test: add tests for RestrictNamespaces=

author: Djalal Harouni <tixxdz@opendz.org> 2016-11-15 15:50:19 +0100
committer: Djalal Harouni <tixxdz@opendz.org> 2016-11-15 15:50:19 +0100
commit: 97e60383c0648e961c317188003130639c1de8d6 (patch)
tree: b51ef89d30b0b96e2d4f0451d7c7c84016b65e60 /src/test
parent: d6299d613f916e1d63ef81d6d277d4e98b8e8194 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/src/test/test-execute.c b/src/test/test-execute.c
index 6029853e3e..b2ea358b8c 100644
--- a/src/test/test-execute.c
+++ b/src/test/test-execute.c
@@ -219,6 +219,18 @@ static void test_exec_systemcallerrornumber(Manager *m) {
 #endif
 }
 
+static void test_exec_restrict_namespaces(Manager *m) {
+#ifdef HAVE_SECCOMP
+        if (!is_seccomp_available())
+                return;
+
+        test(m, "exec-restrict-namespaces-no.service", 0, CLD_EXITED);
+        test(m, "exec-restrict-namespaces-yes.service", 1, CLD_EXITED);
+        test(m, "exec-restrict-namespaces-mnt.service", 0, CLD_EXITED);
+        test(m, "exec-restrict-namespaces-mnt-blacklist.service", 1, CLD_EXITED);
+#endif
+}
+
 static void test_exec_systemcall_system_mode_with_user(Manager *m) {
 #ifdef HAVE_SECCOMP
         if (!is_seccomp_available())
@@ -435,6 +447,7 @@ int main(int argc, char *argv[]) {
                 test_exec_privatenetwork,
                 test_exec_systemcallfilter,
                 test_exec_systemcallerrornumber,
+                test_exec_restrict_namespaces,
                 test_exec_user,
                 test_exec_group,
                 test_exec_supplementary_groups,
author	Djalal Harouni <tixxdz@opendz.org>	2016-11-15 15:50:19 +0100
committer	Djalal Harouni <tixxdz@opendz.org>	2016-11-15 15:50:19 +0100
commit	97e60383c0648e961c317188003130639c1de8d6 (patch)
tree	b51ef89d30b0b96e2d4f0451d7c7c84016b65e60 /src/test
parent	d6299d613f916e1d63ef81d6d277d4e98b8e8194 (diff)