test: add test for DynamicUser= + StateDirectory=

Also, tests for DynamicUser= should really run for system mode, as we
allocate from a system resource.

(This also increases the test timeout to 2min. If one of our tests
really hangs then waiting for 2min longer doesn't hurt either. The old
2s is really short, given that we run in potentially slow VM
environments for this test. This becomes noticable when the slow "find"
command this adds is triggered)

src/test/test-execute.c

@@ -45,7 +45,7 @@ typedef void (*test_function_t)(Manager *m);
 static void check(Manager *m, Unit *unit, int status_expected, int code_expected) {
         Service *service = NULL;
         usec_t ts;
-        usec_t timeout = 2 * USEC_PER_SEC;
+        usec_t timeout = 2 * USEC_PER_MINUTE;
 
         assert_se(m);
         assert_se(unit);
@@ -317,6 +317,7 @@ static void test_exec_dynamic_user(Manager *m) {
         test(m, "exec-dynamicuser-fixeduser.service", 0, CLD_EXITED);
         test(m, "exec-dynamicuser-fixeduser-one-supplementarygroup.service", 0, CLD_EXITED);
         test(m, "exec-dynamicuser-supplementarygroups.service", 0, CLD_EXITED);
+        test(m, "exec-dynamicuser-state-dir.service", 0, CLD_EXITED);
 }
 
 static void test_exec_environment(Manager *m) {
@@ -500,7 +501,6 @@ int main(int argc, char *argv[]) {
                 test_exec_user,
                 test_exec_group,
                 test_exec_supplementary_groups,
-                test_exec_dynamic_user,
                 test_exec_environment,
                 test_exec_environmentfile,
                 test_exec_passenvironment,
@@ -517,6 +517,7 @@ int main(int argc, char *argv[]) {
         };
         static const test_function_t system_tests[] = {
                 test_exec_systemcall_system_mode_with_user,
+                test_exec_dynamic_user,
                 NULL,
         };
         int r;

test/meson.build

@@ -64,6 +64,7 @@ test_data_files = '''
         test-execute/exec-dynamicuser-fixeduser.service
         test-execute/exec-dynamicuser-fixeduser-one-supplementarygroup.service
         test-execute/exec-dynamicuser-supplementarygroups.service
+        test-execute/exec-dynamicuser-state-dir.service
         test-execute/exec-ignoresigpipe-no.service
         test-execute/exec-ignoresigpipe-yes.service
         test-execute/exec-personality-x86-64.service

test/test-execute/exec-dynamicuser-state-dir.service

@@ -0,0 +1,19 @@
+[Unit]
+Description=Test DynamicUser= with StateDirectory=
+
+[Service]
+ExecStart=/usr/bin/test -w /var/lib/waldo
+ExecStart=/usr/bin/test -w /var/lib/quux/pief
+ExecStart=/bin/touch /var/lib/waldo/yay
+ExecStart=/bin/touch /var/lib/quux/pief/yayyay
+ExecStart=/usr/bin/test -f /var/lib/waldo/yay
+ExecStart=/usr/bin/test -f /var/lib/quux/pief/yayyay
+ExecStart=/usr/bin/test -f /var/lib/private/waldo/yay
+ExecStart=/usr/bin/test -f /var/lib/private/quux/pief/yayyay
+
+# Make sure that /var/lib/private/waldo is really the only writable directory besides the obvious candidates
+ExecStart=/bin/sh -x -c 'test $$(find / -type d -writable 2> /dev/null | egrep -v -e \'^(/var/tmp$$|/tmp$$|/proc/|/dev/mqueue$$|/dev/shm$$)\' | sort -u | tr -d '\\\\n') = /var/lib/private/quux/pief/var/lib/private/waldo'
+
+Type=oneshot
+DynamicUser=yes
+StateDirectory=waldo quux/pief