2020-11-09 05:23:58 +01:00
|
|
|
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
2014-08-16 14:19:10 +02:00
|
|
|
|
2017-04-09 01:32:13 +02:00
|
|
|
#include <stdio.h>
|
|
|
|
#include <sys/types.h>
|
core,udev,networkd: add ConditionKernelVersion=
This adds a simple condition/assert/match to the service manager, to
udev's .link handling and to networkd, for matching the kernel version
string.
In this version we only do fnmatch() based globbing, but we might want
to extend that to version comparisons later on, if we like, by slightly
extending the syntax with ">=", "<=", ">", "<" and "==" expressions.
2017-12-13 20:34:13 +01:00
|
|
|
#include <sys/utsname.h>
|
2017-04-09 01:32:13 +02:00
|
|
|
#include <unistd.h>
|
|
|
|
|
2014-11-06 01:40:37 +01:00
|
|
|
#include "sd-id128.h"
|
2015-10-24 22:58:24 +02:00
|
|
|
|
2015-10-27 03:01:06 +01:00
|
|
|
#include "alloc-util.h"
|
2015-10-24 22:58:24 +02:00
|
|
|
#include "apparmor-util.h"
|
|
|
|
#include "architecture.h"
|
2015-10-26 23:32:16 +01:00
|
|
|
#include "audit-util.h"
|
2017-12-18 08:53:29 +01:00
|
|
|
#include "cgroup-util.h"
|
2017-12-20 18:13:23 +01:00
|
|
|
#include "condition.h"
|
2019-05-28 21:28:31 +02:00
|
|
|
#include "cpu-set-util.h"
|
2019-08-01 16:28:29 +02:00
|
|
|
#include "efi-loader.h"
|
2020-04-23 12:12:23 +02:00
|
|
|
#include "errno-util.h"
|
2015-10-24 22:58:24 +02:00
|
|
|
#include "hostname-util.h"
|
2016-07-27 23:19:37 +02:00
|
|
|
#include "id128-util.h"
|
2014-12-11 18:30:37 +01:00
|
|
|
#include "ima-util.h"
|
2019-03-18 17:47:33 +01:00
|
|
|
#include "limits-util.h"
|
2015-10-24 22:58:24 +02:00
|
|
|
#include "log.h"
|
|
|
|
#include "macro.h"
|
2019-03-14 13:14:33 +01:00
|
|
|
#include "nulstr-util.h"
|
2019-03-18 17:47:33 +01:00
|
|
|
#include "process-util.h"
|
2015-10-24 22:58:24 +02:00
|
|
|
#include "selinux-util.h"
|
2017-12-18 08:53:29 +01:00
|
|
|
#include "set.h"
|
2014-12-11 18:30:37 +01:00
|
|
|
#include "smack-util.h"
|
core,udev,networkd: add ConditionKernelVersion=
This adds a simple condition/assert/match to the service manager, to
udev's .link handling and to networkd, for matching the kernel version
string.
In this version we only do fnmatch() based globbing, but we might want
to extend that to version comparisons later on, if we like, by slightly
extending the syntax with ">=", "<=", ">", "<" and "==" expressions.
2017-12-13 20:34:13 +01:00
|
|
|
#include "string-util.h"
|
2016-10-22 04:56:58 +02:00
|
|
|
#include "strv.h"
|
2019-03-14 13:14:33 +01:00
|
|
|
#include "tests.h"
|
2018-06-20 22:46:13 +02:00
|
|
|
#include "tomoyo-util.h"
|
2020-09-25 13:56:13 +02:00
|
|
|
#include "user-record.h"
|
2017-04-09 01:32:13 +02:00
|
|
|
#include "user-util.h"
|
core,udev,networkd: add ConditionKernelVersion=
This adds a simple condition/assert/match to the service manager, to
udev's .link handling and to networkd, for matching the kernel version
string.
In this version we only do fnmatch() based globbing, but we might want
to extend that to version comparisons later on, if we like, by slightly
extending the syntax with ">=", "<=", ">", "<" and "==" expressions.
