diff options
| -rwxr-xr-x | test/TEST-22-TMPFILES/test.sh | 2 | ||||
| -rwxr-xr-x | test/test-systemd-tmpfiles.py | 24 | ||||
| -rwxr-xr-x | test/units/testsuite-22.16.sh | 36 |
3 files changed, 62 insertions, 0 deletions
diff --git a/test/TEST-22-TMPFILES/test.sh b/test/TEST-22-TMPFILES/test.sh index 46dd990f79..82d497d50f 100755 --- a/test/TEST-22-TMPFILES/test.sh +++ b/test/TEST-22-TMPFILES/test.sh @@ -17,6 +17,8 @@ test_append_files() { sed -i "s/systemd//g" "$initdir/etc/nsswitch.conf" fi + + image_install setfacl } do_test "$@" diff --git a/test/test-systemd-tmpfiles.py b/test/test-systemd-tmpfiles.py index 791a88497c..369478d31e 100755 --- a/test/test-systemd-tmpfiles.py +++ b/test/test-systemd-tmpfiles.py @@ -13,6 +13,7 @@ import subprocess import tempfile import pwd import grp +from pathlib import Path try: from systemd import id128 @@ -202,6 +203,27 @@ def test_hard_cleanup(*, user): def test_base64(): test_content('f~ {} - - - - UGlmZgpQYWZmClB1ZmYgCg==', "Piff\nPaff\nPuff \n", user=False) +def test_conditionalized_execute_bit(): + c = subprocess.run(exe_with_args + ['--version', '|', 'grep', '-F', '+ACL'], shell=True, stdout=subprocess.DEVNULL) + if c.returncode != 0: + return 0 + + d = tempfile.TemporaryDirectory(prefix='test-acl.', dir=temp_dir.name) + temp = Path(d.name) / "cond_exec" + temp.touch() + temp.chmod(0o644) + + test_line(f"a {temp} - - - - u:root:Xwr", user=False, returncode=0) + c = subprocess.run(["getfacl", "-Ec", temp], + stdout=subprocess.PIPE, check=True, text=True) + assert "user:root:rw-" in c.stdout + + temp.chmod(0o755) + test_line(f"a+ {temp} - - - - u:root:Xwr,g:root:rX", user=False, returncode=0) + c = subprocess.run(["getfacl", "-Ec", temp], + stdout=subprocess.PIPE, check=True, text=True) + assert "user:root:rwx" in c.stdout and "group:root:r-x" in c.stdout + if __name__ == '__main__': test_invalids(user=False) test_invalids(user=True) @@ -214,3 +236,5 @@ if __name__ == '__main__': test_hard_cleanup(user=True) test_base64() + + test_conditionalized_execute_bit() diff --git a/test/units/testsuite-22.16.sh b/test/units/testsuite-22.16.sh new file mode 100755 index 0000000000..15387cddb8 --- /dev/null +++ b/test/units/testsuite-22.16.sh @@ -0,0 +1,36 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# Test for conditionalized execute bit ('X' bit) +set -eux +set -o pipefail + +# shellcheck source=test/units/assert.sh +. "$(dirname "$0")"/assert.sh + +rm -f /tmp/acl_exec +touch /tmp/acl_exec + +# No ACL set yet +systemd-tmpfiles --create - <<EOF +a /tmp/acl_exec - - - - u:root:rwX +EOF +assert_in 'user:root:rw-' "$(getfacl -Ec /tmp/acl_exec)" + +# Set another ACL and append +setfacl -m g:root:x /tmp/acl_exec + +systemd-tmpfiles --create - <<EOF +a+ /tmp/acl_exec - - - - u:root:rwX +EOF +acl="$(getfacl -Ec /tmp/acl_exec)" +assert_in 'user:root:rwx' "$acl" +assert_in 'group:root:--x' "$acl" + +# Reset ACL (no append) +systemd-tmpfiles --create - <<EOF +a /tmp/acl_exec - - - - u:root:rwX +EOF +assert_in 'user:root:rw-' "$(getfacl -Ec /tmp/acl_exec)" + +rm -f /tmp/acl_exec |