbd1fb 223 test(m, "exec-readonlypaths-mount-propagation.service", 0, CLD_EXITED);
23fd04e9 224 test(m, "exec-readonlypaths-with-bindpaths.service", 0, CLD_EXITED);
cdfbd1fb
DH		 225}
226
227static void test_exec_readwritepaths(Manager *m) {
34b86909 228
f0e018e7
YW		 229 if (path_is_read_only_fs("/") > 0) {
230 log_notice("Root directory is readonly, skipping %s", __func__);
34b86909 231 return;
f0e018e7 232 }
34b86909 233
cdfbd1fb
DH		 234 test(m, "exec-readwritepaths-mount-propagation.service", 0, CLD_EXITED);
235}
236
237static void test_exec_inaccessiblepaths(Manager *m) {
34b86909 238
f0e018e7
YW		 239 if (!is_inaccessible_available()) {
240 log_notice("Testing without inaccessible, skipping %s", __func__);
34b86909 241 return;
f0e018e7 242 }
34b86909 243
f0e018e7 244 test(m, "exec-inaccessiblepaths-proc.service", 0, CLD_EXITED);
f78b36f0 245
f0e018e7
YW		 246 if (path_is_read_only_fs("/") > 0) {
247 log_notice("Root directory is readonly, skipping remaining tests in %s", __func__);
af4af186
EV		 248 return;
249 }
250
f0e018e7 251 test(m, "exec-inaccessiblepaths-mount-propagation.service", 0, CLD_EXITED);
c090d74d
TR		 252}
253
281e05b6 254static void test_exec_systemcallfilter(Manager *m) {
349cc4a5 255#if HAVE_SECCOMP
f0e018e7
YW		 256 if (!is_seccomp_available()) {
257 log_notice("Seccomp not available, skipping %s", __func__);
83f12b27 258 return;
f0e018e7
YW		 259 }
260
281e05b6
RC		 261 test(m, "exec-systemcallfilter-not-failing.service", 0, CLD_EXITED);
262 test(m, "exec-systemcallfilter-not-failing2.service", 0, CLD_EXITED);
263 test(m, "exec-systemcallfilter-failing.service", SIGSYS, CLD_KILLED);
264 test(m, "exec-systemcallfilter-failing2.service", SIGSYS, CLD_KILLED);
b4891260
YW		 265 test(m, "exec-systemcallfilter-with-errno-name.service", errno_from_name("EILSEQ"), CLD_EXITED);
266 test(m, "exec-systemcallfilter-with-errno-number.service", 255, CLD_EXITED);
281e05b6
RC		 267#endif
268}
269
270static void test_exec_systemcallerrornumber(Manager *m) {
349cc4a5 271#if HAVE_SECCOMP
f0e018e7
YW		 272 if (!is_seccomp_available()) {
273 log_notice("Seccomp not available, skipping %s", __func__);
7a18854f 274 return;
f0e018e7
YW		 275 }
276
7a18854f
YW		 277 test(m, "exec-systemcallerrornumber-name.service", errno_from_name("EACCES"), CLD_EXITED);
278 test(m, "exec-systemcallerrornumber-number.service", 255, CLD_EXITED);
281e05b6
RC		 279#endif
280}
281
f0e018e7 282static void test_exec_restrictnamespaces(Manager *m) {
349cc4a5 283#if HAVE_SECCOMP
f0e018e7
YW		 284 if (!is_seccomp_available()) {
285 log_notice("Seccomp not available, skipping %s", __func__);
97e60383 286 return;
f0e018e7 287 }
97e60383 288
f0e018e7
YW		 289 test(m, "exec-restrictnamespaces-no.service", 0, CLD_EXITED);
290 test(m, "exec-restrictnamespaces-yes.service", 1, CLD_EXITED);
291 test(m, "exec-restrictnamespaces-mnt.service", 0, CLD_EXITED);
292 test(m, "exec-restrictnamespaces-mnt-blacklist.service", 1, CLD_EXITED);
97e60383
DH		 293#endif
294}
295
f0e018e7 296static void test_exec_systemcallfilter_system(Manager *m) {
349cc4a5 297#if HAVE_SECCOMP
f0e018e7
YW		 298 if (!is_seccomp_available()) {
299 log_notice("Seccomp not available, skipping %s", __func__);
83f12b27 300 return;
f0e018e7
YW		 301 }
302
19c0b0b9
RC		 303 if (getpwnam("nobody"))
