1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2025-01-11 05:17:44 +03:00
systemd-stable/test/test-execute
Lennart Poettering 6818c54ca6 core: skip ReadOnlyPaths= and other permission-related mounts on PermissionsStartOnly= (#5309)
ReadOnlyPaths=, ProtectHome=, InaccessiblePaths= and ProtectSystem= are
about restricting access and little more, hence they should be disabled
if PermissionsStartOnly= is used or ExecStart= lines are prefixed with a
"+". Do that.

(Note that we will still create namespaces and stuff, since that's about
a lot more than just permissions. We'll simply disable the effect of
the four options mentioned above, but nothing else mount related.)

This also adds a test for this, to ensure this works as intended.

No documentation updates, as the documentation are already vague enough
to support the new behaviour ("If true, the permission-related execution
options…"). We could clarify this further, but I think we might want to
extend the switches' behaviour a bit more in future, hence leave it at
this for now.

Fixes: #5308
2017-02-12 00:44:46 -05:00
..
exec-capabilityambientset-merge-nfsnobody.service test-execute: add nfsnobody alternative as a nobody user 2016-02-28 15:00:18 +01:00
exec-capabilityambientset-merge.service tests: test ambient capabilities. 2016-01-12 12:14:50 +02:00
exec-capabilityambientset-nfsnobody.service test-execute: add nfsnobody alternative as a nobody user 2016-02-28 15:00:18 +01:00
exec-capabilityambientset.service tests: test ambient capabilities. 2016-01-12 12:14:50 +02:00
exec-capabilityboundingset-invert.service test-execute: Fix systemd escaping and shell issues 2015-11-10 07:58:29 -08:00
exec-capabilityboundingset-merge.service test-execute: Fix systemd escaping and shell issues 2015-11-10 07:58:29 -08:00
exec-capabilityboundingset-reset.service test-execute: Fix systemd escaping and shell issues 2015-11-10 07:58:29 -08:00
exec-capabilityboundingset-simple.service test-execute: Fix systemd escaping and shell issues 2015-11-10 07:58:29 -08:00
exec-dynamicuser-fixeduser-one-supplementarygroup.service test: test DynamicUser= with a fixed user 2016-11-03 08:37:15 +01:00
exec-dynamicuser-fixeduser.service test: test DynamicUser= with a fixed user 2016-11-03 08:37:15 +01:00
exec-dynamicuser-supplementarygroups.service test: test DynamicUser= with SupplementaryGroups= 2016-11-03 08:38:28 +01:00
exec-environment-empty.service test-execute: Fix systemd escaping and shell issues 2015-11-10 07:58:29 -08:00
exec-environment-multiple.service test-execute: Fix systemd escaping and shell issues 2015-11-10 07:58:29 -08:00
exec-environment.service test-execute: Fix systemd escaping and shell issues 2015-11-10 07:58:29 -08:00
exec-environmentfile.service test-execute: Fix systemd escaping and shell issues 2015-11-10 07:58:29 -08:00
exec-group-nfsnobody.service test-execute: add nfsnobody alternative as a nobody user 2016-02-28 15:00:18 +01:00
exec-group.service test-execute: Fix systemd escaping and shell issues 2015-11-10 07:58:29 -08:00
exec-ignoresigpipe-no.service test-execute: Fix systemd escaping and shell issues 2015-11-10 07:58:29 -08:00
exec-ignoresigpipe-yes.service test-execute: Fix systemd escaping and shell issues 2015-11-10 07:58:29 -08:00
exec-inaccessiblepaths-mount-propagation.service test: make sure that {readonly|inaccessible|readwrite}paths disconnect mount propagation 2016-09-27 09:24:46 +02:00
exec-ioschedulingclass-best-effort.service test-execute: Fix systemd escaping and shell issues 2015-11-10 07:58:29 -08:00
