summaryrefslogtreecommitdiff
path: root/test/test-execute
AgeCommit message (Collapse)Author
2017-02-12core: skip ReadOnlyPaths= and other permission-related mounts on ↵Lennart Poettering
PermissionsStartOnly= (#5309) ReadOnlyPaths=, ProtectHome=, InaccessiblePaths= and ProtectSystem= are about restricting access and little more, hence they should be disabled if PermissionsStartOnly= is used or ExecStart= lines are prefixed with a "+". Do that. (Note that we will still create namespaces and stuff, since that's about a lot more than just permissions. We'll simply disable the effect of the four options mentioned above, but nothing else mount related.) This also adds a test for this, to ensure this works as intended. No documentation updates, as the documentation are already vague enough to support the new behaviour ("If true, the permission-related execution options…"). We could clarify this further, but I think we might want to extend the switches' behaviour a bit more in future, hence leave it at this for now. Fixes: #5308
2017-01-06tests: fix failure of test-execute if /dev/mem is not available (#5028)Michal Sekletar
/dev/mem isn't necessarily available. Recently, I've encountered arm64 systems that didn't provide raw memory access via /dev/mem. Instead, let's use /dev/kmsg since we don't support systems w/o it anyway.
2016-11-15test: add tests for RestrictNamespaces=Djalal Harouni
2016-11-03test: test DynamicUser= with SupplementaryGroups=Djalal Harouni
2016-11-03test: test DynamicUser= with a fixed userDjalal Harouni
2016-10-24test: lets add more tests to cover SupplementaryGroups= cases.Djalal Harouni
2016-10-23test: add more tests for SupplementaryGroups=Djalal Harouni
2016-10-23test: Add simple test for supplementary groupsDjalal Harouni
2016-10-12test: add test to make sure that ProtectKernelModules=yes disconnect mount ↵Djalal Harouni
propagation
2016-10-12test: add test to make sure that CAP_SYS_RAWIO was removed on PrivateDevices=yesDjalal Harouni
2016-10-12test: add capability tests for ProtectKernelModules=Djalal Harouni
This just adds capabilities test.
2016-09-27test: make sure that {readonly|inaccessible|readwrite}paths disconnect mount ↵Djalal Harouni
propagation Better safe.
2016-09-27test: add tests for simple ReadOnlyPaths= caseDjalal Harouni
2016-09-25test: add CAP_MKNOD tests for PrivateDevices=Djalal Harouni
2016-08-02test: fix test-execute personality tests on ppc64 and aarch64 (#3825)Jan Synacek
2016-02-28test-execute: add nfsnobody alternative as a nobody userRonny Chevalier
2016-02-28core: set NoNewPrivileges for seccomp if we don't have CAP_SYS_ADMINRonny Chevalier
The manpage of seccomp specify that using seccomp with SECCOMP_SET_MODE_FILTER will return EACCES if the caller do not have CAP_SYS_ADMIN set, or if the no_new_privileges bit is not set. Hence, without NoNewPrivilege set, it is impossible to use a SystemCall* directive with a User directive set in system mode. Now, NoNewPrivileges is set if we are in user mode, or if we are in system mode and we don't have CAP_SYS_ADMIN, and SystemCall* directives are used.
2016-02-17tests: add test for https://github.com/systemd/systemd/issues/2637Evgeny Vereshchagin
+ perl -e 'exit(!(qq{0} eq qq{\x25U}))' exec-spec-interpolation.service: Main process exited, code=exited, status=1/FAILURE exec-spec-interpolation.service: Unit entered failed state. exec-spec-interpolation.service: Failed with result 'exit-code'. PID: 11270 Start Timestamp: Wed 2016-02-17 22:21:31 UTC Exit Timestamp: Wed 2016-02-17 22:21:31 UTC Exit Code: exited Exit Status: 1 Assertion 'service->main_exec_status.status == status_expected' failed at src/test/test-execute.c:65, function check(). Aborting.
2016-01-12tests: test ambient capabilities.Ismo Puustinen
The ambient capability tests are only run if the kernel has support for ambient capabilities.
2015-11-11test-execute: Add tests for new PassEnvironment= directiveFilipe Brandenburger
Check the base case, plus erasing the list, listing the same variable name more than once and when variables are absent from the manager execution environment. Confirmed that `sudo ./test-execute` passes and that modifying the test cases (or the values of the set variables in test-execute.c) is enough to make the test cases fail.
2015-11-10test-execute: Fix systemd escaping and shell issuesFilipe Brandenburger
In most cases, systemd requires escaping $ (for systemd variable substitution) and % (for specifiers) by doubling them. This was somewhat of an issue in tests like exec-environment*.service where systemd was doing the substitutions and we were not really checking that those were available in the actual environment of the command. Fix that. Expressions such as `exit $(test ...)` are incorrect. They only work because $(test ...) will produce no output, so the command will become a bare "exit" which will exit with the status of the latest executed command which turns out to be the test... The direct approach is simply calling "test" as the last command, for which the shell will propagate the exit status. One situation where this was breaking tests was on `exit $(test ...) && $(test ...) && $(test ...)` where the second and third tests were not really executing, since the first command is actually `exit` so && was doing nothing there. Fixed it by just using `test ... && test ... && test ...` as it was initially intended. Pass -x to all shell executions for them to produce useful debugging output to stderr. Consequently, removed most of the explicit `echo`s that are no longer needed. Mark all units as Type=oneshot explicitly. Also made sure all shell variables are properly quoted. v2: Added an explicit LC_ALL=C to ionice invocations since some locales (such as French) will add a space before the colon in the output. Tested by running `sudo ./test-execute` and confirming all tests enabled on my system (essentially all of them except for the s390 one) passed. Tweaked the variables or options or expected values and confirmed the tests do indeed fail when the values are not exactly the expected ones. v2: Also tested with `LANG=fr_FR.UTF-8 sudo ./test-execute` to confirm it still works in a different locale.
2015-11-06test-execute: don't use /usr/bin/uname. use sh and PATHEvgeny Vereshchagin
2015-10-31test-execute: move all files related to a specific directoryRonny Chevalier
To avoid polluting test/