mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-12-22 13:33:56 +03:00
tests: add nspawn's rootidmap integration test
Add integration test to testsuite-13.sh to ensure rootidmap option map user IDs as expected.
This commit is contained in:
parent
42fadfb168
commit
961549ab41
@ -25,6 +25,8 @@ ln -s busybox "$root/bin/seq"
|
|||||||
ln -s busybox "$root/bin/sleep"
|
ln -s busybox "$root/bin/sleep"
|
||||||
ln -s busybox "$root/bin/usleep"
|
ln -s busybox "$root/bin/usleep"
|
||||||
ln -s busybox "$root/bin/test"
|
ln -s busybox "$root/bin/test"
|
||||||
|
ln -s busybox "$root/bin/stat"
|
||||||
|
ln -s busybox "$root/bin/touch"
|
||||||
|
|
||||||
mkdir -p "$root/sbin"
|
mkdir -p "$root/sbin"
|
||||||
cat <<'EOF' >"$root/sbin/init"
|
cat <<'EOF' >"$root/sbin/init"
|
||||||
|
@ -2593,11 +2593,11 @@ inst_binary() {
|
|||||||
|
|
||||||
# Same as above, but we need to wrap certain libraries unconditionally
|
# Same as above, but we need to wrap certain libraries unconditionally
|
||||||
#
|
#
|
||||||
# getent, login, su, useradd, userdel - dlopen()s (not only) systemd's PAM modules
|
# chown, getent, login, su, useradd, userdel - dlopen()s (not only) systemd's PAM modules
|
||||||
# ls, stat - pulls in nss_systemd with certain options (like ls -l) when
|
# ls, stat - pulls in nss_systemd with certain options (like ls -l) when
|
||||||
# nsswitch.conf uses [SUCCESS=merge] (like on Arch Linux)
|
# nsswitch.conf uses [SUCCESS=merge] (like on Arch Linux)
|
||||||
# tar - called by machinectl in TEST-25
|
# tar - called by machinectl in TEST-25
|
||||||
if get_bool "$IS_BUILT_WITH_ASAN" && [[ "$bin" =~ /(getent|login|ls|stat|su|tar|useradd|userdel)$ ]]; then
|
if get_bool "$IS_BUILT_WITH_ASAN" && [[ "$bin" =~ /(chown|getent|login|ls|stat|su|tar|useradd|userdel)$ ]]; then
|
||||||
wrap_binary=1
|
wrap_binary=1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -53,6 +53,42 @@ function check_norbind {
|
|||||||
systemd-nspawn --register=no -D "$_root" --bind=/tmp/binddir:/mnt:norbind /bin/sh -c 'CONTENT=$(cat /mnt/subdir/file); if [[ $CONTENT != "outer" ]]; then echo "*** unexpected content: $CONTENT"; return 1; fi'
|
systemd-nspawn --register=no -D "$_root" --bind=/tmp/binddir:/mnt:norbind /bin/sh -c 'CONTENT=$(cat /mnt/subdir/file); if [[ $CONTENT != "outer" ]]; then echo "*** unexpected content: $CONTENT"; return 1; fi'
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function check_rootidmap {
|
||||||
|
local _owner=1000
|
||||||
|
local _root="/var/lib/machines/testsuite-13.rootidmap-path"
|
||||||
|
local _command
|
||||||
|
rm -rf "$_root"
|
||||||
|
|
||||||
|
# Create ext4 image, as ext4 supports idmapped-mounts.
|
||||||
|
dd if=/dev/zero of=/tmp/ext4.img bs=4k count=2048
|
||||||
|
mkfs.ext4 /tmp/ext4.img
|
||||||
|
mkdir -p /tmp/rootidmapdir
|
||||||
|
mount /tmp/ext4.img /tmp/rootidmapdir
|
||||||
|
|
||||||
|
touch /tmp/rootidmapdir/file
|
||||||
|
chown -R $_owner:$_owner /tmp/rootidmapdir
|
||||||
|
|
||||||
|
/usr/lib/systemd/tests/testdata/create-busybox-container "$_root"
|
||||||
|
_command='PERMISSIONS=$(stat -c "%u:%g" /mnt/file); if [[ $PERMISSIONS != "0:0" ]]; then echo "*** wrong permissions: $PERMISSIONS"; return 1; fi; touch /mnt/other_file'
|
||||||
|
if ! SYSTEMD_LOG_TARGET=console systemd-nspawn \
|
||||||
|
--register=no -D "$_root" \
|
||||||
|
--bind=/tmp/rootidmapdir:/mnt:rootidmap \
|
||||||
|
/bin/sh -c "$_command" |& tee nspawn.out; then
|
||||||
|
if grep -q "Failed to map ids for bind mount.*: Function not implemented" nspawn.out; then
|
||||||
|
echo "idmapped mounts are not supported, skipping the test..."
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
PERMISSIONS=$(stat -c "%u:%g" /tmp/rootidmapdir/other_file)
|
||||||
|
if [[ $PERMISSIONS != "$_owner:$_owner" ]]; then
|
||||||
|
echo "*** wrong permissions: $PERMISSIONS"
|
||||||
|
[[ "$is_user_ns_supported" = "yes" ]] && return 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
function check_notification_socket {
|
function check_notification_socket {
|
||||||
# https://github.com/systemd/systemd/issues/4944
|
# https://github.com/systemd/systemd/issues/4944
|
||||||
local _cmd='echo a | $(busybox which nc) -U -u -w 1 /run/host/notify'
|
local _cmd='echo a | $(busybox which nc) -U -u -w 1 /run/host/notify'
|
||||||
@ -210,6 +246,8 @@ check_bind_tmp_path
|
|||||||
|
|
||||||
check_norbind
|
check_norbind
|
||||||
|
|
||||||
|
check_rootidmap
|
||||||
|
|
||||||
check_notification_socket
|
check_notification_socket
|
||||||
|
|
||||||
check_os_release
|
check_os_release
|
||||||
|
Loading…
Reference in New Issue
Block a user