summaryrefslogtreecommitdiff
path: root/src/test/test-ns.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/test/test-ns.c')
-rw-r--r--src/test/test-ns.c22
1 files changed, 18 insertions, 4 deletions
diff --git a/src/test/test-ns.c b/src/test/test-ns.c
index 151c88bc8c..83e955430c 100644
--- a/src/test/test-ns.c
+++ b/src/test/test-ns.c
@@ -26,13 +26,18 @@
int main(int argc, char *argv[]) {
const char * const writable[] = {
"/home",
+ "-/home/lennart/projects/foobar", /* this should be masked automatically */
NULL
};
const char * const readonly[] = {
- "/",
- "/usr",
+ /* "/", */
+ /* "/usr", */
"/boot",
+ "/lib",
+ "/usr/lib",
+ "-/lib64",
+ "-/usr/lib64",
NULL
};
@@ -40,13 +45,22 @@ int main(int argc, char *argv[]) {
"/home/lennart/projects",
NULL
};
+
+ static const NameSpaceInfo ns_info = {
+ .private_dev = true,
+ .protect_control_groups = true,
+ .protect_kernel_tunables = true,
+ .protect_kernel_modules = true,
+ };
+
char *root_directory;
char *projects_directory;
-
int r;
char tmp_dir[] = "/tmp/systemd-private-XXXXXX",
var_tmp_dir[] = "/var/tmp/systemd-private-XXXXXX";
+ log_set_max_level(LOG_DEBUG);
+
assert_se(mkdtemp(tmp_dir));
assert_se(mkdtemp(var_tmp_dir));
@@ -63,12 +77,12 @@ int main(int argc, char *argv[]) {
log_info("Not chrooted");
r = setup_namespace(root_directory,
+ &ns_info,
(char **) writable,
(char **) readonly,
(char **) inaccessible,
tmp_dir,
var_tmp_dir,
- true,
PROTECT_HOME_NO,
PROTECT_SYSTEM_NO,
0);
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2025-02-16 23:57:44 +0000