From: Benjamin Berg <bberg@redhat.com>
Date: Fri, 24 Sep 2021 11:35:34 +0000 (+0200)
Subject: test: Add failing/non-failing syscall filter test setting architecture
X-Git-Tag: v250-rc1~581^2~1
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e975a94559900f47a3a5cc333682992616877a67;p=thirdparty%2Fsystemd.git

test: Add failing/non-failing syscall filter test setting architecture

This adds a high level test verifying that syscall filtering in
combination with a simple architecture filter for the "native"
architecture works fine.
---

diff --git a/src/test/test-execute.c b/src/test/test-execute.c
index 99beb05d29d..98989f405a8 100644
--- a/src/test/test-execute.c
+++ b/src/test/test-execute.c
@@ -713,8 +713,10 @@ static void test_exec_systemcallfilter(Manager *m) {
 
         test(m, "exec-systemcallfilter-not-failing.service", 0, CLD_EXITED);
         test(m, "exec-systemcallfilter-not-failing2.service", 0, CLD_EXITED);
+        test(m, "exec-systemcallfilter-not-failing3.service", 0, CLD_EXITED);
         test(m, "exec-systemcallfilter-failing.service", SIGSYS, CLD_KILLED);
         test(m, "exec-systemcallfilter-failing2.service", SIGSYS, CLD_KILLED);
+        test(m, "exec-systemcallfilter-failing3.service", SIGSYS, CLD_KILLED);
 
         r = find_executable("python3", NULL);
         if (r < 0) {
diff --git a/test/test-execute/exec-systemcallfilter-failing3.service b/test/test-execute/exec-systemcallfilter-failing3.service
new file mode 100644
index 00000000000..b8c96704d23
--- /dev/null
+++ b/test/test-execute/exec-systemcallfilter-failing3.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=Test for SystemCallFilter
+
+[Service]
+ExecStart=/bin/sh -c '/bin/echo "This should not be seen"'
+Type=oneshot
+LimitCORE=0
+SystemCallArchitectures=native
+SystemCallFilter=~write open execve fexecve execveat exit_group close mmap munmap fstat DONOTEXIST
diff --git a/test/test-execute/exec-systemcallfilter-not-failing3.service b/test/test-execute/exec-systemcallfilter-not-failing3.service
new file mode 100644
index 00000000000..7d72f5ab836
--- /dev/null
+++ b/test/test-execute/exec-systemcallfilter-not-failing3.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=Test for SystemCallFilter
+
+[Service]
+ExecStart=/bin/sh -c 'echo "Foo bar"'
+Type=oneshot
+SystemCallArchitectures=native
+SystemCallFilter=