2017-12-13 20:34:13 +01:00
|
|
|
#include "virt.h"
|
2014-11-06 01:40:37 +01:00
|
|
|
|
2014-12-11 18:30:37 +01:00
|
|
|
static void test_condition_test_path(void) {
|
2014-11-06 01:40:37 +01:00
|
|
|
Condition *condition;
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_PATH_EXISTS, "/bin/sh", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ));
|
2014-11-06 01:40:37 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
2014-11-06 02:11:08 +01:00
|
|
|
condition = condition_new(CONDITION_PATH_EXISTS, "/bin/s?", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) == 0);
|
2014-11-06 02:11:08 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_PATH_EXISTS_GLOB, "/bin/s?", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) > 0);
|
2014-11-06 02:11:08 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_PATH_EXISTS_GLOB, "/bin/s?", false, true);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) == 0);
|
2014-11-06 02:11:08 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
2014-11-06 01:40:37 +01:00
|
|
|
condition = condition_new(CONDITION_PATH_EXISTS, "/thiscertainlywontexist", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) == 0);
|
2014-11-06 01:40:37 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_PATH_EXISTS, "/thiscertainlywontexist", false, true);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) > 0);
|
2014-11-06 01:40:37 +01:00
|
|
|
condition_free(condition);
|
2014-11-06 02:11:08 +01:00
|
|
|
|
|
|
|
condition = condition_new(CONDITION_PATH_IS_DIRECTORY, "/bin", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) > 0);
|
2014-11-06 02:11:08 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_DIRECTORY_NOT_EMPTY, "/bin", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) > 0);
|
2014-11-06 02:11:08 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_FILE_NOT_EMPTY, "/bin/sh", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) > 0);
|
2014-11-06 02:11:08 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_FILE_IS_EXECUTABLE, "/bin/sh", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) > 0);
|
2014-11-06 02:11:08 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_FILE_IS_EXECUTABLE, "/etc/passwd", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) == 0);
|
2014-11-06 02:11:08 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_PATH_IS_MOUNT_POINT, "/proc", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) > 0);
|
2014-11-06 02:11:08 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_PATH_IS_MOUNT_POINT, "/", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) > 0);
|
2014-11-06 02:11:08 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_PATH_IS_MOUNT_POINT, "/bin", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) == 0);
|
2014-11-06 02:11:08 +01:00
|
|
|
condition_free(condition);
|
2014-12-11 18:30:37 +01:00
|
|
|
|
|
|
|
condition = condition_new(CONDITION_PATH_IS_READ_WRITE, "/tmp", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) > 0);
|
2014-12-11 18:30:37 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
2020-05-14 18:30:23 +02:00
|
|
|
condition = condition_new(CONDITION_PATH_IS_ENCRYPTED, "/sys", false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) == 0);
|
2020-05-14 18:30:23 +02:00
|
|
|
condition_free(condition);
|
|
|
|
|
2014-12-11 18:30:37 +01:00
|
|
|
condition = condition_new(CONDITION_PATH_IS_SYMBOLIC_LINK, "/dev/stdout", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) > 0);
|
2014-12-11 18:30:37 +01:00
|
|
|
condition_free(condition);
|
2014-11-06 01:40:37 +01:00
|
|
|
}
|
2014-08-16 14:19:10 +02:00
|
|
|
|
2018-09-13 13:35:03 +02:00
|
|
|
static void test_condition_test_control_group_controller(void) {
|
2017-12-18 08:53:29 +01:00
|
|
|
Condition *condition;
|
|
|
|
CGroupMask system_mask;
|
|
|
|
CGroupController controller;
|
|
|
|
_cleanup_free_ char *controller_name = NULL;
|
|
|
|
int r;
|
|
|
|
|
2019-08-01 12:48:41 +02:00
|
|
|
r = cg_unified();
|
2017-12-18 08:53:29 +01:00
|
|
|
if (r < 0) {
|
|
|
|
log_notice_errno(r, "Skipping ConditionControlGroupController tests: %m");
|
2018-09-13 13:35:03 +02:00
|
|
|
return;
|
2017-12-18 08:53:29 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Invalid controllers are ignored */
|
|
|
|
condition = condition_new(CONDITION_CONTROL_GROUP_CONTROLLER, "thisisnotarealcontroller", false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) > 0);
|
2017-12-18 08:53:29 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_CONTROL_GROUP_CONTROLLER, "thisisnotarealcontroller", false, true);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) == 0);
|
2017-12-18 08:53:29 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
assert_se(cg_mask_supported(&system_mask) >= 0);
|
|
|
|
|
|
|
|
/* Individual valid controllers one by one */
|
|
|
|
for (controller = 0; controller < _CGROUP_CONTROLLER_MAX; controller++) {
|
|
|
|
const char *local_controller_name = cgroup_controller_to_string(controller);
|
|
|
|
log_info("chosen controller is '%s'", local_controller_name);
|
|
|
|
if (system_mask & CGROUP_CONTROLLER_TO_MASK(controller)) {
|
|
|
|
log_info("this controller is available");
|
|
|
|
condition = condition_new(CONDITION_CONTROL_GROUP_CONTROLLER, local_controller_name, false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) > 0);
|
2017-12-18 08:53:29 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_CONTROL_GROUP_CONTROLLER, local_controller_name, false, true);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) == 0);
|
2017-12-18 08:53:29 +01:00
|
|
|
condition_free(condition);
|
|
|
|
} else {
|
|
|
|
log_info("this controller is unavailable");
|
|
|
|
condition = condition_new(CONDITION_CONTROL_GROUP_CONTROLLER, local_controller_name, false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) == 0);
|
2017-12-18 08:53:29 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_CONTROL_GROUP_CONTROLLER, local_controller_name, false, true);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) > 0);
|
2017-12-18 08:53:29 +01:00
|
|
|
condition_free(condition);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Multiple valid controllers at the same time */
|
|
|
|
assert_se(cg_mask_to_string(system_mask, &controller_name) >= 0);
|
|
|
|
|
2017-12-20 18:13:23 +01:00
|
|
|
condition = condition_new(CONDITION_CONTROL_GROUP_CONTROLLER, strempty(controller_name), false, false);
|
2017-12-18 08:53:29 +01:00
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) > 0);
|
2017-12-18 08:53:29 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
