test: add CAP_MKNOD tests for PrivateDevices=

author: Djalal Harouni <tixxdz@opendz.org> 2016-09-25 13:04:30 +0200
committer: Djalal Harouni <tixxdz@opendz.org> 2016-09-25 13:04:30 +0200
commit: 615a1f4b26f3c7d10ad9ea638341a6920a6bc435 (patch)
tree: bd2c0eb3df604f41e21a9c06aedcf8a0168dc95a /src/test
parent: 8f81a5f61bcf745bae3acad599d7a9da686643e3 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/src/test/test-execute.c b/src/test/test-execute.c
index 25489cefbc..2bc1854485 100644
--- a/src/test/test-execute.c
+++ b/src/test/test-execute.c
@@ -133,6 +133,15 @@ static void test_exec_privatedevices(Manager *m) {
         test(m, "exec-privatedevices-no.service", 0, CLD_EXITED);
 }
 
+static void test_exec_privatedevices_capabilities(Manager *m) {
+        if (detect_container() > 0) {
+                log_notice("testing in container, skipping private device tests");
+                return;
+        }
+        test(m, "exec-privatedevices-yes-capability-mknod.service", 0, CLD_EXITED);
+        test(m, "exec-privatedevices-no-capability-mknod.service", 0, CLD_EXITED);
+}
+
 static void test_exec_systemcallfilter(Manager *m) {
 #ifdef HAVE_SECCOMP
         if (!is_seccomp_available())
@@ -345,6 +354,7 @@ int main(int argc, char *argv[]) {
                 test_exec_ignoresigpipe,
                 test_exec_privatetmp,
                 test_exec_privatedevices,
+                test_exec_privatedevices_capabilities,
                 test_exec_privatenetwork,
                 test_exec_systemcallfilter,
                 test_exec_systemcallerrornumber,
author	Djalal Harouni <tixxdz@opendz.org>	2016-09-25 13:04:30 +0200
committer	Djalal Harouni <tixxdz@opendz.org>	2016-09-25 13:04:30 +0200
commit	615a1f4b26f3c7d10ad9ea638341a6920a6bc435 (patch)
tree	bd2c0eb3df604f41e21a9c06aedcf8a0168dc95a /src/test
parent	8f81a5f61bcf745bae3acad599d7a9da686643e3 (diff)