diff options
| author | Benjamin Berg <bberg@redhat.com> | 2021-09-24 13:35:34 +0200 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2021-10-12 18:05:25 +0200 |
| commit | 44f372aa699a8d2a53a842e7ca3c2626c7117beb (patch) | |
| tree | 475c9bc42c09e46b68bc2ae5361fa0289bbf89ee | |
| parent | 6e5369103bbcb6b57dd9fecfbdd8164d8b1ed582 (diff) | |
| download | systemd-44f372aa699a8d2a53a842e7ca3c2626c7117beb.tar.gz | |
test: Add failing/non-failing syscall filter test setting architecture
This adds a high level test verifying that syscall filtering in
combination with a simple architecture filter for the "native"
architecture works fine.
(cherry picked from commit e975a94559900f47a3a5cc333682992616877a67)
(cherry picked from commit 663e750998c78d81a758be860148dfe433669c88)
| -rw-r--r-- | src/test/test-execute.c | 2 | ||||
| -rw-r--r-- | test/test-execute/exec-systemcallfilter-failing3.service | 9 | ||||
| -rw-r--r-- | test/test-execute/exec-systemcallfilter-not-failing3.service | 8 |
3 files changed, 19 insertions, 0 deletions
diff --git a/src/test/test-execute.c b/src/test/test-execute.c index 239fcea5e3..24d067e9f7 100644 --- a/src/test/test-execute.c +++ b/src/test/test-execute.c @@ -432,8 +432,10 @@ static void test_exec_systemcallfilter(Manager *m) { test(m, "exec-systemcallfilter-not-failing.service", 0, CLD_EXITED); test(m, "exec-systemcallfilter-not-failing2.service", 0, CLD_EXITED); + test(m, "exec-systemcallfilter-not-failing3.service", 0, CLD_EXITED); test(m, "exec-systemcallfilter-failing.service", SIGSYS, CLD_KILLED); test(m, "exec-systemcallfilter-failing2.service", SIGSYS, CLD_KILLED); + test(m, "exec-systemcallfilter-failing3.service", SIGSYS, CLD_KILLED); r = find_executable("python3", NULL); if (r < 0) { diff --git a/test/test-execute/exec-systemcallfilter-failing3.service b/test/test-execute/exec-systemcallfilter-failing3.service new file mode 100644 index 0000000000..b8c96704d2 --- /dev/null +++ b/test/test-execute/exec-systemcallfilter-failing3.service @@ -0,0 +1,9 @@ +[Unit] +Description=Test for SystemCallFilter + +[Service] +ExecStart=/bin/sh -c '/bin/echo "This should not be seen"' +Type=oneshot +LimitCORE=0 +SystemCallArchitectures=native +SystemCallFilter=~write open execve fexecve execveat exit_group close mmap munmap fstat DONOTEXIST diff --git a/test/test-execute/exec-systemcallfilter-not-failing3.service b/test/test-execute/exec-systemcallfilter-not-failing3.service new file mode 100644 index 0000000000..7d72f5ab83 --- /dev/null +++ b/test/test-execute/exec-systemcallfilter-not-failing3.service @@ -0,0 +1,8 @@ +[Unit] +Description=Test for SystemCallFilter + +[Service] +ExecStart=/bin/sh -c 'echo "Foo bar"' +Type=oneshot +SystemCallArchitectures=native +SystemCallFilter= |