test: rename TEST-19-DELEGATE to TEST-19-CGROUP

And clean it up a bit.

4 files changed, 109 insertions, 66 deletions

diff --git a/test/TEST-19-DELEGATE/Makefile b/test/TEST-19-CGROUP/Makefile
index e9f93b1104..e9f93b1104 120000
--- a/test/TEST-19-DELEGATE/Makefile
+++ b/test/TEST-19-CGROUP/Makefile
diff --git a/test/TEST-19-DELEGATE/test.sh b/test/TEST-19-CGROUP/test.sh
index 1b50ac3ae7..ba05b5ecdf 100755
--- a/test/TEST-19-DELEGATE/test.sh
+++ b/test/TEST-19-CGROUP/test.sh
@@ -2,8 +2,7 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later
 set -e
 
-TEST_DESCRIPTION="test cgroup delegation in the unified hierarchy"
-TEST_NO_NSPAWN=1
+TEST_DESCRIPTION="Various cgroup-related tests"
 
 # shellcheck source=test/test-functions
 . "${TEST_BASE_DIR:?}/test-functions"
diff --git a/test/units/testsuite-19.delegate.sh b/test/units/testsuite-19.delegate.sh
new file mode 100755
index 0000000000..691913cb81
--- /dev/null
+++ b/test/units/testsuite-19.delegate.sh
@@ -0,0 +1,102 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -eux
+set -o pipefail
+
+# Test cgroup delegation in the unified hierarchy
+
+# shellcheck source=test/units/util.sh
+. "$(dirname "$0")"/util.sh
+
+if [[ "$(get_cgroup_hierarchy)" != unified ]]; then
+    echo "Skipping $0 as we're not running with the unified cgroup hierarchy"
+    exit 0
+fi
+
+at_exit() {
+    set +e
+    userdel -r test
+}
+
+systemd-run --wait \
+            --unit=test-0.service \
+            --property="DynamicUser=1" \
+            --property="Delegate=" \
+            test -w /sys/fs/cgroup/system.slice/test-0.service/ -a \
+                 -w /sys/fs/cgroup/system.slice/test-0.service/cgroup.procs -a \
+                 -w /sys/fs/cgroup/system.slice/test-0.service/cgroup.subtree_control
+
+systemd-run --wait \
+            --unit=test-1.service \
+            --property="DynamicUser=1" \
+            --property="Delegate=memory pids" \
+            grep -q memory /sys/fs/cgroup/system.slice/test-1.service/cgroup.controllers
+
+systemd-run --wait \
+            --unit=test-2.service \
+            --property="DynamicUser=1" \
+            --property="Delegate=memory pids" \
+            grep -q pids /sys/fs/cgroup/system.slice/test-2.service/cgroup.controllers
+
+# "io" is not among the controllers enabled by default for all units, verify that
+grep -qv io /sys/fs/cgroup/system.slice/cgroup.controllers
+
+# Run a service with "io" enabled, and verify it works
+systemd-run --wait \
+            --unit=test-3.service \
+            --property="IOAccounting=yes" \
+            --property="Slice=system-foo-bar-baz.slice"  \
+            grep -q io /sys/fs/cgroup/system.slice/system-foo.slice/system-foo-bar.slice/system-foo-bar-baz.slice/test-3.service/cgroup.controllers
+
+# We want to check if "io" is removed again from the controllers
+# list. However, PID 1 (rightfully) does this asynchronously. In order
+# to force synchronization on this, let's start a short-lived service
+# which requires PID 1 to refresh the cgroup tree, so that we can
+# verify that this all works.
+systemd-run --wait --unit=test-4.service true
+
+# And now check again, "io" should have vanished
+grep -qv io /sys/fs/cgroup/system.slice/cgroup.controllers
+
+# Check that unprivileged delegation works for scopes
+useradd test ||:
+systemd-run --uid=test \
+            --property="User=test" \
+            --property="Delegate=yes" \
+            --slice workload.slice \
+            --unit test-workload0.scope\
+            --scope \
+            test -w /sys/fs/cgroup/workload.slice/test-workload0.scope -a \
+                 -w /sys/fs/cgroup/workload.slice/test-workload0.scope/cgroup.procs -a \
+                 -w /sys/fs/cgroup/workload.slice/test-workload0.scope/cgroup.subtree_control
+
+# Verify that DelegateSubgroup= affects ownership correctly
+unit="test-subgroup-$RANDOM.service"
+systemd-run --wait \
+            --unit="$unit" \
+            --property="DynamicUser=1" \
+            --property="Delegate=pids" \
+            --property="DelegateSubgroup=foo" \
+            test -w "/sys/fs/cgroup/system.slice/$unit" -a \
+                 -w "/sys/fs/cgroup/system.slice/$unit/foo"
+
+# Check that for the subgroup also attributes that aren't covered by
+# regular (i.e. main cgroup) delegation ownership rules are delegated properly
+if test -f /sys/fs/cgroup/cgroup.max.depth; then
+    unit="test-subgroup-$RANDOM.service"
+    systemd-run --wait \
+                --unit="$unit" \
+                --property="DynamicUser=1" \
+                --property="Delegate=pids" \
+                --property="DelegateSubgroup=zzz" \
+                test -w "/sys/fs/cgroup/system.slice/$unit/zzz/cgroup.max.depth"
+fi
+
+# Check that the invoked process itsel is also in the subgroup
+unit="test-subgroup-$RANDOM.service"
+systemd-run --wait \
+            --unit="$unit" \
+            --property="DynamicUser=1" \
+            --property="Delegate=pids" \
+            --property="DelegateSubgroup=bar" \
+            grep -q -x -F "0::/system.slice/$unit/bar" /proc/self/cgroup
diff --git a/test/units/testsuite-19.sh b/test/units/testsuite-19.sh
index 93280993f1..34fe819c5e 100755
--- a/test/units/testsuite-19.sh
+++ b/test/units/testsuite-19.sh
@@ -3,70 +3,12 @@
 set -eux
 set -o pipefail
 
