2017-11-18 17:09:20 +01:00
|
|
|
/* SPDX-License-Identifier: LGPL-2.1+ */
|
2014-08-16 14:19:10 +02:00
|
|
|
/***
|
|
|
|
This file is part of systemd
|
|
|
|
|
|
|
|
Copyright 2014 Ronny Chevalier
|
|
|
|
|
|
|
|
systemd is free software; you can redistribute it and/or modify it
|
|
|
|
under the terms of the GNU Lesser General Public License as published by
|
|
|
|
the Free Software Foundation; either version 2.1 of the License, or
|
|
|
|
(at your option) any later version.
|
|
|
|
|
|
|
|
systemd is distributed in the hope that it will be useful, but
|
|
|
|
WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
Lesser General Public License for more details.
|
|
|
|
|
|
|
|
You should have received a copy of the GNU Lesser General Public License
|
|
|
|
along with systemd; If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
***/
|
|
|
|
|
2017-04-09 01:32:13 +02:00
|
|
|
#include <stdio.h>
|
|
|
|
#include <sys/types.h>
|
core,udev,networkd: add ConditionKernelVersion=
This adds a simple condition/assert/match to the service manager, to
udev's .link handling and to networkd, for matching the kernel version
string.
In this version we only do fnmatch() based globbing, but we might want
to extend that to version comparisons later on, if we like, by slightly
extending the syntax with ">=", "<=", ">", "<" and "==" expressions.
2017-12-13 20:34:13 +01:00
|
|
|
#include <sys/utsname.h>
|
2017-04-09 01:32:13 +02:00
|
|
|
#include <unistd.h>
|
|
|
|
|
2014-11-06 01:40:37 +01:00
|
|
|
#include "sd-id128.h"
|
2015-10-24 22:58:24 +02:00
|
|
|
|
2015-10-27 03:01:06 +01:00
|
|
|
#include "alloc-util.h"
|
2015-10-24 22:58:24 +02:00
|
|
|
#include "apparmor-util.h"
|
|
|
|
#include "architecture.h"
|
2015-10-26 23:32:16 +01:00
|
|
|
#include "audit-util.h"
|
2015-10-24 22:58:24 +02:00
|
|
|
#include "condition.h"
|
2017-12-18 08:53:29 +01:00
|
|
|
#include "cgroup-util.h"
|
2015-10-24 22:58:24 +02:00
|
|
|
#include "hostname-util.h"
|
2016-07-27 23:19:37 +02:00
|
|
|
#include "id128-util.h"
|
2014-12-11 18:30:37 +01:00
|
|
|
#include "ima-util.h"
|
2015-10-24 22:58:24 +02:00
|
|
|
#include "log.h"
|
|
|
|
#include "macro.h"
|
|
|
|
#include "selinux-util.h"
|
2017-12-18 08:53:29 +01:00
|
|
|
#include "set.h"
|
2014-12-11 18:30:37 +01:00
|
|
|
#include "smack-util.h"
|
core,udev,networkd: add ConditionKernelVersion=
This adds a simple condition/assert/match to the service manager, to
udev's .link handling and to networkd, for matching the kernel version
string.
In this version we only do fnmatch() based globbing, but we might want
to extend that to version comparisons later on, if we like, by slightly
extending the syntax with ">=", "<=", ">", "<" and "==" expressions.
2017-12-13 20:34:13 +01:00
|
|
|
#include "string-util.h"
|
2016-10-22 04:56:58 +02:00
|
|
|
#include "strv.h"
|
2017-04-09 01:32:13 +02:00
|
|
|
#include "user-util.h"
|
core,udev,networkd: add ConditionKernelVersion=
This adds a simple condition/assert/match to the service manager, to
udev's .link handling and to networkd, for matching the kernel version
string.
In this version we only do fnmatch() based globbing, but we might want
to extend that to version comparisons later on, if we like, by slightly
extending the syntax with ">=", "<=", ">", "<" and "==" expressions.
