From: Yu Watanabe Date: Fri, 3 Mar 2023 17:43:02 +0000 (+0900) Subject: test-execute: add test for NetworkNamespacePath= X-Git-Tag: v254-rc1~1034^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=600ed5c24251367f5cfeaa5df22792c9c90e5cd6;p=thirdparty%2Fsystemd.git test-execute: add test for NetworkNamespacePath= Prompted by https://github.com/systemd/systemd/issues/26422#issuecomment-1435772839. --- diff --git a/src/test/test-execute.c b/src/test/test-execute.c index 7df3be4a7c0..641cc5c65a1 100644 --- a/src/test/test-execute.c +++ b/src/test/test-execute.c @@ -1065,6 +1065,19 @@ static void test_exec_privatenetwork(Manager *m) { test(m, "exec-privatenetwork-yes-privatemounts-yes.service", status, CLD_EXITED); } +static void test_exec_networknamespacepath(Manager *m) { + int r; + + r = find_executable("ip", NULL); + if (r < 0) { + log_notice_errno(r, "Skipping %s, could not find ip binary: %m", __func__); + return; + } + + test(m, "exec-networknamespacepath-privatemounts-no.service", MANAGER_IS_SYSTEM(m) ? EXIT_SUCCESS : EXIT_FAILURE, CLD_EXITED); + test(m, "exec-networknamespacepath-privatemounts-yes.service", can_unshare ? EXIT_SUCCESS : EXIT_FAILURE, CLD_EXITED); +} + static void test_exec_oomscoreadjust(Manager *m) { test(m, "exec-oomscoreadjust-positive.service", 0, CLD_EXITED); @@ -1168,6 +1181,7 @@ static void run_tests(LookupScope scope, char **patterns) { entry(test_exec_inaccessiblepaths), entry(test_exec_ioschedulingclass), entry(test_exec_mount_apivfs), + entry(test_exec_networknamespacepath), entry(test_exec_noexecpaths), entry(test_exec_oomscoreadjust), entry(test_exec_passenvironment), @@ -1378,11 +1392,16 @@ static int intro(void) { /* Create dummy network interface for testing PrivateNetwork=yes */ (void) system("ip link add dummy-test-exec type dummy"); + /* Create a network namespace and a dummy interface in it for NetworkNamespacePath= */ + (void) system("ip netns add test-execute-netns"); + (void) system("ip netns exec test-execute-netns ip link add dummy-test-ns type dummy"); + return EXIT_SUCCESS; } static int outro(void) { (void) system("ip link del dummy-test-exec"); + (void) system("ip netns del test-execute-netns"); (void) rmdir(PRIVATE_UNIT_DIR); return EXIT_SUCCESS; diff --git a/test/test-execute/exec-networknamespacepath-privatemounts-no.service b/test/test-execute/exec-networknamespacepath-privatemounts-no.service new file mode 100644 index 00000000000..49277e3d517 --- /dev/null +++ b/test/test-execute/exec-networknamespacepath-privatemounts-no.service @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +[Unit] +Description=Test for NetworkNamespacePath= without mount namespacing + +[Service] +ExecStart=/bin/sh -x -c '! ip link show dummy-test-exec' +ExecStart=/bin/sh -x -c 'test ! -e /proc/sys/net/ipv4/conf/dummy-test-exec' +# Without mount namespacing, we can access the dummy-test-exec interface through sysfs. +ExecStart=/bin/sh -x -c 'test -e /sys/class/net/dummy-test-exec' +ExecStart=/bin/sh -x -c 'ip link show dummy-test-ns' +ExecStart=/bin/sh -x -c 'test -e /proc/sys/net/ipv4/conf/dummy-test-ns' +# Without mount namespacing, we cannot access the dummy-test-ns interface through sysfs. +ExecStart=/bin/sh -x -c 'test ! -e /sys/class/net/dummy-test-ns' +Type=oneshot +NetworkNamespacePath=/run/netns/test-execute-netns +PrivateMounts=no diff --git a/test/test-execute/exec-networknamespacepath-privatemounts-yes.service b/test/test-execute/exec-networknamespacepath-privatemounts-yes.service new file mode 100644 index 00000000000..078fba8fa2f --- /dev/null +++ b/test/test-execute/exec-networknamespacepath-privatemounts-yes.service @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +[Unit] +Description=Test for NetworkNamespacePath= with mount namespacing + +[Service] +ExecStart=/bin/sh -x -c '! ip link show dummy-test-exec' +ExecStart=/bin/sh -x -c 'test ! -e /proc/sys/net/ipv4/conf/dummy-test-exec' +# With mount namespacing, we cannot access the dummy-test-exec interface through sysfs. +ExecStart=/bin/sh -x -c 'test ! -e /sys/class/net/dummy-test-exec' +ExecStart=/bin/sh -x -c 'ip link show dummy-test-ns' +ExecStart=/bin/sh -x -c 'test -e /proc/sys/net/ipv4/conf/dummy-test-ns' +# With mount namespacing, we can access the dummy-test-ns interface through sysfs. +ExecStart=/bin/sh -x -c 'test -e /sys/class/net/dummy-test-ns' +Type=oneshot +NetworkNamespacePath=/run/netns/test-execute-netns +# NetworkNamespacePath= implies PrivateMounts=yes