2017-12-20 18:13:23 +01:00
|
|
|
condition = condition_new(CONDITION_CONTROL_GROUP_CONTROLLER, strempty(controller_name), false, true);
|
2017-12-18 08:53:29 +01:00
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) == 0);
|
2017-12-18 08:53:29 +01:00
|
|
|
condition_free(condition);
|
|
|
|
}
|
|
|
|
|
2014-08-16 14:19:10 +02:00
|
|
|
static void test_condition_test_ac_power(void) {
|
|
|
|
Condition *condition;
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_AC_POWER, "true", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) == on_ac_power());
|
2014-08-16 14:19:10 +02:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_AC_POWER, "false", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) != on_ac_power());
|
2014-08-16 14:19:10 +02:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_AC_POWER, "false", false, true);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) == on_ac_power());
|
2014-08-16 14:19:10 +02:00
|
|
|
condition_free(condition);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void test_condition_test_host(void) {
|
2016-08-19 16:00:51 +02:00
|
|
|
_cleanup_free_ char *hostname = NULL;
|
|
|
|
char sid[SD_ID128_STRING_MAX];
|
2014-08-16 14:19:10 +02:00
|
|
|
Condition *condition;
|
|
|
|
sd_id128_t id;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
r = sd_id128_get_machine(&id);
|
|
|
|
assert_se(r >= 0);
|
|
|
|
assert_se(sd_id128_to_string(id, sid));
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_HOST, sid, false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) > 0);
|
2014-08-16 14:19:10 +02:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_HOST, "garbage value jjjjjjjjjjjjjj", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) == 0);
|
2014-08-16 14:19:10 +02:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_HOST, sid, false, true);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) == 0);
|
2014-08-16 14:19:10 +02:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
hostname = gethostname_malloc();
|
|
|
|
assert_se(hostname);
|
|
|
|
|
2016-07-27 23:19:37 +02:00
|
|
|
/* if hostname looks like an id128 then skip testing it */
|
2016-08-01 04:01:43 +02:00
|
|
|
if (id128_is_valid(hostname))
|
2016-07-27 23:19:37 +02:00
|
|
|
log_notice("hostname is an id128, skipping test");
|
2016-08-01 04:01:43 +02:00
|
|
|
else {
|
2016-07-27 23:19:37 +02:00
|
|
|
condition = condition_new(CONDITION_HOST, hostname, false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) > 0);
|
2016-07-27 23:19:37 +02:00
|
|
|
condition_free(condition);
|
|
|
|
}
|
2014-08-16 14:19:10 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
static void test_condition_test_architecture(void) {
|
|
|
|
Condition *condition;
|
|
|
|
const char *sa;
|
2014-11-06 00:49:44 +01:00
|
|
|
int a;
|
2014-08-16 14:19:10 +02:00
|
|
|
|
|
|
|
a = uname_architecture();
|
|
|
|
assert_se(a >= 0);
|
|
|
|
|
|
|
|
sa = architecture_to_string(a);
|
|
|
|
assert_se(sa);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_ARCHITECTURE, sa, false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) > 0);
|
2014-08-16 14:19:10 +02:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_ARCHITECTURE, "garbage value", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) == 0);
|
2014-08-16 14:19:10 +02:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_ARCHITECTURE, sa, false, true);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) == 0);
|
2014-08-16 14:19:10 +02:00
|
|
|
condition_free(condition);
|
|
|
|
}
|
|
|
|
|
2014-11-05 19:43:55 +01:00
|
|
|
static void test_condition_test_kernel_command_line(void) {
|
|
|
|
Condition *condition;
|
2020-04-23 12:12:23 +02:00
|
|
|
int r;
|
2014-11-05 19:43:55 +01:00
|
|
|
|
|
|
|
condition = condition_new(CONDITION_KERNEL_COMMAND_LINE, "thisreallyshouldntbeonthekernelcommandline", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
r = condition_test(condition, environ);
|
2020-04-23 12:12:23 +02:00
|
|
|
if (ERRNO_IS_PRIVILEGE(r))
|
|
|
|
return;
|
|
|
|
assert_se(r == 0);
|
2014-11-05 19:43:55 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_KERNEL_COMMAND_LINE, "andthis=neither", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) == 0);
|
2014-11-05 19:43:55 +01:00
|
|
|
condition_free(condition);
|
|
|
|
}
|
|
|
|
|
core,udev,networkd: add ConditionKernelVersion=
This adds a simple condition/assert/match to the service manager, to
udev's .link handling and to networkd, for matching the kernel version
string.
In this version we only do fnmatch() based globbing, but we might want
to extend that to version comparisons later on, if we like, by slightly
extending the syntax with ">=", "<=", ">", "<" and "==" expressions.
2017-12-13 20:34:13 +01:00
|
|
|
static void test_condition_test_kernel_version(void) {
|
|
|
|
Condition *condition;
|
|
|
|
struct utsname u;
|
2017-12-23 15:02:58 +01:00
|
|
|
const char *v;
|
core,udev,networkd: add ConditionKernelVersion=
This adds a simple condition/assert/match to the service manager, to
udev's .link handling and to networkd, for matching the kernel version
string.
In this version we only do fnmatch() based globbing, but we might want
to extend that to version comparisons later on, if we like, by slightly
extending the syntax with ">=", "<=", ">", "<" and "==" expressions.
2017-12-13 20:34:13 +01:00
|
|
|
|
|
|
|
condition = condition_new(CONDITION_KERNEL_VERSION, "*thisreallyshouldntbeinthekernelversion*", false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) == 0);
|
core,udev,networkd: add ConditionKernelVersion=
This adds a simple condition/assert/match to the service manager, to
udev's .link handling and to networkd, for matching the kernel version
string.
In this version we only do fnmatch() based globbing, but we might want
to extend that to version comparisons later on, if we like, by slightly
extending the syntax with ">=", "<=", ">", "<" and "==" expressions.
2017-12-13 20:34:13 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_KERNEL_VERSION, "*", false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) > 0);
|
core,udev,networkd: add ConditionKernelVersion=
This adds a simple condition/assert/match to the service manager, to
udev's .link handling and to networkd, for matching the kernel version
string.
In this version we only do fnmatch() based globbing, but we might want
to extend that to version comparisons later on, if we like, by slightly
extending the syntax with ">=", "<=", ">", "<" and "==" expressions.
