diff options
| author | Ronny Chevalier <chevalier.ronny@gmail.com> | 2014-11-11 20:05:40 +0100 |
|---|---|---|
| committer | Tom Gundersen <teg@jklm.no> | 2014-11-13 10:39:51 +0100 |
| commit | 281e05b6cb406debe7b290e5aee8eae049671c14 (patch) | |
| tree | ee124bff7761e50b38a46745c1b110837f3cf7bd /test | |
| parent | 07aa32e31d82d1239a618e07adedaecd35d96b27 (diff) | |
tests: add test-execute
add tests for the following directives:
- WorkingDirectory
- Personality
- IgnoreSIGPIPE
- PrivateTmp
- SystemCallFilter: It makes test/TEST-04-SECCOMP obsolete, so it has
been removed.
- SystemCallErrorNumber
- User
- Group
- Environment
Diffstat (limited to 'test')
22 files changed, 106 insertions, 97 deletions
diff --git a/test/TEST-04-SECCOMP/Makefile b/test/TEST-04-SECCOMP/Makefile deleted file mode 120000 index e9f93b110..000000000 --- a/test/TEST-04-SECCOMP/Makefile +++ /dev/null @@ -1 +0,0 @@ -../TEST-01-BASIC/Makefile
\ No newline at end of file diff --git a/test/TEST-04-SECCOMP/test-seccomp.sh b/test/TEST-04-SECCOMP/test-seccomp.sh deleted file mode 100755 index 249619044..000000000 --- a/test/TEST-04-SECCOMP/test-seccomp.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash -x - -systemctl start will-fail.service -systemctl start will-fail2.service -systemctl start will-not-fail.service -systemctl start will-not-fail2.service -systemctl is-failed will-fail.service || exit 1 -systemctl is-failed will-fail2.service || exit 1 -systemctl is-failed will-not-fail.service && exit 1 -systemctl is-failed will-not-fail2.service && exit 1 - -touch /testok -exit 0 diff --git a/test/TEST-04-SECCOMP/test.sh b/test/TEST-04-SECCOMP/test.sh deleted file mode 100755 index a85b50cca..000000000 --- a/test/TEST-04-SECCOMP/test.sh +++ /dev/null @@ -1,79 +0,0 @@ -#!/bin/bash -# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- -# ex: ts=8 sw=4 sts=4 et filetype=sh -TEST_DESCRIPTION="seccomp tests" - -. $TEST_BASE_DIR/test-functions - -check_result_qemu() { - ret=1 - mkdir -p $TESTDIR/root - mount ${LOOPDEV}p1 $TESTDIR/root - [[ -e $TESTDIR/root/testok ]] && ret=0 - [[ -f $TESTDIR/root/failed ]] && cp -a $TESTDIR/root/failed $TESTDIR - cp -a $TESTDIR/root/var/log/journal $TESTDIR - umount $TESTDIR/root - [[ -f $TESTDIR/failed ]] && cat $TESTDIR/failed - ls -l $TESTDIR/journal/*/*.journal - test -s $TESTDIR/failed && ret=$(($ret+1)) - return $ret -} - -test_run() { - if run_qemu; then - check_result_qemu || return 1 - else - dwarn "can't run QEMU, skipping" - fi - if check_nspawn; then - run_nspawn - check_result_nspawn || return 1 - else - dwarn "can't run systemd-nspawn, skipping" - fi - return 0 -} - -test_setup() { - create_empty_image - mkdir -p $TESTDIR/root - mount ${LOOPDEV}p1 $TESTDIR/root - - # Create what will eventually be our root filesystem onto an overlay - ( - LOG_LEVEL=5 - eval $(udevadm info --export --query=env --name=${LOOPDEV}p2) - - setup_basic_environment - - # setup the testsuite service - cat >$initdir/etc/systemd/system/testsuite.service <<EOF -[Unit] -Description=Testsuite service -After=multi-user.target - -[Service] -ExecStart=/test-seccomp.sh -Type=oneshot -EOF - - # copy the units used by this test - cp {will-fail,will-fail2,will-not-fail,will-not-fail2}.service \ - $initdir/etc/systemd/system - cp test-seccomp.sh $initdir/ - - setup_testsuite - ) - setup_nspawn_root - - ddebug "umount $TESTDIR/root" - umount $TESTDIR/root -} - -test_cleanup() { - umount $TESTDIR/root 2>/dev/null - [[ $LOOPDEV ]] && losetup -d $LOOPDEV - return 0 -} - -do_test "$@" diff --git a/test/exec-environment-empty.service b/test/exec-environment-empty.service new file mode 100644 index 000000000..0219ca4fd --- /dev/null +++ b/test/exec-environment-empty.service @@ -0,0 +1,7 @@ +[Unit] +Description=Test for Environment + +[Service] +ExecStart=/bin/sh -c 'exit $(test ! "$VAR1" = "word1 word2") && $(test ! "$VAR2" = word3) && $(test ! "$VAR3" = \'$word 5 6\')' +Environment="VAR1=word1 word2" VAR2=word3 "VAR3=$word 5 6" +Environment= diff --git a/test/exec-environment-multiple.service b/test/exec-environment-multiple.service new file mode 100644 index 000000000..479005a5d --- /dev/null +++ b/test/exec-environment-multiple.service @@ -0,0 +1,7 @@ +[Unit] +Description=Test for Environment + +[Service] +ExecStart=/bin/sh -c 'exit $(test "$VAR1" = "word1 word2") && $(test "$VAR2" = word3) && $(test "$VAR3" = foobar)' +Environment="VAR1=word1 word2" VAR2=word3 "VAR3=$word 5 6" +Environment="VAR3=foobar" diff --git a/test/exec-environment.service b/test/exec-environment.service new file mode 100644 index 000000000..4586b4c4a --- /dev/null +++ b/test/exec-environment.service @@ -0,0 +1,6 @@ +[Unit] +Description=Test for Environment + +[Service] +ExecStart=/bin/sh -c 'exit $(test "$VAR1" = "word1 word2") && $(test "$VAR2" = word3) && $(test "$VAR3" = \'$word 5 6\')' +Environment="VAR1=word1 word2" VAR2=word3 "VAR3=$word 5 6" diff --git a/test/exec-group.service b/test/exec-group.service new file mode 100644 index 000000000..1aa04b5bd --- /dev/null +++ b/test/exec-group.service @@ -0,0 +1,6 @@ +[Unit] +Description=Test for Group + +[Service] +ExecStart=/bin/sh -c 'exit $(test $(id -n -g) = nobody)' +Group=nobody diff --git a/test/exec-ignoresigpipe-no.service b/test/exec-ignoresigpipe-no.service new file mode 100644 index 000000000..69b2e9d8a --- /dev/null +++ b/test/exec-ignoresigpipe-no.service @@ -0,0 +1,7 @@ +[Unit] +Description=Test for IgnoreSIGPIPE=no + +[Service] +ExecStart=/bin/sh -c 'kill -PIPE 0' +Type=oneshot +IgnoreSIGPIPE=no diff --git a/test/exec-ignoresigpipe-yes.service b/test/exec-ignoresigpipe-yes.service new file mode 100644 index 000000000..877ec8aed --- /dev/null +++ b/test/exec-ignoresigpipe-yes.service @@ -0,0 +1,7 @@ +[Unit] +Description=Test for IgnoreSIGPIPE=yes + +[Service] +ExecStart=/bin/sh -c 'kill -PIPE 0' +Type=oneshot +IgnoreSIGPIPE=yes diff --git a/test/exec-personality-x86-64.service b/test/exec-personality-x86-64.service new file mode 100644 index 000000000..5bb5d910d --- /dev/null +++ b/test/exec-personality-x86-64.service @@ -0,0 +1,7 @@ +[Unit] +Description=Test for Personality=x86-64 + +[Service] +ExecStart=/bin/sh -c 'echo $(uname -m); exit $(test $(uname -m) = "x86_64")' +Type=oneshot +Personality=x86-64 diff --git a/test/exec-personality-x86.service b/test/exec-personality-x86.service new file mode 100644 index 000000000..0b370a648 --- /dev/null +++ b/test/exec-personality-x86.service @@ -0,0 +1,7 @@ +[Unit] +Description=Test for Personality=x86 + +[Service] +ExecStart=/bin/sh -c 'echo $(uname -m); exit $(test $(uname -m) = "i686")' +Type=oneshot +Personality=x86 diff --git a/test/exec-privatedevices-no.service b/test/exec-privatedevices-no.service new file mode 100644 index 000000000..cf4f275fb --- /dev/null +++ b/test/exec-privatedevices-no.service @@ -0,0 +1,7 @@ +[Unit] +Description=Test for PrivateDev=no + +[Service] +ExecStart=/bin/sh -c 'exit $(test -c /dev/mem)' +Type=oneshot +PrivateDevices=no diff --git a/test/exec-privatedevices-yes.service b/test/exec-privatedevices-yes.service new