mirror of
https://github.com/morgan9e/systemd
synced 2026-04-14 00:14:32 +09:00
test-execute: drop capabilities when testing with user manager
Before this, tests are split into two categories, system and user, but both are running in fully privileged environment. Hence, unprivileged user scope was mostly not covered by the test. Let's run all tests in both system and user scopes, and drop capabilities when Manager is running in user scope. This also makes the host environment protected more from the test run.
This commit is contained in:
Yu Watanabe
@@ -3,14 +3,14 @@
|
||||
Description=Test DynamicUser= migrate StateDirectory= (preparation)
|
||||
|
||||
[Service]
|
||||
ExecStart=test -w /var/lib/test-dynamicuser-migrate
|
||||
ExecStart=test -w /var/lib/test-dynamicuser-migrate2/hoge
|
||||
ExecStart=test ! -L /var/lib/test-dynamicuser-migrate
|
||||
ExecStart=test ! -L /var/lib/test-dynamicuser-migrate2/hoge
|
||||
ExecStart=test -d /var/lib/test-dynamicuser-migrate
|
||||
ExecStart=test -d /var/lib/test-dynamicuser-migrate2/hoge
|
||||
ExecStart=touch /var/lib/test-dynamicuser-migrate/yay
|
||||
ExecStart=touch /var/lib/test-dynamicuser-migrate2/hoge/yayyay
|
||||
ExecStart=test -w %S/test-dynamicuser-migrate
|
||||
ExecStart=test -w %S/test-dynamicuser-migrate2/hoge
|
||||
ExecStart=test ! -L %S/test-dynamicuser-migrate
|
||||
ExecStart=test ! -L %S/test-dynamicuser-migrate2/hoge
|
||||
ExecStart=test -d %S/test-dynamicuser-migrate
|
||||
ExecStart=test -d %S/test-dynamicuser-migrate2/hoge
|
||||
ExecStart=touch %S/test-dynamicuser-migrate/yay
|
||||
ExecStart=touch %S/test-dynamicuser-migrate2/hoge/yayyay
|
||||
ExecStart=/bin/sh -x -c 'test "$$STATE_DIRECTORY" = "%S/test-dynamicuser-migrate:%S/test-dynamicuser-migrate2/hoge"'
|
||||
|
||||
Type=oneshot
|
||||
|
||||
@@ -3,22 +3,22 @@
|
||||
Description=Test DynamicUser= migrate StateDirectory=
|
||||
|
||||
[Service]
|
||||
ExecStart=test -w /var/lib/test-dynamicuser-migrate
|
||||
ExecStart=test -w /var/lib/test-dynamicuser-migrate2/hoge
|
||||
ExecStart=test -L /var/lib/test-dynamicuser-migrate
|
||||
ExecStart=test -L /var/lib/test-dynamicuser-migrate2/hoge
|
||||
ExecStart=test -d /var/lib/test-dynamicuser-migrate
|
||||
ExecStart=test -d /var/lib/test-dynamicuser-migrate2/hoge
|
||||
ExecStart=test -f /var/lib/test-dynamicuser-migrate/yay
|
||||
ExecStart=test -f /var/lib/test-dynamicuser-migrate2/hoge/yayyay
|
||||
ExecStart=test -d /var/lib/private/test-dynamicuser-migrate
|
||||
ExecStart=test -d /var/lib/private/test-dynamicuser-migrate2/hoge
|
||||
ExecStart=test -f /var/lib/private/test-dynamicuser-migrate/yay
|
||||
ExecStart=test -f /var/lib/private/test-dynamicuser-migrate2/hoge/yayyay
|
||||
ExecStart=touch /var/lib/test-dynamicuser-migrate/yay
|
||||
ExecStart=touch /var/lib/test-dynamicuser-migrate2/hoge/yayyay
|
||||
ExecStart=touch /var/lib/private/test-dynamicuser-migrate/yay
|
||||
ExecStart=touch /var/lib/private/test-dynamicuser-migrate2/hoge/yayyay
|
||||