2017-12-13 20:34:13 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
2019-06-28 10:58:06 +02:00
|
|
|
/* An artificially empty condition. It evaluates to true, but normally
|
|
|
|
* such condition cannot be created, because the condition list is reset instead. */
|
core,udev,networkd: add ConditionKernelVersion=
This adds a simple condition/assert/match to the service manager, to
udev's .link handling and to networkd, for matching the kernel version
string.
In this version we only do fnmatch() based globbing, but we might want
to extend that to version comparisons later on, if we like, by slightly
extending the syntax with ">=", "<=", ">", "<" and "==" expressions.
2017-12-13 20:34:13 +01:00
|
|
|
condition = condition_new(CONDITION_KERNEL_VERSION, "", false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) > 0);
|
core,udev,networkd: add ConditionKernelVersion=
This adds a simple condition/assert/match to the service manager, to
udev's .link handling and to networkd, for matching the kernel version
string.
In this version we only do fnmatch() based globbing, but we might want
to extend that to version comparisons later on, if we like, by slightly
extending the syntax with ">=", "<=", ">", "<" and "==" expressions.
2017-12-13 20:34:13 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
assert_se(uname(&u) >= 0);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_KERNEL_VERSION, u.release, false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) > 0);
|
core,udev,networkd: add ConditionKernelVersion=
This adds a simple condition/assert/match to the service manager, to
udev's .link handling and to networkd, for matching the kernel version
string.
In this version we only do fnmatch() based globbing, but we might want
to extend that to version comparisons later on, if we like, by slightly
extending the syntax with ">=", "<=", ">", "<" and "==" expressions.
2017-12-13 20:34:13 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
strshorten(u.release, 4);
|
|
|
|
strcpy(strchr(u.release, 0), "*");
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_KERNEL_VERSION, u.release, false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) > 0);
|
core,udev,networkd: add ConditionKernelVersion=
This adds a simple condition/assert/match to the service manager, to
udev's .link handling and to networkd, for matching the kernel version
string.
In this version we only do fnmatch() based globbing, but we might want
to extend that to version comparisons later on, if we like, by slightly
extending the syntax with ">=", "<=", ">", "<" and "==" expressions.
2017-12-13 20:34:13 +01:00
|
|
|
condition_free(condition);
|
2017-12-23 15:02:58 +01:00
|
|
|
|
|
|
|
/* 0.1.2 would be a very very very old kernel */
|
|
|
|
condition = condition_new(CONDITION_KERNEL_VERSION, "> 0.1.2", false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) > 0);
|
2017-12-23 15:02:58 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
2019-06-28 10:58:06 +02:00
|
|
|
condition = condition_new(CONDITION_KERNEL_VERSION, ">0.1.2", false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) > 0);
|
2019-06-28 10:58:06 +02:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_KERNEL_VERSION, "'>0.1.2' '<9.0.0'", false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) > 0);
|
2019-06-28 10:58:06 +02:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_KERNEL_VERSION, "> 0.1.2 < 9.0.0", false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) == -EINVAL);
|
2019-06-28 10:58:06 +02:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_KERNEL_VERSION, ">", false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) == -EINVAL);
|
2019-06-28 10:58:06 +02:00
|
|
|
condition_free(condition);
|
|
|
|
|
2017-12-23 15:02:58 +01:00
|
|
|
condition = condition_new(CONDITION_KERNEL_VERSION, ">= 0.1.2", false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) > 0);
|
2017-12-23 15:02:58 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_KERNEL_VERSION, "< 0.1.2", false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) == 0);
|
2017-12-23 15:02:58 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_KERNEL_VERSION, "<= 0.1.2", false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) == 0);
|
2017-12-23 15:02:58 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_KERNEL_VERSION, "= 0.1.2", false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) == 0);
|
2017-12-23 15:02:58 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
/* 4711.8.15 is a very very very future kernel */
|
|
|
|
condition = condition_new(CONDITION_KERNEL_VERSION, "< 4711.8.15", false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) > 0);
|
2017-12-23 15:02:58 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_KERNEL_VERSION, "<= 4711.8.15", false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) > 0);
|
2017-12-23 15:02:58 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_KERNEL_VERSION, "= 4711.8.15", false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) == 0);
|
2017-12-23 15:02:58 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_KERNEL_VERSION, "> 4711.8.15", false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) == 0);
|
2017-12-23 15:02:58 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_KERNEL_VERSION, ">= 4711.8.15", false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) == 0);
|
2017-12-23 15:02:58 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
assert_se(uname(&u) >= 0);
|
|
|
|
|
|
|
|
v = strjoina(">=", u.release);
|
|
|
|
condition = condition_new(CONDITION_KERNEL_VERSION, v, false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) > 0);
|
2017-12-23 15:02:58 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
v = strjoina("= ", u.release);
|
|
|
|
condition = condition_new(CONDITION_KERNEL_VERSION, v, false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) > 0);
|
2017-12-23 15:02:58 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
v = strjoina("<=", u.release);
|
|
|
|
condition = condition_new(CONDITION_KERNEL_VERSION, v, false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) > 0);
|
2017-12-23 15:02:58 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
v = strjoina("> ", u.release);
|
|
|
|
condition = condition_new(CONDITION_KERNEL_VERSION, v, false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) == 0);
|
2017-12-23 15:02:58 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
v = strjoina("< ", u.release);
|
|
|
|
condition = condition_new(CONDITION_KERNEL_VERSION, v, false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) == 0);
|
2017-12-23 15:02:58 +01:00
|
|
|
condition_free(condition);
|
core,udev,networkd: add ConditionKernelVersion=
This adds a simple condition/assert/match to the service manager, to
udev's .link handling and to networkd, for matching the kernel version
string.
