test-execute: add test for PrivateNetwork= with/without mount namespacing

diff --git a/src/test/test-execute.c b/src/test/test-execute.c
index 7363ea95db11557d3c3dea904bdc6c8e48c557b7..7df3be4a7c026066f045c2fcb8b4001273d289ed 100644 (file)
--- a/src/test/test-execute.c
+++ b/src/test/test-execute.c
@@ -1052,7 +1052,7 @@ static void test_exec_ambientcapabilities(Manager *m) {
 }
 
 static void test_exec_privatenetwork(Manager *m) {
-        int r;
+        int r, status;
 
         r = find_executable("ip", NULL);
         if (r < 0) {
@@ -1060,7 +1060,9 @@ static void test_exec_privatenetwork(Manager *m) {
                 return;
         }
 
-        test(m, "exec-privatenetwork-yes.service", can_unshare ? 0 : MANAGER_IS_SYSTEM(m) ? EXIT_NETWORK : EXIT_FAILURE, CLD_EXITED);
+        status = can_unshare ? 0 : MANAGER_IS_SYSTEM(m) ? EXIT_NETWORK : EXIT_FAILURE;
+        test(m, "exec-privatenetwork-yes-privatemounts-no.service", status, CLD_EXITED);
+        test(m, "exec-privatenetwork-yes-privatemounts-yes.service", status, CLD_EXITED);
 }
 
 static void test_exec_oomscoreadjust(Manager *m) {

diff --git a/test/test-execute/exec-privatenetwork-yes.service b/test/test-execute/exec-privatenetwork-yes-privatemounts-no.service
similarity index 51%
rename from test/test-execute/exec-privatenetwork-yes.service
rename to test/test-execute/exec-privatenetwork-yes-privatemounts-no.service
index 360099d337b5e233e0729586e114a36b1130755e..7fbd0ff023db59340b7a87b324afc43f5df94fc3 100644 (file)
--- a/test/test-execute/exec-privatenetwork-yes.service
+++ b/test/test-execute/exec-privatenetwork-yes-privatemounts-no.service
@@ -1,9 +1,13 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later
 [Unit]
-Description=Test for PrivateNetwork
+Description=Test for PrivateNetwork= without mount namespacing
 
 [Service]
 ExecStart=/bin/sh -x -c '! ip link | grep -E "^[0-9]+: " | grep -Ev ": (lo|(erspan|gre|gretap|ip_vti|ip6_vti|ip6gre|ip6tnl|sit|tunl)0@.*):"'
 ExecStart=/bin/sh -x -c '! ip link | grep -E "^[0-9]+: " | grep -F ": dummy-test-exec:"'
+ExecStart=/bin/sh -x -c 'test ! -e /proc/sys/net/ipv4/conf/dummy-test-exec'
+# Without mount namespacing, we can access the dummy-test-exec interface through sysfs
+ExecStart=/bin/sh -x -c 'test -d /sys/class/net/dummy-test-exec'
 Type=oneshot
 PrivateNetwork=yes
+PrivateMounts=no

diff --git a/test/test-execute/exec-privatenetwork-yes-privatemounts-yes.service b/test/test-execute/exec-privatenetwork-yes-privatemounts-yes.service
new file mode 100644 (file)
index 0000000..eda4849
--- /dev/null
+++ b/test/test-execute/exec-privatenetwork-yes-privatemounts-yes.service
@@ -0,0 +1,13 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+[Unit]
+Description=Test for PrivateNetwork= with mount namespacing
+
+[Service]
+ExecStart=/bin/sh -x -c '! ip link | grep -E "^[0-9]+: " | grep -Ev ": (lo|(erspan|gre|gretap|ip_vti|ip6_vti|ip6gre|ip6tnl|sit|tunl)0@.*):"'
+ExecStart=/bin/sh -x -c '! ip link | grep -E "^[0-9]+: " | grep -F ": dummy-test-exec:"'
+ExecStart=/bin/sh -x -c 'test ! -e /proc/sys/net/ipv4/conf/dummy-test-exec'
+# With mount namespacing, we cannot access the dummy-test-exec interface through sysfs.
+ExecStart=/bin/sh -x -c 'test ! -e /sys/class/net/dummy-test-exec'
+Type=oneshot
+PrivateNetwork=yes
+# PrivateNetwork=yes implies PrivateMounts=yes