diff options
| author | Yu Watanabe <watanabe.yu+github@gmail.com> | 2018-04-27 03:48:43 +0200 |
|---|---|---|
| committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2018-05-05 04:07:37 +0200 |
| commit | 1dcf96c29f28bb9cee4b5a1265bce594afa8a44e (patch) | |
| tree | 137897d11c7744762d8d5de60392217800403fcb | |
| parent | load-fragment: allow to specify RestrictNamespaces= multiple times (diff) | |
| download | systemd-1dcf96c29f28bb9cee4b5a1265bce594afa8a44e.tar.xz systemd-1dcf96c29f28bb9cee4b5a1265bce594afa8a44e.zip | |
test: add tests for merging RestrictNamespaces=
| -rw-r--r-- | src/test/test-execute.c | 3 | ||||
| -rw-r--r-- | test/meson.build | 3 | ||||
| -rw-r--r-- | test/test-execute/exec-restrictnamespaces-merge-all.service | 8 | ||||
| -rw-r--r-- | test/test-execute/exec-restrictnamespaces-merge-and.service | 9 | ||||
| -rw-r--r-- | test/test-execute/exec-restrictnamespaces-merge-or.service | 9 |
5 files changed, 32 insertions, 0 deletions
diff --git a/src/test/test-execute.c b/src/test/test-execute.c index 4943bfa689..4c33748fc4 100644 --- a/src/test/test-execute.c +++ b/src/test/test-execute.c @@ -358,6 +358,9 @@ static void test_exec_restrictnamespaces(Manager *m) { test(m, "exec-restrictnamespaces-yes.service", 1, CLD_EXITED); test(m, "exec-restrictnamespaces-mnt.service", 0, CLD_EXITED); test(m, "exec-restrictnamespaces-mnt-blacklist.service", 1, CLD_EXITED); + test(m, "exec-restrictnamespaces-merge-and.service", 0, CLD_EXITED); + test(m, "exec-restrictnamespaces-merge-or.service", 0, CLD_EXITED); + test(m, "exec-restrictnamespaces-merge-all.service", 0, CLD_EXITED); #endif } diff --git a/test/meson.build b/test/meson.build index 7c20788d0d..162f63f1ed 100644 --- a/test/meson.build +++ b/test/meson.build @@ -99,6 +99,9 @@ test_data_files = ''' test-execute/exec-readonlypaths-with-bindpaths.service test-execute/exec-readonlypaths.service test-execute/exec-readwritepaths-mount-propagation.service + test-execute/exec-restrictnamespaces-merge-all.service + test-execute/exec-restrictnamespaces-merge-and.service + test-execute/exec-restrictnamespaces-merge-or.service test-execute/exec-restrictnamespaces-mnt-blacklist.service test-execute/exec-restrictnamespaces-mnt.service test-execute/exec-restrictnamespaces-no.service diff --git a/test/test-execute/exec-restrictnamespaces-merge-all.service b/test/test-execute/exec-restrictnamespaces-merge-all.service new file mode 100644 index 0000000000..de98cd0a2e --- /dev/null +++ b/test/test-execute/exec-restrictnamespaces-merge-all.service @@ -0,0 +1,8 @@ +[Unit] +Description=Test merging RestrictNamespaces= with all flags + +[Service] +RestrictNamespaces=mnt pid cgroup net uts ipc user +RestrictNamespaces=net +ExecStart=unshare -m -u -i -n -p -f +Type=oneshot diff --git a/test/test-execute/exec-restrictnamespaces-merge-and.service b/test/test-execute/exec-restrictnamespaces-merge-and.service new file mode 100644 index 0000000000..6702e6aab2 --- /dev/null +++ b/test/test-execute/exec-restrictnamespaces-merge-and.service @@ -0,0 +1,9 @@ +[Unit] +Description=Test merging RestrictNamespaces= with AND + +[Service] +RestrictNamespaces=mnt pid +RestrictNamespaces=~mnt usr +ExecStart=unshare -p -f +ExecStart=sh -c '! unshare -m -u -i -n' +Type=oneshot diff --git a/test/test-execute/exec-restrictnamespaces-merge-or.service b/test/test-execute/exec-restrictnamespaces-merge-or.service new file mode 100644 index 0000000000..a52455204d --- /dev/null +++ b/test/test-execute/exec-restrictnamespaces-merge-or.service @@ -0,0 +1,9 @@ +[Unit] +Description=Test merging RestrictNamespaces= with OR + +[Service] +RestrictNamespaces=mnt pid +RestrictNamespaces=mnt uts +ExecStart=unshare -m -u -p -f +ExecStart=sh -c '! unshare -u -i -n' +Type=oneshot |