In this version we only do fnmatch() based globbing, but we might want
to extend that to version comparisons later on, if we like, by slightly
extending the syntax with ">=", "<=", ">", "<" and "==" expressions.
2017-12-13 20:34:13 +01:00
|
|
|
}
|
|
|
|
|
2014-12-11 18:30:37 +01:00
|
|
|
static void test_condition_test_security(void) {
|
|
|
|
Condition *condition;
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_SECURITY, "garbage oifdsjfoidsjoj", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) == 0);
|
2014-12-11 18:30:37 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_SECURITY, "selinux", false, true);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) != mac_selinux_use());
|
2014-12-11 18:30:37 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
2018-06-20 22:46:13 +02:00
|
|
|
condition = condition_new(CONDITION_SECURITY, "apparmor", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) == mac_apparmor_use());
|
2014-12-11 18:30:37 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
2018-06-20 22:46:13 +02:00
|
|
|
condition = condition_new(CONDITION_SECURITY, "tomoyo", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) == mac_tomoyo_use());
|
2018-06-20 22:46:13 +02:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_SECURITY, "ima", false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) == use_ima());
|
2014-12-11 18:30:37 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_SECURITY, "smack", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) == mac_smack_use());
|
2014-12-11 18:30:37 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_SECURITY, "audit", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) == use_audit());
|
2014-12-11 18:30:37 +01:00
|
|
|
condition_free(condition);
|
2018-06-20 22:46:13 +02:00
|
|
|
|
|
|
|
condition = condition_new(CONDITION_SECURITY, "uefi-secureboot", false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
assert_se(condition_test(condition, environ) == is_efi_secure_boot());
|
2018-06-20 22:46:13 +02:00
|
|
|
condition_free(condition);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void print_securities(void) {
|
|
|
|
log_info("------ enabled security technologies ------");
|
|
|
|
log_info("SELinux: %s", yes_no(mac_selinux_use()));
|
|
|
|
log_info("AppArmor: %s", yes_no(mac_apparmor_use()));
|
|
|
|
log_info("Tomoyo: %s", yes_no(mac_tomoyo_use()));
|
|
|
|
log_info("IMA: %s", yes_no(use_ima()));
|
|
|
|
log_info("SMACK: %s", yes_no(mac_smack_use()));
|
|
|
|
log_info("Audit: %s", yes_no(use_audit()));
|
|
|
|
log_info("UEFI secure boot: %s", yes_no(is_efi_secure_boot()));
|
|
|
|
log_info("-------------------------------------------");
|
2014-12-11 18:30:37 +01:00
|
|
|
}
|
|
|
|
|
2016-10-22 04:56:58 +02:00
|
|
|
static void test_condition_test_virtualization(void) {
|
|
|
|
Condition *condition;
|
|
|
|
const char *virt;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_VIRTUALIZATION, "garbage oifdsjfoidsjoj", false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
r = condition_test(condition, environ);
|
2020-04-23 12:12:23 +02:00
|
|
|
if (ERRNO_IS_PRIVILEGE(r))
|
|
|
|
return;
|
2016-10-22 04:56:58 +02:00
|
|
|
log_info("ConditionVirtualization=garbage → %i", r);
|
|
|
|
assert_se(r == 0);
|
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_VIRTUALIZATION, "container", false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
r = condition_test(condition, environ);
|
2016-10-22 04:56:58 +02:00
|
|
|
log_info("ConditionVirtualization=container → %i", r);
|
|
|
|
assert_se(r == !!detect_container());
|
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_VIRTUALIZATION, "vm", false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
r = condition_test(condition, environ);
|
2016-10-22 04:56:58 +02:00
|
|
|
log_info("ConditionVirtualization=vm → %i", r);
|
|
|
|
assert_se(r == (detect_vm() && !detect_container()));
|
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_VIRTUALIZATION, "private-users", false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
r = condition_test(condition, environ);
|
2016-10-22 04:56:58 +02:00
|
|
|
log_info("ConditionVirtualization=private-users → %i", r);
|
|
|
|
assert_se(r == !!running_in_userns());
|
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
NULSTR_FOREACH(virt,
|
|
|
|
"kvm\0"
|
|
|
|
"qemu\0"
|
|
|
|
"bochs\0"
|
|
|
|
"xen\0"
|
|
|
|
"uml\0"
|
|
|
|
"vmware\0"
|
|
|
|
"oracle\0"
|
|
|
|
"microsoft\0"
|
|
|
|
"zvm\0"
|
|
|
|
"parallels\0"
|
|
|
|
"bhyve\0"
|
|
|
|
"vm_other\0") {
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_VIRTUALIZATION, virt, false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