-test_scope_unpriv_delegation() {
-    useradd test ||:
-    trap "userdel -r test" RETURN
+: >/failed
 
-    systemd-run --uid=test -p User=test -p Delegate=yes --slice workload.slice --unit test-workload0.scope --scope \
-            test -w /sys/fs/cgroup/workload.slice/test-workload0.scope -a \
-            -w /sys/fs/cgroup/workload.slice/test-workload0.scope/cgroup.procs -a \
-            -w /sys/fs/cgroup/workload.slice/test-workload0.scope/cgroup.subtree_control
-}
+# shellcheck source=test/units/test-control.sh
+. "$(dirname "$0")"/test-control.sh
 
-if grep -q cgroup2 /proc/filesystems ; then
-    systemd-run --wait --unit=test-0.service -p "DynamicUser=1" -p "Delegate=" \
-                test -w /sys/fs/cgroup/system.slice/test-0.service/ -a \
-                -w /sys/fs/cgroup/system.slice/test-0.service/cgroup.procs -a \
-                -w /sys/fs/cgroup/system.slice/test-0.service/cgroup.subtree_control
+run_subtests
 
-    systemd-run --wait --unit=test-1.service -p "DynamicUser=1" -p "Delegate=memory pids" \
-                grep -q memory /sys/fs/cgroup/system.slice/test-1.service/cgroup.controllers
-
-    systemd-run --wait --unit=test-2.service -p "DynamicUser=1" -p "Delegate=memory pids" \
-                grep -q pids /sys/fs/cgroup/system.slice/test-2.service/cgroup.controllers
-
-    # "io" is not among the controllers enabled by default for all units, verify that
-    grep -qv io /sys/fs/cgroup/system.slice/cgroup.controllers
-
-    # Run a service with "io" enabled, and verify it works
-    systemd-run --wait --unit=test-3.service -p "IOAccounting=yes" -p "Slice=system-foo-bar-baz.slice"  \
-                grep -q io /sys/fs/cgroup/system.slice/system-foo.slice/system-foo-bar.slice/system-foo-bar-baz.slice/test-3.service/cgroup.controllers
-
-    # We want to check if "io" is removed again from the controllers
-    # list. However, PID 1 (rightfully) does this asynchronously. In order
-    # to force synchronization on this, let's start a short-lived service
-    # which requires PID 1 to refresh the cgroup tree, so that we can
-    # verify that this all works.
-    systemd-run --wait --unit=test-4.service true
-
-    # And now check again, "io" should have vanished
-    grep -qv io /sys/fs/cgroup/system.slice/cgroup.controllers
-
-    # Check that unprivileged delegation works for scopes
-    test_scope_unpriv_delegation
-
-    # Verify that DelegateSubgroup= affects ownership correctly
-    U="test-subgroup-$RANDOM.service"
-    systemd-run --wait --unit="$U" -p "DynamicUser=1" -p "Delegate=pids" -p "DelegateSubgroup=foo" \
-                test -w "/sys/fs/cgroup/system.slice/$U" -a \
-                     -w "/sys/fs/cgroup/system.slice/$U/foo"
-
-    # Check that for the subgroup also attributes that aren't covered by
-    # regular (i.e. main cgroup) delegation ownership rules are delegated properly
-    if test -f /sys/fs/cgroup/cgroup.max.depth ; then
-        U="test-subgroup-$RANDOM.service"
-        systemd-run --wait --unit="$U" -p "DynamicUser=1" -p "Delegate=pids" -p "DelegateSubgroup=zzz" \
-                    test -w "/sys/fs/cgroup/system.slice/$U/zzz/cgroup.max.depth"
-    fi
-
-    # Check that the invoked process itsel is also in the subgroup
-    U="test-subgroup-$RANDOM.service"
-    systemd-run --wait --unit="$U" -p "DynamicUser=1" -p "Delegate=pids" -p "DelegateSubgroup=bar" \
-                grep -q -x -F "0::/system.slice/$U/bar" /proc/self/cgroup
-else
-    echo "Skipping TEST-19-DELEGATE, as the kernel doesn't actually support cgroup v2" >&2
-fi
-
-echo OK >/testok
-
-exit 0
+touch /testok
+rm /failed