ExecStart=test -w %S/test-dynamicuser-migrate
|
||||
ExecStart=test -w %S/test-dynamicuser-migrate2/hoge
|
||||
ExecStart=test -L %S/test-dynamicuser-migrate
|
||||
ExecStart=test -L %S/test-dynamicuser-migrate2/hoge
|
||||
ExecStart=test -d %S/test-dynamicuser-migrate
|
||||
ExecStart=test -d %S/test-dynamicuser-migrate2/hoge
|
||||
ExecStart=test -f %S/test-dynamicuser-migrate/yay
|
||||
ExecStart=test -f %S/test-dynamicuser-migrate2/hoge/yayyay
|
||||
ExecStart=test -d %S/private/test-dynamicuser-migrate
|
||||
ExecStart=test -d %S/private/test-dynamicuser-migrate2/hoge
|
||||
ExecStart=test -f %S/private/test-dynamicuser-migrate/yay
|
||||
ExecStart=test -f %S/private/test-dynamicuser-migrate2/hoge/yayyay
|
||||
ExecStart=touch %S/test-dynamicuser-migrate/yay
|
||||
ExecStart=touch %S/test-dynamicuser-migrate2/hoge/yayyay
|
||||
ExecStart=touch %S/private/test-dynamicuser-migrate/yay
|
||||
ExecStart=touch %S/private/test-dynamicuser-migrate2/hoge/yayyay
|
||||
ExecStart=/bin/sh -x -c 'test "$$STATE_DIRECTORY" = "%S/test-dynamicuser-migrate:%S/test-dynamicuser-migrate2/hoge"'
|
||||
|
||||
Type=oneshot
|
||||
|
||||
@@ -3,71 +3,71 @@
|
||||
Description=Test DynamicUser= with StateDirectory=
|
||||
|
||||
[Service]
|
||||
ExecStart=test -w /var/lib/waldo
|
||||
ExecStart=test -w /var/lib/quux/pief
|
||||
ExecStart=test -w /var/lib/aaa
|
||||
ExecStart=test -w /var/lib/aaa/bbb
|
||||
ExecStart=test -w /var/lib/aaa/ccc
|
||||
ExecStart=test -w /var/lib/xxx
|
||||
ExecStart=test -w /var/lib/xxx/yyy
|
||||
ExecStart=test -w /var/lib/xxx/zzz
|
||||
ExecStart=test -w /var/lib/aaa/111
|
||||
ExecStart=test -w /var/lib/aaa/222
|
||||
ExecStart=test -w /var/lib/aaa/333
|
||||
ExecStart=test -w %S/waldo
|
||||
ExecStart=test -w %S/quux/pief
|
||||
ExecStart=test -w %S/aaa
|
||||
ExecStart=test -w %S/aaa/bbb
|
||||
ExecStart=test -w %S/aaa/ccc
|
||||
ExecStart=test -w %S/xxx
|
||||
ExecStart=test -w %S/xxx/yyy
|
||||
ExecStart=test -w %S/xxx/zzz
|
||||
ExecStart=test -w %S/aaa/111
|
||||
ExecStart=test -w %S/aaa/222
|
||||
ExecStart=test -w %S/aaa/333
|
||||
|
||||
ExecStart=test -d /var/lib/waldo
|
||||
ExecStart=test -d /var/lib/quux/pief
|
||||
ExecStart=test -d /var/lib/aaa
|
||||
ExecStart=test -d /var/lib/aaa/bbb
|
||||
ExecStart=test -d /var/lib/aaa/ccc
|
||||
ExecStart=test -d /var/lib/xxx
|
||||
ExecStart=test -d /var/lib/xxx/yyy
|
||||
ExecStart=test -d /var/lib/xxx/zzz
|
||||
ExecStart=test -L /var/lib/aaa/111
|
||||
ExecStart=test -L /var/lib/aaa/222
|
||||
ExecStart=test -L /var/lib/aaa/333
|
||||
ExecStart=test -d %S/waldo
|
||||
ExecStart=test -d %S/quux/pief
|
||||
ExecStart=test -d %S/aaa
|
||||
ExecStart=test -d %S/aaa/bbb
|
||||
ExecStart=test -d %S/aaa/ccc
|
||||
ExecStart=test -d %S/xxx
|
||||
ExecStart=test -d %S/xxx/yyy
|
||||
ExecStart=test -d %S/xxx/zzz
|
||||
ExecStart=test -L %S/aaa/111
|
||||
ExecStart=test -L %S/aaa/222
|
||||
ExecStart=test -L %S/aaa/333
|
||||
|
||||
ExecStart=touch /var/lib/waldo/hoge
|
||||
