diff options
author | Lennart Poettering <lennart@poettering.net> | 2017-02-13 15:29:40 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-02-13 15:29:40 +0100 |
commit | c8c13d35c6cd633fed717f97c1138700b97ab6f2 (patch) | |
tree | d335b2c366fe1c02a32351c1a22be414d54fc019 | |
parent | fb1ebc442f1ae43fc6950abb9ae033bd467fb61f (diff) | |
parent | 303c0bf80cfa4e032f72b4775e10ac0ae17f28d1 (diff) |
Merge pull request #5319 from keszybz/test-execute
test-execute without capsh
-rw-r--r-- | README | 1 | ||||
-rw-r--r-- | src/test/test-execute.c | 49 |
2 files changed, 34 insertions, 16 deletions
@@ -180,6 +180,7 @@ REQUIREMENTS: - python3-pyparsing - python3-evdev (used by hwdb parsing tests) - strace (used by test/test-functions) + - capsh (optional, used by test-execute) USERS AND GROUPS: Default udev rules use the following standard system group diff --git a/src/test/test-execute.c b/src/test/test-execute.c index 1e479b9843..3a3ab3eb94 100644 --- a/src/test/test-execute.c +++ b/src/test/test-execute.c @@ -145,11 +145,11 @@ static void test_exec_privatetmp(Manager *m) { static void test_exec_privatedevices(Manager *m) { if (detect_container() > 0) { - log_notice("testing in container, skipping private device tests"); + log_notice("testing in container, skipping %s", __func__); return; } if (!is_inaccessible_available()) { - log_notice("testing without inaccessible, skipping private device tests"); + log_notice("testing without inaccessible, skipping %s", __func__); return; } @@ -158,12 +158,22 @@ static void test_exec_privatedevices(Manager *m) { } static void test_exec_privatedevices_capabilities(Manager *m) { + int r; + if (detect_container() > 0) { - log_notice("testing in container, skipping private device tests"); + log_notice("testing in container, skipping %s", __func__); return; } if (!is_inaccessible_available()) { - log_notice("testing without inaccessible, skipping private device tests"); + log_notice("testing without inaccessible, skipping %s", __func__); + return; + } + + /* We use capsh to test if the capabilities are + * properly set, so be sure that it exists */ + r = find_binary("capsh", NULL); + if (r < 0) { + log_error_errno(r, "Skipping %s, could not find capsh binary: %m", __func__); return; } @@ -174,15 +184,24 @@ static void test_exec_privatedevices_capabilities(Manager *m) { } static void test_exec_protectkernelmodules(Manager *m) { + int r; + if (detect_container() > 0) { - log_notice("testing in container, skipping protectkernelmodules tests"); + log_notice("testing in container, skipping %s", __func__); return; } if (!is_inaccessible_available()) { - log_notice("testing without inaccessible, skipping protectkernelmodules tests"); + log_notice("testing without inaccessible, skipping %s", __func__); return; } + r = find_binary("capsh", NULL); + if (r < 0) { + log_error_errno(r, "Skipping %s, could not find capsh binary: %m", __func__); + return; + } + + test(m, "exec-protectkernelmodules-no-capabilities.service", 0, CLD_EXITED); test(m, "exec-protectkernelmodules-yes-capabilities.service", 0, CLD_EXITED); test(m, "exec-protectkernelmodules-yes-mount-propagation.service", 0, CLD_EXITED); @@ -253,7 +272,7 @@ static void test_exec_systemcall_system_mode_with_user(Manager *m) { else if (getpwnam("nfsnobody")) test(m, "exec-systemcallfilter-system-user-nfsnobody.service", 0, CLD_EXITED); else - log_error_errno(errno, "Skipping test_exec_systemcall_system_mode_with_user, could not find nobody/nfsnobody user: %m"); + log_error_errno(errno, "Skipping %s, could not find nobody/nfsnobody user: %m", __func__); #endif } @@ -263,7 +282,7 @@ static void test_exec_user(Manager *m) { else if (getpwnam("nfsnobody")) test(m, "exec-user-nfsnobody.service", 0, CLD_EXITED); else - log_error_errno(errno, "Skipping test_exec_user, could not find nobody/nfsnobody user: %m"); + log_error_errno(errno, "Skipping %s, could not find nobody/nfsnobody user: %m", __func__); } static void test_exec_group(Manager *m) { @@ -272,7 +291,7 @@ static void test_exec_group(Manager *m) { else if (getgrnam("nfsnobody")) test(m, "exec-group-nfsnobody.service", 0, CLD_EXITED); else - log_error_errno(errno, "Skipping test_exec_group, could not find nobody/nfsnobody group: %m"); + log_error_errno(errno, "Skipping %s, could not find nobody/nfsnobody group: %m", __func__); } static void test_exec_supplementary_groups(Manager *m) { @@ -353,17 +372,15 @@ static void test_exec_runtimedirectory(Manager *m) { else if (getgrnam("nfsnobody")) test(m, "exec-runtimedirectory-owner-nfsnobody.service", 0, CLD_EXITED); else - log_error_errno(errno, "Skipping test_exec_runtimedirectory-owner, could not find nobody/nfsnobody group: %m"); + log_error_errno(errno, "Skipping %s, could not find nobody/nfsnobody group: %m", __func__); } static void test_exec_capabilityboundingset(Manager *m) { int r; - /* We use capsh to test if the capabilities are - * properly set, so be sure that it exists */ r = find_binary("capsh", NULL); if (r < 0) { - log_error_errno(r, "Skipping test_exec_capabilityboundingset, could not find capsh binary: %m"); + log_error_errno(r, "Skipping %s, could not find capsh binary: %m", __func__); return; } @@ -389,9 +406,9 @@ static void test_exec_capabilityambientset(Manager *m) { test(m, "exec-capabilityambientset-nfsnobody.service", 0, CLD_EXITED); test(m, "exec-capabilityambientset-merge-nfsnobody.service", 0, CLD_EXITED); } else - log_error_errno(errno, "Skipping test_exec_capabilityambientset, could not find nobody/nfsnobody user: %m"); + log_error_errno(errno, "Skipping %s, could not find nobody/nfsnobody user: %m", __func__); } else - log_error_errno(errno, "Skipping test_exec_capabilityambientset, the kernel does not support ambient capabilities: %m"); + log_error_errno(errno, "Skipping %s, the kernel does not support ambient capabilities: %m", __func__); } static void test_exec_privatenetwork(Manager *m) { @@ -399,7 +416,7 @@ static void test_exec_privatenetwork(Manager *m) { r = find_binary("ip", NULL); if (r < 0) { - log_error_errno(r, "Skipping test_exec_privatenetwork, could not find ip binary: %m"); + log_error_errno(r, "Skipping %s, could not find ip binary: %m", __func__); return; } |