diff options
| author | Andres Beltran <abeltran@microsoft.com> | 2024-08-06 01:43:29 +0200 |
|---|---|---|
| committer | Andres Beltran <abeltran@microsoft.com> | 2024-11-01 19:45:28 +0100 |
| commit | eae5127246b380bac9fedffeca8966d18d2b3344 (patch) | |
| tree | 8eb23e0fa9744beac70f243f2dfc102f3af33faf /test | |
| parent | namespace-util: add util function to check if id-mapped mounts are supported ... (diff) | |
| download | systemd-eae5127246b380bac9fedffeca8966d18d2b3344.tar.xz systemd-eae5127246b380bac9fedffeca8966d18d2b3344.zip | |
core: add id-mapped mount support for Exec directories
Diffstat (limited to 'test')
| -rwxr-xr-x | test/units/TEST-34-DYNAMICUSERMIGRATE.sh | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/test/units/TEST-34-DYNAMICUSERMIGRATE.sh b/test/units/TEST-34-DYNAMICUSERMIGRATE.sh index d6bdfb0741..e5aee475af 100755 --- a/test/units/TEST-34-DYNAMICUSERMIGRATE.sh +++ b/test/units/TEST-34-DYNAMICUSERMIGRATE.sh @@ -162,6 +162,71 @@ EOF systemctl start testservice-34-check-writable.service } +test_check_idmapped_mounts() { + rm -rf /var/lib/testidmapped /var/lib/private/testidmapped + + cat >/run/systemd/system/testservice-34-check-idmapped.service <<\EOF +[Unit] +Description=Check id-mapped directories when DynamicUser=yes with StateDirectory + +[Service] +# Relevant only for sanitizer runs +EnvironmentFile=-/usr/lib/systemd/systemd-asan-env +Type=oneshot + +MountAPIVFS=yes +DynamicUser=yes +PrivateUsers=yes +TemporaryFileSystem=/run /var/opt /var/lib /vol +UMask=0000 +StateDirectory=testidmapped:sampleservice +ExecStart=/bin/bash -c ' \ + set -eux; \ + set -o pipefail; \ + touch /var/lib/sampleservice/testfile; \ + [[ $(awk "NR==2 {print \$1}" /proc/self/uid_map) == $(stat -c "%%u" /var/lib/private/testidmapped/testfile) ]]; \ +' +EOF + + systemctl daemon-reload + systemctl start testservice-34-check-idmapped.service + + [[ $(stat -c "%u" /var/lib/private/testidmapped/testfile) == 65534 ]] +} + +test_check_idmapped_mounts_root() { + rm -rf /var/lib/testidmapped /var/lib/private/testidmapped + + cat >/run/systemd/system/testservice-34-check-idmapped.service <<\EOF +[Unit] +Description=Check id-mapped directories when DynamicUser=no with StateDirectory + +[Service] +# Relevant only for sanitizer runs +EnvironmentFile=-/usr/lib/systemd/systemd-asan-env +Type=oneshot + +MountAPIVFS=yes +User=root +DynamicUser=no +PrivateUsers=no +TemporaryFileSystem=/run /var/opt /var/lib /vol +UMask=0000 +StateDirectory=testidmapped:sampleservice +ExecStart=/bin/bash -c ' \ + set -eux; \ + set -o pipefail; \ + touch /var/lib/sampleservice/testfile; \ + [[ 0 == $(stat -c "%%u" /var/lib/testidmapped/testfile) ]]; \ +' +EOF + + systemctl daemon-reload + systemctl start testservice-34-check-idmapped.service + + [[ $(stat -c "%u" /var/lib/testidmapped/testfile) == 0 ]] +} + test_directory "StateDirectory" "/var/lib" test_directory "RuntimeDirectory" "/run" test_directory "CacheDirectory" "/var/cache" @@ -169,6 +234,11 @@ test_directory "LogsDirectory" "/var/log" test_check_writable +if systemd-analyze compare-versions "$(uname -r)" ge 5.12; then + test_check_idmapped_mounts + test_check_idmapped_mounts_root +fi + systemd-analyze log-level info touch /testok |