ExecStart=touch /var/lib/quux/pief/hoge
|
||||
ExecStart=touch /var/lib/aaa/hoge
|
||||
ExecStart=touch /var/lib/aaa/bbb/hoge
|
||||
ExecStart=touch /var/lib/aaa/ccc/hoge
|
||||
ExecStart=touch /var/lib/xxx/hoge
|
||||
ExecStart=touch /var/lib/xxx/yyy/hoge
|
||||
ExecStart=touch /var/lib/xxx/zzz/hoge
|
||||
ExecStart=touch /var/lib/aaa/111/foo
|
||||
ExecStart=touch /var/lib/aaa/222/foo
|
||||
ExecStart=touch /var/lib/aaa/333/foo
|
||||
ExecStart=touch %S/waldo/hoge
|
||||
ExecStart=touch %S/quux/pief/hoge
|
||||
ExecStart=touch %S/aaa/hoge
|
||||
ExecStart=touch %S/aaa/bbb/hoge
|
||||
ExecStart=touch %S/aaa/ccc/hoge
|
||||
ExecStart=touch %S/xxx/hoge
|
||||
ExecStart=touch %S/xxx/yyy/hoge
|
||||
ExecStart=touch %S/xxx/zzz/hoge
|
||||
ExecStart=touch %S/aaa/111/foo
|
||||
ExecStart=touch %S/aaa/222/foo
|
||||
ExecStart=touch %S/aaa/333/foo
|
||||
|
||||
ExecStart=test -f /var/lib/waldo/hoge
|
||||
ExecStart=test -f /var/lib/quux/pief/hoge
|
||||
ExecStart=test -f /var/lib/aaa/hoge
|
||||
ExecStart=test -f /var/lib/aaa/bbb/hoge
|
||||
ExecStart=test -f /var/lib/aaa/ccc/hoge
|
||||
ExecStart=test -f /var/lib/xxx/hoge
|
||||
ExecStart=test -f /var/lib/xxx/yyy/hoge
|
||||
ExecStart=test -f /var/lib/xxx/zzz/hoge
|
||||
ExecStart=test -f /var/lib/aaa/111/foo
|
||||
ExecStart=test -f /var/lib/aaa/222/foo
|
||||
ExecStart=test -f /var/lib/aaa/333/foo
|
||||
ExecStart=test -f /var/lib/xxx/foo
|
||||
ExecStart=test -f /var/lib/xxx/yyy/foo
|
||||
ExecStart=test -f /var/lib/xxx/zzz/foo
|
||||
ExecStart=test -f %S/waldo/hoge
|
||||
ExecStart=test -f %S/quux/pief/hoge
|
||||
ExecStart=test -f %S/aaa/hoge
|
||||
ExecStart=test -f %S/aaa/bbb/hoge
|
||||
ExecStart=test -f %S/aaa/ccc/hoge
|
||||
ExecStart=test -f %S/xxx/hoge
|
||||
ExecStart=test -f %S/xxx/yyy/hoge
|
||||
ExecStart=test -f %S/xxx/zzz/hoge
|
||||
ExecStart=test -f %S/aaa/111/foo
|
||||
ExecStart=test -f %S/aaa/222/foo
|
||||
ExecStart=test -f %S/aaa/333/foo
|
||||
ExecStart=test -f %S/xxx/foo
|
||||
ExecStart=test -f %S/xxx/yyy/foo
|
||||
ExecStart=test -f %S/xxx/zzz/foo
|
||||
|
||||
ExecStart=test -f /var/lib/private/waldo/hoge
|
||||
ExecStart=test -f /var/lib/private/quux/pief/hoge
|
||||
ExecStart=test -f /var/lib/private/aaa/hoge
|
||||
ExecStart=test -f /var/lib/private/aaa/bbb/hoge
|
||||
ExecStart=test -f /var/lib/private/aaa/ccc/hoge
|
||||
ExecStart=test -f /var/lib/private/xxx/hoge
|
||||
ExecStart=test -f /var/lib/private/xxx/yyy/hoge
|
||||
ExecStart=test -f /var/lib/private/xxx/zzz/hoge
|
||||
ExecStart=test -f /var/lib/private/aaa/111/foo
|
||||
ExecStart=test -f /var/lib/private/aaa/222/foo
|
||||
ExecStart=test -f /var/lib/private/aaa/333/foo
|
||||
ExecStart=test -f /var/lib/private/xxx/foo
|
||||
ExecStart=test -f /var/lib/private/xxx/yyy/foo
|
||||
ExecStart=test -f /var/lib/private/xxx/zzz/foo
|
||||
ExecStart=test -f %S/private/waldo/hoge
|
||||
ExecStart=test -f %S/private/quux/pief/hoge
|
||||
ExecStart=test -f %S/private/aaa/hoge
|
||||
ExecStart=test -f %S/private/aaa/bbb/hoge
|