304 test(m, "exec-systemcallfilter-system-user.service", 0, CLD_EXITED);
50f130c2
RC		 305 else if (getpwnam("nfsnobody"))
306 test(m, "exec-systemcallfilter-system-user-nfsnobody.service", 0, CLD_EXITED);
19c0b0b9 307 else
303c0bf8 308 log_error_errno(errno, "Skipping %s, could not find nobody/nfsnobody user: %m", __func__);
19c0b0b9
RC		 309#endif
310}
311
281e05b6 312static void test_exec_user(Manager *m) {
cc7fa4fb
RC		 313 if (getpwnam("nobody"))
314 test(m, "exec-user.service", 0, CLD_EXITED);
50f130c2
RC		 315 else if (getpwnam("nfsnobody"))
316 test(m, "exec-user-nfsnobody.service", 0, CLD_EXITED);
ff4ca461 317 else
303c0bf8 318 log_error_errno(errno, "Skipping %s, could not find nobody/nfsnobody user: %m", __func__);
281e05b6
RC		 319}
320
321static void test_exec_group(Manager *m) {
cc7fa4fb
RC		 322 if (getgrnam("nobody"))
323 test(m, "exec-group.service", 0, CLD_EXITED);
50f130c2
RC		 324 else if (getgrnam("nfsnobody"))
325 test(m, "exec-group-nfsnobody.service", 0, CLD_EXITED);
ff4ca461 326 else
303c0bf8 327 log_error_errno(errno, "Skipping %s, could not find nobody/nfsnobody group: %m", __func__);
281e05b6
RC		 328}
329
f0e018e7 330static void test_exec_supplementarygroups(Manager *m) {
86b838ea 331 test(m, "exec-supplementarygroups.service", 0, CLD_EXITED);
bf9ace96
DH		 332 test(m, "exec-supplementarygroups-single-group.service", 0, CLD_EXITED);
333 test(m, "exec-supplementarygroups-single-group-user.service", 0, CLD_EXITED);
50ca7a35
DH		 334 test(m, "exec-supplementarygroups-multiple-groups-default-group-user.service", 0, CLD_EXITED);
335 test(m, "exec-supplementarygroups-multiple-groups-withgid.service", 0, CLD_EXITED);
336 test(m, "exec-supplementarygroups-multiple-groups-withuid.service", 0, CLD_EXITED);
86b838ea
DH		 337}
338
f0e018e7 339static void test_exec_dynamicuser(Manager *m) {
2b9ac11e
DH		 340 test(m, "exec-dynamicuser-fixeduser.service", 0, CLD_EXITED);
341 test(m, "exec-dynamicuser-fixeduser-one-supplementarygroup.service", 0, CLD_EXITED);
5c67067f 342 test(m, "exec-dynamicuser-supplementarygroups.service", 0, CLD_EXITED);
f0e018e7 343 test(m, "exec-dynamicuser-statedir.service", 0, CLD_EXITED);
2b9ac11e
DH		 344}
345
281e05b6
RC		 346static void test_exec_environment(Manager *m) {
347 test(m, "exec-environment.service", 0, CLD_EXITED);
348 test(m, "exec-environment-multiple.service", 0, CLD_EXITED);
349 test(m, "exec-environment-empty.service", 0, CLD_EXITED);
350}
351
03bd70dd
RC		 352static void test_exec_environmentfile(Manager *m) {
353 static const char e[] =
354 "VAR1='word1 word2'\n"
355 "VAR2=word3 \n"
356 "# comment1\n"
357 "\n"
358 "; comment2\n"
359 " ; # comment3\n"
360 "line without an equal\n"
361 "VAR3='$word 5 6'\n";
362 int r;
363
364 r = write_string_file("/tmp/test-exec_environmentfile.conf", e, WRITE_STRING_FILE_CREATE);
365 assert_se(r == 0);
366
367 test(m, "exec-environmentfile.service", 0, CLD_EXITED);
368
f0e018e7 369 (void) unlink("/tmp/test-exec_environmentfile.conf");
03bd70dd
RC		 370}
371
4c80d201 372static void test_exec_passenvironment(Manager *m) {
e1abca2e
FB		 373 /* test-execute runs under MANAGER_USER which, by default, forwards all
374 * variables present in the environment, but only those that are
375 * present _at the time it is created_!
