test-execute: add tests with user/group daemon

The nobody user/group may not synthesized by systemd.
To run tests the functionalities in such situation, this adds tests
by user/group by daemon, as it is expected to exists all environments.

diff --git a/src/test/test-execute.c b/src/test/test-execute.c
index b2d668dc89307c913809f00ca2a8bec419d622a9..d910471d1fe1c7b58ad148b2e8bf695290941639 100644 (file)
--- a/src/test/test-execute.c
+++ b/src/test/test-execute.c
@@ -379,48 +379,52 @@ static void test_exec_systemcallfilter_system(Manager *m) {
                 return;
         }
 
+        test(m, "exec-systemcallfilter-system-user.service", 0, CLD_EXITED);
+
         if (!check_nobody_user_and_group()) {
-                log_error_errno(errno, "nobody user/group is not synthesized or may conflict to other entries, skipping %s", __func__);
+                log_error_errno(errno, "nobody user/group is not synthesized or may conflict to other entries, skipping remaining tests in %s", __func__);
                 return;
         }
 
-        if (streq(NOBODY_USER_NAME, "nobody"))
-                test(m, "exec-systemcallfilter-system-user.service", 0, CLD_EXITED);
-        else if (streq(NOBODY_USER_NAME, "nfsnobody"))
-                test(m, "exec-systemcallfilter-system-user-nfsnobody.service", 0, CLD_EXITED);
-        else
-                log_error("Unsupported nobody user name '%s', skipping %s", NOBODY_USER_NAME, __func__);
+        if (!STR_IN_SET(NOBODY_USER_NAME, "nobody", "nfsnobody")) {
+                log_error("Unsupported nobody user name '%s', skipping remaining tests in %s", NOBODY_USER_NAME, __func__);
+                return;
+        }
+
+        test(m, "exec-systemcallfilter-system-user-" NOBODY_USER_NAME ".service", 0, CLD_EXITED);
 #endif
 }
 
 static void test_exec_user(Manager *m) {
+        test(m, "exec-user.service", 0, CLD_EXITED);
+
         if (!check_nobody_user_and_group()) {
-                log_error_errno(errno, "nobody user/group is not synthesized or may conflict to other entries, skipping %s", __func__);
+                log_error_errno(errno, "nobody user/group is not synthesized or may conflict to other entries, skipping remaining tests in %s", __func__);
                 return;
         }
 
-        if (streq(NOBODY_USER_NAME, "nobody"))
-                test(m, "exec-user.service", 0, CLD_EXITED);
-        else if (streq(NOBODY_USER_NAME, "nfsnobody"))
-                test(m, "exec-user-nfsnobody.service", 0, CLD_EXITED);
-        else
-                log_error("Unsupported nobody user name '%s', skipping %s", NOBODY_USER_NAME, __func__);
+        if (!STR_IN_SET(NOBODY_USER_NAME, "nobody", "nfsnobody")) {
+                log_error("Unsupported nobody user name '%s', skipping remaining tests in %s", NOBODY_USER_NAME, __func__);
+                return;
+        }
+
+        test(m, "exec-user-" NOBODY_USER_NAME ".service", 0, CLD_EXITED);
 }
 
 static void test_exec_group(Manager *m) {
+        test(m, "exec-group.service", 0, CLD_EXITED);
+
         if (!check_nobody_user_and_group()) {
-                log_error_errno(errno, "nobody user/group is not synthesized or may conflict to other entries, skipping %s", __func__);
+                log_error_errno(errno, "nobody user/group is not synthesized or may conflict to other entries, skipping remaining tests in %s", __func__);
                 return;
         }
 
-        if (streq(NOBODY_GROUP_NAME, "nobody"))
-                test(m, "exec-group.service", 0, CLD_EXITED);
-        else if (streq(NOBODY_GROUP_NAME, "nfsnobody"))
-                test(m, "exec-group-nfsnobody.service", 0, CLD_EXITED);
-        else if (streq(NOBODY_GROUP_NAME, "nogroup"))
-                test(m, "exec-group-nogroup.service", 0, CLD_EXITED);
-        else
-                log_error("Unsupported nobody group name '%s', skipping %s", NOBODY_GROUP_NAME, __func__);
+        if (!STR_IN_SET(NOBODY_GROUP_NAME, "nobody", "nfsnobody", "nogroup")) {
+                log_error("Unsupported nobody group name '%s', skipping remaining tests in %s", NOBODY_GROUP_NAME, __func__);
+                return;
+        }
+
+        test(m, "exec-group-" NOBODY_GROUP_NAME ".service", 0, CLD_EXITED);
 }
 
