diff options
| author | Djalal Harouni <tixxdz@opendz.org> | 2016-11-15 20:45:27 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-11-15 20:45:27 +0100 |
| commit | afc402b76a4520997a7c831a943be75e3072b301 (patch) | |
| tree | 0ebe0b88cb1c755e5cd49cb169b23f494b99a3a8 /src/test | |
| parent | 22f1f8f24cc845dbb953535e93d69f06aa69712f (diff) | |
| parent | 73186d534b1d4a8c217cf102ffd837d8e61a7e42 (diff) | |
Merge pull request #4658 from endocode/djalal/sandbox-various-fixes-v1
core: improve the logic that implies no new privileges and documentation fixes
Diffstat (limited to 'src/test')
| -rw-r--r-- | src/test/test-execute.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/src/test/test-execute.c b/src/test/test-execute.c index 6029853e3e..b2ea358b8c 100644 --- a/src/test/test-execute.c +++ b/src/test/test-execute.c @@ -219,6 +219,18 @@ static void test_exec_systemcallerrornumber(Manager *m) { #endif } +static void test_exec_restrict_namespaces(Manager *m) { +#ifdef HAVE_SECCOMP + if (!is_seccomp_available()) + return; + + test(m, "exec-restrict-namespaces-no.service", 0, CLD_EXITED); + test(m, "exec-restrict-namespaces-yes.service", 1, CLD_EXITED); + test(m, "exec-restrict-namespaces-mnt.service", 0, CLD_EXITED); + test(m, "exec-restrict-namespaces-mnt-blacklist.service", 1, CLD_EXITED); +#endif +} + static void test_exec_systemcall_system_mode_with_user(Manager *m) { #ifdef HAVE_SECCOMP if (!is_seccomp_available()) @@ -435,6 +447,7 @@ int main(int argc, char *argv[]) { test_exec_privatenetwork, test_exec_systemcallfilter, test_exec_systemcallerrornumber, + test_exec_restrict_namespaces, test_exec_user, test_exec_group, test_exec_supplementary_groups, |