diff options
| author | Yu Watanabe <watanabe.yu+github@gmail.com> | 2023-08-12 15:08:47 +0200 |
|---|---|---|
| committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2023-08-22 04:50:20 +0200 |
| commit | 9ae3624889b98f75efa6fd0c5f4b4de3eaf328d4 (patch) | |
| tree | 07870c2186a15af7f68a6efbaa1472b881ea853f /test | |
| parent | core: do not leak mount for credentials directory if mount namespace is enabled (diff) | |
| download | systemd-9ae3624889b98f75efa6fd0c5f4b4de3eaf328d4.tar.xz systemd-9ae3624889b98f75efa6fd0c5f4b4de3eaf328d4.zip | |
test-execute: add tests for credentials directory with mount namespace
This also adds cases that open_tree() and move_mount() are filtered, to
emulate old kernel behavior.
Diffstat (limited to 'test')
4 files changed, 36 insertions, 0 deletions
diff --git a/test/test-execute/exec-load-credential-with-mount-namespace.service b/test/test-execute/exec-load-credential-with-mount-namespace.service new file mode 100644 index 0000000000..fd71cf6717 --- /dev/null +++ b/test/test-execute/exec-load-credential-with-mount-namespace.service @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +[Unit] +Description=Test for LoadCredential= + +[Service] +ExecStart=/bin/sh -x -c 'test "$$(cat %d/test-execute.load-credential)" = "foo"' +Type=oneshot +LoadCredential=test-execute.load-credential +PrivateMounts=yes diff --git a/test/test-execute/exec-load-credential-with-seccomp.service b/test/test-execute/exec-load-credential-with-seccomp.service new file mode 100644 index 0000000000..67303f2713 --- /dev/null +++ b/test/test-execute/exec-load-credential-with-seccomp.service @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +[Unit] +Description=Test for LoadCredential= + +[Service] +ExecStart=/bin/sh -x -c 'test "$$(cat %d/test-execute.load-credential)" = "foo"' +Type=oneshot +LoadCredential=test-execute.load-credential +SystemCallFilter=~open_tree move_mount diff --git a/test/test-execute/exec-set-credential-with-mount-namespace.service b/test/test-execute/exec-set-credential-with-mount-namespace.service new file mode 100644 index 0000000000..67d15e5dbb --- /dev/null +++ b/test/test-execute/exec-set-credential-with-mount-namespace.service @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +[Unit] +Description=Test for SetCredential= + +[Service] +ExecStart=/bin/sh -x -c 'test "$$(cat %d/test-execute.set-credential)" = "hoge"' +Type=oneshot +SetCredential=test-execute.set-credential:hoge +PrivateMounts=yes diff --git a/test/test-execute/exec-set-credential-with-seccomp.service b/test/test-execute/exec-set-credential-with-seccomp.service new file mode 100644 index 0000000000..778777b947 --- /dev/null +++ b/test/test-execute/exec-set-credential-with-seccomp.service @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +[Unit] +Description=Test for SetCredential= + +[Service] +ExecStart=/bin/sh -x -c 'test "$$(cat %d/test-execute.set-credential)" = "hoge"' +Type=oneshot +SetCredential=test-execute.set-credential:hoge +SystemCallFilter=~open_tree move_mount |