2017-12-13 20:34:13 +01:00
|
|
|
#include "util.h"
|
|
|
|
#include "virt.h"
|
2014-11-06 01:40:37 +01:00
|
|
|
|
2014-12-11 18:30:37 +01:00
|
|
|
static void test_condition_test_path(void) {
|
2014-11-06 01:40:37 +01:00
|
|
|
Condition *condition;
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_PATH_EXISTS, "/bin/sh", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2014-11-06 01:40:37 +01:00
|
|
|
assert_se(condition_test(condition));
|
|
|
|
condition_free(condition);
|
|
|
|
|
2014-11-06 02:11:08 +01:00
|
|
|
condition = condition_new(CONDITION_PATH_EXISTS, "/bin/s?", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2014-11-06 02:11:08 +01:00
|
|
|
assert_se(!condition_test(condition));
|
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_PATH_EXISTS_GLOB, "/bin/s?", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2014-11-06 02:11:08 +01:00
|
|
|
assert_se(condition_test(condition));
|
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_PATH_EXISTS_GLOB, "/bin/s?", false, true);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2014-11-06 02:11:08 +01:00
|
|
|
assert_se(!condition_test(condition));
|
|
|
|
condition_free(condition);
|
|
|
|
|
2014-11-06 01:40:37 +01:00
|
|
|
condition = condition_new(CONDITION_PATH_EXISTS, "/thiscertainlywontexist", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2014-11-06 01:40:37 +01:00
|
|
|
assert_se(!condition_test(condition));
|
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_PATH_EXISTS, "/thiscertainlywontexist", false, true);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2014-11-06 01:40:37 +01:00
|
|
|
assert_se(condition_test(condition));
|
|
|
|
condition_free(condition);
|
2014-11-06 02:11:08 +01:00
|
|
|
|
|
|
|
condition = condition_new(CONDITION_PATH_IS_DIRECTORY, "/bin", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2014-11-06 02:11:08 +01:00
|
|
|
assert_se(condition_test(condition));
|
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_DIRECTORY_NOT_EMPTY, "/bin", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2014-11-06 02:11:08 +01:00
|
|
|
assert_se(condition_test(condition));
|
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_FILE_NOT_EMPTY, "/bin/sh", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2014-11-06 02:11:08 +01:00
|
|
|
assert_se(condition_test(condition));
|
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_FILE_IS_EXECUTABLE, "/bin/sh", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2014-11-06 02:11:08 +01:00
|
|
|
assert_se(condition_test(condition));
|
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_FILE_IS_EXECUTABLE, "/etc/passwd", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2014-11-06 02:11:08 +01:00
|
|
|
assert_se(!condition_test(condition));
|
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_PATH_IS_MOUNT_POINT, "/proc", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2014-11-06 02:11:08 +01:00
|
|
|
assert_se(condition_test(condition));
|
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_PATH_IS_MOUNT_POINT, "/", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2014-11-06 02:11:08 +01:00
|
|
|
assert_se(condition_test(condition));
|
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_PATH_IS_MOUNT_POINT, "/bin", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2014-11-06 02:11:08 +01:00
|
|
|
assert_se(!condition_test(condition));
|
|
|
|
condition_free(condition);
|
2014-12-11 18:30:37 +01:00
|
|
|
|
|
|
|
condition = condition_new(CONDITION_PATH_IS_READ_WRITE, "/tmp", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2014-12-11 18:30:37 +01:00
|
|
|
assert_se(condition_test(condition));
|
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_PATH_IS_SYMBOLIC_LINK, "/dev/stdout", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2014-12-11 18:30:37 +01:00
|
|
|
assert_se(condition_test(condition));
|
|
|
|
condition_free(condition);
|
