From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 17 Feb 2023 05:26:29 +0000 (+0900)
Subject: test-execute: add test for PrivateNetwork= with/without mount namespacing
X-Git-Tag: v254-rc1~1179^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=752e92615d5071a2bbc967fc3945587c3538bfc7;p=thirdparty%2Fsystemd.git

test-execute: add test for PrivateNetwork= with/without mount namespacing
---

diff --git a/src/test/test-execute.c b/src/test/test-execute.c
index 7363ea95db1..7df3be4a7c0 100644
--- a/src/test/test-execute.c
+++ b/src/test/test-execute.c
@@ -1052,7 +1052,7 @@ static void test_exec_ambientcapabilities(Manager *m) {
 }
 
 static void test_exec_privatenetwork(Manager *m) {
-        int r;
+        int r, status;
 
         r = find_executable("ip", NULL);
         if (r < 0) {
@@ -1060,7 +1060,9 @@ static void test_exec_privatenetwork(Manager *m) {
                 return;
         }
 
-        test(m, "exec-privatenetwork-yes.service", can_unshare ? 0 : MANAGER_IS_SYSTEM(m) ? EXIT_NETWORK : EXIT_FAILURE, CLD_EXITED);
+        status = can_unshare ? 0 : MANAGER_IS_SYSTEM(m) ? EXIT_NETWORK : EXIT_FAILURE;
+        test(m, "exec-privatenetwork-yes-privatemounts-no.service", status, CLD_EXITED);
+        test(m, "exec-privatenetwork-yes-privatemounts-yes.service", status, CLD_EXITED);
 }
 
 static void test_exec_oomscoreadjust(Manager *m) {
diff --git a/test/test-execute/exec-privatenetwork-yes.service b/test/test-execute/exec-privatenetwork-yes-privatemounts-no.service
similarity index 51%
rename from test/test-execute/exec-privatenetwork-yes.service
rename to test/test-execute/exec-privatenetwork-yes-privatemounts-no.service
index 360099d337b..7fbd0ff023d 100644
--- a/test/test-execute/exec-privatenetwork-yes.service
+++ b/test/test-execute/exec-privatenetwork-yes-privatemounts-no.service
@@ -1,9 +1,13 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later
 [Unit]
-Description=Test for PrivateNetwork
+Description=Test for PrivateNetwork= without mount namespacing
 
 [Service]
 ExecStart=/bin/sh -x -c '! ip link | grep -E "^[0-9]+: " | grep -Ev ": (lo|(erspan|gre|gretap|ip_vti|ip6_vti|ip6gre|ip6tnl|sit|tunl)0@.*):"'
 ExecStart=/bin/sh -x -c '! ip link | grep -E "^[0-9]+: " | grep -F ": dummy-test-exec:"'
+ExecStart=/bin/sh -x -c 'test ! -e /proc/sys/net/ipv4/conf/dummy-test-exec'
+# Without mount namespacing, we can access the dummy-test-exec interface through sysfs
+ExecStart=/bin/sh -x -c 'test -d /sys/class/net/dummy-test-exec'
 Type=oneshot
 PrivateNetwork=yes
+PrivateMounts=no
diff --git a/test/test-execute/exec-privatenetwork-yes-privatemounts-yes.service b/test/test-execute/exec-privatenetwork-yes-privatemounts-yes.service
new file mode 100644
index 00000000000..eda48499fb5
--- /dev/null
+++ b/test/test-execute/exec-privatenetwork-yes-privatemounts-yes.service
@@ -0,0 +1,13 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+[Unit]
+Description=Test for PrivateNetwork= with mount namespacing
+
+[Service]
+ExecStart=/bin/sh -x -c '! ip link | grep -E "^[0-9]+: " | grep -Ev ": (lo|(erspan|gre|gretap|ip_vti|ip6_vti|ip6gre|ip6tnl|sit|tunl)0@.*):"'
+ExecStart=/bin/sh -x -c '! ip link | grep -E "^[0-9]+: " | grep -F ": dummy-test-exec:"'
+ExecStart=/bin/sh -x -c 'test ! -e /proc/sys/net/ipv4/conf/dummy-test-exec'
+# With mount namespacing, we cannot access the dummy-test-exec interface through sysfs.
+ExecStart=/bin/sh -x -c 'test ! -e /sys/class/net/dummy-test-exec'
+Type=oneshot
+PrivateNetwork=yes
+# PrivateNetwork=yes implies PrivateMounts=yes