376 *
377 * So these PassEnvironment checks are still expected to work, since we
378 * are ensuring the variables are not present at manager creation (they
379 * are unset explicitly in main) and are only set here.
380 *
381 * This is still a good approximation of how a test for MANAGER_SYSTEM
382 * would work.
383 */
4c80d201
FB		 384 assert_se(setenv("VAR1", "word1 word2", 1) == 0);
385 assert_se(setenv("VAR2", "word3", 1) == 0);
386 assert_se(setenv("VAR3", "$word 5 6", 1) == 0);
387 test(m, "exec-passenvironment.service", 0, CLD_EXITED);
388 test(m, "exec-passenvironment-repeated.service", 0, CLD_EXITED);
389 test(m, "exec-passenvironment-empty.service", 0, CLD_EXITED);
390 assert_se(unsetenv("VAR1") == 0);
391 assert_se(unsetenv("VAR2") == 0);
392 assert_se(unsetenv("VAR3") == 0);
393 test(m, "exec-passenvironment-absent.service", 0, CLD_EXITED);
394}
395
27c5347c
RC		 396static void test_exec_umask(Manager *m) {
397 test(m, "exec-umask-default.service", 0, CLD_EXITED);
398 test(m, "exec-umask-0177.service", 0, CLD_EXITED);
399}
400
cc3ddc85
RC		 401static void test_exec_runtimedirectory(Manager *m) {
402 test(m, "exec-runtimedirectory.service", 0, CLD_EXITED);
403 test(m, "exec-runtimedirectory-mode.service", 0, CLD_EXITED);
cc7fa4fb
RC		 404 if (getgrnam("nobody"))
405 test(m, "exec-runtimedirectory-owner.service", 0, CLD_EXITED);
50f130c2
RC		 406 else if (getgrnam("nfsnobody"))
407 test(m, "exec-runtimedirectory-owner-nfsnobody.service", 0, CLD_EXITED);
ff4ca461 408 else
303c0bf8 409 log_error_errno(errno, "Skipping %s, could not find nobody/nfsnobody group: %m", __func__);
ff4ca461
RC		 410}
411
412static void test_exec_capabilityboundingset(Manager *m) {
413 int r;
414
ff4ca461
RC		 415 r = find_binary("capsh", NULL);
416 if (r < 0) {
0608ba98 417 log_error_errno(r, "Skipping %s, could not find capsh binary: %m", __func__);
ff4ca461
RC		 418 return;
419 }
420
421 test(m, "exec-capabilityboundingset-simple.service", 0, CLD_EXITED);
422 test(m, "exec-capabilityboundingset-reset.service", 0, CLD_EXITED);
423 test(m, "exec-capabilityboundingset-merge.service", 0, CLD_EXITED);
424 test(m, "exec-capabilityboundingset-invert.service", 0, CLD_EXITED);
cc3ddc85
RC		 425}
426
70d7aea5
IP		 427static void test_exec_capabilityambientset(Manager *m) {
428 int r;
429
430 /* Check if the kernel has support for ambient capabilities. Run
431 * the tests only if that's the case. Clearing all ambient
432 * capabilities is fine, since we are expecting them to be unset
433 * in the first place for the tests. */
434 r = prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_CLEAR_ALL, 0, 0, 0);
f0e018e7
YW		 435 if (r < 0 && IN_SET(errno, EINVAL, EOPNOTSUPP, ENOSYS)) {
436 log_error("Skipping %s, the kernel does not support ambient capabilities", __func__);
