]>
git.ipfire.org Git - thirdparty/systemd.git/blob - src/test/test-namespace.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
4 #include <sys/socket.h>
7 #include "alloc-util.h"
10 #include "process-util.h"
11 #include "string-util.h"
13 #include "user-util.h"
17 static void test_tmpdir(const char *id
, const char *A
, const char *B
) {
18 _cleanup_free_
char *a
, *b
;
22 assert_se(setup_tmp_dirs(id
, &a
, &b
) == 0);
23 assert_se(startswith(a
, A
));
24 assert_se(startswith(b
, B
));
26 assert_se(stat(a
, &x
) >= 0);
27 assert_se(stat(b
, &y
) >= 0);
29 assert_se(S_ISDIR(x
.st_mode
));
30 assert_se(S_ISDIR(y
.st_mode
));
32 assert_se((x
.st_mode
& 01777) == 0700);
33 assert_se((y
.st_mode
& 01777) == 0700);
35 c
= strjoina(a
, "/tmp");
36 d
= strjoina(b
, "/tmp");
38 assert_se(stat(c
, &x
) >= 0);
39 assert_se(stat(d
, &y
) >= 0);
41 assert_se(S_ISDIR(x
.st_mode
));
42 assert_se(S_ISDIR(y
.st_mode
));
44 assert_se((x
.st_mode
& 01777) == 01777);
45 assert_se((y
.st_mode
& 01777) == 01777);
47 assert_se(rmdir(c
) >= 0);
48 assert_se(rmdir(d
) >= 0);
50 assert_se(rmdir(a
) >= 0);
51 assert_se(rmdir(b
) >= 0);
54 static void test_netns(void) {
55 _cleanup_close_pair_
int s
[2] = { -1, -1 };
56 pid_t pid1
, pid2
, pid3
;
61 (void) log_tests_skipped("not root");
65 assert_se(socketpair(AF_UNIX
, SOCK_DGRAM
, 0, s
) >= 0);
94 r
= wait_for_terminate(pid1
, &si
);
96 assert_se(si
.si_code
== CLD_EXITED
);
99 r
= wait_for_terminate(pid2
, &si
);
101 assert_se(si
.si_code
== CLD_EXITED
);
104 r
= wait_for_terminate(pid3
, &si
);
106 assert_se(si
.si_code
== CLD_EXITED
);
112 static void test_protect_kernel_logs(void) {
115 static const NamespaceInfo ns_info
= {
116 .protect_kernel_logs
= true,
120 (void) log_tests_skipped("not root");
124 /* In a container we likely don't have access to /dev/kmsg */
125 if (detect_container() > 0) {
126 (void) log_tests_skipped("in container");
135 _cleanup_close_
int fd
= -1;
137 fd
= open("/dev/kmsg", O_RDONLY
| O_CLOEXEC
);
140 r
= setup_namespace(NULL
,
159 assert_se(setresuid(UID_NOBODY
, UID_NOBODY
, UID_NOBODY
) >= 0);
160 assert_se(open("/dev/kmsg", O_RDONLY
| O_CLOEXEC
) < 0);
161 assert_se(errno
== EACCES
);
166 assert_se(wait_for_terminate_and_check("ns-kernellogs", pid
, WAIT_LOG
) == EXIT_SUCCESS
);
169 int main(int argc
, char *argv
[]) {
171 char boot_id
[SD_ID128_STRING_MAX
];
172 _cleanup_free_
char *x
= NULL
, *y
= NULL
, *z
= NULL
, *zz
= NULL
;
174 test_setup_logging(LOG_INFO
);
176 if (!have_namespaces()) {
177 log_tests_skipped("Don't have namespace support");
178 return EXIT_TEST_SKIP
;
181 assert_se(sd_id128_get_boot(&bid
) >= 0);
182 sd_id128_to_string(bid
, boot_id
);
184 x
= strjoin("/tmp/systemd-private-", boot_id
, "-abcd.service-");
185 y
= strjoin("/var/tmp/systemd-private-", boot_id
, "-abcd.service-");
188 test_tmpdir("abcd.service", x
, y
);
190 z
= strjoin("/tmp/systemd-private-", boot_id
, "-sys-devices-pci0000:00-0000:00:1a.0-usb3-3\\x2d1-3\\x2d1:1.0-bluetooth-hci0.device-");
191 zz
= strjoin("/var/tmp/systemd-private-", boot_id
, "-sys-devices-pci0000:00-0000:00:1a.0-usb3-3\\x2d1-3\\x2d1:1.0-bluetooth-hci0.device-");
195 test_tmpdir("sys-devices-pci0000:00-0000:00:1a.0-usb3-3\\x2d1-3\\x2d1:1.0-bluetooth-hci0.device", z
, zz
);
198 test_protect_kernel_logs();