1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-22 13:33:56 +03:00

test: add tests for merging RestrictNamespaces=

This commit is contained in:
Yu Watanabe 2018-04-27 10:48:43 +09:00
parent aa9d574de9
commit 1dcf96c29f
5 changed files with 32 additions and 0 deletions

View File

@ -358,6 +358,9 @@ static void test_exec_restrictnamespaces(Manager *m) {
test(m, "exec-restrictnamespaces-yes.service", 1, CLD_EXITED);
test(m, "exec-restrictnamespaces-mnt.service", 0, CLD_EXITED);
test(m, "exec-restrictnamespaces-mnt-blacklist.service", 1, CLD_EXITED);
test(m, "exec-restrictnamespaces-merge-and.service", 0, CLD_EXITED);
test(m, "exec-restrictnamespaces-merge-or.service", 0, CLD_EXITED);
test(m, "exec-restrictnamespaces-merge-all.service", 0, CLD_EXITED);
#endif
}

View File

@ -99,6 +99,9 @@ test_data_files = '''
test-execute/exec-readonlypaths-with-bindpaths.service
test-execute/exec-readonlypaths.service
test-execute/exec-readwritepaths-mount-propagation.service
test-execute/exec-restrictnamespaces-merge-all.service
test-execute/exec-restrictnamespaces-merge-and.service
test-execute/exec-restrictnamespaces-merge-or.service
test-execute/exec-restrictnamespaces-mnt-blacklist.service
test-execute/exec-restrictnamespaces-mnt.service
test-execute/exec-restrictnamespaces-no.service

View File

@ -0,0 +1,8 @@
[Unit]
Description=Test merging RestrictNamespaces= with all flags
[Service]
RestrictNamespaces=mnt pid cgroup net uts ipc user
RestrictNamespaces=net
ExecStart=unshare -m -u -i -n -p -f
Type=oneshot

View File

@ -0,0 +1,9 @@
[Unit]
Description=Test merging RestrictNamespaces= with AND
[Service]
RestrictNamespaces=mnt pid
RestrictNamespaces=~mnt usr
ExecStart=unshare -p -f
ExecStart=sh -c '! unshare -m -u -i -n'
Type=oneshot

View File

@ -0,0 +1,9 @@
[Unit]
Description=Test merging RestrictNamespaces= with OR
[Service]
RestrictNamespaces=mnt pid
RestrictNamespaces=mnt uts
ExecStart=unshare -m -u -p -f
ExecStart=sh -c '! unshare -u -i -n'
Type=oneshot