 static void test_exec_supplementarygroups(Manager *m) {
@@ -504,20 +508,19 @@ static void test_exec_umask(Manager *m) {
 static void test_exec_runtimedirectory(Manager *m) {
         test(m, "exec-runtimedirectory.service", 0, CLD_EXITED);
         test(m, "exec-runtimedirectory-mode.service", 0, CLD_EXITED);
+        test(m, "exec-runtimedirectory-owner.service", 0, CLD_EXITED);
 
         if (!check_nobody_user_and_group()) {
-                log_error_errno(errno, "nobody user/group is not synthesized or may conflict to other entries, skipping %s", __func__);
+                log_error_errno(errno, "nobody user/group is not synthesized or may conflict to other entries, skipping remaining tests in %s", __func__);
+                return;
+        }
+
+        if (!STR_IN_SET(NOBODY_GROUP_NAME, "nobody", "nfsnobody", "nogroup")) {
+                log_error("Unsupported nobody group name '%s', skipping remaining tests in %s", NOBODY_GROUP_NAME, __func__);
                 return;
         }
 
-        if (streq(NOBODY_GROUP_NAME, "nobody"))
-                test(m, "exec-runtimedirectory-owner.service", 0, CLD_EXITED);
-        else if (streq(NOBODY_GROUP_NAME, "nfsnobody"))
-                test(m, "exec-runtimedirectory-owner-nfsnobody.service", 0, CLD_EXITED);
-        else if (streq(NOBODY_GROUP_NAME, "nogroup"))
-                test(m, "exec-runtimedirectory-owner-nogroup.service", 0, CLD_EXITED);
-        else
-                log_error("Unsupported nobody group name '%s', skipping %s", NOBODY_GROUP_NAME, __func__);
+        test(m, "exec-runtimedirectory-owner-" NOBODY_GROUP_NAME ".service", 0, CLD_EXITED);
 }
 
 static void test_exec_capabilityboundingset(Manager *m) {
@@ -548,19 +551,21 @@ static void test_exec_capabilityambientset(Manager *m) {
                 return;
         }
 
+        test(m, "exec-capabilityambientset.service", 0, CLD_EXITED);
+        test(m, "exec-capabilityambientset-merge.service", 0, CLD_EXITED);
+
         if (!check_nobody_user_and_group()) {
-                log_error_errno(errno, "nobody user/group is not synthesized or may conflict to other entries, skipping %s", __func__);
+                log_error_errno(errno, "nobody user/group is not synthesized or may conflict to other entries, skipping remaining tests in %s", __func__);
+                return;
+        }
+
+        if (!STR_IN_SET(NOBODY_USER_NAME, "nobody", "nfsnobody")) {
+                log_error("Unsupported nobody user name '%s', skipping remaining tests in %s", NOBODY_USER_NAME, __func__);
                 return;
         }
 
-        if (streq(NOBODY_USER_NAME, "nobody")) {
-                test(m, "exec-capabilityambientset.service", 0, CLD_EXITED);
-                test(m, "exec-capabilityambientset-merge.service", 0, CLD_EXITED);
-        } else if (streq(NOBODY_USER_NAME, "nfsnobody")) {
-                test(m, "exec-capabilityambientset-nfsnobody.service", 0, CLD_EXITED);
-                test(m, "exec-capabilityambientset-merge-nfsnobody.service", 0, CLD_EXITED);
-        } else
-                log_error("Unsupported nobody user name '%s', skipping %s", NOBODY_USER_NAME, __func__);
+        test(m, "exec-capabilityambientset-" NOBODY_USER_NAME ".service", 0, CLD_EXITED);
+        test(m, "exec-capabilityambientset-merge-" NOBODY_USER_NAME ".service", 0, CLD_EXITED);
 }
 
