diff options
author | Lennart Poettering <lennart@poettering.net> | 2023-04-27 14:15:50 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2023-04-27 14:15:50 +0200 |
commit | 969f5f3cea437758a1c2bedcdba5eab33482159d (patch) | |
tree | b616c1d13a1e472111b88ac391aa565aebfa54bd | |
parent | 1a3704dcc3960b4ba29045f20017e4211229db70 (diff) | |
download | systemd-969f5f3cea437758a1c2bedcdba5eab33482159d.tar.gz |
test: extend test 19 to also verify DelegateSubgroup= works
-rwxr-xr-x | test/units/testsuite-19.sh | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/test/units/testsuite-19.sh b/test/units/testsuite-19.sh index 1e705ea72b..20759eaa1f 100755 --- a/test/units/testsuite-19.sh +++ b/test/units/testsuite-19.sh @@ -45,6 +45,24 @@ if grep -q cgroup2 /proc/filesystems ; then # Check that unprivileged delegation works for scopes test_scope_unpriv_delegation + # Verify that DelegateSubgroup= affects ownership correctly + U="testsubgroup-$RANDOM.service" + systemd-run --wait --unit="$U" -p "DynamicUser=1" -p "Delegate=pids" -p "DelegateSubgroup=foo" \ + test -w "/sys/fs/cgroup/system.slice/$U" -a \ + -w "/sys/fs/cgroup/system.slice/$U/foo" + + # Check that for the subgroup also attributes that aren't covered by + # regular (i.e. main cgroup) delegation ownership rules are delegated properly + if test -f /sys/fs/cgroup/cgroup.max.depth ; then + U="testsubgroup-$RANDOM.service" + systemd-run --wait --unit="$U" -p "DynamicUser=1" -p "Delegate=pids" -p "DelegateSubgroup=zzz" \ + test -w "/sys/fs/cgroup/system.slice/$U/zzz/cgroup.max.depth" + fi + + # Check that the invoked process itsel is also in the subgroup + U="testsubgroup-$RANDOM.service" + systemd-run --wait --unit="$U" -p "DynamicUser=1" -p "Delegate=pids" -p "DelegateSubgroup=bar" \ + grep -q -x -F "0::/system.slice/$U/bar" /proc/self/cgroup else echo "Skipping TEST-19-DELEGATE, as the kernel doesn't actually support cgroup v2" >&2 fi |