437 return;
438 }
439
440 if (getpwnam("nobody")) {
441 test(m, "exec-capabilityambientset.service", 0, CLD_EXITED);
442 test(m, "exec-capabilityambientset-merge.service", 0, CLD_EXITED);
443 } else if (getpwnam("nfsnobody")) {
444 test(m, "exec-capabilityambientset-nfsnobody.service", 0, CLD_EXITED);
445 test(m, "exec-capabilityambientset-merge-nfsnobody.service", 0, CLD_EXITED);
50f130c2 446 } else
f0e018e7 447 log_error_errno(errno, "Skipping %s, could not find nobody/nfsnobody user: %m", __func__);
70d7aea5
IP		 448}
449
63447f11
RC		 450static void test_exec_privatenetwork(Manager *m) {
451 int r;
452
453 r = find_binary("ip", NULL);
454 if (r < 0) {
303c0bf8 455 log_error_errno(r, "Skipping %s, could not find ip binary: %m", __func__);
63447f11
RC		 456 return;
457 }
458
459 test(m, "exec-privatenetwork-yes.service", 0, CLD_EXITED);
460}
461
c388dfea
RC		 462static void test_exec_oomscoreadjust(Manager *m) {
463 test(m, "exec-oomscoreadjust-positive.service", 0, CLD_EXITED);
464 test(m, "exec-oomscoreadjust-negative.service", 0, CLD_EXITED);
465}
466
a6226758
RC		 467static void test_exec_ioschedulingclass(Manager *m) {
468 test(m, "exec-ioschedulingclass-none.service", 0, CLD_EXITED);
469 test(m, "exec-ioschedulingclass-idle.service", 0, CLD_EXITED);
470 test(m, "exec-ioschedulingclass-realtime.service", 0, CLD_EXITED);
471 test(m, "exec-ioschedulingclass-best-effort.service", 0, CLD_EXITED);
472}
473
f0e018e7
YW		 474static void test_exec_unsetenvironment(Manager *m) {
475 test(m, "exec-unsetenvironment.service", 0, CLD_EXITED);
42cc99d5
LP		 476}
477
9672b583
LP		 478static void test_exec_specifier(Manager *m) {
479 test(m, "exec-specifier.service", 0, CLD_EXITED);
8b3c4b57 480 test(m, "exec-specifier@foo-bar.service", 0, CLD_EXITED);
f0e018e7 481 test(m, "exec-specifier-interpolation.service", 0, CLD_EXITED);
9672b583
LP		 482}
483
f0e018e7
YW		 484static void test_exec_standardinput(Manager *m) {
485 test(m, "exec-standardinput-data.service", 0, CLD_EXITED);
486 test(m, "exec-standardinput-file.service", 0, CLD_EXITED);
666d7877
LP		 487}
488
ea9cfad1
LP		 489static int run_tests(UnitFileScope scope, const test_function_t *tests) {
490 const test_function_t *test = NULL;
19c0b0b9
RC		 491 Manager *m = NULL;
492 int r;
493
494 assert_se(tests);
495
e0a3da1f 496 r = manager_new(scope, MANAGER_TEST_RUN_MINIMAL, &m);
19c0b0b9 497 if (MANAGER_SKIP_TEST(r)) {
2179fd10 498 log_notice_errno(r, "Skipping test: manager_new: %m");
19c0b0b9
RC		 499 return EXIT_TEST_SKIP;
500 }
501 assert_se(r >= 0);
502 assert_se(manager_startup(m, NULL, NULL) >= 0);
503
504 for (test = tests; test && *test; test++)
505 (*test)(m);
506
507 manager_free(m);
508
509 return 0;
510}
511
281e05b6 512int main(int argc, char *argv[]) {
