Merge pull request #26662 from yuwata/test-execute-network-namespace-path

test-execute: add tests for NetworkNamespacePath=

src/test/test-execute.c

@@ -1065,6 +1065,19 @@ static void test_exec_privatenetwork(Manager *m) {
         test(m, "exec-privatenetwork-yes-privatemounts-yes.service", status, CLD_EXITED);
 }
 
+static void test_exec_networknamespacepath(Manager *m) {
+        int r;
+
+        r = find_executable("ip", NULL);
+        if (r < 0) {
+                log_notice_errno(r, "Skipping %s, could not find ip binary: %m", __func__);
+                return;
+        }
+
+        test(m, "exec-networknamespacepath-privatemounts-no.service", MANAGER_IS_SYSTEM(m) ? EXIT_SUCCESS : EXIT_FAILURE, CLD_EXITED);
+        test(m, "exec-networknamespacepath-privatemounts-yes.service", can_unshare ? EXIT_SUCCESS : EXIT_FAILURE, CLD_EXITED);
+}
+
 static void test_exec_oomscoreadjust(Manager *m) {
         test(m, "exec-oomscoreadjust-positive.service", 0, CLD_EXITED);
 
@@ -1168,6 +1181,7 @@ static void run_tests(RuntimeScope scope, char **patterns) {
                 entry(test_exec_inaccessiblepaths),
                 entry(test_exec_ioschedulingclass),
                 entry(test_exec_mount_apivfs),
+                entry(test_exec_networknamespacepath),
                 entry(test_exec_noexecpaths),
                 entry(test_exec_oomscoreadjust),
                 entry(test_exec_passenvironment),
@@ -1378,11 +1392,16 @@ static int intro(void) {
         /* Create dummy network interface for testing PrivateNetwork=yes */
         (void) system("ip link add dummy-test-exec type dummy");
 
+        /* Create a network namespace and a dummy interface in it for NetworkNamespacePath= */
+        (void) system("ip netns add test-execute-netns");
+        (void) system("ip netns exec test-execute-netns ip link add dummy-test-ns type dummy");
+
         return EXIT_SUCCESS;
 }
 
 static int outro(void) {
         (void) system("ip link del dummy-test-exec");
+        (void) system("ip netns del test-execute-netns");
         (void) rmdir(PRIVATE_UNIT_DIR);
 
         return EXIT_SUCCESS;

test/test-execute/exec-networknamespacepath-privatemounts-no.service

@@ -0,0 +1,16 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+[Unit]
+Description=Test for NetworkNamespacePath= without mount namespacing
+
+[Service]
+ExecStart=/bin/sh -x -c '! ip link show dummy-test-exec'
+ExecStart=/bin/sh -x -c 'test ! -e /proc/sys/net/ipv4/conf/dummy-test-exec'
+# Without mount namespacing, we can access the dummy-test-exec interface through sysfs.
+ExecStart=/bin/sh -x -c 'test -e /sys/class/net/dummy-test-exec'
+ExecStart=/bin/sh -x -c 'ip link show dummy-test-ns'
+ExecStart=/bin/sh -x -c 'test -e /proc/sys/net/ipv4/conf/dummy-test-ns'
+# Without mount namespacing, we cannot access the dummy-test-ns interface through sysfs.
+ExecStart=/bin/sh -x -c 'test ! -e /sys/class/net/dummy-test-ns'
+Type=oneshot
+NetworkNamespacePath=/run/netns/test-execute-netns
+PrivateMounts=no

test/test-execute/exec-networknamespacepath-privatemounts-yes.service

@@ -0,0 +1,16 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+[Unit]
+Description=Test for NetworkNamespacePath= with mount namespacing
+
+[Service]
+ExecStart=/bin/sh -x -c '! ip link show dummy-test-exec'
+ExecStart=/bin/sh -x -c 'test ! -e /proc/sys/net/ipv4/conf/dummy-test-exec'
+# With mount namespacing, we cannot access the dummy-test-exec interface through sysfs.
+ExecStart=/bin/sh -x -c 'test ! -e /sys/class/net/dummy-test-exec'
+ExecStart=/bin/sh -x -c 'ip link show dummy-test-ns'
+ExecStart=/bin/sh -x -c 'test -e /proc/sys/net/ipv4/conf/dummy-test-ns'
+# With mount namespacing, we can access the dummy-test-ns interface through sysfs.
+ExecStart=/bin/sh -x -c 'test -e /sys/class/net/dummy-test-ns'
+Type=oneshot
+NetworkNamespacePath=/run/netns/test-execute-netns
+# NetworkNamespacePath= implies PrivateMounts=yes

test/test-execute/exec-privatenetwork-yes-privatemounts-no.service

@@ -3,8 +3,7 @@
 Description=Test for PrivateNetwork= without mount namespacing
 
 [Service]
-ExecStart=/bin/sh -x -c '! ip link | grep -E "^[0-9]+: " | grep -Ev ": (lo|(erspan|gre|gretap|ip_vti|ip6_vti|ip6gre|ip6tnl|sit|tunl)0@.*):"'
-ExecStart=/bin/sh -x -c '! ip link | grep -E "^[0-9]+: " | grep -F ": dummy-test-exec:"'
+ExecStart=/bin/sh -x -c '! ip link show dummy-test-exec'
 ExecStart=/bin/sh -x -c 'test ! -e /proc/sys/net/ipv4/conf/dummy-test-exec'
 # Without mount namespacing, we can access the dummy-test-exec interface through sysfs
 ExecStart=/bin/sh -x -c 'test -d /sys/class/net/dummy-test-exec'

test/test-execute/exec-privatenetwork-yes-privatemounts-yes.service

@@ -3,8 +3,7 @@
 Description=Test for PrivateNetwork= with mount namespacing
 
 [Service]
-ExecStart=/bin/sh -x -c '! ip link | grep -E "^[0-9]+: " | grep -Ev ": (lo|(erspan|gre|gretap|ip_vti|ip6_vti|ip6gre|ip6tnl|sit|tunl)0@.*):"'
-ExecStart=/bin/sh -x -c '! ip link | grep -E "^[0-9]+: " | grep -F ": dummy-test-exec:"'
+ExecStart=/bin/sh -x -c '! ip link show dummy-test-exec'
 ExecStart=/bin/sh -x -c 'test ! -e /proc/sys/net/ipv4/conf/dummy-test-exec'
 # With mount namespacing, we cannot access the dummy-test-exec interface through sysfs.
 ExecStart=/bin/sh -x -c 'test ! -e /sys/class/net/dummy-test-exec'