r = condition_test(condition, environ);
|
2016-10-22 04:56:58 +02:00
|
|
|
log_info("ConditionVirtualization=%s → %i", virt, r);
|
|
|
|
assert_se(r >= 0);
|
|
|
|
condition_free(condition);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-04-09 01:32:13 +02:00
|
|
|
static void test_condition_test_user(void) {
|
|
|
|
Condition *condition;
|
|
|
|
char* uid;
|
|
|
|
char* username;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_USER, "garbage oifdsjfoidsjoj", false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
r = condition_test(condition, environ);
|
2017-04-09 01:32:13 +02:00
|
|
|
log_info("ConditionUser=garbage → %i", r);
|
|
|
|
assert_se(r == 0);
|
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
assert_se(asprintf(&uid, "%"PRIu32, UINT32_C(0xFFFF)) > 0);
|
|
|
|
condition = condition_new(CONDITION_USER, uid, false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
r = condition_test(condition, environ);
|
2017-04-09 01:32:13 +02:00
|
|
|
log_info("ConditionUser=%s → %i", uid, r);
|
|
|
|
assert_se(r == 0);
|
|
|
|
condition_free(condition);
|
|
|
|
free(uid);
|
|
|
|
|
|
|
|
assert_se(asprintf(&uid, "%u", (unsigned)getuid()) > 0);
|
|
|
|
condition = condition_new(CONDITION_USER, uid, false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
r = condition_test(condition, environ);
|
2017-04-09 01:32:13 +02:00
|
|
|
log_info("ConditionUser=%s → %i", uid, r);
|
|
|
|
assert_se(r > 0);
|
|
|
|
condition_free(condition);
|
|
|
|
free(uid);
|
|
|
|
|
|
|
|
assert_se(asprintf(&uid, "%u", (unsigned)getuid()+1) > 0);
|
|
|
|
condition = condition_new(CONDITION_USER, uid, false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
r = condition_test(condition, environ);
|
2017-04-09 01:32:13 +02:00
|
|
|
log_info("ConditionUser=%s → %i", uid, r);
|
|
|
|
assert_se(r == 0);
|
|
|
|
condition_free(condition);
|
|
|
|
free(uid);
|
|
|
|
|
|
|
|
username = getusername_malloc();
|
|
|
|
assert_se(username);
|
|
|
|
condition = condition_new(CONDITION_USER, username, false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
r = condition_test(condition, environ);
|
2017-04-09 01:32:13 +02:00
|
|
|
log_info("ConditionUser=%s → %i", username, r);
|
|
|
|
assert_se(r > 0);
|
|
|
|
condition_free(condition);
|
|
|
|
free(username);
|
|
|
|
|
|
|
|
username = (char*)(geteuid() == 0 ? NOBODY_USER_NAME : "root");
|
|
|
|
condition = condition_new(CONDITION_USER, username, false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
r = condition_test(condition, environ);
|
2017-04-09 01:32:13 +02:00
|
|
|
log_info("ConditionUser=%s → %i", username, r);
|
|
|
|
assert_se(r == 0);
|
|
|
|
condition_free(condition);
|
2017-05-19 04:12:14 +02:00
|
|
|
|
|
|
|
condition = condition_new(CONDITION_USER, "@system", false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
r = condition_test(condition, environ);
|
2017-05-19 04:12:14 +02:00
|
|
|
log_info("ConditionUser=@system → %i", r);
|
2017-12-02 12:59:21 +01:00
|
|
|
if (uid_is_system(getuid()) || uid_is_system(geteuid()))
|
2017-05-19 04:12:14 +02:00
|
|
|
assert_se(r > 0);
|
|
|
|
else
|
|
|
|
assert_se(r == 0);
|
|
|
|
condition_free(condition);
|
2017-04-09 01:32:13 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
static void test_condition_test_group(void) {
|
|
|
|
Condition *condition;
|
|
|
|
char* gid;
|
|
|
|
char* groupname;
|
|
|
|
gid_t *gids, max_gid;
|
2017-08-06 01:25:19 +02:00
|
|
|
int ngroups_max, ngroups, r, i;
|
2017-04-09 01:32:13 +02:00
|
|
|
|
|
|
|
assert_se(0 < asprintf(&gid, "%u", UINT32_C(0xFFFF)));
|
|
|
|
condition = condition_new(CONDITION_GROUP, gid, false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
r = condition_test(condition, environ);
|
2017-04-09 01:32:13 +02:00
|
|
|
log_info("ConditionGroup=%s → %i", gid, r);
|
|
|
|
assert_se(r == 0);
|
|
|
|
condition_free(condition);
|
|
|
|
free(gid);
|
|
|
|
|
|
|
|
assert_se(0 < asprintf(&gid, "%u", getgid()));
|
|
|
|
condition = condition_new(CONDITION_GROUP, gid, false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
r = condition_test(condition, environ);
|
2017-04-09 01:32:13 +02:00
|
|
|
log_info("ConditionGroup=%s → %i", gid, r);
|
|
|
|
assert_se(r > 0);
|
|
|
|
condition_free(condition);
|
|
|
|
free(gid);
|
|
|
|
|
|
|
|
ngroups_max = sysconf(_SC_NGROUPS_MAX);
|
|
|
|
assert(ngroups_max > 0);
|
|
|
|
|
2018-04-27 14:28:35 +02:00
|
|
|
gids = newa(gid_t, ngroups_max);
|
2017-04-09 01:32:13 +02:00
|
|
|
|
2017-08-06 01:25:19 +02:00
|
|
|
ngroups = getgroups(ngroups_max, gids);
|
|
|
|
assert(ngroups >= 0);
|
2017-04-09 01:32:13 +02:00
|
|
|
|
|
|
|
max_gid = getgid();
|
