projects / thirdparty / systemd.git / blame
| Commit | Line | Data |
|---|---|---|
| 53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
| 15ae422b | 2 | |
| dccca82b | 3 | #include <errno.h> |
| 15ae422b | 4 | #include <stdlib.h> |
| 15ae422b | 5 | #include <unistd.h> |
| 15ae422b | 6 | |
| 15ae422b | 7 | #include "log.h" |
| cf0fbc49 | 8 | #include "namespace.h" |
| 6d7c4033 | 9 | #include "tests.h" |
| 15ae422b LP |
10 | |
| 11 | int main(int argc, char *argv[]) { | |
| 12 | const char * const writable[] = { | |
| 13 | "/home", | |
| d944dc95 | 14 | "-/home/lennart/projects/foobar", /* this should be masked automatically */ |
| 15ae422b LP |
15 | NULL |
| 16 | }; | |
| 17 | ||
| ac0930c8 | 18 | const char * const readonly[] = { |
| d944dc95 LP |
19 | /* "/", */ |
| 20 | /* "/usr", */ | |
| 5dcfe57b | 21 | "/boot", |
| d944dc95 LP |
22 | "/lib", |
| 23 | "/usr/lib", | |
| 24 | "-/lib64", | |
| 25 | "-/usr/lib64", | |
| 15ae422b LP |
26 | NULL |
| 27 | }; | |
| 28 | ||
| ee818b89 | 29 | const char *inaccessible[] = { |
| 15ae422b LP |
30 | "/home/lennart/projects", |
| 31 | NULL | |
| 32 | }; | |
| c575770b | 33 | |
| bb0ff3fb | 34 | static const NamespaceInfo ns_info = { |
| c575770b DH |
35 | .private_dev = true, |
| 36 | .protect_control_groups = true, | |
| 37 | .protect_kernel_tunables = true, | |
| 38 | .protect_kernel_modules = true, | |
| 39 | }; | |
| 40 | ||
| ee818b89 AC |
41 | char *root_directory; |
| 42 | char *projects_directory; | |
| 15ae422b | 43 | int r; |
| c17ec25e MS |
44 | char tmp_dir[] = "/tmp/systemd-private-XXXXXX", |
| 45 | var_tmp_dir[] = "/var/tmp/systemd-private-XXXXXX"; | |
| 15ae422b | 46 | |
| 6d7c4033 | 47 | test_setup_logging(LOG_DEBUG); |
| fe3c2583 | 48 | |
| c17ec25e MS |
49 | assert_se(mkdtemp(tmp_dir)); |
| 50 | assert_se(mkdtemp(var_tmp_dir)); | |
| 51 | ||
| ee818b89 AC |
52 | root_directory = getenv("TEST_NS_CHROOT"); |
| 53 | projects_directory = getenv("TEST_NS_PROJECTS"); | |
| 54 | ||
| 55 | if (projects_directory) | |
| 56 | inaccessible[0] = projects_directory; | |
| 57 | ||
| 58 | log_info("Inaccessible directory: '%s'", inaccessible[0]); | |
| 59 | if (root_directory) | |
| 60 | log_info("Chroot: '%s'", root_directory); | |
| 61 | else | |
| 62 | log_info("Not chrooted"); | |
| 63 | ||
| 64 | r = setup_namespace(root_directory, | |
| 18d73705 | 65 | NULL, |
| 915e6d16 | 66 | NULL, |
| c575770b | 67 | &ns_info, |
| ee818b89 | 68 | (char **) writable, |
| c17ec25e MS |
69 | (char **) readonly, |
| 70 | (char **) inaccessible, | |
| 6c47cd7d | 71 | NULL, |
| d2d6c096 | 72 | &(BindMount) { .source = (char*) "/usr/bin", .destination = (char*) "/etc/systemd", .read_only = true }, 1, |
| 2abd4e38 | 73 | &(TemporaryFileSystem) { .path = (char*) "/var", .options = (char*) "ro" }, 1, |
| c17ec25e MS |
74 | tmp_dir, |
| 75 | var_tmp_dir, | |
| 91dd5f7c | 76 | NULL, |
| 1b8689f9 LP |
77 | PROTECT_HOME_NO, |
| 78 | PROTECT_SYSTEM_NO, | |
| 915e6d16 | 79 | 0, |
| 0389f4fa LB |
80 | NULL, |
| 81 | 0, | |
| 82 | NULL, | |
| 83 | NULL, | |
| 7cc5ef5f | 84 | 0, |
| d4d55b0d LB |
85 | NULL, |
| 86 | NULL, | |
| 87 | 0, | |
| 7cc5ef5f | 88 | NULL); |
| ac0930c8 | 89 | if (r < 0) { |
| 105a1a36 | 90 | log_error_errno(r, "Failed to set up namespace: %m"); |
| ee818b89 AC |
91 | |
| 92 | log_info("Usage:\n" | |
| 93 | " sudo TEST_NS_PROJECTS=/home/lennart/projects ./test-ns\n" | |
| 94 | " sudo TEST_NS_CHROOT=/home/alban/debian-tree TEST_NS_PROJECTS=/home/alban/debian-tree/home/alban/Documents ./test-ns"); | |
| 95 | ||
| 15ae422b LP |
96 | return 1; |
| 97 | } | |
| 98 | ||
| 99 | execl("/bin/sh", "/bin/sh", NULL); | |
| 56f64d95 | 100 | log_error_errno(errno, "execl(): %m"); |
| 15ae422b LP |
101 | |
| 102 | return 1; | |
| 103 | } |