[thirdparty/systemd.git] / test / units / testsuite-19.sh

#!/usr/bin/env bash
# SPDX-License-Identifier: LGPL-2.1-or-later
set -eux
set -o pipefail

test_scope_unpriv_delegation() {
    useradd test ||:
    trap "userdel -r test" RETURN

    systemd-run --uid=test -p User=test -p Delegate=yes --slice workload.slice --unit workload0.scope --scope \
            test -w /sys/fs/cgroup/workload.slice/workload0.scope -a \
            -w /sys/fs/cgroup/workload.slice/workload0.scope/cgroup.procs -a \
            -w /sys/fs/cgroup/workload.slice/workload0.scope/cgroup.subtree_control
}

if grep -q cgroup2 /proc/filesystems ; then
    systemd-run --wait --unit=test0.service -p "DynamicUser=1" -p "Delegate=" \
                test -w /sys/fs/cgroup/system.slice/test0.service/ -a \
                -w /sys/fs/cgroup/system.slice/test0.service/cgroup.procs -a \
                -w /sys/fs/cgroup/system.slice/test0.service/cgroup.subtree_control

    systemd-run --wait --unit=test1.service -p "DynamicUser=1" -p "Delegate=memory pids" \
                grep -q memory /sys/fs/cgroup/system.slice/test1.service/cgroup.controllers

    systemd-run --wait --unit=test2.service -p "DynamicUser=1" -p "Delegate=memory pids" \
                grep -q pids /sys/fs/cgroup/system.slice/test2.service/cgroup.controllers

    # "io" is not among the controllers enabled by default for all units, verify that
    grep -qv io /sys/fs/cgroup/system.slice/cgroup.controllers

    # Run a service with "io" enabled, and verify it works
    systemd-run --wait --unit=test3.service -p "IOAccounting=yes" -p "Slice=system-foo-bar-baz.slice"  \
                grep -q io /sys/fs/cgroup/system.slice/system-foo.slice/system-foo-bar.slice/system-foo-bar-baz.slice/test3.service/cgroup.controllers

    # We want to check if "io" is removed again from the controllers
    # list. However, PID 1 (rightfully) does this asynchronously. In order
    # to force synchronization on this, let's start a short-lived service
    # which requires PID 1 to refresh the cgroup tree, so that we can
    # verify that this all works.
    systemd-run --wait --unit=test4.service true

    # And now check again, "io" should have vanished
    grep -qv io /sys/fs/cgroup/system.slice/cgroup.controllers

    # Check that unprivileged delegation works for scopes
    test_scope_unpriv_delegation

else
    echo "Skipping TEST-19-DELEGATE, as the kernel doesn't actually support cgroup v2" >&2
fi

echo OK >/testok

exit 0
Commit	Line	Data
ff12a795	1	#!/usr/bin/env bash
7b3cec95	2	# SPDX-License-Identifier: LGPL-2.1-or-later
084575ff	3	set -eux
b961baf1 LP	4	set -o pipefail
b961baf1 LP	5
03860190 MS	6	test_scope_unpriv_delegation() {
	7	useradd test \|\|:
	8	trap "userdel -r test" RETURN
	9
	10	systemd-run --uid=test -p User=test -p Delegate=yes --slice workload.slice --unit workload0.scope --scope \
	11	test -w /sys/fs/cgroup/workload.slice/workload0.scope -a \
	12	-w /sys/fs/cgroup/workload.slice/workload0.scope/cgroup.procs -a \
	13	-w /sys/fs/cgroup/workload.slice/workload0.scope/cgroup.subtree_control
	14	}
	15
dd202b88	16	if grep -q cgroup2 /proc/filesystems ; then
cc5549ca ZJS	17	systemd-run --wait --unit=test0.service -p "DynamicUser=1" -p "Delegate=" \
	18	test -w /sys/fs/cgroup/system.slice/test0.service/ -a \
	19	-w /sys/fs/cgroup/system.slice/test0.service/cgroup.procs -a \
	20	-w /sys/fs/cgroup/system.slice/test0.service/cgroup.subtree_control
b961baf1	21
cc5549ca ZJS	22	systemd-run --wait --unit=test1.service -p "DynamicUser=1" -p "Delegate=memory pids" \
cc5549ca ZJS	23	grep -q memory /sys/fs/cgroup/system.slice/test1.service/cgroup.controllers
b961baf1	24
cc5549ca ZJS	25	systemd-run --wait --unit=test2.service -p "DynamicUser=1" -p "Delegate=memory pids" \
cc5549ca ZJS	26	grep -q pids /sys/fs/cgroup/system.slice/test2.service/cgroup.controllers
43738e00	27
cc5549ca ZJS	28	# "io" is not among the controllers enabled by default for all units, verify that
cc5549ca ZJS	29	grep -qv io /sys/fs/cgroup/system.slice/cgroup.controllers
43738e00	30
cc5549ca ZJS	31	# Run a service with "io" enabled, and verify it works
	32	systemd-run --wait --unit=test3.service -p "IOAccounting=yes" -p "Slice=system-foo-bar-baz.slice" \
	33	grep -q io /sys/fs/cgroup/system.slice/system-foo.slice/system-foo-bar.slice/system-foo-bar-baz.slice/test3.service/cgroup.controllers
43738e00	34
cc5549ca ZJS	35	# We want to check if "io" is removed again from the controllers
	36	# list. However, PID 1 (rightfully) does this asynchronously. In order
	37	# to force synchronization on this, let's start a short-lived service
	38	# which requires PID 1 to refresh the cgroup tree, so that we can
	39	# verify that this all works.
	40	systemd-run --wait --unit=test4.service true
43738e00	41
cc5549ca ZJS	42	# And now check again, "io" should have vanished
cc5549ca ZJS	43	grep -qv io /sys/fs/cgroup/system.slice/cgroup.controllers
03860190 MS	44
	45	# Check that unprivileged delegation works for scopes
	46	test_scope_unpriv_delegation
	47
dd202b88	48	else
cc5549ca	49	echo "Skipping TEST-19-DELEGATE, as the kernel doesn't actually support cgroup v2" >&2
dd202b88	50	fi
b961baf1	51
0ee99483	52	echo OK >/testok
b961baf1 LP	53
b961baf1 LP	54	exit 0