mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-12-22 13:33:56 +03:00
test: add tests for merging RestrictNamespaces=
This commit is contained in:
parent
aa9d574de9
commit
1dcf96c29f
@ -358,6 +358,9 @@ static void test_exec_restrictnamespaces(Manager *m) {
|
||||
test(m, "exec-restrictnamespaces-yes.service", 1, CLD_EXITED);
|
||||
test(m, "exec-restrictnamespaces-mnt.service", 0, CLD_EXITED);
|
||||
test(m, "exec-restrictnamespaces-mnt-blacklist.service", 1, CLD_EXITED);
|
||||
test(m, "exec-restrictnamespaces-merge-and.service", 0, CLD_EXITED);
|
||||
test(m, "exec-restrictnamespaces-merge-or.service", 0, CLD_EXITED);
|
||||
test(m, "exec-restrictnamespaces-merge-all.service", 0, CLD_EXITED);
|
||||
#endif
|
||||
}
|
||||
|
||||
|
@ -99,6 +99,9 @@ test_data_files = '''
|
||||
test-execute/exec-readonlypaths-with-bindpaths.service
|
||||
test-execute/exec-readonlypaths.service
|
||||
test-execute/exec-readwritepaths-mount-propagation.service
|
||||
test-execute/exec-restrictnamespaces-merge-all.service
|
||||
test-execute/exec-restrictnamespaces-merge-and.service
|
||||
test-execute/exec-restrictnamespaces-merge-or.service
|
||||
test-execute/exec-restrictnamespaces-mnt-blacklist.service
|
||||
test-execute/exec-restrictnamespaces-mnt.service
|
||||
test-execute/exec-restrictnamespaces-no.service
|
||||
|
@ -0,0 +1,8 @@
|
||||
[Unit]
|
||||
Description=Test merging RestrictNamespaces= with all flags
|
||||
|
||||
[Service]
|
||||
RestrictNamespaces=mnt pid cgroup net uts ipc user
|
||||
RestrictNamespaces=net
|
||||
ExecStart=unshare -m -u -i -n -p -f
|
||||
Type=oneshot
|
@ -0,0 +1,9 @@
|
||||
[Unit]
|
||||
Description=Test merging RestrictNamespaces= with AND
|
||||
|
||||
[Service]
|
||||
RestrictNamespaces=mnt pid
|
||||
RestrictNamespaces=~mnt usr
|
||||
ExecStart=unshare -p -f
|
||||
ExecStart=sh -c '! unshare -m -u -i -n'
|
||||
Type=oneshot
|
@ -0,0 +1,9 @@
|
||||
[Unit]
|
||||
Description=Test merging RestrictNamespaces= with OR
|
||||
|
||||
[Service]
|
||||
RestrictNamespaces=mnt pid
|
||||
RestrictNamespaces=mnt uts
|
||||
ExecStart=unshare -m -u -p -f
|
||||
ExecStart=sh -c '! unshare -u -i -n'
|
||||
Type=oneshot
|
Loading…
Reference in New Issue
Block a user