2014-11-06 01:40:37 +01:00
|
|
|
}
|
2014-08-16 14:19:10 +02:00
|
|
|
|
2017-12-18 08:53:29 +01:00
|
|
|
static int test_condition_test_control_group_controller(void) {
|
|
|
|
Condition *condition;
|
|
|
|
CGroupMask system_mask;
|
|
|
|
CGroupController controller;
|
|
|
|
_cleanup_free_ char *controller_name = NULL;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
r = cg_unified_flush();
|
|
|
|
if (r < 0) {
|
|
|
|
log_notice_errno(r, "Skipping ConditionControlGroupController tests: %m");
|
|
|
|
return EXIT_TEST_SKIP;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Invalid controllers are ignored */
|
|
|
|
condition = condition_new(CONDITION_CONTROL_GROUP_CONTROLLER, "thisisnotarealcontroller", false, false);
|
|
|
|
assert_se(condition);
|
|
|
|
assert_se(condition_test(condition));
|
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_CONTROL_GROUP_CONTROLLER, "thisisnotarealcontroller", false, true);
|
|
|
|
assert_se(condition);
|
|
|
|
assert_se(!condition_test(condition));
|
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
assert_se(cg_mask_supported(&system_mask) >= 0);
|
|
|
|
|
|
|
|
/* Individual valid controllers one by one */
|
|
|
|
for (controller = 0; controller < _CGROUP_CONTROLLER_MAX; controller++) {
|
|
|
|
const char *local_controller_name = cgroup_controller_to_string(controller);
|
|
|
|
log_info("chosen controller is '%s'", local_controller_name);
|
|
|
|
if (system_mask & CGROUP_CONTROLLER_TO_MASK(controller)) {
|
|
|
|
log_info("this controller is available");
|
|
|
|
condition = condition_new(CONDITION_CONTROL_GROUP_CONTROLLER, local_controller_name, false, false);
|
|
|
|
assert_se(condition);
|
|
|
|
assert_se(condition_test(condition));
|
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_CONTROL_GROUP_CONTROLLER, local_controller_name, false, true);
|
|
|
|
assert_se(condition);
|
|
|
|
assert_se(!condition_test(condition));
|
|
|
|
condition_free(condition);
|
|
|
|
} else {
|
|
|
|
log_info("this controller is unavailable");
|
|
|
|
condition = condition_new(CONDITION_CONTROL_GROUP_CONTROLLER, local_controller_name, false, false);
|
|
|
|
assert_se(condition);
|
|
|
|
assert_se(!condition_test(condition));
|
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_CONTROL_GROUP_CONTROLLER, local_controller_name, false, true);
|
|
|
|
assert_se(condition);
|
|
|
|
assert_se(condition_test(condition));
|
|
|
|
condition_free(condition);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Multiple valid controllers at the same time */
|
|
|
|
assert_se(cg_mask_to_string(system_mask, &controller_name) >= 0);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_CONTROL_GROUP_CONTROLLER, controller_name, false, false);
|
|
|
|
assert_se(condition);
|
|
|
|
assert_se(condition_test(condition));
|
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_CONTROL_GROUP_CONTROLLER, controller_name, false, true);
|
|
|
|
assert_se(condition);
|
|
|
|
assert_se(!condition_test(condition));
|
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
return EXIT_SUCCESS;
|
|
|
|
}
|
|
|
|
|
2014-08-16 14:19:10 +02:00
|
|
|
static void test_condition_test_ac_power(void) {
|
|
|
|
Condition *condition;
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_AC_POWER, "true", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2014-11-06 01:40:37 +01:00
|
|
|
assert_se(condition_test(condition) == on_ac_power());
|
2014-08-16 14:19:10 +02:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_AC_POWER, "false", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2014-11-06 01:40:37 +01:00
|
|
|
assert_se(condition_test(condition) != on_ac_power());
|
2014-08-16 14:19:10 +02:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_AC_POWER, "false", false, true);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2014-11-06 01:40:37 +01:00
|
|
|
assert_se(condition_test(condition) == on_ac_power());
|