ea9cfad1 513 static const test_function_t user_tests[] = {
f0e018e7
YW		 514 test_exec_bindpaths,
515 test_exec_capabilityambientset,
516 test_exec_capabilityboundingset,
517 test_exec_environment,
518 test_exec_environmentfile,
519 test_exec_group,
281e05b6 520 test_exec_ignoresigpipe,
f0e018e7
YW		 521 test_exec_inaccessiblepaths,
522 test_exec_ioschedulingclass,
523 test_exec_oomscoreadjust,
524 test_exec_passenvironment,
525 test_exec_personality,
281e05b6 526 test_exec_privatedevices,
f0e018e7
YW		 527 test_exec_privatenetwork,
528 test_exec_privatetmp,
4982dbcc 529 test_exec_protectkernelmodules,
f78b36f0 530 test_exec_readonlypaths,
cdfbd1fb 531 test_exec_readwritepaths,
f0e018e7
YW		 532 test_exec_restrictnamespaces,
533 test_exec_runtimedirectory,
534 test_exec_standardinput,
535 test_exec_supplementarygroups,
281e05b6 536 test_exec_systemcallerrornumber,
f0e018e7 537 test_exec_systemcallfilter,
27c5347c 538 test_exec_umask,
f0e018e7
YW		 539 test_exec_unsetenvironment,
540 test_exec_user,
541 test_exec_workingdirectory,
281e05b6
RC		 542 NULL,
543 };
ea9cfad1 544 static const test_function_t system_tests[] = {
f0e018e7 545 test_exec_dynamicuser,
9672b583 546 test_exec_specifier,
f0e018e7 547 test_exec_systemcallfilter_system,
19c0b0b9
RC		 548 NULL,
549 };
281e05b6
RC		 550 int r;
551
469830d1 552 log_set_max_level(LOG_DEBUG);
281e05b6
RC		 553 log_parse_environment();
554 log_open();
555
2482f88d
LP		 556 (void) unsetenv("USER");
557 (void) unsetenv("LOGNAME");
558
607ff5f9
DH		 559 /* It is needed otherwise cgroup creation fails */
560 if (getuid() != 0) {
651d47d1 561 puts("Skipping test: not root");
607ff5f9
DH		 562 return EXIT_TEST_SKIP;
563 }
564
651d47d1
ZJS		 565 r = enter_cgroup_subroot();
566 if (r == -ENOMEDIUM) {
567 puts("Skipping test: cgroupfs not available");
568 return EXIT_TEST_SKIP;
569 }
8c759b33 570
cc3ddc85 571 assert_se(setenv("XDG_RUNTIME_DIR", "/tmp/", 1) == 0);
cc100a5a 572 assert_se(set_unit_path(get_testdata_dir("/test-execute")) >= 0);
281e05b6 573
e1abca2e
FB		 574 /* Unset VAR1, VAR2 and VAR3 which are used in the PassEnvironment test
575 * cases, otherwise (and if they are present in the environment),
576 * `manager_default_environment` will copy them into the default
577 * environment which is passed to each created job, which will make the
578 * tests that expect those not to be present to fail.
579 */
580 assert_se(unsetenv("VAR1") == 0);
581 assert_se(unsetenv("VAR2") == 0);
582 assert_se(unsetenv("VAR3") == 0);
583
463d0d15 584 r = run_tests(UNIT_FILE_USER, user_tests);
19c0b0b9
RC		 585 if (r != 0)
586 return r;
281e05b6 587
463d0d15 588 return run_tests(UNIT_FILE_SYSTEM, system_tests);
281e05b6 589}
Unnamed repository; edit this file 'description' to name the repository.