assert_se(service->main_exec_status.code == code_expected);
}
+static bool is_inaccessible_available(void) {
+ char *p;
+
+ FOREACH_STRING(p,
+ "/run/systemd/inaccessible/reg",
+ "/run/systemd/inaccessible/dir",
+ "/run/systemd/inaccessible/chr",
+ "/run/systemd/inaccessible/blk",
+ "/run/systemd/inaccessible/fifo",
+ "/run/systemd/inaccessible/sock"
+ ) {
+ if (access(p, F_OK) < 0)
+ return false;
+ }
+
+ return true;
+}
+
static void test(Manager *m, const char *unit_name, int status_expected, int code_expected) {
Unit *unit;
log_notice("testing in container, skipping private device tests");
return;
}
+ if (!is_inaccessible_available()) {
+ log_notice("testing without inaccessible, skipping private device tests");
+ return;
+ }
+
test(m, "exec-privatedevices-yes.service", 0, CLD_EXITED);
test(m, "exec-privatedevices-no.service", 0, CLD_EXITED);
}
log_notice("testing in container, skipping private device tests");
return;
}
+ if (!is_inaccessible_available()) {
+ log_notice("testing without inaccessible, skipping private device tests");
+ return;
+ }
+
test(m, "exec-privatedevices-yes-capability-mknod.service", 0, CLD_EXITED);
test(m, "exec-privatedevices-no-capability-mknod.service", 0, CLD_EXITED);
test(m, "exec-privatedevices-yes-capability-sys-rawio.service", 0, CLD_EXITED);
log_notice("testing in container, skipping protectkernelmodules tests");
return;
}
+ if (!is_inaccessible_available()) {
+ log_notice("testing without inaccessible, skipping protectkernelmodules tests");
+ return;
+ }
test(m, "exec-protectkernelmodules-no-capabilities.service", 0, CLD_EXITED);
test(m, "exec-protectkernelmodules-yes-capabilities.service", 0, CLD_EXITED);