test: add a testcase for ProtectHome=tmpfs vs ProtectSystem=strict

author Yu Watanabe <watanabe.yu+github@gmail.com>

Fri, 28 Dec 2018 07:30:21 +0000 (16:30 +0900)

committer Yu Watanabe <watanabe.yu+github@gmail.com>

Wed, 13 Mar 2019 02:53:59 +0000 (11:53 +0900)
author Yu Watanabe <watanabe.yu+github@gmail.com>
Fri, 28 Dec 2018 07:30:21 +0000 (16:30 +0900)
committer Yu Watanabe <watanabe.yu+github@gmail.com>
Wed, 13 Mar 2019 02:53:59 +0000 (11:53 +0900)
diff --git a/src/test/test-execute.c b/src/test/test-execute.c

index b34b207a40824740f6cf79da52611bd30209dc56..e5880baec62dfd09a9b8ce7c384e7f3c680a3688 100644 (file)
--- a/src/test/test-execute.c
+++ b/src/test/test-execute.c
@@ -269,6 +269,10 @@ static void test_exec_privatedevices(Manager *m) {
          test(m, "exec-privatedevices-no-capability-sys-rawio.service", 0, CLD_EXITED);
  }
  
+static void test_exec_protecthome(Manager *m) {
+        test(m, "exec-protecthome-tmpfs-vs-protectsystem-strict.service", can_unshare ? 0 : EXIT_FAILURE, CLD_EXITED);
+}
+
  static void test_exec_protectkernelmodules(Manager *m) {
          int r;
  
@@ -732,6 +736,7 @@ int main(int argc, char *argv[]) {
                  test_exec_privatedevices,
                  test_exec_privatenetwork,
                  test_exec_privatetmp,
+                test_exec_protecthome,
                  test_exec_protectkernelmodules,
                  test_exec_readonlypaths,
                  test_exec_readwritepaths,
diff --git a/test/meson.build b/test/meson.build

index 796ad063c026a3665c443e848817af8620379127..870f8bc6a74b53ba0b1ccf8ea5daf5f8cec7d8f9 100644 (file)
--- a/test/meson.build
+++ b/test/meson.build
@@ -94,6 +94,7 @@ test_data_files = '''
          test-execute/exec-privatenetwork-yes.service
          test-execute/exec-privatetmp-no.service
          test-execute/exec-privatetmp-yes.service
+        test-execute/exec-protecthome-tmpfs-vs-protectsystem-strict.service
          test-execute/exec-protectkernelmodules-no-capabilities.service
          test-execute/exec-protectkernelmodules-yes-capabilities.service
          test-execute/exec-protectkernelmodules-yes-mount-propagation.service
diff --git a/test/test-execute/exec-protecthome-tmpfs-vs-protectsystem-strict.service b/test/test-execute/exec-protecthome-tmpfs-vs-protectsystem-strict.service

new file mode 100644 (file)

index 0000000..1522ff8
--- /dev/null
+++ b/test/test-execute/exec-protecthome-tmpfs-vs-protectsystem-strict.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=Test ProtectHome=tmpfs vs ProtectSystem=strict
+# Test for #11276
+
+[Service]
+ProtectHome=tmpfs
+ProtectSystem=strict
+Type=oneshot
+ExecStart=/bin/sh -x -c 'test "$$(stat -fc %%T /home)" = "tmpfs"'
author	Yu Watanabe <watanabe.yu+github@gmail.com>
	Fri, 28 Dec 2018 07:30:21 +0000 (16:30 +0900)
committer	Yu Watanabe <watanabe.yu+github@gmail.com>
	Wed, 13 Mar 2019 02:53:59 +0000 (11:53 +0900)
src/test/test-execute.c		patch \| blob \| blame \| history
test/meson.build		patch \| blob \| blame \| history
test/test-execute/exec-protecthome-tmpfs-vs-protectsystem-strict.service	[new file with mode: 0644]	patch \| blob