2014-08-16 14:19:10 +02:00
|
|
|
condition_free(condition);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void test_condition_test_host(void) {
|
2016-08-19 16:00:51 +02:00
|
|
|
_cleanup_free_ char *hostname = NULL;
|
|
|
|
char sid[SD_ID128_STRING_MAX];
|
2014-08-16 14:19:10 +02:00
|
|
|
Condition *condition;
|
|
|
|
sd_id128_t id;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
r = sd_id128_get_machine(&id);
|
|
|
|
assert_se(r >= 0);
|
|
|
|
assert_se(sd_id128_to_string(id, sid));
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_HOST, sid, false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2014-11-06 01:40:37 +01:00
|
|
|
assert_se(condition_test(condition));
|
2014-08-16 14:19:10 +02:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_HOST, "garbage value jjjjjjjjjjjjjj", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2014-11-06 01:40:37 +01:00
|
|
|
assert_se(!condition_test(condition));
|
2014-08-16 14:19:10 +02:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_HOST, sid, false, true);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2014-11-06 01:40:37 +01:00
|
|
|
assert_se(!condition_test(condition));
|
2014-08-16 14:19:10 +02:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
hostname = gethostname_malloc();
|
|
|
|
assert_se(hostname);
|
|
|
|
|
2016-07-27 23:19:37 +02:00
|
|
|
/* if hostname looks like an id128 then skip testing it */
|
2016-08-01 04:01:43 +02:00
|
|
|
if (id128_is_valid(hostname))
|
2016-07-27 23:19:37 +02:00
|
|
|
log_notice("hostname is an id128, skipping test");
|
2016-08-01 04:01:43 +02:00
|
|
|
else {
|
2016-07-27 23:19:37 +02:00
|
|
|
condition = condition_new(CONDITION_HOST, hostname, false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2016-07-27 23:19:37 +02:00
|
|
|
assert_se(condition_test(condition));
|
|
|
|
condition_free(condition);
|
|
|
|
}
|
2014-08-16 14:19:10 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
static void test_condition_test_architecture(void) {
|
|
|
|
Condition *condition;
|
|
|
|
const char *sa;
|
2014-11-06 00:49:44 +01:00
|
|
|
int a;
|
2014-08-16 14:19:10 +02:00
|
|
|
|
|
|
|
a = uname_architecture();
|
|
|
|
assert_se(a >= 0);
|
|
|
|
|
|
|
|
sa = architecture_to_string(a);
|
|
|
|
assert_se(sa);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_ARCHITECTURE, sa, false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2016-07-01 00:56:23 +02:00
|
|
|
assert_se(condition_test(condition) > 0);
|
2014-08-16 14:19:10 +02:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_ARCHITECTURE, "garbage value", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2016-07-01 00:56:23 +02:00
|
|
|
assert_se(condition_test(condition) == 0);
|
2014-08-16 14:19:10 +02:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_ARCHITECTURE, sa, false, true);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2016-07-01 00:56:23 +02:00
|
|
|
assert_se(condition_test(condition) == 0);
|
2014-08-16 14:19:10 +02:00
|
|
|
condition_free(condition);
|
|
|
|
}
|
|
|
|
|
2014-11-05 19:43:55 +01:00
|
|
|
static void test_condition_test_kernel_command_line(void) {
|
|
|
|
Condition *condition;
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_KERNEL_COMMAND_LINE, "thisreallyshouldntbeonthekernelcommandline", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2014-11-06 01:40:37 +01:00
|
|
|
assert_se(!condition_test(condition));
|
2014-11-05 19:43:55 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_KERNEL_COMMAND_LINE, "andthis=neither", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2014-11-06 01:40:37 +01:00
|
|
|
assert_se(!condition_test(condition));
|
2014-11-05 19:43:55 +01:00
|
|
|
condition_free(condition);
|
|
|
|
}
|
|
|
|
|
core,udev,networkd: add ConditionKernelVersion=
This adds a simple condition/assert/match to the service manager, to
udev's .link handling and to networkd, for matching the kernel version
string.
