diff options
| author | Benjamin Berg <bberg@redhat.com> | 2021-09-24 13:35:34 +0200 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2021-10-12 17:15:32 +0200 |
| commit | 663e750998c78d81a758be860148dfe433669c88 (patch) | |
| tree | 3a843e447da78a0cd4d6446435f668a5a934788a | |
| parent | ef92d7fc97a543d2b7e0730f2b78d8ef2a91959c (diff) | |
| download | systemd-663e750998c78d81a758be860148dfe433669c88.tar.gz | |
test: Add failing/non-failing syscall filter test setting architecture
This adds a high level test verifying that syscall filtering in
combination with a simple architecture filter for the "native"
architecture works fine.
(cherry picked from commit e975a94559900f47a3a5cc333682992616877a67)
| -rw-r--r-- | src/test/test-execute.c | 2 | ||||
| -rw-r--r-- | test/test-execute/exec-systemcallfilter-failing3.service | 9 | ||||
| -rw-r--r-- | test/test-execute/exec-systemcallfilter-not-failing3.service | 8 |
3 files changed, 19 insertions, 0 deletions
diff --git a/src/test/test-execute.c b/src/test/test-execute.c index 125e0bbf4f..1119ad4acf 100644 --- a/src/test/test-execute.c +++ b/src/test/test-execute.c @@ -432,8 +432,10 @@ static void test_exec_systemcallfilter(Manager *m) { test(m, "exec-systemcallfilter-not-failing.service", 0, CLD_EXITED); test(m, "exec-systemcallfilter-not-failing2.service", 0, CLD_EXITED); + test(m, "exec-systemcallfilter-not-failing3.service", 0, CLD_EXITED); test(m, "exec-systemcallfilter-failing.service", SIGSYS, CLD_KILLED); test(m, "exec-systemcallfilter-failing2.service", SIGSYS, CLD_KILLED); + test(m, "exec-systemcallfilter-failing3.service", SIGSYS, CLD_KILLED); r = find_executable("python3", NULL); if (r < 0) { diff --git a/test/test-execute/exec-systemcallfilter-failing3.service b/test/test-execute/exec-systemcallfilter-failing3.service new file mode 100644 index 0000000000..b8c96704d2 --- /dev/null +++ b/test/test-execute/exec-systemcallfilter-failing3.service @@ -0,0 +1,9 @@ +[Unit] +Description=Test for SystemCallFilter + +[Service] +ExecStart=/bin/sh -c '/bin/echo "This should not be seen"' +Type=oneshot +LimitCORE=0 +SystemCallArchitectures=native +SystemCallFilter=~write open execve fexecve execveat exit_group close mmap munmap fstat DONOTEXIST diff --git a/test/test-execute/exec-systemcallfilter-not-failing3.service b/test/test-execute/exec-systemcallfilter-not-failing3.service new file mode 100644 index 0000000000..7d72f5ab83 --- /dev/null +++ b/test/test-execute/exec-systemcallfilter-not-failing3.service @@ -0,0 +1,8 @@ +[Unit] +Description=Test for SystemCallFilter + +[Service] +ExecStart=/bin/sh -c 'echo "Foo bar"' +Type=oneshot +SystemCallArchitectures=native +SystemCallFilter= |