test: ensure 'InaccessiblePaths=/proc' option works (#6017)

Test case for PR #5985.
2017-05-25 06:47:08 +02:00 · 2017-05-25 06:47:08 +02:00 · c090d74dd9
parent b23aec0d6b
commit c090d74dd9
4 changed files with 14 additions and 0 deletions
--- a/Makefile.am
+++ b/Makefile.am
@ -1737,6 +1737,7 @@ TEST_DATA_FILES += \
 	test/test-execute/exec-readonlypaths-mount-propagation.service \
 	test/test-execute/exec-readwritepaths-mount-propagation.service \
 	test/test-execute/exec-inaccessiblepaths-mount-propagation.service \
+	test/test-execute/exec-inaccessiblepaths-proc.service \
 	test/test-execute/exec-spec-interpolation.service \
 	test/test-execute/exec-systemcallerrornumber.service \
 	test/test-execute/exec-systemcallfilter-failing2.service \
--- a/src/test/test-execute.c
+++ b/src/test/test-execute.c
@ -233,6 +233,10 @@ static void test_exec_inaccessiblepaths(Manager *m) {
        test(m, "exec-inaccessiblepaths-mount-propagation.service", 0, CLD_EXITED);
 }

+static void test_exec_inaccessiblepaths_proc(Manager *m) {
+        test(m, "exec-inaccessiblepaths-proc.service", 0, CLD_EXITED);
+}
+
 static void test_exec_systemcallfilter(Manager *m) {
 #ifdef HAVE_SECCOMP
        if (!is_seccomp_available())
@ -479,6 +483,7 @@ int main(int argc, char *argv[]) {
                test_exec_readonlypaths,
                test_exec_readwritepaths,
                test_exec_inaccessiblepaths,
+                test_exec_inaccessiblepaths_proc,
                test_exec_privatenetwork,
                test_exec_systemcallfilter,
                test_exec_systemcallerrornumber,
--- a/test/meson.build
+++ b/test/meson.build
@ -85,6 +85,7 @@ test_data_files = '''
        test-execute/exec-readonlypaths-mount-propagation.service
        test-execute/exec-readwritepaths-mount-propagation.service
        test-execute/exec-inaccessiblepaths-mount-propagation.service
+        test-execute/exec-inaccessiblepaths-proc.service
        test-execute/exec-spec-interpolation.service
        test-execute/exec-systemcallerrornumber.service
        test-execute/exec-systemcallfilter-failing2.service
--- a/test/test-execute/exec-inaccessiblepaths-proc.service
+++ b/test/test-execute/exec-inaccessiblepaths-proc.service
@ -0,0 +1,7 @@
+[Unit]
+Description=Test to make sure that mount namespace setup works properly with the 'InaccessiblePaths=/proc' option
+
+[Service]
+InaccessiblePaths=/proc
+ExecStart=/bin/sh -x -c 'test "$$(stat -c %%a /proc)" = "0"'
+Type=oneshot