In this version we only do fnmatch() based globbing, but we might want
to extend that to version comparisons later on, if we like, by slightly
extending the syntax with ">=", "<=", ">", "<" and "==" expressions.
2017-12-13 20:34:13 +01:00
|
|
|
static void test_condition_test_kernel_version(void) {
|
|
|
|
Condition *condition;
|
|
|
|
struct utsname u;
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_KERNEL_VERSION, "*thisreallyshouldntbeinthekernelversion*", false, false);
|
|
|
|
assert_se(condition);
|
|
|
|
assert_se(!condition_test(condition));
|
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_KERNEL_VERSION, "*", false, false);
|
|
|
|
assert_se(condition);
|
|
|
|
assert_se(condition_test(condition));
|
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_KERNEL_VERSION, "", false, false);
|
|
|
|
assert_se(condition);
|
|
|
|
assert_se(!condition_test(condition));
|
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
assert_se(uname(&u) >= 0);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_KERNEL_VERSION, u.release, false, false);
|
|
|
|
assert_se(condition);
|
|
|
|
assert_se(condition_test(condition));
|
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
strshorten(u.release, 4);
|
|
|
|
strcpy(strchr(u.release, 0), "*");
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_KERNEL_VERSION, u.release, false, false);
|
|
|
|
assert_se(condition);
|
|
|
|
assert_se(condition_test(condition));
|
|
|
|
condition_free(condition);
|
|
|
|
}
|
|
|
|
|
2014-11-06 02:11:08 +01:00
|
|
|
static void test_condition_test_null(void) {
|
|
|
|
Condition *condition;
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_NULL, NULL, false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2014-11-06 02:11:08 +01:00
|
|
|
assert_se(condition_test(condition));
|
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_NULL, NULL, false, true);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2014-11-06 02:11:08 +01:00
|
|
|
assert_se(!condition_test(condition));
|
|
|
|
condition_free(condition);
|
|
|
|
}
|
|
|
|
|
2014-12-11 18:30:37 +01:00
|
|
|
static void test_condition_test_security(void) {
|
|
|
|
Condition *condition;
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_SECURITY, "garbage oifdsjfoidsjoj", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2014-12-11 18:30:37 +01:00
|
|
|
assert_se(!condition_test(condition));
|
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_SECURITY, "selinux", false, true);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2017-05-02 18:42:19 +02:00
|
|
|
assert_se(condition_test(condition) != mac_selinux_use());
|
2014-12-11 18:30:37 +01:00
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_SECURITY, "ima", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2014-12-11 18:30:37 +01:00
|
|
|
assert_se(condition_test(condition) == use_ima());
|
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_SECURITY, "apparmor", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2014-12-11 18:30:37 +01:00
|
|
|
assert_se(condition_test(condition) == mac_apparmor_use());
|
