[thirdparty/systemd.git] / src / test / test-ns.c

/***
  This file is part of systemd.

  Copyright 2010 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

#include <stdlib.h>
#include <unistd.h>

#include "log.h"
#include "namespace.h"

int main(int argc, char *argv[]) {
        const char * const writable[] = {
                "/home",
                "/home/lennart/projects/foobar", /* this should be masked automatically */
                NULL
        };

        const char * const readonly[] = {
                "/",
                "/usr",
                "/boot",
                NULL
        };

        const char *inaccessible[] = {
                "/home/lennart/projects",
                NULL
        };
        char *root_directory;
        char *projects_directory;
        int r;
        char tmp_dir[] = "/tmp/systemd-private-XXXXXX",
             var_tmp_dir[] = "/var/tmp/systemd-private-XXXXXX";

        log_set_max_level(LOG_DEBUG);

        assert_se(mkdtemp(tmp_dir));
        assert_se(mkdtemp(var_tmp_dir));

        root_directory = getenv("TEST_NS_CHROOT");
        projects_directory = getenv("TEST_NS_PROJECTS");

        if (projects_directory)
                inaccessible[0] = projects_directory;

        log_info("Inaccessible directory: '%s'", inaccessible[0]);
        if (root_directory)
                log_info("Chroot: '%s'", root_directory);
        else
                log_info("Not chrooted");

        r = setup_namespace(root_directory,
                            (char **) writable,
                            (char **) readonly,
                            (char **) inaccessible,
                            tmp_dir,
                            var_tmp_dir,
                            true,
                            true,
                            true,
                            PROTECT_HOME_NO,
                            PROTECT_SYSTEM_NO,
                            0);
        if (r < 0) {
                log_error_errno(r, "Failed to setup namespace: %m");

                log_info("Usage:\n"
                         "  sudo TEST_NS_PROJECTS=/home/lennart/projects ./test-ns\n"
                         "  sudo TEST_NS_CHROOT=/home/alban/debian-tree TEST_NS_PROJECTS=/home/alban/debian-tree/home/alban/Documents ./test-ns");

                return 1;
        }

        execl("/bin/sh", "/bin/sh", NULL);
        log_error_errno(errno, "execl(): %m");

        return 1;
}
Commit	Line	Data
15ae422b LP	1	/***
	2	This file is part of systemd.
	3
	4	Copyright 2010 Lennart Poettering
	5
	6	systemd is free software; you can redistribute it and/or modify it
5430f7f2 LP	7	under the terms of the GNU Lesser General Public License as published by
5430f7f2 LP	8	the Free Software Foundation; either version 2.1 of the License, or
15ae422b LP	9	(at your option) any later version.
	10
	11	systemd is distributed in the hope that it will be useful, but
	12	WITHOUT ANY WARRANTY; without even the implied warranty of
	13	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2	14	Lesser General Public License for more details.
15ae422b	15
5430f7f2	16	You should have received a copy of the GNU Lesser General Public License
15ae422b LP	17	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	18	***/
	19
	20	#include <stdlib.h>
15ae422b	21	#include <unistd.h>
15ae422b	22
15ae422b	23	#include "log.h"
cf0fbc49	24	#include "namespace.h"
15ae422b LP	25
	26	int main(int argc, char *argv[]) {
	27	const char * const writable[] = {
	28	"/home",
fe3c2583	29	"/home/lennart/projects/foobar", /* this should be masked automatically */
15ae422b LP	30	NULL
	31	};
	32
ac0930c8	33	const char * const readonly[] = {
5dcfe57b LP	34	"/",
	35	"/usr",
	36	"/boot",
15ae422b LP	37	NULL
	38	};
	39
ee818b89	40	const char *inaccessible[] = {
15ae422b LP	41	"/home/lennart/projects",
	42	NULL
	43	};
ee818b89 AC	44	char *root_directory;
ee818b89 AC	45	char *projects_directory;
15ae422b	46	int r;
c17ec25e MS	47	char tmp_dir[] = "/tmp/systemd-private-XXXXXX",
c17ec25e MS	48	var_tmp_dir[] = "/var/tmp/systemd-private-XXXXXX";
15ae422b	49
fe3c2583 LP	50	log_set_max_level(LOG_DEBUG);
fe3c2583 LP	51
c17ec25e MS	52	assert_se(mkdtemp(tmp_dir));
	53	assert_se(mkdtemp(var_tmp_dir));
	54
ee818b89 AC	55	root_directory = getenv("TEST_NS_CHROOT");
	56	projects_directory = getenv("TEST_NS_PROJECTS");
	57
	58	if (projects_directory)
	59	inaccessible[0] = projects_directory;
	60
	61	log_info("Inaccessible directory: '%s'", inaccessible[0]);
	62	if (root_directory)
	63	log_info("Chroot: '%s'", root_directory);
	64	else
	65	log_info("Not chrooted");
	66
	67	r = setup_namespace(root_directory,
	68	(char **) writable,
c17ec25e MS	69	(char **) readonly,
	70	(char **) inaccessible,
	71	tmp_dir,
	72	var_tmp_dir,
7f112f50	73	true,
59eeb84b LP	74	true,
59eeb84b LP	75	true,
1b8689f9 LP	76	PROTECT_HOME_NO,
1b8689f9 LP	77	PROTECT_SYSTEM_NO,
c17ec25e	78	0);
ac0930c8	79	if (r < 0) {
da927ba9	80	log_error_errno(r, "Failed to setup namespace: %m");
ee818b89 AC	81
	82	log_info("Usage:\n"
	83	" sudo TEST_NS_PROJECTS=/home/lennart/projects ./test-ns\n"
	84	" sudo TEST_NS_CHROOT=/home/alban/debian-tree TEST_NS_PROJECTS=/home/alban/debian-tree/home/alban/Documents ./test-ns");
	85
15ae422b LP	86	return 1;
	87	}
	88
	89	execl("/bin/sh", "/bin/sh", NULL);
56f64d95	90	log_error_errno(errno, "execl(): %m");
15ae422b LP	91
	92	return 1;
	93	}