summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2017-02-13 15:29:40 +0100
committerGitHub <noreply@github.com>2017-02-13 15:29:40 +0100
commitc8c13d35c6cd633fed717f97c1138700b97ab6f2 (patch)
treed335b2c366fe1c02a32351c1a22be414d54fc019
parentfb1ebc442f1ae43fc6950abb9ae033bd467fb61f (diff)
parent303c0bf80cfa4e032f72b4775e10ac0ae17f28d1 (diff)
Merge pull request #5319 from keszybz/test-execute
test-execute without capsh
-rw-r--r--README1
-rw-r--r--src/test/test-execute.c49
2 files changed, 34 insertions, 16 deletions
diff --git a/README b/README
index 4b369fbc86..dc88d5b261 100644
--- a/README
+++ b/README
@@ -180,6 +180,7 @@ REQUIREMENTS:
- python3-pyparsing
- python3-evdev (used by hwdb parsing tests)
- strace (used by test/test-functions)
+ - capsh (optional, used by test-execute)
USERS AND GROUPS:
Default udev rules use the following standard system group
diff --git a/src/test/test-execute.c b/src/test/test-execute.c
index 1e479b9843..3a3ab3eb94 100644
--- a/src/test/test-execute.c
+++ b/src/test/test-execute.c
@@ -145,11 +145,11 @@ static void test_exec_privatetmp(Manager *m) {
static void test_exec_privatedevices(Manager *m) {
if (detect_container() > 0) {
- log_notice("testing in container, skipping private device tests");
+ log_notice("testing in container, skipping %s", __func__);
return;
}
if (!is_inaccessible_available()) {
- log_notice("testing without inaccessible, skipping private device tests");
+ log_notice("testing without inaccessible, skipping %s", __func__);
return;
}
@@ -158,12 +158,22 @@ static void test_exec_privatedevices(Manager *m) {
}
static void test_exec_privatedevices_capabilities(Manager *m) {
+ int r;
+
if (detect_container() > 0) {
- log_notice("testing in container, skipping private device tests");
+ log_notice("testing in container, skipping %s", __func__);
return;
}
if (!is_inaccessible_available()) {
- log_notice("testing without inaccessible, skipping private device tests");
+ log_notice("testing without inaccessible, skipping %s", __func__);
+ return;
+ }
+
+ /* We use capsh to test if the capabilities are
+ * properly set, so be sure that it exists */
+ r = find_binary("capsh", NULL);
+ if (r < 0) {
+ log_error_errno(r, "Skipping %s, could not find capsh binary: %m", __func__);
return;
}
@@ -174,15 +184,24 @@ static void test_exec_privatedevices_capabilities(Manager *m) {
}
static void test_exec_protectkernelmodules(Manager *m) {
+ int r;
+
if (detect_container() > 0) {
- log_notice("testing in container, skipping protectkernelmodules tests");
+ log_notice("testing in container, skipping %s", __func__);
return;
}
if (!is_inaccessible_available()) {
- log_notice("testing without inaccessible, skipping protectkernelmodules tests");
+ log_notice("testing without inaccessible, skipping %s", __func__);
return;
}
+ r = find_binary("capsh", NULL);
+ if (r < 0) {
+ log_error_errno(r, "Skipping %s, could not find capsh binary: %m", __func__);
+ return;
+ }
+
+
test(m, "exec-protectkernelmodules-no-capabilities.service", 0, CLD_EXITED);
test(m, "exec-protectkernelmodules-yes-capabilities.service", 0, CLD_EXITED);
test(m, "exec-protectkernelmodules-yes-mount-propagation.service", 0, CLD_EXITED);
@@ -253,7 +272,7 @@ static void test_exec_systemcall_system_mode_with_user(Manager *m) {
else if (getpwnam("nfsnobody"))
test(m, "exec-systemcallfilter-system-user-nfsnobody.service", 0, CLD_EXITED);
else
- log_error_errno(errno, "Skipping test_exec_systemcall_system_mode_with_user, could not find nobody/nfsnobody user: %m");
+ log_error_errno(errno, "Skipping %s, could not find nobody/nfsnobody user: %m", __func__);
#endif
}
@@ -263,7 +282,7 @@ static void test_exec_user(Manager *m) {
else if (getpwnam("nfsnobody"))
test(m, "exec-user-nfsnobody.service", 0, CLD_EXITED);
else
- log_error_errno(errno, "Skipping test_exec_user, could not find nobody/nfsnobody user: %m");
+ log_error_errno(errno, "Skipping %s, could not find nobody/nfsnobody user: %m", __func__);
}
static void test_exec_group(Manager *m) {
@@ -272,7 +291,7 @@ static void test_exec_group(Manager *m) {
else if (getgrnam("nfsnobody"))
test(m, "exec-group-nfsnobody.service", 0, CLD_EXITED);
else
- log_error_errno(errno, "Skipping test_exec_group, could not find nobody/nfsnobody group: %m");
+ log_error_errno(errno, "Skipping %s, could not find nobody/nfsnobody group: %m", __func__);
}
static void test_exec_supplementary_groups(Manager *m) {
@@ -353,17 +372,15 @@ static void test_exec_runtimedirectory(Manager *m) {
else if (getgrnam("nfsnobody"))
test(m, "exec-runtimedirectory-owner-nfsnobody.service", 0, CLD_EXITED);
else
- log_error_errno(errno, "Skipping test_exec_runtimedirectory-owner, could not find nobody/nfsnobody group: %m");
+ log_error_errno(errno, "Skipping %s, could not find nobody/nfsnobody group: %m", __func__);
}
static void test_exec_capabilityboundingset(Manager *m) {
int r;
- /* We use capsh to test if the capabilities are
- * properly set, so be sure that it exists */
r = find_binary("capsh", NULL);
if (r < 0) {
- log_error_errno(r, "Skipping test_exec_capabilityboundingset, could not find capsh binary: %m");
+ log_error_errno(r, "Skipping %s, could not find capsh binary: %m", __func__);
return;
}
@@ -389,9 +406,9 @@ static void test_exec_capabilityambientset(Manager *m) {
test(m, "exec-capabilityambientset-nfsnobody.service", 0, CLD_EXITED);
test(m, "exec-capabilityambientset-merge-nfsnobody.service", 0, CLD_EXITED);
} else
- log_error_errno(errno, "Skipping test_exec_capabilityambientset, could not find nobody/nfsnobody user: %m");
+ log_error_errno(errno, "Skipping %s, could not find nobody/nfsnobody user: %m", __func__);
} else
- log_error_errno(errno, "Skipping test_exec_capabilityambientset, the kernel does not support ambient capabilities: %m");
+ log_error_errno(errno, "Skipping %s, the kernel does not support ambient capabilities: %m", __func__);
}
static void test_exec_privatenetwork(Manager *m) {
@@ -399,7 +416,7 @@ static void test_exec_privatenetwork(Manager *m) {
r = find_binary("ip", NULL);
if (r < 0) {
- log_error_errno(r, "Skipping test_exec_privatenetwork, could not find ip binary: %m");
+ log_error_errno(r, "Skipping %s, could not find ip binary: %m", __func__);
return;
}