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_SECURITY, "smack", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2014-12-11 18:30:37 +01:00
|
|
|
assert_se(condition_test(condition) == mac_smack_use());
|
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_SECURITY, "audit", false, false);
|
2016-08-19 16:00:51 +02:00
|
|
|
assert_se(condition);
|
2014-12-11 18:30:37 +01:00
|
|
|
assert_se(condition_test(condition) == use_audit());
|
|
|
|
condition_free(condition);
|
|
|
|
}
|
|
|
|
|
2016-10-22 04:56:58 +02:00
|
|
|
static void test_condition_test_virtualization(void) {
|
|
|
|
Condition *condition;
|
|
|
|
const char *virt;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_VIRTUALIZATION, "garbage oifdsjfoidsjoj", false, false);
|
|
|
|
assert_se(condition);
|
|
|
|
r = condition_test(condition);
|
|
|
|
log_info("ConditionVirtualization=garbage → %i", r);
|
|
|
|
assert_se(r == 0);
|
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_VIRTUALIZATION, "container", false, false);
|
|
|
|
assert_se(condition);
|
|
|
|
r = condition_test(condition);
|
|
|
|
log_info("ConditionVirtualization=container → %i", r);
|
|
|
|
assert_se(r == !!detect_container());
|
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_VIRTUALIZATION, "vm", false, false);
|
|
|
|
assert_se(condition);
|
|
|
|
r = condition_test(condition);
|
|
|
|
log_info("ConditionVirtualization=vm → %i", r);
|
|
|
|
assert_se(r == (detect_vm() && !detect_container()));
|
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_VIRTUALIZATION, "private-users", false, false);
|
|
|
|
assert_se(condition);
|
|
|
|
r = condition_test(condition);
|
|
|
|
log_info("ConditionVirtualization=private-users → %i", r);
|
|
|
|
assert_se(r == !!running_in_userns());
|
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
NULSTR_FOREACH(virt,
|
|
|
|
"kvm\0"
|
|
|
|
"qemu\0"
|
|
|
|
"bochs\0"
|
|
|
|
"xen\0"
|
|
|
|
"uml\0"
|
|
|
|
"vmware\0"
|
|
|
|
"oracle\0"
|
|
|
|
"microsoft\0"
|
|
|
|
"zvm\0"
|
|
|
|
"parallels\0"
|
|
|
|
"bhyve\0"
|
|
|
|
"vm_other\0") {
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_VIRTUALIZATION, virt, false, false);
|
|
|
|
assert_se(condition);
|
|
|
|
r = condition_test(condition);
|
|
|
|
log_info("ConditionVirtualization=%s → %i", virt, r);
|
|
|
|
assert_se(r >= 0);
|
|
|
|
condition_free(condition);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-04-09 01:32:13 +02:00
|
|
|
static void test_condition_test_user(void) {
|
|
|
|
Condition *condition;
|
|
|
|
char* uid;
|
|
|
|
char* username;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
condition = condition_new(CONDITION_USER, "garbage oifdsjfoidsjoj", false, false);
|
|
|
|
assert_se(condition);
|
|
|
|
r = condition_test(condition);
|
|
|
|
log_info("ConditionUser=garbage → %i", r);
|
|
|
|
assert_se(r == 0);
|
|
|
|
condition_free(condition);
|
|
|
|
|
|
|
|
assert_se(asprintf(&uid, "%"PRIu32, UINT32_C(0xFFFF)) > 0);
|
|
|
|
condition = condition_new(CONDITION_USER, uid, false, false);
|
|
|
|
assert_se(condition);
|
|
|
|
r = condition_test(condition);
|
|
|
|
log_info("ConditionUser=%s → %i", uid, r);
|
|
|
|
assert_se(r == 0);
|
|
|
|
condition_free(condition);