||||
ExecStart=test -f %S/private/aaa/ccc/hoge
|
||||
ExecStart=test -f %S/private/xxx/hoge
|
||||
ExecStart=test -f %S/private/xxx/yyy/hoge
|
||||
ExecStart=test -f %S/private/xxx/zzz/hoge
|
||||
ExecStart=test -f %S/private/aaa/111/foo
|
||||
ExecStart=test -f %S/private/aaa/222/foo
|
||||
ExecStart=test -f %S/private/aaa/333/foo
|
||||
ExecStart=test -f %S/private/xxx/foo
|
||||
ExecStart=test -f %S/private/xxx/yyy/foo
|
||||
ExecStart=test -f %S/private/xxx/zzz/foo
|
||||
|
||||
ExecStart=sh -x -c 'test "$$STATE_DIRECTORY" = "%S/aaa:%S/aaa/bbb:%S/aaa/ccc:%S/quux/pief:%S/waldo:%S/xxx:%S/xxx/yyy:%S/xxx/zzz"'
|
||||
|
||||
|
||||
@@ -4,5 +4,6 @@ Description=Test for PrivateNetwork
|
||||
|
||||
[Service]
|
||||
ExecStart=/bin/sh -x -c '! ip link | grep -E "^[0-9]+: " | grep -Ev ": (lo|(erspan|gre|gretap|ip_vti|ip6_vti|ip6gre|ip6tnl|sit|tunl)0@.*):"'
|
||||
ExecStart=/bin/sh -x -c '! ip link | grep -E "^[0-9]+: " | grep -F ": dummy-test-exec:"'
|
||||
Type=oneshot
|
||||
PrivateNetwork=yes
|
||||
|
||||
11
test/test-execute/exec-specifier-system.service
Normal file
11
test/test-execute/exec-specifier-system.service
Normal file
@@ -0,0 +1,11 @@
|
||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
[Unit]
|
||||
Description=Test for specifiers (system)
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=test %t = /run
|
||||
ExecStart=test %S = /var/lib
|
||||
ExecStart=test %C = /var/cache
|
||||
ExecStart=test %L = /var/log
|
||||
ExecStart=test %E = /etc
|
||||
11
test/test-execute/exec-specifier-user.service
Normal file
11
test/test-execute/exec-specifier-user.service
Normal file
@@ -0,0 +1,11 @@
|
||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
[Unit]
|
||||
Description=Test for specifiers
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=sh -c 'test %t = $$XDG_RUNTIME_DIR'
|
||||
ExecStart=sh -c 'test %S = %h/.config'
|
||||
ExecStart=sh -c 'test %C = %h/.cache'
|
||||
ExecStart=sh -c 'test %L = %h/.config/log'
|
||||
ExecStart=sh -c 'test %E = %h/.config'
|
||||
@@ -13,11 +13,6 @@ ExecStart=test %I = ""
|
||||
ExecStart=test %j = specifier
|
||||
ExecStart=test %J = specifier
|
||||
ExecStart=test %f = /exec/specifier
|
||||
ExecStart=test %t = /run
|
||||
ExecStart=test %S = /var/lib
|
||||
ExecStart=test %C = /var/cache
|
||||
ExecStart=test %L = /var/log
|
||||
ExecStart=test %E = /etc
|
||||
ExecStart=test %T = /tmp
|
||||
ExecStart=test %V = /var/tmp
|
||||
ExecStart=test %d = %t/credentials/%n
|
||||
|
||||
@@ -13,11 +13,6 @@ ExecStart=test %I = foo/bar
|
||||
ExecStart=test %j = specifier
|
||||
ExecStart=test %J = specifier
|
||||
ExecStart=test %f = /foo/bar
|
||||
ExecStart=test %t = /run
|
||||
ExecStart=test %S = /var/lib
|
||||
ExecStart=test %C = /var/cache
|
||||
ExecStart=test %L = /var/log
|
||||
ExecStart=test %E = /etc
|
||||
ExecStart=sh -c 'test %u = $$(id -un)'
|
||||
ExecStart=sh -c 'test %U = $$(id -u)'
|
||||
ExecStart=sh -c 'test %g = $$(id -gn)'
|
||||
|
||||
Reference in New Issue
Block a user