diff options
Diffstat (limited to 'test')
| -rwxr-xr-x | test/units/testsuite-43.sh | 34 | ||||
| -rw-r--r-- | test/units/testsuite-57-retry-fail.service | 9 | ||||
| -rw-r--r-- | test/units/testsuite-57-retry-upheld.service | 10 | ||||
| -rw-r--r-- | test/units/testsuite-57-retry-uphold.service | 7 | ||||
| -rwxr-xr-x | test/units/testsuite-57.sh | 27 |
5 files changed, 70 insertions, 17 deletions
diff --git a/test/units/testsuite-43.sh b/test/units/testsuite-43.sh index fe47de26f0..90cb71e7a3 100755 --- a/test/units/testsuite-43.sh +++ b/test/units/testsuite-43.sh @@ -17,7 +17,7 @@ runas testuser systemd-run --wait --user --unit=test-private-users \ runas testuser systemctl --user log-level debug runas testuser systemd-run --wait --user --unit=test-private-tmp-innerfile \ - -p PrivateUsers=yes -p PrivateTmp=yes \ + -p PrivateTmp=yes \ -P touch /tmp/innerfile.txt # File should not exist outside the job's tmp directory. test ! -e /tmp/innerfile.txt @@ -25,7 +25,7 @@ test ! -e /tmp/innerfile.txt touch /tmp/outerfile.txt # File should not appear in unit's private tmp. runas testuser systemd-run --wait --user --unit=test-private-tmp-outerfile \ - -p PrivateUsers=yes -p PrivateTmp=yes \ + -p PrivateTmp=yes \ -P test ! -e /tmp/outerfile.txt # Confirm that creating a file in home works @@ -35,7 +35,7 @@ test -e /home/testuser/works.txt # Confirm that creating a file in home is blocked under read-only runas testuser systemd-run --wait --user --unit=test-protect-home-read-only \ - -p PrivateUsers=yes -p ProtectHome=read-only \ + -p ProtectHome=read-only \ -P bash -c ' test -e /home/testuser/works.txt || exit 10 touch /home/testuser/blocked.txt && exit 11 @@ -45,13 +45,13 @@ test ! -e /home/testuser/blocked.txt # Check that tmpfs hides the whole directory runas testuser systemd-run --wait --user --unit=test-protect-home-tmpfs \ - -p PrivateUsers=yes -p ProtectHome=tmpfs \ + -p ProtectHome=tmpfs \ -P test ! -e /home/testuser # Confirm that home, /root, and /run/user are inaccessible under "yes" # shellcheck disable=SC2016 runas testuser systemd-run --wait --user --unit=test-protect-home-yes \ - -p PrivateUsers=yes -p ProtectHome=yes \ + -p ProtectHome=yes \ -P bash -c ' test "$(stat -c %a /home)" = "0" test "$(stat -c %a /root)" = "0" @@ -70,11 +70,11 @@ runas testuser systemd-run --wait --user --unit=test-group-fail \ # Check that with a new user namespace we can bind mount # files and use a different root directory runas testuser systemd-run --wait --user --unit=test-bind-mount \ - -p PrivateUsers=yes -p BindPaths=/dev/null:/etc/os-release \ + -p BindPaths=/dev/null:/etc/os-release \ test ! -s /etc/os-release runas testuser systemd-run --wait --user --unit=test-read-write \ - -p PrivateUsers=yes -p ReadOnlyPaths=/ \ + -p ReadOnlyPaths=/ \ -p ReadWritePaths="/var /run /tmp" \ -p NoExecPaths=/ -p ExecPaths=/usr \ test ! -w /etc/os-release @@ -85,50 +85,50 @@ runas testuser systemd-run --wait --user --unit=test-caps \ test -s /etc/os-release runas testuser systemd-run --wait --user --unit=test-devices \ - -p PrivateUsers=yes -p PrivateDevices=yes -p PrivateIPC=yes \ + -p PrivateDevices=yes -p PrivateIPC=yes \ sh -c "ls -1 /dev/ | wc -l | grep -q -F 18" # Same check as test/test-execute/exec-privatenetwork-yes.service runas testuser systemd-run --wait --user --unit=test-network \ - -p PrivateUsers=yes -p PrivateNetwork=yes \ + -p PrivateNetwork=yes \ /bin/sh -x -c '! ip link | grep -E "^[0-9]+: " | grep -Ev ": (lo|(erspan|gre|gretap|ip_vti|ip6_vti|ip6gre|ip6tnl|sit|tunl)0@.*):"' runas testuser systemd-run --wait --user --unit=test-hostname \ - -p PrivateUsers=yes -p ProtectHostname=yes \ + -p ProtectHostname=yes \ hostnamectl hostname foo \ && { echo 'unexpected success'; exit 1; } runas testuser systemd-run --wait --user --unit=test-clock \ - -p PrivateUsers=yes -p ProtectClock=yes \ + -p ProtectClock=yes \ timedatectl set-time "2012-10-30 18:17:16" \ && { echo 'unexpected success'; exit 1; } runas testuser systemd-run --wait --user --unit=test-kernel-tunable \ - -p PrivateUsers=yes -p ProtectKernelTunables=yes \ + -p ProtectKernelTunables=yes \ sh -c "echo 0 >/proc/sys/user/max_user_namespaces" \ && { echo 'unexpected success'; exit 1; } runas testuser systemd-run --wait --user --unit=test-kernel-mod \ - -p PrivateUsers=yes -p