|
|
|
|
free(uid);
|
|
|
|
|
|
|
|
assert_se(asprintf(&uid, "%u", (unsigned)getuid()) > 0);
|
|
|
|
condition = condition_new(CONDITION_USER, uid, false, false);
|
|
|
|
assert_se(condition);
|
|
|
|
r = condition_test(condition);
|
|
|
|
log_info("ConditionUser=%s → %i", uid, r);
|
|
|
|
assert_se(r > 0);
|
|
|
|
condition_free(condition);
|
|
|
|
free(uid);
|
|
|
|
|
|
|
|
assert_se(asprintf(&uid, "%u", (unsigned)getuid()+1) > 0);
|
|
|
|
condition = condition_new(CONDITION_USER, uid, false, false);
|
|
|
|
assert_se(condition);
|
|
|
|
r = condition_test(condition);
|
|
|
|
log_info("ConditionUser=%s → %i", uid, r);
|
|
|
|
assert_se(r == 0);
|
|
|
|
condition_free(condition);
|
|
|
|
free(uid);
|
|
|
|
|
|
|
|
username = getusername_malloc();
|
|
|
|
assert_se(username);
|
|
|
|
condition = condition_new(CONDITION_USER, username, false, false);
|
|
|
|
assert_se(condition);
|
|
|
|
r = condition_test(condition);
|
|
|
|
log_info("ConditionUser=%s → %i", username, r);
|
|
|
|
assert_se(r > 0);
|
|
|
|
condition_free(condition);
|
|
|
|
free(username);
|
|
|
|
|
|
|
|
username = (char*)(geteuid() == 0 ? NOBODY_USER_NAME : "root");
|
|
|
|
condition = condition_new(CONDITION_USER, username, false, false);
|
|
|
|
assert_se(condition);
|
|
|
|
r = condition_test(condition);
|
|
|
|
log_info("ConditionUser=%s → %i", username, r);
|
|
|
|
assert_se(r == 0);
|
|
|
|
condition_free(condition);
|
2017-05-19 04:12:14 +02:00
|
|
|
|
|
|
|
condition = condition_new(CONDITION_USER, "@system", false, false);
|
|
|
|
assert_se(condition);
|
|
|
|
r = condition_test(condition);
|
|
|
|
log_info("ConditionUser=@system → %i", r);
|
2017-12-02 12:59:21 +01:00
|
|
|
if (uid_is_system(getuid()) || uid_is_system(geteuid()))
|
2017-05-19 04:12:14 +02:00
|
|
|
assert_se(r > 0);
|
|
|
|
else
|
|
|
|
assert_se(r == 0);
|
|
|
|
condition_free(condition);
|
2017-04-09 01:32:13 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
static void test_condition_test_group(void) {
|
|
|
|
Condition *condition;
|
|
|
|
char* gid;
|
|
|
|
char* groupname;
|
|
|
|
gid_t *gids, max_gid;
|
2017-08-06 01:25:19 +02:00
|
|
|
int ngroups_max, ngroups, r, i;
|
2017-04-09 01:32:13 +02:00
|
|
|
|
|
|
|
assert_se(0 < asprintf(&gid, "%u", UINT32_C(0xFFFF)));
|
|
|
|
condition = condition_new(CONDITION_GROUP, gid, false, false);
|
|
|
|
assert_se(condition);
|
|
|
|
r = condition_test(condition);
|
|
|
|
log_info("ConditionGroup=%s → %i", gid, r);
|
|
|
|
assert_se(r == 0);
|
|
|
|
condition_free(condition);
|
|
|
|
free(gid);
|
|
|
|
|
|
|
|
assert_se(0 < asprintf(&gid, "%u", getgid()));
|
|
|
|
condition = condition_new(CONDITION_GROUP, gid, false, false);
|
|
|
|
assert_se(condition);
|
|
|
|
r = condition_test(condition);
|
|
|
|
log_info("ConditionGroup=%s → %i", gid, r);
|
|
|
|
assert_se(r > 0);
|
|
|
|
condition_free(condition);
|
|
|
|
free(gid);
|
|
|
|
|
|
|
|
ngroups_max = sysconf(_SC_NGROUPS_MAX);
|
|
|
|
assert(ngroups_max > 0);
|
|
|
|
|
|
|
|
gids = alloca(sizeof(gid_t) * ngroups_max);
|
|
|
|
|
2017-08-06 01:25:19 +02:00
|
|
|
ngroups = getgroups(ngroups_max, gids);
|
|
|
|
assert(ngroups >= 0);
|