 static void test_exec_privatenetwork(Manager *m) {

diff --git a/test/meson.build b/test/meson.build
index 81591467bbcf61c4593c52fd6ae377ce17f99404..ac6a70d38d8a159619e959b43d8d092e404485a7 100644 (file)
--- a/test/meson.build
+++ b/test/meson.build
@@ -47,8 +47,10 @@ test_data_files = '''
         sysinit.target
         test-execute/exec-bindpaths.service
         test-execute/exec-capabilityambientset-merge-nfsnobody.service
+        test-execute/exec-capabilityambientset-merge-nobody.service
         test-execute/exec-capabilityambientset-merge.service
         test-execute/exec-capabilityambientset-nfsnobody.service
+        test-execute/exec-capabilityambientset-nobody.service
         test-execute/exec-capabilityambientset.service
         test-execute/exec-capabilityboundingset-invert.service
         test-execute/exec-capabilityboundingset-merge.service
@@ -68,6 +70,7 @@ test_data_files = '''
         test-execute/exec-environment.service
         test-execute/exec-environmentfile.service
         test-execute/exec-group-nfsnobody.service
+        test-execute/exec-group-nobody.service
         test-execute/exec-group-nogroup.service
         test-execute/exec-group.service
         test-execute/exec-ignoresigpipe-no.service
@@ -113,6 +116,7 @@ test_data_files = '''
         test-execute/exec-restrictnamespaces-yes.service
         test-execute/exec-runtimedirectory-mode.service
         test-execute/exec-runtimedirectory-owner-nfsnobody.service
+        test-execute/exec-runtimedirectory-owner-nobody.service
         test-execute/exec-runtimedirectory-owner-nogroup.service
         test-execute/exec-runtimedirectory-owner.service
         test-execute/exec-runtimedirectory.service
@@ -134,6 +138,7 @@ test_data_files = '''
         test-execute/exec-systemcallfilter-not-failing.service
         test-execute/exec-systemcallfilter-not-failing2.service
         test-execute/exec-systemcallfilter-system-user-nfsnobody.service
+        test-execute/exec-systemcallfilter-system-user-nobody.service
         test-execute/exec-systemcallfilter-system-user.service
         test-execute/exec-systemcallfilter-with-errno-name.service
         test-execute/exec-systemcallfilter-with-errno-number.service
@@ -145,6 +150,7 @@ test_data_files = '''
         test-execute/exec-umask-default.service
         test-execute/exec-unsetenvironment.service
         test-execute/exec-user-nfsnobody.service
+        test-execute/exec-user-nobody.service
         test-execute/exec-user.service
         test-execute/exec-workingdirectory.service
         test-path/basic.target

diff --git a/test/test-execute/exec-capabilityambientset-merge-nobody.service b/test/test-execute/exec-capabilityambientset-merge-nobody.service
new file mode 100644 (file)
index 0000000..6496438
--- /dev/null
+++ b/test/test-execute/exec-capabilityambientset-merge-nobody.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=Test for AmbientCapabilities
+
+[Service]
+ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000003000"'
+Type=oneshot
+User=nobody
+AmbientCapabilities=CAP_NET_ADMIN
+AmbientCapabilities=CAP_NET_RAW

diff --git a/test/test-execute/exec-capabilityambientset-merge.service b/test/test-execute/exec-capabilityambientset-merge.service
index 64964380e27ab704548516cf25976e8096a76471..22b4c6d49e691fa758668d21acb5232f75f90063 100644 (file)
--- a/test/test-execute/exec-capabilityambientset-merge.service
+++ b/test/test-execute/exec-capabilityambientset-merge.service
@@ -1,9 +1,9 @@
 [Unit]
-Description=Test for AmbientCapabilities
+Description=Test for AmbientCapabilities (daemon)
 
 [Service]
 ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000003000"'
 Type=oneshot
-User=nobody
+User=daemon
 AmbientCapabilities=CAP_NET_ADMIN
 AmbientCapabilities=CAP_NET_RAW

diff --git a/test/test-execute/exec-capabilityambientset-nobody.service b/test/test-execute/exec-capabilityambientset-nobody.service
new file mode 100644 (file)
index 0000000..d63f884
--- /dev/null
+++ b/test/test-execute/exec-capabilityambientset-nobody.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=Test for AmbientCapabilities
+
+[Service]
+ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000003000"'
+Type=oneshot
+User=nobody
+AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW

diff --git a/test/test-execute/exec-capabilityambientset.service b/test/test-execute/exec-capabilityambientset.service
index d63f884ef83615757f32db5600c1d6cec9143573..0a3cfa4bf6d071c877426e2c0d8fdf1f23db3721 100644 (file)
--- a/test/test-execute/exec-capabilityambientset.service
+++ b/test/test-execute/exec-capabilityambientset.service
@@ -1,8 +1,8 @@
 [Unit]
-Description=Test for AmbientCapabilities
+Description=Test for AmbientCapabilities (daemon)
 
 [Service]
 ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000003000"'
 Type=oneshot
-User=nobody
+User=daemon
 AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW

diff --git a/test/test-execute/exec-group-nobody.service b/test/test-execute/exec-group-nobody.service
new file mode 100644 (file)
index 0000000..be7c796
--- /dev/null
+++ b/test/test-execute/exec-group-nobody.service
@@ -0,0 +1,7 @@
+[Unit]
+Description=Test for Group
+
+[Service]
+ExecStart=/bin/sh -x -c 'test "$$(id -n -g)" = "nobody"'
+Type=oneshot
+Group=nobody

diff --git a/test/test-execute/exec-group.service b/test/test-execute/exec-group.service
index be7c7969127835ffab3854906d836fa0984b8211..be559923953a11a3f73ff82fdbe7dbe17620f2ac 100644 (file)
--- a/test/test-execute/exec-group.service
+++ b/test/test-execute/exec-group.service
@@ -1,7 +1,7 @@
 [Unit]
-Description=Test for Group
+Description=Test for Group (daemon)
 
