diff --git a/test/TEST-54-CREDS/Makefile b/test/TEST-54-CREDS/Makefile new file mode 120000 index 0000000000..e9f93b1104 --- /dev/null +++ b/test/TEST-54-CREDS/Makefile @@ -0,0 +1 @@ +../TEST-01-BASIC/Makefile \ No newline at end of file diff --git a/test/TEST-54-CREDS/test.sh b/test/TEST-54-CREDS/test.sh new file mode 100755 index 0000000000..5feb15e7f1 --- /dev/null +++ b/test/TEST-54-CREDS/test.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash +set -e +TEST_DESCRIPTION="test credentials" + +. $TEST_BASE_DIR/test-functions + +do_test "$@" 54 diff --git a/test/units/testsuite-54.service b/test/units/testsuite-54.service new file mode 100644 index 0000000000..862dd1c0fb --- /dev/null +++ b/test/units/testsuite-54.service @@ -0,0 +1,7 @@ +[Unit] +Description=TESTSUITE-54-CREDS + +[Service] +ExecStartPre=rm -f /failed /testok +ExecStart=/usr/lib/systemd/tests/testdata/units/%N.sh +Type=oneshot diff --git a/test/units/testsuite-54.sh b/test/units/testsuite-54.sh new file mode 100755 index 0000000000..aabc56f348 --- /dev/null +++ b/test/units/testsuite-54.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env bash +set -ex + +systemd-analyze log-level debug + +# Verify that the creds are properly loaded and we can read them from the service's unpriv user +systemd-run -p LoadCredential=passwd:/etc/passwd \ + -p LoadCredential=shadow:/etc/shadow \ + -p SetCredential=dog:wuff \ + -p DynamicUser=1 \ + --wait \ + --pipe \ + cat '${CREDENTIALS_DIRECTORY}/passwd' '${CREDENTIALS_DIRECTORY}/shadow' '${CREDENTIALS_DIRECTORY}/dog' > /tmp/ts54-concat +( cat /etc/passwd /etc/shadow && echo -n wuff ) | cmp /tmp/ts54-concat +rm /tmp/ts54-concat + +# Verify that the creds are immutable +! systemd-run -p LoadCredential=passwd:/etc/passwd \ + -p DynamicUser=1 \ + --wait \ + touch '${CREDENTIALS_DIRECTORY}/passwd' +! systemd-run -p LoadCredential=passwd:/etc/passwd \ + -p DynamicUser=1 \ + --wait \ + rm '${CREDENTIALS_DIRECTORY}/passwd' + +systemd-analyze log-level info + +echo OK > /testok + +exit 0