exec-ioschedulingclass-idle.service test-execute: Fix systemd escaping and shell issues 2015-11-10 07:58:29 -08:00
exec-ioschedulingclass-none.service test-execute: Fix systemd escaping and shell issues 2015-11-10 07:58:29 -08:00
exec-ioschedulingclass-realtime.service test-execute: Fix systemd escaping and shell issues 2015-11-10 07:58:29 -08:00
exec-oomscoreadjust-negative.service test-execute: Fix systemd escaping and shell issues 2015-11-10 07:58:29 -08:00
exec-oomscoreadjust-positive.service test-execute: Fix systemd escaping and shell issues 2015-11-10 07:58:29 -08:00
exec-passenvironment-absent.service test-execute: Add tests for new PassEnvironment= directive 2015-11-11 07:55:23 -08:00
exec-passenvironment-empty.service test-execute: Add tests for new PassEnvironment= directive 2015-11-11 07:55:23 -08:00
exec-passenvironment-repeated.service test-execute: Add tests for new PassEnvironment= directive 2015-11-11 07:55:23 -08:00
exec-passenvironment.service test-execute: Add tests for new PassEnvironment= directive 2015-11-11 07:55:23 -08:00
exec-personality-aarch64.service test: fix test-execute personality tests on ppc64 and aarch64 (#3825) 2016-08-02 16:22:56 +02:00
exec-personality-ppc64.service test: fix test-execute personality tests on ppc64 and aarch64 (#3825) 2016-08-02 16:22:56 +02:00
exec-personality-ppc64le.service test: fix test-execute personality tests on ppc64 and aarch64 (#3825) 2016-08-02 16:22:56 +02:00
exec-personality-s390.service test-execute: Fix systemd escaping and shell issues 2015-11-10 07:58:29 -08:00
exec-personality-x86-64.service test-execute: Fix systemd escaping and shell issues 2015-11-10 07:58:29 -08:00
exec-personality-x86.service test-execute: Fix systemd escaping and shell issues 2015-11-10 07:58:29 -08:00
exec-privatedevices-no-capability-mknod.service test: add CAP_MKNOD tests for PrivateDevices= 2016-09-25 13:04:30 +02:00
exec-privatedevices-no-capability-sys-rawio.service test: add test to make sure that CAP_SYS_RAWIO was removed on PrivateDevices=yes 2016-10-12 13:47:59 +02:00
exec-privatedevices-no.service tests: fix failure of test-execute if /dev/mem is not available (#5028) 2017-01-06 10:27:35 +01:00
exec-privatedevices-yes-capability-mknod.service test: add CAP_MKNOD tests for PrivateDevices= 2016-09-25 13:04:30 +02:00
exec-privatedevices-yes-capability-sys-rawio.service test: add test to make sure that CAP_SYS_RAWIO was removed on PrivateDevices=yes 2016-10-12 13:47:59 +02:00
exec-privatedevices-yes.service tests: fix failure of test-execute if /dev/mem is not available (#5028) 2017-01-06 10:27:35 +01:00
exec-privatenetwork-yes.service test-execute: Fix systemd escaping and shell issues 2015-11-10 07:58:29 -08:00
exec-privatetmp-no.service test-execute: Fix systemd escaping and shell issues 2015-11-10 07:58:29 -08:00
exec-privatetmp-yes.service test-execute: Fix systemd escaping and shell issues 2015-11-10 07:58:29 -08:00
exec-protectkernelmodules-no-capabilities.service test: add capability tests for ProtectKernelModules= 2016-10-12 13:36:27 +02:00
exec-protectkernelmodules-yes-capabilities.service test: add capability tests for ProtectKernelModules= 2016-10-12 13:36:27 +02:00
exec-protectkernelmodules-yes-mount-propagation.service test: add test to make sure that ProtectKernelModules=yes disconnect mount propagation 2016-10-12 14:12:36 +02:00
exec-read-only-path-succeed.service core: skip ReadOnlyPaths= and other permission-related mounts on PermissionsStartOnly= (#5309) 2017-02-12 00:44:46 -05:00