 [Service]
-ExecStart=/bin/sh -x -c 'test "$$(id -n -g)" = "nobody"'
+ExecStart=/bin/sh -x -c 'test "$$(id -n -g)" = "daemon"'
 Type=oneshot
-Group=nobody
+Group=daemon

diff --git a/test/test-execute/exec-runtimedirectory-owner-nobody.service b/test/test-execute/exec-runtimedirectory-owner-nobody.service
new file mode 100644 (file)
index 0000000..54782f9
--- /dev/null
+++ b/test/test-execute/exec-runtimedirectory-owner-nobody.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=Test for RuntimeDirectory owner (must not be the default group of the user if Group is set)
+
+[Service]
+ExecStart=/bin/sh -x -c 'group=$$(stat -c %%G %t/test-exec_runtimedirectory-owner); test "$$group" = "nobody"'
+Type=oneshot
+Group=nobody
+User=root
+RuntimeDirectory=test-exec_runtimedirectory-owner

diff --git a/test/test-execute/exec-runtimedirectory-owner.service b/test/test-execute/exec-runtimedirectory-owner.service
index 54782f9bbddb2e7c93eb179f01e1ba0dcfe27084..07dd7ca3afce8f8aadb30a99ac63659ce7985d6d 100644 (file)
--- a/test/test-execute/exec-runtimedirectory-owner.service
+++ b/test/test-execute/exec-runtimedirectory-owner.service
@@ -2,8 +2,8 @@
 Description=Test for RuntimeDirectory owner (must not be the default group of the user if Group is set)
 
 [Service]
-ExecStart=/bin/sh -x -c 'group=$$(stat -c %%G %t/test-exec_runtimedirectory-owner); test "$$group" = "nobody"'
+ExecStart=/bin/sh -x -c 'group=$$(stat -c %%G %t/test-exec_runtimedirectory-owner-daemon); test "$$group" = "daemon"'
 Type=oneshot
-Group=nobody
+Group=daemon
 User=root
-RuntimeDirectory=test-exec_runtimedirectory-owner
+RuntimeDirectory=test-exec_runtimedirectory-owner-daemon

diff --git a/test/test-execute/exec-systemcallfilter-system-user-nobody.service b/test/test-execute/exec-systemcallfilter-system-user-nobody.service
new file mode 100644 (file)
index 0000000..da129a3
--- /dev/null
+++ b/test/test-execute/exec-systemcallfilter-system-user-nobody.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Test for SystemCallFilter in system mode with User set
+
+[Service]
+ExecStart=/bin/sh -c 'echo "Foo bar"'
+Type=oneshot
+User=nobody
+SystemCallFilter=~read write open execve ioperm
+SystemCallFilter=ioctl
+SystemCallFilter=read write open execve
+SystemCallFilter=~ioperm

diff --git a/test/test-execute/exec-systemcallfilter-system-user.service b/test/test-execute/exec-systemcallfilter-system-user.service
index da129a30e4dfda0587a96bfc76c19f58284291ed..488a3bb79e5d9d9b842cb141aa605280fb88ac37 100644 (file)
--- a/test/test-execute/exec-systemcallfilter-system-user.service
+++ b/test/test-execute/exec-systemcallfilter-system-user.service
@@ -1,10 +1,10 @@
 [Unit]
-Description=Test for SystemCallFilter in system mode with User set
+Description=Test for SystemCallFilter in system mode with User set (daemon)
 
 [Service]
 ExecStart=/bin/sh -c 'echo "Foo bar"'
 Type=oneshot
-User=nobody
+User=daemon
 SystemCallFilter=~read write open execve ioperm
 SystemCallFilter=ioctl
 SystemCallFilter=read write open execve

diff --git a/test/test-execute/exec-user-nobody.service b/test/test-execute/exec-user-nobody.service
new file mode 100644 (file)
index 0000000..0a00c1a
--- /dev/null
+++ b/test/test-execute/exec-user-nobody.service
@@ -0,0 +1,7 @@
+[Unit]
+Description=Test for User
+
+[Service]
+ExecStart=/bin/sh -x -c 'test "$$USER" = "nobody"'
+Type=oneshot
+User=nobody

diff --git a/test/test-execute/exec-user.service b/test/test-execute/exec-user.service
index 0a00c1abc4394713bd2c7ba780599fec30fb8fe2..d315a828d4df446c6725129f0b708aa8726cdb4b 100644 (file)
--- a/test/test-execute/exec-user.service
+++ b/test/test-execute/exec-user.service
@@ -1,7 +1,7 @@
 [Unit]
-Description=Test for User
+Description=Test for User (daemon)
 
 [Service]
-ExecStart=/bin/sh -x -c 'test "$$USER" = "nobody"'
+ExecStart=/bin/sh -x -c 'test "$$USER" = "daemon"'
 Type=oneshot
-User=nobody
+User=daemon