test: add test case for PrivateDevices=y and Group=daemon

author Anita Zhang <the.anitazha@gmail.com>

Wed, 20 Nov 2019 01:25:23 +0000 (17:25 -0800)

committer Anita Zhang <the.anitazha@gmail.com>

Wed, 18 Dec 2019 19:09:30 +0000 (11:09 -0800)
author Anita Zhang <the.anitazha@gmail.com>
Wed, 20 Nov 2019 01:25:23 +0000 (17:25 -0800)
committer Anita Zhang <the.anitazha@gmail.com>
Wed, 18 Dec 2019 19:09:30 +0000 (11:09 -0800)
diff --git a/src/test/test-execute.c b/src/test/test-execute.c

index 9d6aeed776fe33ed5a45f5d059880304b638c549..b3f8cc84345da32dbcb2967ed3902bdc4c3fd825 100644 (file)
--- a/src/test/test-execute.c
+++ b/src/test/test-execute.c
@@ -313,6 +313,7 @@ static void test_exec_privatedevices(Manager *m) {
          test(__func__, m, "exec-privatedevices-yes.service", can_unshare ? 0 : EXIT_FAILURE, CLD_EXITED);
          test(__func__, m, "exec-privatedevices-no.service", 0, CLD_EXITED);
          test(__func__, m, "exec-privatedevices-disabled-by-prefix.service", can_unshare ? 0 : EXIT_FAILURE, CLD_EXITED);
+        test(__func__, m, "exec-privatedevices-yes-with-group.service", can_unshare ? 0 : EXIT_FAILURE, CLD_EXITED);
  
          /* We use capsh to test if the capabilities are
           * properly set, so be sure that it exists */
diff --git a/test/meson.build b/test/meson.build

index eeb3c5f8f0bc45028af3ddce27b1de31e723c84c..237b4db12c9771271dc720ed34a276e812734574 100644 (file)
--- a/test/meson.build
+++ b/test/meson.build
@@ -102,6 +102,7 @@ test_data_files = '''
          test-execute/exec-privatedevices-no-capability-mknod.service
          test-execute/exec-privatedevices-no-capability-sys-rawio.service
          test-execute/exec-privatedevices-no.service
+        test-execute/exec-privatedevices-yes-with-group.service
          test-execute/exec-privatedevices-yes-capability-mknod.service
          test-execute/exec-privatedevices-yes-capability-sys-rawio.service
          test-execute/exec-privatedevices-yes.service
diff --git a/test/test-execute/exec-privatedevices-yes-with-group.service b/test/test-execute/exec-privatedevices-yes-with-group.service

new file mode 100644 (file)

index 0000000..70a7ed2
--- /dev/null
+++ b/test/test-execute/exec-privatedevices-yes-with-group.service
@@ -0,0 +1,16 @@
+[Unit]
+Description=Test Group=group is applied after PrivateDevices=yes
+
+[Service]
+PrivateDevices=yes
+Group=daemon
+Type=oneshot
+
+# Check the group applied
+ExecStart=/bin/sh -x -c 'test "$$(id -n -g)" = "daemon"'
+
+# Check that the namespace applied
+ExecStart=/bin/sh -c 'test ! -c /dev/kmsg'
+
+# Check that the owning group of a node is not daemon (should be the host root)
+ExecStart=/bin/sh -x -c 'test ! "$$(stat -c %%G /dev/stderr)" = "daemon"'
author	Anita Zhang <the.anitazha@gmail.com>
	Wed, 20 Nov 2019 01:25:23 +0000 (17:25 -0800)
committer	Anita Zhang <the.anitazha@gmail.com>
	Wed, 18 Dec 2019 19:09:30 +0000 (11:09 -0800)
src/test/test-execute.c		patch \| blob \| blame \| history
test/meson.build		patch \| blob \| blame \| history
test/test-execute/exec-privatedevices-yes-with-group.service	[new file with mode: 0644]	patch \| blob