exec-readonlypaths-mount-propagation.service test: make sure that {readonly|inaccessible|readwrite}paths disconnect mount propagation 2016-09-27 09:24:46 +02:00
exec-readonlypaths.service test: add tests for simple ReadOnlyPaths= case 2016-09-27 09:24:43 +02:00
exec-readwritepaths-mount-propagation.service test: make sure that {readonly|inaccessible|readwrite}paths disconnect mount propagation 2016-09-27 09:24:46 +02:00
exec-restrict-namespaces-mnt-blacklist.service test: add tests for RestrictNamespaces= 2016-11-15 15:50:19 +01:00
exec-restrict-namespaces-mnt.service test: add tests for RestrictNamespaces= 2016-11-15 15:50:19 +01:00
exec-restrict-namespaces-no.service test: add tests for RestrictNamespaces= 2016-11-15 15:50:19 +01:00
exec-restrict-namespaces-yes.service test: add tests for RestrictNamespaces= 2016-11-15 15:50:19 +01:00
exec-runtimedirectory-mode.service test-execute: Fix systemd escaping and shell issues 2015-11-10 07:58:29 -08:00
exec-runtimedirectory-owner-nfsnobody.service test-execute: add nfsnobody alternative as a nobody user 2016-02-28 15:00:18 +01:00
exec-runtimedirectory-owner.service test-execute: Fix systemd escaping and shell issues 2015-11-10 07:58:29 -08:00
exec-runtimedirectory.service test-execute: Fix systemd escaping and shell issues 2015-11-10 07:58:29 -08:00
exec-spec-interpolation.service tests: add test for https://github.com/systemd/systemd/issues/2637 2016-02-17 22:40:26 +00:00
exec-supplementarygroups-multiple-groups-default-group-user.service test: lets add more tests to cover SupplementaryGroups= cases. 2016-10-24 12:38:53 +02:00
exec-supplementarygroups-multiple-groups-withgid.service test: lets add more tests to cover SupplementaryGroups= cases. 2016-10-24 12:38:53 +02:00
exec-supplementarygroups-multiple-groups-withuid.service test: lets add more tests to cover SupplementaryGroups= cases. 2016-10-24 12:38:53 +02:00
exec-supplementarygroups-single-group-user.service test: add more tests for SupplementaryGroups= 2016-10-23 23:27:16 +02:00
exec-supplementarygroups-single-group.service test: add more tests for SupplementaryGroups= 2016-10-23 23:27:16 +02:00
exec-supplementarygroups.service test: Add simple test for supplementary groups 2016-10-23 23:27:14 +02:00
exec-systemcallerrornumber.service test-execute: Fix systemd escaping and shell issues 2015-11-10 07:58:29 -08:00
exec-systemcallfilter-failing2.service test-execute: Fix systemd escaping and shell issues 2015-11-10 07:58:29 -08:00
exec-systemcallfilter-failing.service test-execute: Fix systemd escaping and shell issues 2015-11-10 07:58:29 -08:00
exec-systemcallfilter-not-failing2.service test-execute: Fix systemd escaping and shell issues 2015-11-10 07:58:29 -08:00
exec-systemcallfilter-not-failing.service test-execute: Fix systemd escaping and shell issues 2015-11-10 07:58:29 -08:00
exec-systemcallfilter-system-user-nfsnobody.service test-execute: add nfsnobody alternative as a nobody user 2016-02-28 15:00:18 +01:00
exec-systemcallfilter-system-user.service core: set NoNewPrivileges for seccomp if we don't have CAP_SYS_ADMIN 2016-02-28 14:44:26 +01:00
exec-umask-0177.service test-execute: Fix systemd escaping and shell issues 2015-11-10 07:58:29 -08:00
exec-umask-default.service test-execute: Fix systemd escaping and shell issues 2015-11-10 07:58:29 -08:00
exec-user-nfsnobody.service test-execute: add nfsnobody alternative as a nobody user 2016-02-28 15:00:18 +01:00
exec-user.service test-execute: Fix systemd escaping and shell issues 2015-11-10 07:58:29 -08:00
exec-workingdirectory.service test-execute: Fix systemd escaping and shell issues 2015-11-10 07:58:29 -08:00