diff options
| author | Yu Watanabe <watanabe.yu+github@gmail.com> | 2024-11-14 10:08:35 +0100 |
|---|---|---|
| committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2024-11-14 10:08:50 +0100 |
| commit | a65f008784a74257c8bd7f010dc398f2e891a3ee (patch) | |
| tree | 16fc2a9d244bac574de76b6fd537958d7b482387 /test | |
| parent | nspawn: ignore failure in creating /dev/net/tun when --private-network is uns... (diff) | |
| download | systemd-a65f008784a74257c8bd7f010dc398f2e891a3ee.tar.xz systemd-a65f008784a74257c8bd7f010dc398f2e891a3ee.zip | |
TEST-13-NSPAWN: add test case for /dev/net/tun
For issue #35116.
Diffstat (limited to 'test')
| -rwxr-xr-x | test/TEST-13-NSPAWN/test.sh | 2 | ||||
| -rwxr-xr-x | test/units/TEST-13-NSPAWN.nspawn.sh | 52 |
2 files changed, 54 insertions, 0 deletions
diff --git a/test/TEST-13-NSPAWN/test.sh b/test/TEST-13-NSPAWN/test.sh index b1d9fb6c53..5d21f340c3 100755 --- a/test/TEST-13-NSPAWN/test.sh +++ b/test/TEST-13-NSPAWN/test.sh @@ -19,6 +19,8 @@ test_append_files() { instmods mac80211_hwsim # for IPMasquerade= instmods "=net/netfilter" + # For /dev/net/tun + instmods tun generate_module_dependencies # For unprivileged mountfsd. if command -v openssl >/dev/null 2>&1; then diff --git a/test/units/TEST-13-NSPAWN.nspawn.sh b/test/units/TEST-13-NSPAWN.nspawn.sh index ae6088a00e..664962f9a0 100755 --- a/test/units/TEST-13-NSPAWN.nspawn.sh +++ b/test/units/TEST-13-NSPAWN.nspawn.sh @@ -1214,4 +1214,56 @@ testcase_unpriv_fuse() { bash -c 'cat <>/dev/fuse' 2>&1)" == *'cat: -: Operation not permitted' ]] } +test_tun() { + local expect=${1?} + local exists=${2?} + local command command_exists command_not_exists + shift 2 + + command_exists='[[ -c /dev/net/tun ]]; [[ "$(stat /dev/net/tun --format=%u)" == 0 ]]; [[ "$(stat /dev/net/tun --format=%g)" == 0 ]]' + command_not_exists='[[ ! -e /dev/net/tun ]]' + + if [[ "$exists" == 0 ]]; then + command="$command_not_exists" + else + command="$command_exists" + fi + + systemd-nspawn "$@" bash -xec "$command_exists" + + # check if the owner of the host device is unchanged, see issue #34243. + [[ "$(stat /dev/net/tun --format=%u)" == 0 ]] + [[ "$(stat /dev/net/tun --format=%g)" == 0 ]] + + # Without DeviceAllow= for /dev/net/tun, see issue #35116. + assert_rc \ + "$expect" \ + systemd-run --pty --wait -p DevicePolicy=closed -p DeviceAllow="char-pts rw" \ + systemd-nspawn "$@" bash -xec "$command" + + [[ "$(stat /dev/net/tun --format=%u)" == 0 ]] + [[ "$(stat /dev/net/tun --format=%g)" == 0 ]] +} + +testcase_dev_net_tun() { + local root + + if [[ ! -c /dev/net/tun ]]; then + echo "/dev/net/tun does not exist, skipping tests" + return 0 + fi + + root="$(mktemp -d /var/lib/machines/TEST-13-NSPAWN.tun.XXX)" + create_dummy_container "$root" + + test_tun 0 1 --ephemeral --directory="$root" --private-users=no + test_tun 0 1 --ephemeral --directory="$root" --private-users=yes + test_tun 0 0 --ephemeral --directory="$root" --private-users=pick + test_tun 0 1 --ephemeral --directory="$root" --private-users=no --private-network + test_tun 0 1 --ephemeral --directory="$root" --private-users=yes --private-network + test_tun 1 0 --ephemeral --directory="$root" --private-users=pick --private-network + + rm -fr "$root" +} + run_testcases |