1 /* SPDX-License-Identifier: LGPL-2.1+ */
4 #include <sys/socket.h>
7 #include "alloc-util.h"
10 #include "process-util.h"
11 #include "string-util.h"
13 #include "user-util.h"
17 static void test_namespace_cleanup_tmpdir(void) {
19 _cleanup_(namespace_cleanup_tmpdirp
) char *dir
;
20 assert_se(dir
= strdup(RUN_SYSTEMD_EMPTY
));
24 _cleanup_(namespace_cleanup_tmpdirp
) char *dir
;
25 assert_se(dir
= strdup("/tmp/systemd-test-namespace.XXXXXX"));
26 assert_se(mkdtemp(dir
));
30 static void test_tmpdir(const char *id
, const char *A
, const char *B
) {
31 _cleanup_free_
char *a
, *b
;
35 assert_se(setup_tmp_dirs(id
, &a
, &b
) == 0);
37 assert_se(stat(a
, &x
) >= 0);
38 assert_se(stat(b
, &y
) >= 0);
40 assert_se(S_ISDIR(x
.st_mode
));
41 assert_se(S_ISDIR(y
.st_mode
));
43 if (!streq(a
, RUN_SYSTEMD_EMPTY
)) {
44 assert_se(startswith(a
, A
));
45 assert_se((x
.st_mode
& 01777) == 0700);
46 c
= strjoina(a
, "/tmp");
47 assert_se(stat(c
, &x
) >= 0);
48 assert_se(S_ISDIR(x
.st_mode
));
49 assert_se((x
.st_mode
& 01777) == 01777);
50 assert_se(rmdir(c
) >= 0);
51 assert_se(rmdir(a
) >= 0);
54 if (!streq(b
, RUN_SYSTEMD_EMPTY
)) {
55 assert_se(startswith(b
, B
));
56 assert_se((y
.st_mode
& 01777) == 0700);
57 d
= strjoina(b
, "/tmp");
58 assert_se(stat(d
, &y
) >= 0);
59 assert_se(S_ISDIR(y
.st_mode
));
60 assert_se((y
.st_mode
& 01777) == 01777);
61 assert_se(rmdir(d
) >= 0);
62 assert_se(rmdir(b
) >= 0);
66 static void test_netns(void) {
67 _cleanup_close_pair_
int s
[2] = { -1, -1 };
68 pid_t pid1
, pid2
, pid3
;
73 (void) log_tests_skipped("not root");
77 assert_se(socketpair(AF_UNIX
, SOCK_DGRAM
, 0, s
) >= 0);
106 r
= wait_for_terminate(pid1
, &si
);
108 assert_se(si
.si_code
== CLD_EXITED
);
111 r
= wait_for_terminate(pid2
, &si
);
113 assert_se(si
.si_code
== CLD_EXITED
);
116 r
= wait_for_terminate(pid3
, &si
);
118 assert_se(si
.si_code
== CLD_EXITED
);
124 static void test_protect_kernel_logs(void) {
127 static const NamespaceInfo ns_info
= {
128 .protect_kernel_logs
= true,
132 (void) log_tests_skipped("not root");
136 /* In a container we likely don't have access to /dev/kmsg */
137 if (detect_container() > 0) {
138 (void) log_tests_skipped("in container");
147 _cleanup_close_
int fd
= -1;
149 fd
= open("/dev/kmsg", O_RDONLY
| O_CLOEXEC
);
152 r
= setup_namespace(NULL
,
178 assert_se(setresuid(UID_NOBODY
, UID_NOBODY
, UID_NOBODY
) >= 0);
179 assert_se(open("/dev/kmsg", O_RDONLY
| O_CLOEXEC
) < 0);
180 assert_se(errno
== EACCES
);
185 assert_se(wait_for_terminate_and_check("ns-kernellogs", pid
, WAIT_LOG
) == EXIT_SUCCESS
);
188 int main(int argc
, char *argv
[]) {
190 char boot_id
[SD_ID128_STRING_MAX
];
191 _cleanup_free_
char *x
= NULL
, *y
= NULL
, *z
= NULL
, *zz
= NULL
;
193 test_setup_logging(LOG_INFO
);
195 test_namespace_cleanup_tmpdir();
197 if (!have_namespaces()) {
198 log_tests_skipped("Don't have namespace support");
199 return EXIT_TEST_SKIP
;
202 assert_se(sd_id128_get_boot(&bid
) >= 0);
203 sd_id128_to_string(bid
, boot_id
);
205 x
= strjoin("/tmp/systemd-private-", boot_id
, "-abcd.service-");
206 y
= strjoin("/var/tmp/systemd-private-", boot_id
, "-abcd.service-");
209 test_tmpdir("abcd.service", x
, y
);
211 z
= strjoin("/tmp/systemd-private-", boot_id
, "-sys-devices-pci0000:00-0000:00:1a.0-usb3-3\\x2d1-3\\x2d1:1.0-bluetooth-hci0.device-");
212 zz
= strjoin("/var/tmp/systemd-private-", boot_id
, "-sys-devices-pci0000:00-0000:00:1a.0-usb3-3\\x2d1-3\\x2d1:1.0-bluetooth-hci0.device-");
216 test_tmpdir("sys-devices-pci0000:00-0000:00:1a.0-usb3-3\\x2d1-3\\x2d1:1.0-bluetooth-hci0.device", z
, zz
);
219 test_protect_kernel_logs();