]>
git.ipfire.org Git - thirdparty/systemd.git/blob - src/test/test-ns.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
11 int main(int argc
, char *argv
[]) {
12 const char * const writable
[] = {
14 "-/home/lennart/projects/foobar", /* this should be masked automatically */
18 const char * const readonly
[] = {
29 const char * const exec
[] = {
37 const char * const no_exec
[] = {
42 const char *inaccessible
[] = {
43 "/home/lennart/projects",
47 static const NamespaceInfo ns_info
= {
49 .protect_control_groups
= true,
50 .protect_kernel_tunables
= true,
51 .protect_kernel_modules
= true,
52 .protect_proc
= PROTECT_PROC_NOACCESS
,
53 .proc_subset
= PROC_SUBSET_PID
,
57 char *projects_directory
;
59 char tmp_dir
[] = "/tmp/systemd-private-XXXXXX",
60 var_tmp_dir
[] = "/var/tmp/systemd-private-XXXXXX";
62 test_setup_logging(LOG_DEBUG
);
64 assert_se(mkdtemp(tmp_dir
));
65 assert_se(mkdtemp(var_tmp_dir
));
67 root_directory
= getenv("TEST_NS_CHROOT");
68 projects_directory
= getenv("TEST_NS_PROJECTS");
70 if (projects_directory
)
71 inaccessible
[0] = projects_directory
;
73 log_info("Inaccessible directory: '%s'", inaccessible
[0]);
75 log_info("Chroot: '%s'", root_directory
);
77 log_info("Not chrooted");
79 r
= setup_namespace(root_directory
,
86 (char **) inaccessible
,
91 &(BindMount
) { .source
= (char*) "/usr/bin", .destination
= (char*) "/etc/systemd", .read_only
= true }, 1,
92 &(TemporaryFileSystem
) { .path
= (char*) "/var", .options
= (char*) "ro" }, 1,
118 log_error_errno(r
, "Failed to set up namespace: %m");
121 " sudo TEST_NS_PROJECTS=/home/lennart/projects ./test-ns\n"
122 " sudo TEST_NS_CHROOT=/home/alban/debian-tree TEST_NS_PROJECTS=/home/alban/debian-tree/home/alban/Documents ./test-ns");
127 execl("/bin/sh", "/bin/sh", NULL
);
128 log_error_errno(errno
, "execl(): %m");