diff options
| author | Yu Watanabe <watanabe.yu+github@gmail.com> | 2023-02-03 12:28:31 +0900 |
|---|---|---|
| committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2023-02-15 10:10:54 +0900 |
| commit | 4e032f654b94c2544ccf937209303766dfa66c24 (patch) | |
| tree | 4dbe36dbd89116bd2352fff1a64443cd2b6f7c2c /test/test-execute | |
| parent | f0353cf2e93a2b39add8027608494ee53a89cfae (diff) | |
| download | systemd-4e032f654b94c2544ccf937209303766dfa66c24.tar.gz | |
test-execute: drop capabilities when testing with user manager
Before this, tests are split into two categories, system and user, but
both are running in fully privileged environment. Hence, unprivileged
user scope was mostly not covered by the test.
Let's run all tests in both system and user scopes, and drop capabilities
when Manager is running in user scope.
This also makes the host environment protected more from the test run.
Diffstat (limited to 'test/test-execute')
| -rw-r--r-- | test/test-execute/exec-dynamicuser-statedir-migrate-step1.service | 16 | ||||
| -rw-r--r-- | test/test-execute/exec-dynamicuser-statedir-migrate-step2.service | 32 | ||||
| -rw-r--r-- | test/test-execute/exec-dynamicuser-statedir.service | 122 | ||||
| -rw-r--r-- | test/test-execute/exec-privatenetwork-yes.service | 1 | ||||
| -rw-r--r-- | test/test-execute/exec-specifier-system.service | 11 | ||||
| -rw-r--r-- | test/test-execute/exec-specifier-user.service | 11 | ||||
| -rw-r--r-- | test/test-execute/exec-specifier.service | 5 | ||||
| -rw-r--r-- | test/test-execute/exec-specifier@.service | 5 |
8 files changed, 108 insertions, 95 deletions
diff --git a/test/test-execute/exec-dynamicuser-statedir-migrate-step1.service b/test/test-execute/exec-dynamicuser-statedir-migrate-step1.service index 1c79e4f722..2a5a1e1ff3 100644 --- a/test/test-execute/exec-dynamicuser-statedir-migrate-step1.service +++ b/test/test-execute/exec-dynamicuser-statedir-migrate-step1.service @@ -3,14 +3,14 @@ Description=Test DynamicUser= migrate StateDirectory= (preparation) [Service] -ExecStart=test -w /var/lib/test-dynamicuser-migrate -ExecStart=test -w /var/lib/test-dynamicuser-migrate2/hoge -ExecStart=test ! -L /var/lib/test-dynamicuser-migrate -ExecStart=test ! -L /var/lib/test-dynamicuser-migrate2/hoge -ExecStart=test -d /var/lib/test-dynamicuser-migrate -ExecStart=test -d /var/lib/test-dynamicuser-migrate2/hoge -ExecStart=touch /var/lib/test-dynamicuser-migrate/yay -ExecStart=touch /var/lib/test-dynamicuser-migrate2/hoge/yayyay +ExecStart=test -w %S/test-dynamicuser-migrate +ExecStart=test -w %S/test-dynamicuser-migrate2/hoge +ExecStart=test ! -L %S/test-dynamicuser-migrate +ExecStart=test ! -L %S/test-dynamicuser-migrate2/hoge +ExecStart=test -d %S/test-dynamicuser-migrate +ExecStart=test -d %S/test-dynamicuser-migrate2/hoge +ExecStart=touch %S/test-dynamicuser-migrate/yay +ExecStart=touch %S/test-dynamicuser-migrate2/hoge/yayyay ExecStart=/bin/sh -x -c 'test "$$STATE_DIRECTORY" = "%S/test-dynamicuser-migrate:%S/test-dynamicuser-migrate2/hoge"' Type=oneshot diff --git a/test/test-execute/exec-dynamicuser-statedir-migrate-step2.service b/test/test-execute/exec-dynamicuser-statedir-migrate-step2.service index 015b74ce22..e89f0c5aae 100644 --- a/test/test-execute/exec-dynamicuser-statedir-migrate-step2.service +++ b/test/test-execute/exec-dynamicuser-statedir-migrate-step2.service @@ -3,22 +3,22 @@ Description=Test DynamicUser= migrate StateDirectory= [Service] -ExecStart=test -w /var/lib/test-dynamicuser-migrate -ExecStart=test -w /var/lib/test-dynamicuser-migrate2/hoge -ExecStart=test -L /var/lib/test-dynamicuser-migrate -ExecStart=test -L /var/lib/test-dynamicuser-migrate2/hoge -ExecStart=test -d /var/lib/test-dynamicuser-migrate -ExecStart=test -d /var/lib/test-dynamicuser-migrate2/hoge -ExecStart=test -f /var/lib/test-dynamicuser-migrate/yay -ExecStart=test -f /var/lib/test-dynamicuser-migrate2/hoge/yayyay -ExecStart=test -d /var/lib/private/test-dynamicuser-migrate -ExecStart=test -d /var/lib/private/test-dynamicuser-migrate2/hoge -ExecStart=test -f /var/lib/private/test-dynamicuser-migrate/yay -ExecStart=test -f /var/lib/private/test-dynamicuser-migrate2/hoge/yayyay -ExecStart=touch /var/lib/test-dynamicuser-migrate/yay -ExecStart=touch /var/lib/test-dynamicuser-migrate2/hoge/yayyay -ExecStart=touch /var/lib/private/test-dynamicuser-migrate/yay -ExecStart=touch /var/lib/private/test-dynamicuser-migrate2/hoge/yayyay +ExecStart=test -w %S/test-dynamicuser-migrate +ExecStart=test -w %S/test-dynamicuser-migrate2/hoge +ExecStart=test -L %S/test-dynamicuser-migrate +ExecStart=test -L %S/test-dynamicuser-migrate2/hoge +ExecStart=test -d %S/test-dynamicuser-migrate +ExecStart=test -d %S/test-dynamicuser-migrate2/hoge +ExecStart=test -f %S/test-dynamicuser-migrate/yay +ExecStart=test -f %S/test-dynamicuser-migrate2/hoge/yayyay +ExecStart=test -d %S/private/test-dynamicuser-migrate +ExecStart=test -d %S/private/test-dynamicuser-migrate2/hoge +ExecStart=test -f %S/private/test-dynamicuser-migrate/yay +ExecStart=test -f %S/private/test-dynamicuser-migrate2/hoge/yayyay +ExecStart=touch %S/test-dynamicuser-migrate/yay +ExecStart=touch %S/test-dynamicuser-migrate2/hoge/yayyay +ExecStart=touch %S/private/test-dynamicuser-migrate/yay +ExecStart=touch %S/private/test-dynamicuser-migrate2/hoge/yayyay ExecStart=/bin/sh -x -c 'test "$$STATE_DIRECTORY" = "%S/test-dynamicuser-migrate:%S/test-dynamicuser-migrate2/hoge"' Type=oneshot diff --git a/test/test-execute/exec-dynamicuser-statedir.service b/test/test-execute/exec-dynamicuser-statedir.service index b33b4da74a..b7e36f529e 100644 --- a/test/test-execute/exec-dynamicuser-statedir.service +++ b/test/test-execute/exec-dynamicuser-statedir.service @@ -3,71 +3,71 @@ Description=Test DynamicUser= with StateDirectory= [Service] -ExecStart=test -w /var/lib/waldo -ExecStart=test -w /var/lib/quux/pief -ExecStart=test -w /var/lib/aaa -ExecStart=test -w /var/lib/aaa/bbb -ExecStart=test -w /var/lib/aaa/ccc -ExecStart=test -w /var/lib/xxx -ExecStart=test -w /var/lib/xxx/yyy -ExecStart=test -w /var/lib/xxx/zzz -ExecStart=test -w /var/lib/aaa/111 -ExecStart=test -w /var/lib/aaa/222 -ExecStart=test -w /var/lib/aaa/333 +ExecStart=test -w %S/waldo +ExecStart=test -w %S/quux/pief +ExecStart=test -w %S/aaa +ExecStart=test -w %S/aaa/bbb +ExecStart=test -w %S/aaa/ccc +ExecStart=test -w %S/xxx +ExecStart=test -w %S/xxx/yyy +ExecStart=test -w %S/xxx/zzz +ExecStart=test -w %S/aaa/111 +ExecStart=test -w %S/aaa/222 +ExecStart=test -w %S/aaa/333 -ExecStart=test -d /var/lib/waldo -ExecStart=test -d /var/lib/quux/pief -ExecStart=test -d /var/lib/aaa -ExecStart=test -d /var/lib/aaa/bbb -ExecStart=test -d /var/lib/aaa/ccc -ExecStart=test -d /var/lib/xxx -ExecStart=test -d /var/lib/xxx/yyy -ExecStart=test -d /var/lib/xxx/zzz -ExecStart=test -L /var/lib/aaa/111 -ExecStart=test -L /var/lib/aaa/222 -ExecStart=test -L /var/lib/aaa/333 +ExecStart=test -d %S/waldo +ExecStart=test -d %S/quux/pief +ExecStart=test -d %S/aaa +ExecStart=test -d %S/aaa/bbb +ExecStart=test -d %S/aaa/ccc +ExecStart=test -d %S/xxx +ExecStart=test -d %S/xxx/yyy +ExecStart=test -d %S/xxx/zzz +ExecStart=test -L %S/aaa/111 +ExecStart=test -L %S/aaa/222 +ExecStart=test -L %S/aaa/333 -ExecStart=touch /var/lib/waldo/hoge -ExecStart=touch /var/lib/quux/pief/hoge -ExecStart=touch /var/lib/aaa/hoge -ExecStart=touch /var/lib/aaa/bbb/hoge -ExecStart=touch /var/lib/aaa/ccc/hoge -ExecStart=touch /var/lib/xxx/hoge -ExecStart=touch /var/lib/xxx/yyy/hoge -ExecStart=touch /var/lib/xxx/zzz/hoge -ExecStart=touch /var/lib/aaa/111/foo -ExecStart=touch /var/lib/aaa/222/foo -ExecStart=touch /var/lib/aaa/333/foo +ExecStart=touch %S/waldo/hoge +ExecStart=touch %S/quux/pief/hoge +ExecStart=touch %S/aaa/hoge +ExecStart=touch %S/aaa/bbb/hoge +ExecStart=touch %S/aaa/ccc/hoge +ExecStart=touch %S/xxx/hoge +ExecStart=touch %S/xxx/yyy/hoge +ExecStart=touch %S/xxx/zzz/hoge +ExecStart=touch %S/aaa/111/foo +ExecStart=touch %S/aaa/222/foo +ExecStart=touch %S/aaa/333/foo -ExecStart=test -f /var/lib/waldo/hoge -ExecStart=test -f /var/lib/quux/pief/hoge -ExecStart=test -f /var/lib/aaa/hoge -ExecStart=test -f /var/lib/aaa/bbb/hoge -ExecStart=test -f /var/lib/aaa/ccc/hoge -ExecStart=test -f /var/lib/xxx/hoge -ExecStart=test -f /var/lib/xxx/yyy/hoge -ExecStart=test -f /var/lib/xxx/zzz/hoge -ExecStart=test -f /var/lib/aaa/111/foo -ExecStart=test -f /var/lib/aaa/222/foo -ExecStart=test -f /var/lib/aaa/333/foo -ExecStart=test -f /var/lib/xxx/foo -ExecStart=test -f /var/lib/xxx/yyy/foo -ExecStart=test -f /var/lib/xxx/zzz/foo +ExecStart=test -f %S/waldo/hoge +ExecStart=test -f %S/quux/pief/hoge +ExecStart=test -f %S/aaa/hoge +ExecStart=test -f %S/aaa/bbb/hoge +ExecStart=test -f %S/aaa/ccc/hoge +ExecStart=test -f %S/xxx/hoge +ExecStart=test -f %S/xxx/yyy/hoge +ExecStart=test -f %S/xxx/zzz/hoge +ExecStart=test -f %S/aaa/111/foo +ExecStart=test -f %S/aaa/222/foo +ExecStart=test -f %S/aaa/333/foo +ExecStart=test -f %S/xxx/foo +ExecStart=test -f %S/xxx/yyy/foo +ExecStart=test -f %S/xxx/zzz/foo -ExecStart=test -f /var/lib/private/waldo/hoge -ExecStart=test -f /var/lib/private/quux/pief/hoge -ExecStart=test -f /var/lib/private/aaa/hoge -ExecStart=test -f /var/lib/private/aaa/bbb/hoge -ExecStart=test -f /var/lib/private/aaa/ccc/hoge -ExecStart=test -f /var/lib/private/xxx/hoge -ExecStart=test -f /var/lib/private/xxx/yyy/hoge -ExecStart=test -f /var/lib/private/xxx/zzz/hoge -ExecStart=test -f /var/lib/private/aaa/111/foo -ExecStart=test -f /var/lib/private/aaa/222/foo -ExecStart=test -f /var/lib/private/aaa/333/foo -ExecStart=test -f /var/lib/private/xxx/foo -ExecStart=test -f /var/lib/private/xxx/yyy/foo -ExecStart=test -f /var/lib/private/xxx/zzz/foo +ExecStart=test -f %S/private/waldo/hoge +ExecStart=test -f %S/private/quux/pief/hoge +ExecStart=test -f %S/private/aaa/hoge +ExecStart=test -f %S/private/aaa/bbb/hoge +ExecStart=test -f %S/private/aaa/ccc/hoge +ExecStart=test -f %S/private/xxx/hoge +ExecStart=test -f %S/private/xxx/yyy/hoge +ExecStart=test -f %S/private/xxx/zzz/hoge +ExecStart=test -f %S/private/aaa/111/foo +ExecStart=test -f %S/private/aaa/222/foo +ExecStart=test -f %S/private/aaa/333/foo +ExecStart=test -f %S/private/xxx/foo +ExecStart=test -f %S/private/xxx/yyy/foo +ExecStart=test -f %S/private/xxx/zzz/foo ExecStart=sh -x -c 'test "$$STATE_DIRECTORY" = "%S/aaa:%S/aaa/bbb:%S/aaa/ccc:%S/quux/pief:%S/waldo:%S/xxx:%S/xxx/yyy:%S/xxx/zzz"' diff --git a/test/test-execute/exec-privatenetwork-yes.service b/test/test-execute/exec-privatenetwork-yes.service index 0fff048b94..360099d337 100644 --- a/test/test-execute/exec-privatenetwork-yes.service +++ b/test/test-execute/exec-privatenetwork-yes.service @@ -4,5 +4,6 @@ Description=Test for PrivateNetwork [Service] ExecStart=/bin/sh -x -c '! ip link | grep -E "^[0-9]+: " | grep -Ev ": (lo|(erspan|gre|gretap|ip_vti|ip6_vti|ip6gre|ip6tnl|sit|tunl)0@.*):"' +ExecStart=/bin/sh -x -c '! ip link | grep -E "^[0-9]+: " | grep -F ": dummy-test-exec:"' Type=oneshot PrivateNetwork=yes diff --git a/test/test-execute/exec-specifier-system.service b/test/test-execute/exec-specifier-system.service new file mode 100644 index 0000000000..9e8ee567aa --- /dev/null +++ b/test/test-execute/exec-specifier-system.service @@ -0,0 +1,11 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +[Unit] +Description=Test for specifiers (system) + +[Service] +Type=oneshot +ExecStart=test %t = /run +ExecStart=test %S = /var/lib +ExecStart=test %C = /var/cache +ExecStart=test %L = /var/log +ExecStart=test %E = /etc diff --git a/test/test-execute/exec-specifier-user.service b/test/test-execute/exec-specifier-user.service new file mode 100644 index 0000000000..ee0301a426 --- /dev/null +++ b/test/test-execute/exec-specifier-user.service @@ -0,0 +1,11 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +[Unit] +Description=Test for specifiers + +[Service] +Type=oneshot +ExecStart=sh -c 'test %t = $$XDG_RUNTIME_DIR' +ExecStart=sh -c 'test %S = %h/.config' +ExecStart=sh -c 'test %C = %h/.cache' +ExecStart=sh -c 'test %L = %h/.config/log' +ExecStart=sh -c 'test %E = %h/.config' diff --git a/test/test-execute/exec-specifier.service b/test/test-execute/exec-specifier.service index 2b487bae8c..512f786f83 100644 --- a/test/test-execute/exec-specifier.service +++ b/test/test-execute/exec-specifier.service @@ -13,11 +13,6 @@ ExecStart=test %I = "" ExecStart=test %j = specifier ExecStart=test %J = specifier ExecStart=test %f = /exec/specifier -ExecStart=test %t = /run -ExecStart=test %S = /var/lib -ExecStart=test %C = /var/cache -ExecStart=test %L = /var/log -ExecStart=test %E = /etc ExecStart=test %T = /tmp ExecStart=test %V = /var/tmp ExecStart=test %d = %t/credentials/%n diff --git a/test/test-execute/exec-specifier@.service b/test/test-execute/exec-specifier@.service index 69e969f716..cb9d0a182a 100644 --- a/test/test-execute/exec-specifier@.service +++ b/test/test-execute/exec-specifier@.service @@ -13,11 +13,6 @@ ExecStart=test %I = foo/bar ExecStart=test %j = specifier ExecStart=test %J = specifier ExecStart=test %f = /foo/bar -ExecStart=test %t = /run -ExecStart=test %S = /var/lib -ExecStart=test %C = /var/cache -ExecStart=test %L = /var/log -ExecStart=test %E = /etc ExecStart=sh -c 'test %u = $$(id -un)' ExecStart=sh -c 'test %U = $$(id -u)' ExecStart=sh -c 'test %g = $$(id -gn)' |