From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Thu, 16 Oct 2025 11:58:06 +0000 (+0100)
Subject: test: add coverage for RootImage= in user units
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1ebbb0b0f4a243990bfd98d593fa03ddda1fd523;p=thirdparty%2Fsystemd.git

test: add coverage for RootImage= in user units

Follow-up for 046a1487db00ca1a98b8cc3f5bcecb8b1f1a214b
---

diff --git a/test/units/TEST-50-DISSECT.mountfsd.sh b/test/units/TEST-50-DISSECT.mountfsd.sh
index d2ce67714ad..52fa94ecc5b 100755
--- a/test/units/TEST-50-DISSECT.mountfsd.sh
+++ b/test/units/TEST-50-DISSECT.mountfsd.sh
@@ -67,6 +67,14 @@ systemd-dissect --image-policy='root=verity+signed:=absent+unused' --mtree /var/
 # This should fail before we install the key
 (! systemd-dissect --image-policy='root=signed:=absent+unused' --mtree /var/tmp/unpriv.raw >/dev/null)
 
+# If the kernel support is present unprivileged user units should be able to use verity images too
+if [ "$VERITY_SIG_SUPPORTED" -eq 1 ]; then
+    systemd-run -M testuser@ --user --pipe --wait \
+        --property PrivateUsers=yes \
+        --property RootImage="$MINIMAL_IMAGE.gpt" \
+        test -e "/dev/mapper/${MINIMAL_IMAGE_ROOTHASH}-verity"
+fi
+
 # Install key in keychain
 mkdir -p /run/verity.d
 cp /tmp/test-50-unpriv-cert.crt /run/verity.d/