From 615a1f4b26f3c7d10ad9ea638341a6920a6bc435 Mon Sep 17 00:00:00 2001
From: Djalal Harouni <tixxdz@opendz.org>
Date: Sun, 25 Sep 2016 13:04:30 +0200
Subject: test: add CAP_MKNOD tests for PrivateDevices=

---
 src/test/test-execute.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'src/test/test-execute.c')

diff --git a/src/test/test-execute.c b/src/test/test-execute.c
index 25489cefbc..2bc1854485 100644
--- a/src/test/test-execute.c
+++ b/src/test/test-execute.c
@@ -133,6 +133,15 @@ static void test_exec_privatedevices(Manager *m) {
         test(m, "exec-privatedevices-no.service", 0, CLD_EXITED);
 }
 
+static void test_exec_privatedevices_capabilities(Manager *m) {
+        if (detect_container() > 0) {
+                log_notice("testing in container, skipping private device tests");
+                return;
+        }
+        test(m, "exec-privatedevices-yes-capability-mknod.service", 0, CLD_EXITED);
+        test(m, "exec-privatedevices-no-capability-mknod.service", 0, CLD_EXITED);
+}
+
 static void test_exec_systemcallfilter(Manager *m) {
 #ifdef HAVE_SECCOMP
         if (!is_seccomp_available())
@@ -345,6 +354,7 @@ int main(int argc, char *argv[]) {
                 test_exec_ignoresigpipe,
                 test_exec_privatetmp,
                 test_exec_privatedevices,
+                test_exec_privatedevices_capabilities,
                 test_exec_privatenetwork,
                 test_exec_systemcallfilter,
                 test_exec_systemcallerrornumber,
-- 
cgit v1.2.3-54-g00ecf