mirror of
https://github.com/systemd/systemd.git
synced 2024-11-01 00:51:24 +03:00
b6657e2c53
For root, group enforcement needs to come after PrivateDevices=y set up
according to 096424d123
. Add a test to
verify this is the case.
17 lines
446 B
Desktop File
17 lines
446 B
Desktop File
[Unit]
|
|
Description=Test Group=group is applied after PrivateDevices=yes
|
|
|
|
[Service]
|
|
PrivateDevices=yes
|
|
Group=daemon
|
|
Type=oneshot
|
|
|
|
# Check the group applied
|
|
ExecStart=/bin/sh -x -c 'test "$$(id -n -g)" = "daemon"'
|
|
|
|
# Check that the namespace applied
|
|
ExecStart=/bin/sh -c 'test ! -c /dev/kmsg'
|
|
|
|
# Check that the owning group of a node is not daemon (should be the host root)
|
|
ExecStart=/bin/sh -x -c 'test ! "$$(stat -c %%G /dev/stderr)" = "daemon"'
|