From: Yu Watanabe Date: Tue, 20 Feb 2018 07:50:12 +0000 (+0900) Subject: test: add tests for TemporaryFileSystem= X-Git-Tag: v238~79^2~3 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4cac89bd7c449dad262e4b306b76611b80fb51cc;p=thirdparty%2Fsystemd.git test: add tests for TemporaryFileSystem= --- diff --git a/src/test/test-execute.c b/src/test/test-execute.c index fba798e22b0..f2223e1d3ab 100644 --- a/src/test/test-execute.c +++ b/src/test/test-execute.c @@ -276,6 +276,14 @@ static void test_exec_inaccessiblepaths(Manager *m) { test(m, "exec-inaccessiblepaths-mount-propagation.service", 0, CLD_EXITED); } +static void test_exec_temporaryfilesystem(Manager *m) { + + test(m, "exec-temporaryfilesystem-options.service", 0, CLD_EXITED); + test(m, "exec-temporaryfilesystem-ro.service", 0, CLD_EXITED); + test(m, "exec-temporaryfilesystem-rw.service", 0, CLD_EXITED); + test(m, "exec-temporaryfilesystem-usr.service", 0, CLD_EXITED); +} + static void test_exec_systemcallfilter(Manager *m) { #if HAVE_SECCOMP if (!is_seccomp_available()) { @@ -569,6 +577,7 @@ int main(int argc, char *argv[]) { test_exec_supplementarygroups, test_exec_systemcallerrornumber, test_exec_systemcallfilter, + test_exec_temporaryfilesystem, test_exec_umask, test_exec_unsetenvironment, test_exec_user, diff --git a/test/meson.build b/test/meson.build index 4667628b24a..060e7ee73d3 100644 --- a/test/meson.build +++ b/test/meson.build @@ -136,6 +136,10 @@ test_data_files = ''' test-execute/exec-systemcallfilter-system-user.service test-execute/exec-systemcallfilter-with-errno-name.service test-execute/exec-systemcallfilter-with-errno-number.service + test-execute/exec-temporaryfilesystem-options.service + test-execute/exec-temporaryfilesystem-ro.service + test-execute/exec-temporaryfilesystem-rw.service + test-execute/exec-temporaryfilesystem-usr.service test-execute/exec-umask-0177.service test-execute/exec-umask-default.service test-execute/exec-unsetenvironment.service diff --git a/test/test-execute/exec-temporaryfilesystem-options.service b/test/test-execute/exec-temporaryfilesystem-options.service new file mode 100644 index 00000000000..1d5d76c81c4 --- /dev/null +++ b/test/test-execute/exec-temporaryfilesystem-options.service @@ -0,0 +1,11 @@ +[Unit] +Description=Test for TemporaryFileSystem with mount options + +[Service] +Type=oneshot + +# Check /proc/self/mountinfo +ExecStart=/bin/sh -c 'test $$(awk \'$$5 == "/var" { print $$6 }\' /proc/self/mountinfo) = "ro,nodev,relatime"' +ExecStart=/bin/sh -c 'test $$(awk \'$$5 == "/var" { print $$11 }\' /proc/self/mountinfo) = "ro,mode=700"' + +TemporaryFileSystem=/var:ro,mode=0700,nostrictatime diff --git a/test/test-execute/exec-temporaryfilesystem-ro.service b/test/test-execute/exec-temporaryfilesystem-ro.service new file mode 100644 index 00000000000..c0e3721a01f --- /dev/null +++ b/test/test-execute/exec-temporaryfilesystem-ro.service @@ -0,0 +1,33 @@ +[Unit] +Description=Test for TemporaryFileSystem with read-only mode + +[Service] +Type=oneshot + +# Check directories exist +ExecStart=/bin/sh -c 'test -d /var/test-exec-temporaryfilesystem/rw && test -d /var/test-exec-temporaryfilesystem/ro' + +# Check TemporaryFileSystem= are empty +ExecStart=/bin/sh -c 'for i in $$(ls -A /var); do test $$i = test-exec-temporaryfilesystem || false; done' + +# Cannot create a file in /var +ExecStart=/bin/sh -c '! touch /var/hoge' + +# Create a file in /var/test-exec-temporaryfilesystem/rw +ExecStart=/bin/sh -c 'touch /var/test-exec-temporaryfilesystem/rw/thisisasimpletest-temporaryfilesystem' + +# Then, the file can be access through /tmp +ExecStart=/bin/sh -c 'test -f /tmp/thisisasimpletest-temporaryfilesystem' + +# Also, through /var/test-exec-temporaryfilesystem/ro +ExecStart=/bin/sh -c 'test -f /var/test-exec-temporaryfilesystem/ro/thisisasimpletest-temporaryfilesystem' + +# The file cannot modify through /var/test-exec-temporaryfilesystem/ro +ExecStart=/bin/sh -c '! touch /var/test-exec-temporaryfilesystem/ro/thisisasimpletest-temporaryfilesystem' + +# Cleanup +ExecStart=/bin/sh -c 'rm /tmp/thisisasimpletest-temporaryfilesystem' + +TemporaryFileSystem=/var:ro +BindPaths=/tmp:/var/test-exec-temporaryfilesystem/rw +BindReadOnlyPaths=/tmp:/var/test-exec-temporaryfilesystem/ro diff --git a/test/test-execute/exec-temporaryfilesystem-rw.service b/test/test-execute/exec-temporaryfilesystem-rw.service new file mode 100644 index 00000000000..fc02ceab1ca --- /dev/null +++ b/test/test-execute/exec-temporaryfilesystem-rw.service @@ -0,0 +1,33 @@ +[Unit] +Description=Test for TemporaryFileSystem + +[Service] +Type=oneshot + +# Check directories exist +ExecStart=/bin/sh -c 'test -d /var/test-exec-temporaryfilesystem/rw && test -d /var/test-exec-temporaryfilesystem/ro' + +# Check TemporaryFileSystem= are empty +ExecStart=/bin/sh -c 'for i in $$(ls -A /var); do test $$i = test-exec-temporaryfilesystem || false; done' + +# Create a file in /var +ExecStart=/bin/sh -c 'touch /var/hoge' + +# Create a file in /var/test-exec-temporaryfilesystem/rw +ExecStart=/bin/sh -c 'touch /var/test-exec-temporaryfilesystem/rw/thisisasimpletest-temporaryfilesystem' + +# Then, the file can be access through /tmp +ExecStart=/bin/sh -c 'test -f /tmp/thisisasimpletest-temporaryfilesystem' + +# Also, through /var/test-exec-temporaryfilesystem/ro +ExecStart=/bin/sh -c 'test -f /var/test-exec-temporaryfilesystem/ro/thisisasimpletest-temporaryfilesystem' + +# The file cannot modify through /var/test-exec-temporaryfilesystem/ro +ExecStart=/bin/sh -c '! touch /var/test-exec-temporaryfilesystem/ro/thisisasimpletest-temporaryfilesystem' + +# Cleanup +ExecStart=/bin/sh -c 'rm /tmp/thisisasimpletest-temporaryfilesystem' + +TemporaryFileSystem=/var +BindPaths=/tmp:/var/test-exec-temporaryfilesystem/rw +BindReadOnlyPaths=/tmp:/var/test-exec-temporaryfilesystem/ro diff --git a/test/test-execute/exec-temporaryfilesystem-usr.service b/test/test-execute/exec-temporaryfilesystem-usr.service new file mode 100644 index 00000000000..05c1ec0694c --- /dev/null +++ b/test/test-execute/exec-temporaryfilesystem-usr.service @@ -0,0 +1,15 @@ +[Unit] +Description=Test for TemporaryFileSystem on /usr + +[Service] +Type=oneshot + +# Check TemporaryFileSystem= are empty +ExecStart=/bin/sh -c 'for i in $$(ls -A /usr); do test $$i = lib -o $$i = lib64 -o $$i = bin -o $$i = sbin || false; done' + +# Cannot create files under /usr +ExecStart=/bin/sh -c '! touch /usr/hoge' +ExecStart=/bin/sh -c '! touch /usr/bin/hoge' + +TemporaryFileSystem=/usr:ro +BindReadOnlyPaths=-/usr/lib -/usr/lib64 /usr/bin /usr/sbin