2017-08-06 01:25:19 +02:00
|
|
|
for (i = 0; i < ngroups; i++) {
|
2017-04-09 01:32:13 +02:00
|
|
|
assert_se(0 < asprintf(&gid, "%u", gids[i]));
|
|
|
|
condition = condition_new(CONDITION_GROUP, gid, false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
r = condition_test(condition, environ);
|
2017-04-09 01:32:13 +02:00
|
|
|
log_info("ConditionGroup=%s → %i", gid, r);
|
|
|
|
assert_se(r > 0);
|
|
|
|
condition_free(condition);
|
|
|
|
free(gid);
|
|
|
|
max_gid = gids[i] > max_gid ? gids[i] : max_gid;
|
|
|
|
|
|
|
|
groupname = gid_to_name(gids[i]);
|
|
|
|
assert_se(groupname);
|
|
|
|
condition = condition_new(CONDITION_GROUP, groupname, false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
r = condition_test(condition, environ);
|
2017-04-09 01:32:13 +02:00
|
|
|
log_info("ConditionGroup=%s → %i", groupname, r);
|
|
|
|
assert_se(r > 0);
|
|
|
|
condition_free(condition);
|
|
|
|
free(groupname);
|
|
|
|
max_gid = gids[i] > max_gid ? gids[i] : max_gid;
|
|
|
|
}
|
|
|
|
|
|
|
|
assert_se(0 < asprintf(&gid, "%u", max_gid+1));
|
|
|
|
condition = condition_new(CONDITION_GROUP, gid, false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
r = condition_test(condition, environ);
|
2017-04-09 01:32:13 +02:00
|
|
|
log_info("ConditionGroup=%s → %i", gid, r);
|
|
|
|
assert_se(r == 0);
|
|
|
|
condition_free(condition);
|
|
|
|
free(gid);
|
|
|
|
|
2019-12-24 02:04:44 +01:00
|
|
|
groupname = (char*)(getegid() == 0 ? NOBODY_GROUP_NAME : "root");
|
2017-04-09 01:32:13 +02:00
|
|
|
condition = condition_new(CONDITION_GROUP, groupname, false, false);
|
|
|
|
assert_se(condition);
|
2020-05-14 19:13:03 +02:00
|
|
|
r = condition_test(condition, environ);
|
2017-04-09 01:32:13 +02:00
|
|
|
log_info("ConditionGroup=%s → %i", groupname, r);
|
|
|
|
assert_se(r == 0);
|
|
|
|
condition_free(condition);
|
|
|
|
}
|
|
|
|
|
2019-03-18 17:47:33 +01:00
|
|
|
static void test_condition_test_cpus_one(const char *s, bool result) {
|
|
|
|
Condition *condition;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
log_debug("%s=%s", condition_type_to_string(CONDITION_CPUS), s);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_CPUS, s, false, false);
|
|
|
|
assert_se(condition);
|
|
|
|
|
2020-05-14 19:13:03 +02:00
|
|
|
r = condition_test(condition, environ);
|
2019-03-18 17:47:33 +01:00
|
|
|
assert_se(r >= 0);
|
|
|
|
assert_se(r == result);
|
|
|
|
condition_free(condition);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void test_condition_test_cpus(void) {
|
|
|
|
_cleanup_free_ char *t = NULL;
|
|
|
|
int cpus;
|
|
|
|
|
|
|
|
cpus = cpus_in_affinity_mask();
|
|
|
|
assert_se(cpus >= 0);
|
|
|
|
|
|
|
|
test_condition_test_cpus_one("> 0", true);
|
|
|
|
test_condition_test_cpus_one(">= 0", true);
|
|
|
|
test_condition_test_cpus_one("!= 0", true);
|
|
|
|
test_condition_test_cpus_one("<= 0", false);
|
|
|
|
test_condition_test_cpus_one("< 0", false);
|
|
|
|
test_condition_test_cpus_one("= 0", false);
|
|
|
|
|
|
|
|
test_condition_test_cpus_one("> 100000", false);
|
|
|
|
test_condition_test_cpus_one("= 100000", false);
|
|
|
|
test_condition_test_cpus_one(">= 100000", false);
|
|
|
|
test_condition_test_cpus_one("< 100000", true);
|
|
|
|
test_condition_test_cpus_one("!= 100000", true);
|
|
|
|
test_condition_test_cpus_one("<= 100000", true);
|
|
|
|
|
|
|
|
assert_se(asprintf(&t, "= %i", cpus) >= 0);
|
|
|
|
test_condition_test_cpus_one(t, true);
|
|
|
|
t = mfree(t);
|
|
|
|
|
|
|
|
assert_se(asprintf(&t, "<= %i", cpus) >= 0);
|
|
|
|
test_condition_test_cpus_one(t, true);
|
|
|
|
t = mfree(t);
|
|
|
|
|
|
|
|
assert_se(asprintf(&t, ">= %i", cpus) >= 0);
|
|
|
|
test_condition_test_cpus_one(t, true);
|
|
|
|
t = mfree(t);
|
|
|
|
|
|
|
|
assert_se(asprintf(&t, "!= %i", cpus) >= 0);
|
|
|
|
test_condition_test_cpus_one(t, false);
|
|
|
|
t = mfree(t);
|
|
|
|
|
|
|
|
assert_se(asprintf(&t, "< %i", cpus) >= 0);
|
|
|
|
test_condition_test_cpus_one(t, false);
|
|
|
|
t = mfree(t);
|
|
|
|
|
|
|
|
assert_se(asprintf(&t, "> %i", cpus) >= 0);
|
|
|
|
test_condition_test_cpus_one(t, false);
|
|
|
|
t = mfree(t);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void test_condition_test_memory_one(const char *s, bool result) {
|
|
|
|
Condition *condition;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
log_debug("%s=%s", condition_type_to_string(CONDITION_MEMORY), s);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_MEMORY, s, false, false);
|
|
|
|
assert_se(condition);
|
|
|
|
|
2020-05-14 19:13:03 +02:00
|
|
|
r = condition_test(condition, environ);
|
2019-03-18 17:47:33 +01:00
|
|
|
assert_se(r >= 0);
|
|
|
|
assert_se(r == result);
|
|
|
|