file mode 100644 index 000000000..85b3f4f98 --- /dev/null +++ b/test/exec-privatedevices-yes.service @@ -0,0 +1,7 @@ +[Unit] +Description=Test for PrivateDev=yes + +[Service] +ExecStart=/bin/sh -c 'exit $(test ! -c /dev/mem)' +Type=oneshot +PrivateDevices=yes diff --git a/test/exec-privatetmp-no.service b/test/exec-privatetmp-no.service new file mode 100644 index 000000000..d69e552a6 --- /dev/null +++ b/test/exec-privatetmp-no.service @@ -0,0 +1,7 @@ +[Unit] +Description=Test for PrivateTmp=no + +[Service] +ExecStart=/bin/sh -c 'exit $(test -f /tmp/test-exec_privatetmp)' +Type=oneshot +PrivateTmp=no diff --git a/test/exec-privatetmp-yes.service b/test/exec-privatetmp-yes.service new file mode 100644 index 000000000..881a040b8 --- /dev/null +++ b/test/exec-privatetmp-yes.service @@ -0,0 +1,7 @@ +[Unit] +Description=Test for PrivateTmp=yes + +[Service] +ExecStart=/bin/sh -c 'exit $(test ! -f /tmp/test-exec_privatetmp)' +Type=oneshot +PrivateTmp=yes diff --git a/test/exec-systemcallerrornumber.service b/test/exec-systemcallerrornumber.service new file mode 100644 index 000000000..255a8b231 --- /dev/null +++ b/test/exec-systemcallerrornumber.service @@ -0,0 +1,7 @@ +[Unit] +Description=Test for SystemCallErrorNumber + +[Service] +ExecStart=/usr/bin/uname -a +SystemCallFilter=~uname +SystemCallErrorNumber=EACCES diff --git a/test/TEST-04-SECCOMP/will-fail.service b/test/exec-systemcallfilter-failing.service index c4e0be90f..c6ce9368c 100644 --- a/test/TEST-04-SECCOMP/will-fail.service +++ b/test/exec-systemcallfilter-failing.service @@ -1,5 +1,5 @@ [Unit] -Description=Will fail +Description=Test for SystemCallFilter [Service] ExecStart=/bin/echo "This should not be seen" diff --git a/test/TEST-04-SECCOMP/will-fail2.service b/test/exec-systemcallfilter-failing2.service index f7f1ae907..b7f7c2aff 100644 --- a/test/TEST-04-SECCOMP/will-fail2.service +++ b/test/exec-systemcallfilter-failing2.service @@ -1,5 +1,5 @@ [Unit] -Description=Will fail 2 +Description=Test for SystemCallFilter [Service] ExecStart=/bin/echo "This should not be seen" diff --git a/test/TEST-04-SECCOMP/will-not-fail.service b/test/exec-systemcallfilter-not-failing.service index 5c1b59456..feb206ab6 100644 --- a/test/TEST-04-SECCOMP/will-not-fail.service +++ b/test/exec-systemcallfilter-not-failing.service @@ -1,5 +1,5 @@ [Unit] -Description=Will not fail +Description=Test for SystemCallFilter [Service] ExecStart=/bin/echo "Foo bar" diff --git a/test/TEST-04-SECCOMP/will-not-fail2.service b/test/exec-systemcallfilter-not-failing2.service index 2df05e33e..cca469aa3 100644 --- a/test/TEST-04-SECCOMP/will-not-fail2.service +++ b/test/exec-systemcallfilter-not-failing2.service @@ -1,5 +1,5 @@ [Unit] -Description=Reset SystemCallFilter +Description=Test for SystemCallFilter [Service] ExecStart=/bin/echo "Foo bar" diff --git a/test/exec-user.service b/test/exec-user.service new file mode 100644 index 000000000..2ca08ebb4 --- /dev/null +++ b/test/exec-user.service @@ -0,0 +1,6 @@ +[Unit] +Description=Test for User + +[Service] +ExecStart=/bin/sh -c 'exit $(test "$USER" = nobody)' +User=nobody diff --git a/test/exec-workingdirectory.service b/test/exec-workingdirectory.service new file mode 100644 index 000000000..10855d682 --- /dev/null +++ b/test/exec-workingdirectory.service @@ -0,0 +1,7 @@ +[Unit] +Description=Test for WorkingDirectory + +[Service] +ExecStart=/bin/sh -c 'echo $PWD; exit $(test $PWD = "/tmp/test-exec_workingdirectory")' +Type=oneshot +WorkingDirectory=/tmp/test-exec_workingdirectory |