2017-04-09 01:32:13 +02:00
|
|
|
|
|
|
|
max_gid = getgid();
|
2017-08-06 01:25:19 +02:00
|
|
|
for (i = 0; i < ngroups; i++) {
|
2017-04-09 01:32:13 +02:00
|
|
|
assert_se(0 < asprintf(&gid, "%u", gids[i]));
|
|
|
|
condition = condition_new(CONDITION_GROUP, gid, false, false);
|
|
|
|
assert_se(condition);
|
|
|
|
r = condition_test(condition);
|
|
|
|
log_info("ConditionGroup=%s → %i", gid, r);
|
|
|
|
assert_se(r > 0);
|
|
|
|
condition_free(condition);
|
|
|
|
free(gid);
|
|
|
|
max_gid = gids[i] > max_gid ? gids[i] : max_gid;
|
|
|
|
|
|
|
|
groupname = gid_to_name(gids[i]);
|
|
|
|
assert_se(groupname);
|
|
|
|
condition = condition_new(CONDITION_GROUP, groupname, false, false);
|
|
|
|
assert_se(condition);
|
|
|
|
r = condition_test(condition);
|
|
|
|
log_info("ConditionGroup=%s → %i", groupname, r);
|
|
|
|
assert_se(r > 0);
|
|
|
|
condition_free(condition);
|
|
|
|
free(groupname);
|
|
|
|
max_gid = gids[i] > max_gid ? gids[i] : max_gid;
|
|
|
|
}
|
|
|
|
|
|
|
|
assert_se(0 < asprintf(&gid, "%u", max_gid+1));
|
|
|
|
condition = condition_new(CONDITION_GROUP, gid, false, false);
|
|
|
|
assert_se(condition);
|
|
|
|
r = condition_test(condition);
|
|
|
|
log_info("ConditionGroup=%s → %i", gid, r);
|
|
|
|
assert_se(r == 0);
|
|
|
|
condition_free(condition);
|
|
|
|
free(gid);
|
|
|
|
|
|
|
|
groupname = (char*)(geteuid() == 0 ? NOBODY_GROUP_NAME : "root");
|
|
|
|
condition = condition_new(CONDITION_GROUP, groupname, false, false);
|
|
|
|
assert_se(condition);
|
|
|
|
r = condition_test(condition);
|
|
|
|
log_info("ConditionGroup=%s → %i", groupname, r);
|
|
|
|
assert_se(r == 0);
|
|
|
|
condition_free(condition);
|
|
|
|
}
|
|
|
|
|
2014-08-16 14:19:10 +02:00
|
|
|
int main(int argc, char *argv[]) {
|
2016-10-22 04:56:58 +02:00
|
|
|
log_set_max_level(LOG_DEBUG);
|
2014-08-16 14:19:10 +02:00
|
|
|
log_parse_environment();
|
|
|
|
log_open();
|
|
|
|
|
2014-12-11 18:30:37 +01:00
|
|
|
test_condition_test_path();
|
2014-08-16 14:19:10 +02:00
|
|
|
test_condition_test_ac_power();
|
|
|
|
test_condition_test_host();
|
|
|
|
test_condition_test_architecture();
|
2014-11-05 19:43:55 +01:00
|
|
|
test_condition_test_kernel_command_line();
|
core,udev,networkd: add ConditionKernelVersion=
This adds a simple condition/assert/match to the service manager, to
udev's .link handling and to networkd, for matching the kernel version
string.
In this version we only do fnmatch() based globbing, but we might want
to extend that to version comparisons later on, if we like, by slightly
extending the syntax with ">=", "<=", ">", "<" and "==" expressions.
2017-12-13 20:34:13 +01:00
|
|
|
test_condition_test_kernel_version();
|
2014-11-06 02:11:08 +01:00
|
|
|
test_condition_test_null();
|
2014-12-11 18:30:37 +01:00
|
|
|
test_condition_test_security();
|
2016-10-22 04:56:58 +02:00
|
|
|
test_condition_test_virtualization();
|
2017-04-09 01:32:13 +02:00
|
|
|
test_condition_test_user();
|
|
|
|
test_condition_test_group();
|
2017-12-18 08:53:29 +01:00
|
|
|
test_condition_test_control_group_controller();
|
2014-08-16 14:19:10 +02:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|