condition_free(condition);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void test_condition_test_memory(void) {
|
|
|
|
_cleanup_free_ char *t = NULL;
|
|
|
|
uint64_t memory;
|
|
|
|
|
|
|
|
memory = physical_memory();
|
|
|
|
|
|
|
|
test_condition_test_memory_one("> 0", true);
|
|
|
|
test_condition_test_memory_one(">= 0", true);
|
|
|
|
test_condition_test_memory_one("!= 0", true);
|
|
|
|
test_condition_test_memory_one("<= 0", false);
|
|
|
|
test_condition_test_memory_one("< 0", false);
|
|
|
|
test_condition_test_memory_one("= 0", false);
|
|
|
|
|
|
|
|
test_condition_test_memory_one("> 18446744073709547520", false);
|
|
|
|
test_condition_test_memory_one("= 18446744073709547520", false);
|
|
|
|
test_condition_test_memory_one(">= 18446744073709547520", false);
|
|
|
|
test_condition_test_memory_one("< 18446744073709547520", true);
|
|
|
|
test_condition_test_memory_one("!= 18446744073709547520", true);
|
|
|
|
test_condition_test_memory_one("<= 18446744073709547520", true);
|
|
|
|
|
|
|
|
assert_se(asprintf(&t, "= %" PRIu64, memory) >= 0);
|
|
|
|
test_condition_test_memory_one(t, true);
|
|
|
|
t = mfree(t);
|
|
|
|
|
|
|
|
assert_se(asprintf(&t, "<= %" PRIu64, memory) >= 0);
|
|
|
|
test_condition_test_memory_one(t, true);
|
|
|
|
t = mfree(t);
|
|
|
|
|
|
|
|
assert_se(asprintf(&t, ">= %" PRIu64, memory) >= 0);
|
|
|
|
test_condition_test_memory_one(t, true);
|
|
|
|
t = mfree(t);
|
|
|
|
|
|
|
|
assert_se(asprintf(&t, "!= %" PRIu64, memory) >= 0);
|
|
|
|
test_condition_test_memory_one(t, false);
|
|
|
|
t = mfree(t);
|
|
|
|
|
|
|
|
assert_se(asprintf(&t, "< %" PRIu64, memory) >= 0);
|
|
|
|
test_condition_test_memory_one(t, false);
|
|
|
|
t = mfree(t);
|
|
|
|
|
|
|
|
assert_se(asprintf(&t, "> %" PRIu64, memory) >= 0);
|
|
|
|
test_condition_test_memory_one(t, false);
|
|
|
|
t = mfree(t);
|
|
|
|
}
|
|
|
|
|
2020-05-14 19:13:03 +02:00
|
|
|
static void test_condition_test_environment_one(const char *s, bool result) {
|
|
|
|
Condition *condition;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
log_debug("%s=%s", condition_type_to_string(CONDITION_ENVIRONMENT), s);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_ENVIRONMENT, s, false, false);
|
|
|
|
assert_se(condition);
|
|
|
|
|
|
|
|
r = condition_test(condition, environ);
|
|
|
|
assert_se(r >= 0);
|
|
|
|
assert_se(r == result);
|
|
|
|
condition_free(condition);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void test_condition_test_environment(void) {
|
|
|
|
assert_se(setenv("EXISTINGENVVAR", "foo", false) >= 0);
|
|
|
|
|
|
|
|
test_condition_test_environment_one("MISSINGENVVAR", false);
|
|
|
|
test_condition_test_environment_one("MISSINGENVVAR=foo", false);
|
|
|
|
test_condition_test_environment_one("MISSINGENVVAR=", false);
|
|
|
|
|
|
|
|
test_condition_test_environment_one("EXISTINGENVVAR", true);
|
|
|
|
test_condition_test_environment_one("EXISTINGENVVAR=foo", true);
|
|
|
|
test_condition_test_environment_one("EXISTINGENVVAR=bar", false);
|
|
|
|
test_condition_test_environment_one("EXISTINGENVVAR=", false);
|
|
|
|
}
|
|
|
|
|
2014-08-16 14:19:10 +02:00
|
|
|
int main(int argc, char *argv[]) {
|
2018-09-13 14:31:13 +02:00
|
|
|
test_setup_logging(LOG_DEBUG);
|
2014-08-16 14:19:10 +02:00
|
|
|
|
2014-12-11 18:30:37 +01:00
|
|
|
test_condition_test_path();
|
2014-08-16 14:19:10 +02:00
|
|
|
test_condition_test_ac_power();
|
|
|
|
test_condition_test_host();
|
|
|
|
test_condition_test_architecture();
|
2014-11-05 19:43:55 +01:00
|
|
|
test_condition_test_kernel_command_line();
|
core,udev,networkd: add ConditionKernelVersion=
This adds a simple condition/assert/match to the service manager, to
udev's .link handling and to networkd, for matching the kernel version
string.
In this version we only do fnmatch() based globbing, but we might want
to extend that to version comparisons later on, if we like, by slightly
extending the syntax with ">=", "<=", ">", "<" and "==" expressions.
2017-12-13 20:34:13 +01:00
|
|
|
test_condition_test_kernel_version();
|
2014-12-11 18:30:37 +01:00
|
|
|
test_condition_test_security();
|
2018-06-20 22:46:13 +02:00
|
|
|
print_securities();
|
2016-10-22 04:56:58 +02:00
|
|
|
test_condition_test_virtualization();
|
2017-04-09 01:32:13 +02:00
|
|
|
test_condition_test_user();
|
|
|
|
test_condition_test_group();
|
2017-12-18 08:53:29 +01:00
|
|
|
test_condition_test_control_group_controller();
|
2019-03-18 17:47:33 +01:00
|
|
|
test_condition_test_cpus();
|
|
|
|
test_condition_test_memory();
|
2020-05-14 19:13:03 +02:00
|
|
|
test_condition_test_environment();
|
2014-08-16 14:19:10 +02:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|