ProtectKernelModules=yes \ + -p ProtectKernelModules=yes \ sh -c "modprobe -r overlay && modprobe overlay" \ && { echo 'unexpected success'; exit 1; } if sysctl kernel.dmesg_restrict=0; then runas testuser systemd-run --wait --user --unit=test-kernel-log \ - -p PrivateUsers=yes -p ProtectKernelLogs=yes -p LogNamespace=yes \ + -p ProtectKernelLogs=yes -p LogNamespace=yes \ dmesg \ && { echo 'unexpected success'; exit 1; } fi unsquashfs -no-xattrs -d /tmp/img /usr/share/minimal_0.raw runas testuser systemd-run --wait --user --unit=test-root-dir \ - -p PrivateUsers=yes -p RootDirectory=/tmp/img \ + -p RootDirectory=/tmp/img \ grep MARKER=1 /etc/os-release mkdir /tmp/img_bind mount --bind /tmp/img /tmp/img_bind runas testuser systemd-run --wait --user --unit=test-root-dir-bind \ - -p PrivateUsers=yes -p RootDirectory=/tmp/img_bind -p MountFlags=private \ + -p RootDirectory=/tmp/img_bind -p MountFlags=private \ grep MARKER=1 /etc/os-release umount /tmp/img_bind @@ -137,7 +137,7 @@ mkdir -p /tmp/a /tmp/b /tmp/c if unshare --mount --user --map-root-user mount -t overlay overlay /tmp/c -o lowerdir=/tmp/a:/tmp/b; then unsquashfs -no-xattrs -d /tmp/app2 /usr/share/app1.raw runas testuser systemd-run --wait --user --unit=test-extension-dir \ - -p PrivateUsers=yes -p ExtensionDirectories=/tmp/app2 \ + -p ExtensionDirectories=/tmp/app2 \ -p TemporaryFileSystem=/run -p RootDirectory=/tmp/img \ -p MountAPIVFS=yes \ grep PORTABLE_PREFIXES=app1 /usr/lib/extension-release.d/extension-release.app2 diff --git a/test/units/testsuite-57-retry-fail.service b/test/units/testsuite-57-retry-fail.service new file mode 100644 index 0000000000..67f34079d5 --- /dev/null +++ b/test/units/testsuite-57-retry-fail.service @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +[Unit] +Description=Failed Dependency Unit + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/bin/sh -c "if [ -f /tmp/testsuite-57-retry-fail ]; then exit 0; else exit 1; fi" +Restart=no diff --git a/test/units/testsuite-57-retry-upheld.service b/test/units/testsuite-57-retry-upheld.service new file mode 100644 index 0000000000..2f718a61fa --- /dev/null +++ b/test/units/testsuite-57-retry-upheld.service @@ -0,0 +1,10 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +[Unit] +Description=Upheld Unit +Requires=testsuite-57-retry-fail.service +After=testsuite-57-retry-fail.service + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/bin/echo ok diff --git a/test/units/testsuite-57-retry-uphold.service b/test/units/testsuite-57-retry-uphold.service new file mode 100644 index 0000000000..a01b131ed5 --- /dev/null +++ b/test/units/testsuite-57-retry-uphold.service @@ -0,0 +1,7 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +[Unit] +Description=Upholding Unit +Upholds=testsuite-57-retry-upheld.service + +[Service] +ExecStart=/bin/sleep infinity diff --git a/test/units/testsuite-57.sh b/test/units/testsuite-57.sh index 66d946bebc..24040c3189 100755 --- a/test/units/testsuite-57.sh +++ b/test/units/testsuite-57.sh @@ -27,6 +27,33 @@ done systemctl stop testsuite-57-uphold.service # Idea is this: +# 1. we start testsuite-57-retry-uphold.service +# 2. which through Uphold= starts testsuite-57-retry-upheld.service +# 3. which through Requires= starts testsuite-57-retry-fail.service +# 4. which fails as /tmp/testsuite-57-retry-fail does not exist, so testsuite-57-retry-upheld.service +# is no longer restarted +# 5. we create /tmp/testsuite-57-retry-fail +# 6. now testsuite-57-retry-upheld.service will be restarted since upheld, and its dependency will +# be satisfied + +rm -f /tmp/testsuite-57-retry-fail +systemctl start testsuite-57-retry-uphold.service + +while ! systemctl is-failed testsuite-57-retry-fail.service ; do + sleep .5 +done + +systemctl is-active testsuite-57-retry-upheld.service && { echo 'unexpected success'; exit 1; } + +touch /tmp/testsuite-57-retry-fail + +while ! systemctl is-active testsuite-57-retry-upheld.service ; do + sleep .5 +done + +systemctl stop testsuite-57-retry-uphold.service testsuite-57-retry-fail.service testsuite-57-retry-upheld.service + +# Idea is this: # 1. we start testsuite-57-prop-stop-one.service # 2. which through Wants=/After= pulls in testsuite-57-prop-stop-two.service as well # 3. testsuite-57-prop-stop-one.service then sleeps indefinitely |