summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2017-02-12 00:21:02 -0500
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2017-02-12 00:26:19 -0500
commit0608ba9826bab37a1f2f4bb1bc5f077f621d4f3d (patch)
tree1a3386dfcaa50c6e0a0b67ab1cf5dd414706e57e
parent8367fea557cffaa6e870ccf1b94a063f560a922f (diff)
test-execute: detect missing capsh in all tests
Fixes #5273.
-rw-r--r--src/test/test-execute.c23
1 files changed, 20 insertions, 3 deletions
diff --git a/src/test/test-execute.c b/src/test/test-execute.c
index bc9a2021f9..971176d65d 100644
--- a/src/test/test-execute.c
+++ b/src/test/test-execute.c
@@ -158,6 +158,8 @@ static void test_exec_privatedevices(Manager *m) {
}
static void test_exec_privatedevices_capabilities(Manager *m) {
+ int r;
+
if (detect_container() > 0) {
log_notice("testing in container, skipping private device tests");
return;
@@ -167,6 +169,14 @@ static void test_exec_privatedevices_capabilities(Manager *m) {
return;
}
+ /* We use capsh to test if the capabilities are
+ * properly set, so be sure that it exists */
+ r = find_binary("capsh", NULL);
+ if (r < 0) {
+ log_error_errno(r, "Skipping %s, could not find capsh binary: %m", __func__);
+ return;
+ }
+
test(m, "exec-privatedevices-yes-capability-mknod.service", 0, CLD_EXITED);
test(m, "exec-privatedevices-no-capability-mknod.service", 0, CLD_EXITED);
test(m, "exec-privatedevices-yes-capability-sys-rawio.service", 0, CLD_EXITED);
@@ -174,6 +184,8 @@ static void test_exec_privatedevices_capabilities(Manager *m) {
}
static void test_exec_protectkernelmodules(Manager *m) {
+ int r;
+
if (detect_container() > 0) {
log_notice("testing in container, skipping protectkernelmodules tests");
return;
@@ -183,6 +195,13 @@ static void test_exec_protectkernelmodules(Manager *m) {
return;
}
+ r = find_binary("capsh", NULL);
+ if (r < 0) {
+ log_error_errno(r, "Skipping %s, could not find capsh binary: %m", __func__);
+ return;
+ }
+
+
test(m, "exec-protectkernelmodules-no-capabilities.service", 0, CLD_EXITED);
test(m, "exec-protectkernelmodules-yes-capabilities.service", 0, CLD_EXITED);
test(m, "exec-protectkernelmodules-yes-mount-propagation.service", 0, CLD_EXITED);
@@ -359,11 +378,9 @@ static void test_exec_runtimedirectory(Manager *m) {
static void test_exec_capabilityboundingset(Manager *m) {
int r;
- /* We use capsh to test if the capabilities are
- * properly set, so be sure that it exists */
r = find_binary("capsh", NULL);
if (r < 0) {
- log_error_errno(r, "Skipping test_exec_capabilityboundingset, could not find capsh binary: %m");
+ log_error_errno(r, "Skipping %s, could not find capsh binary: %m", __func__);
return;
}