]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
projects / thirdparty / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 08bf703)
test: Add failing/non-failing syscall filter test setting architecture
authorBenjamin Berg <bberg@redhat.com>
Fri, 24 Sep 2021 11:35:34 +0000 (13:35 +0200)
committerYu Watanabe <watanabe.yu+github@gmail.com>
Wed, 29 Sep 2021 23:06:25 +0000 (08:06 +0900)
This adds a high level test verifying that syscall filtering in
combination with a simple architecture filter for the "native"
architecture works fine.

src/test/test-execute.c patch | blob | blame | history
test/test-execute/exec-systemcallfilter-failing3.service [new file with mode: 0644] patch | blob
test/test-execute/exec-systemcallfilter-not-failing3.service [new file with mode: 0644] patch | blob

diff --git a/src/test/test-execute.c b/src/test/test-execute.c
index 99beb05d29dbab015ba572c47a44f7b6adb46575..98989f405a8dd2f0704f8ef3c891f289280d671c 100644 (file)
--- a/src/test/test-execute.c
+++ b/src/test/test-execute.c
@@ -713,8 +713,10 @@ static void test_exec_systemcallfilter(Manager *m) {
 
         test(m, "exec-systemcallfilter-not-failing.service", 0, CLD_EXITED);
         test(m, "exec-systemcallfilter-not-failing2.service", 0, CLD_EXITED);
+        test(m, "exec-systemcallfilter-not-failing3.service", 0, CLD_EXITED);
         test(m, "exec-systemcallfilter-failing.service", SIGSYS, CLD_KILLED);
         test(m, "exec-systemcallfilter-failing2.service", SIGSYS, CLD_KILLED);
+        test(m, "exec-systemcallfilter-failing3.service", SIGSYS, CLD_KILLED);
 
         r = find_executable("python3", NULL);
         if (r < 0) {
diff --git a/test/test-execute/exec-systemcallfilter-failing3.service b/test/test-execute/exec-systemcallfilter-failing3.service
new file mode 100644 (file)
index 0000000..b8c9670
--- /dev/null
+++ b/test/test-execute/exec-systemcallfilter-failing3.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=Test for SystemCallFilter
+
+[Service]
+ExecStart=/bin/sh -c '/bin/echo "This should not be seen"'
+Type=oneshot
+LimitCORE=0
+SystemCallArchitectures=native
+SystemCallFilter=~write open execve fexecve execveat exit_group close mmap munmap fstat DONOTEXIST
diff --git a/test/test-execute/exec-systemcallfilter-not-failing3.service b/test/test-execute/exec-systemcallfilter-not-failing3.service
new file mode 100644 (file)
index 0000000..7d72f5a
--- /dev/null
+++ b/test/test-execute/exec-systemcallfilter-not-failing3.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=Test for SystemCallFilter
+
+[Service]
+ExecStart=/bin/sh -c 'echo "Foo bar"'
+Type=oneshot
+SystemCallArchitectures=native
+SystemCallFilter=
Unnamed repository; edit this file 'description' to name the repository.