From cdaf5070480c09a7650589fa02b4d59c0af00112 Mon Sep 17 00:00:00 2001 From: Filipe Brandenburger Date: Sun, 8 Nov 2015 10:19:45 -0800 Subject: [PATCH] test-execute: Fix systemd escaping and shell issues In most cases, systemd requires escaping $ (for systemd variable substitution) and % (for specifiers) by doubling them. This was somewhat of an issue in tests like exec-environment*.service where systemd was doing the substitutions and we were not really checking that those were available in the actual environment of the command. Fix that. Expressions such as `exit $(test ...)` are incorrect. They only work because $(test ...) will produce no output, so the command will become a bare "exit" which will exit with the status of the latest executed command which turns out to be the test... The direct approach is simply calling "test" as the last command, for which the shell will propagate the exit status. One situation where this was breaking tests was on `exit $(test ...) && $(test ...) && $(test ...)` where the second and third tests were not really executing, since the first command is actually `exit` so && was doing nothing there. Fixed it by just using `test ... && test ... && test ...` as it was initially intended. Pass -x to all shell executions for them to produce useful debugging output to stderr. Consequently, removed most of the explicit `echo`s that are no longer needed. Mark all units as Type=oneshot explicitly. Also made sure all shell variables are properly quoted. v2: Added an explicit LC_ALL=C to ionice invocations since some locales (such as French) will add a space before the colon in the output. Tested by running `sudo ./test-execute` and confirming all tests enabled on my system (essentially all of them except for the s390 one) passed. Tweaked the variables or options or expected values and confirmed the tests do indeed fail when the values are not exactly the expected ones. v2: Also tested with `LANG=fr_FR.UTF-8 sudo ./test-execute` to confirm it still works in a different locale. --- test/test-execute/exec-capabilityboundingset-invert.service | 3 ++- test/test-execute/exec-capabilityboundingset-merge.service | 3 ++- test/test-execute/exec-capabilityboundingset-reset.service | 3 ++- test/test-execute/exec-capabilityboundingset-simple.service | 3 ++- test/test-execute/exec-environment-empty.service | 3 ++- test/test-execute/exec-environment-multiple.service | 3 ++- test/test-execute/exec-environment.service | 3 ++- test/test-execute/exec-environmentfile.service | 2 +- test/test-execute/exec-group.service | 3 ++- test/test-execute/exec-ignoresigpipe-no.service | 2 +- test/test-execute/exec-ignoresigpipe-yes.service | 2 +- test/test-execute/exec-ioschedulingclass-best-effort.service | 2 +- test/test-execute/exec-ioschedulingclass-idle.service | 2 +- test/test-execute/exec-ioschedulingclass-none.service | 2 +- test/test-execute/exec-ioschedulingclass-realtime.service | 2 +- test/test-execute/exec-oomscoreadjust-negative.service | 4 ++-- test/test-execute/exec-oomscoreadjust-positive.service | 4 ++-- test/test-execute/exec-personality-s390.service | 2 +- test/test-execute/exec-personality-x86-64.service | 2 +- test/test-execute/exec-personality-x86.service | 2 +- test/test-execute/exec-privatedevices-no.service | 2 +- test/test-execute/exec-privatedevices-yes.service | 2 +- test/test-execute/exec-privatenetwork-yes.service | 3 ++- test/test-execute/exec-privatetmp-no.service | 2 +- test/test-execute/exec-privatetmp-yes.service | 2 +- test/test-execute/exec-runtimedirectory-mode.service | 2 +- test/test-execute/exec-runtimedirectory-owner.service | 2 +- test/test-execute/exec-runtimedirectory.service | 2 +- test/test-execute/exec-systemcallerrornumber.service | 3 ++- test/test-execute/exec-systemcallfilter-failing.service | 1 + test/test-execute/exec-systemcallfilter-failing2.service | 1 + test/test-execute/exec-systemcallfilter-not-failing.service | 1 + test/test-execute/exec-systemcallfilter-not-failing2.service | 1 + test/test-execute/exec-umask-0177.service | 3 ++- test/test-execute/exec-umask-default.service | 3 ++- test/test-execute/exec-user.service | 3 ++- test/test-execute/exec-workingdirectory.service | 2 +- 37 files changed, 52 insertions(+), 35 deletions(-) diff --git a/test/test-execute/exec-capabilityboundingset-invert.service b/test/test-execute/exec-capabilityboundingset-invert.service index e2b09e1550..fd5d248702 100644 --- a/test/test-execute/exec-capabilityboundingset-invert.service +++ b/test/test-execute/exec-capabilityboundingset-invert.service @@ -2,5 +2,6 @@ Description=Test for CapabilityBoundingSet [Service] -ExecStart=/bin/sh -c 'c=$(capsh --print | grep "Bounding set " | grep "cap_chown"); echo $c; exit $(test -z $c)' +ExecStart=/bin/sh -x -c 'c=$$(capsh --print | grep "^Bounding set .*cap_chown"); test -z "$$c"' +Type=oneshot CapabilityBoundingSet=~CAP_CHOWN diff --git a/test/test-execute/exec-capabilityboundingset-merge.service b/test/test-execute/exec-capabilityboundingset-merge.service index b0f4732529..5c7fcaf437 100644 --- a/test/test-execute/exec-capabilityboundingset-merge.service +++ b/test/test-execute/exec-capabilityboundingset-merge.service @@ -2,6 +2,7 @@ Description=Test for CapabilityBoundingSet [Service] -ExecStart=/bin/sh -c 'c=$(capsh --print | grep "Bounding set " | cut -f 2 -d "="); echo $c; exit $(test $c = "cap_chown,cap_fowner,cap_kill")' +ExecStart=/bin/sh -x -c 'c=$$(capsh --print | grep "Bounding set "); test "$$c" = "Bounding set =cap_chown,cap_fowner,cap_kill"' +Type=oneshot CapabilityBoundingSet=CAP_FOWNER CapabilityBoundingSet=CAP_KILL CAP_CHOWN diff --git a/test/test-execute/exec-capabilityboundingset-reset.service b/test/test-execute/exec-capabilityboundingset-reset.service index 51092ab0d5..d7d3320204 100644 --- a/test/test-execute/exec-capabilityboundingset-reset.service +++ b/test/test-execute/exec-capabilityboundingset-reset.service @@ -2,6 +2,7 @@ Description=Test for CapabilityBoundingSet [Service] -ExecStart=/bin/sh -c 'c=$(capsh --print | grep "Bounding set " | cut -f 2 -d "="); echo $c; exit $(test -z $c)' +ExecStart=/bin/sh -x -c 'c=$$(capsh --print | grep "Bounding set "); test "$$c" = "Bounding set ="' +Type=oneshot CapabilityBoundingSet=CAP_FOWNER CAP_KILL CapabilityBoundingSet= diff --git a/test/test-execute/exec-capabilityboundingset-simple.service b/test/test-execute/exec-capabilityboundingset-simple.service index b9037a0ddf..bf1a7f575a 100644 --- a/test/test-execute/exec-capabilityboundingset-simple.service +++ b/test/test-execute/exec-capabilityboundingset-simple.service @@ -2,5 +2,6 @@ Description=Test for CapabilityBoundingSet [Service] -ExecStart=/bin/sh -c 'c=$(capsh --print | grep "Bounding set " | cut -f 2 -d "="); echo $c; exit $(test $c = "cap_fowner,cap_kill")' +ExecStart=/bin/sh -x -c 'c=$$(capsh --print | grep "Bounding set "); test "$$c" = "Bounding set =cap_fowner,cap_kill"' +Type=oneshot CapabilityBoundingSet=CAP_FOWNER CAP_KILL diff --git a/test/test-execute/exec-environment-empty.service b/test/test-execute/exec-environment-empty.service index 0219ca4fd7..9c92d4bc81 100644 --- a/test/test-execute/exec-environment-empty.service +++ b/test/test-execute/exec-environment-empty.service @@ -2,6 +2,7 @@ Description=Test for Environment [Service] -ExecStart=/bin/sh -c 'exit $(test ! "$VAR1" = "word1 word2") && $(test ! "$VAR2" = word3) && $(test ! "$VAR3" = \'$word 5 6\')' +ExecStart=/bin/sh -x -c 'test "$${VAR1-unset}" = "unset" && test "$${VAR2-unset}" = "unset" && test "$${VAR3-unset}" = "unset"' +Type=oneshot Environment="VAR1=word1 word2" VAR2=word3 "VAR3=$word 5 6" Environment= diff --git a/test/test-execute/exec-environment-multiple.service b/test/test-execute/exec-environment-multiple.service index 479005a5d8..b9bc225635 100644 --- a/test/test-execute/exec-environment-multiple.service +++ b/test/test-execute/exec-environment-multiple.service @@ -2,6 +2,7 @@ Description=Test for Environment [Service] -ExecStart=/bin/sh -c 'exit $(test "$VAR1" = "word1 word2") && $(test "$VAR2" = word3) && $(test "$VAR3" = foobar)' +ExecStart=/bin/sh -x -c 'test "$$VAR1" = "word1 word2" && test "$$VAR2" = word3 && test "$$VAR3" = foobar' +Type=oneshot Environment="VAR1=word1 word2" VAR2=word3 "VAR3=$word 5 6" Environment="VAR3=foobar" diff --git a/test/test-execute/exec-environment.service b/test/test-execute/exec-environment.service index 4586b4c4a9..06e77af220 100644 --- a/test/test-execute/exec-environment.service +++ b/test/test-execute/exec-environment.service @@ -2,5 +2,6 @@ Description=Test for Environment [Service] -ExecStart=/bin/sh -c 'exit $(test "$VAR1" = "word1 word2") && $(test "$VAR2" = word3) && $(test "$VAR3" = \'$word 5 6\')' +ExecStart=/bin/sh -x -c 'test "$$VAR1" = "word1 word2" && test "$$VAR2" = word3 && test "$$VAR3" = "\\$$word 5 6"' +Type=oneshot Environment="VAR1=word1 word2" VAR2=word3 "VAR3=$word 5 6" diff --git a/test/test-execute/exec-environmentfile.service b/test/test-execute/exec-environmentfile.service index 848f2a120c..f6b8462719 100644 --- a/test/test-execute/exec-environmentfile.service +++ b/test/test-execute/exec-environmentfile.service @@ -2,6 +2,6 @@ Description=Test for EnvironmentFile [Service] -ExecStart=/bin/sh -c 'exit $(test "$VAR1" = "word1 word2") && $(test "$VAR2" = word3) && $(test "$VAR3" = \'$word 5 6\')' +ExecStart=/bin/sh -x -c 'test "$$VAR1" = "word1 word2" && test "$$VAR2" = word3 && test "$$VAR3" = "\\$$word 5 6"' Type=oneshot EnvironmentFile=/tmp/test-exec_environmentfile.conf diff --git a/test/test-execute/exec-group.service b/test/test-execute/exec-group.service index 1aa04b5bd2..be7c796912 100644 --- a/test/test-execute/exec-group.service +++ b/test/test-execute/exec-group.service @@ -2,5 +2,6 @@ Description=Test for Group [Service] -ExecStart=/bin/sh -c 'exit $(test $(id -n -g) = nobody)' +ExecStart=/bin/sh -x -c 'test "$$(id -n -g)" = "nobody"' +Type=oneshot Group=nobody diff --git a/test/test-execute/exec-ignoresigpipe-no.service b/test/test-execute/exec-ignoresigpipe-no.service index 69b2e9d8a8..73addf5f05 100644 --- a/test/test-execute/exec-ignoresigpipe-no.service +++ b/test/test-execute/exec-ignoresigpipe-no.service @@ -2,6 +2,6 @@ Description=Test for IgnoreSIGPIPE=no [Service] -ExecStart=/bin/sh -c 'kill -PIPE 0' +ExecStart=/bin/sh -x -c 'kill -PIPE 0' Type=oneshot IgnoreSIGPIPE=no diff --git a/test/test-execute/exec-ignoresigpipe-yes.service b/test/test-execute/exec-ignoresigpipe-yes.service index 877ec8aed0..f81c01719e 100644 --- a/test/test-execute/exec-ignoresigpipe-yes.service +++ b/test/test-execute/exec-ignoresigpipe-yes.service @@ -2,6 +2,6 @@ Description=Test for IgnoreSIGPIPE=yes [Service] -ExecStart=/bin/sh -c 'kill -PIPE 0' +ExecStart=/bin/sh -x -c 'kill -PIPE 0' Type=oneshot IgnoreSIGPIPE=yes diff --git a/test/test-execute/exec-ioschedulingclass-best-effort.service b/test/test-execute/exec-ioschedulingclass-best-effort.service index 56e2718505..29bb8510b4 100644 --- a/test/test-execute/exec-ioschedulingclass-best-effort.service +++ b/test/test-execute/exec-ioschedulingclass-best-effort.service @@ -2,6 +2,6 @@ Description=Test for IOSchedulingClass=best-effort [Service] -ExecStart=/bin/bash -c 'c=$(ionice); echo $c; [[ "$c" == best-effort* ]]' +ExecStart=/bin/sh -x -c 'c=$$(LC_ALL=C ionice); test "$${c%%:*}" = "best-effort"' Type=oneshot IOSchedulingClass=best-effort diff --git a/test/test-execute/exec-ioschedulingclass-idle.service b/test/test-execute/exec-ioschedulingclass-idle.service index b45795cab7..87dbed14c1 100644 --- a/test/test-execute/exec-ioschedulingclass-idle.service +++ b/test/test-execute/exec-ioschedulingclass-idle.service @@ -2,6 +2,6 @@ Description=Test for IOSchedulingClass=idle [Service] -ExecStart=/bin/bash -c 'c=$(ionice); echo $c; [[ "$c" == idle* ]]' +ExecStart=/bin/sh -x -c 'c=$$(LC_ALL=C ionice); test "$${c%%:*}" = "idle"' Type=oneshot IOSchedulingClass=idle diff --git a/test/test-execute/exec-ioschedulingclass-none.service b/test/test-execute/exec-ioschedulingclass-none.service index 36b546ca01..b6af122a1e 100644 --- a/test/test-execute/exec-ioschedulingclass-none.service +++ b/test/test-execute/exec-ioschedulingclass-none.service @@ -2,6 +2,6 @@ Description=Test for IOSchedulingClass=none [Service] -ExecStart=/bin/bash -c 'c=$(ionice); echo $c; [[ "$c" == none* ]]' +ExecStart=/bin/sh -x -c 'c=$$(LC_ALL=C ionice); test "$${c%%:*}" = "none"' Type=oneshot IOSchedulingClass=none diff --git a/test/test-execute/exec-ioschedulingclass-realtime.service b/test/test-execute/exec-ioschedulingclass-realtime.service index 74936d8079..d920d5c687 100644 --- a/test/test-execute/exec-ioschedulingclass-realtime.service +++ b/test/test-execute/exec-ioschedulingclass-realtime.service @@ -2,6 +2,6 @@ Description=Test for IOSchedulingClass=realtime [Service] -ExecStart=/bin/bash -c 'c=$(ionice); echo $c; [[ "$c" == realtime* ]]' +ExecStart=/bin/sh -x -c 'c=$$(LC_ALL=C ionice); test "$${c%%:*}" = "realtime"' Type=oneshot IOSchedulingClass=realtime diff --git a/test/test-execute/exec-oomscoreadjust-negative.service b/test/test-execute/exec-oomscoreadjust-negative.service index 63ab501c63..2234c53c3f 100644 --- a/test/test-execute/exec-oomscoreadjust-negative.service +++ b/test/test-execute/exec-oomscoreadjust-negative.service @@ -2,6 +2,6 @@ Description=Test for OOMScoreAdjust [Service] -ExecStart=/bin/bash -c 'c=$(cat /proc/self/oom_score_adj); echo $c; exit $(test $c -eq -100)' -OOMScoreAdjust=-100 +ExecStart=/bin/sh -x -c 'c=$$(cat /proc/self/oom_score_adj); test "$$c" -eq -100' Type=oneshot +OOMScoreAdjust=-100 diff --git a/test/test-execute/exec-oomscoreadjust-positive.service b/test/test-execute/exec-oomscoreadjust-positive.service index e47a4f1392..456a8f80cf 100644 --- a/test/test-execute/exec-oomscoreadjust-positive.service +++ b/test/test-execute/exec-oomscoreadjust-positive.service @@ -2,6 +2,6 @@ Description=Test for OOMScoreAdjust [Service] -ExecStart=/bin/bash -c 'c=$(cat /proc/self/oom_score_adj); echo $c; exit $(test $c -eq 100)' -OOMScoreAdjust=100 +ExecStart=/bin/sh -x -c 'c=$$(cat /proc/self/oom_score_adj); test "$$c" -eq 100' Type=oneshot +OOMScoreAdjust=100 diff --git a/test/test-execute/exec-personality-s390.service b/test/test-execute/exec-personality-s390.service index f3c3b03e3d..89f7de89d0 100644 --- a/test/test-execute/exec-personality-s390.service +++ b/test/test-execute/exec-personality-s390.service @@ -2,6 +2,6 @@ Description=Test for Personality=s390 [Service] -ExecStart=/bin/sh -c 'echo $(uname -m); exit $(test $(uname -m) = "s390")' +ExecStart=/bin/sh -x -c 'c=$$(uname -m); test "$$c" = "s390"' Type=oneshot Personality=s390 diff --git a/test/test-execute/exec-personality-x86-64.service b/test/test-execute/exec-personality-x86-64.service index 5bb5d910d0..433e69a6d1 100644 --- a/test/test-execute/exec-personality-x86-64.service +++ b/test/test-execute/exec-personality-x86-64.service @@ -2,6 +2,6 @@ Description=Test for Personality=x86-64 [Service] -ExecStart=/bin/sh -c 'echo $(uname -m); exit $(test $(uname -m) = "x86_64")' +ExecStart=/bin/sh -x -c 'c=$$(uname -m); test "$$c" = "x86_64"' Type=oneshot Personality=x86-64 diff --git a/test/test-execute/exec-personality-x86.service b/test/test-execute/exec-personality-x86.service index 0b370a6480..a623a08cbe 100644 --- a/test/test-execute/exec-personality-x86.service +++ b/test/test-execute/exec-personality-x86.service @@ -2,6 +2,6 @@ Description=Test for Personality=x86 [Service] -ExecStart=/bin/sh -c 'echo $(uname -m); exit $(test $(uname -m) = "i686")' +ExecStart=/bin/sh -x -c 'c=$$(uname -m); test "$$c" = "i686"' Type=oneshot Personality=x86 diff --git a/test/test-execute/exec-privatedevices-no.service b/test/test-execute/exec-privatedevices-no.service index cf4f275fb6..77aeb951b5 100644 --- a/test/test-execute/exec-privatedevices-no.service +++ b/test/test-execute/exec-privatedevices-no.service @@ -2,6 +2,6 @@ Description=Test for PrivateDev=no [Service] -ExecStart=/bin/sh -c 'exit $(test -c /dev/mem)' +ExecStart=/bin/sh -x -c 'test -c /dev/mem' Type=oneshot PrivateDevices=no diff --git a/test/test-execute/exec-privatedevices-yes.service b/test/test-execute/exec-privatedevices-yes.service index 85b3f4f981..ab958b646e 100644 --- a/test/test-execute/exec-privatedevices-yes.service +++ b/test/test-execute/exec-privatedevices-yes.service @@ -2,6 +2,6 @@ Description=Test for PrivateDev=yes [Service] -ExecStart=/bin/sh -c 'exit $(test ! -c /dev/mem)' +ExecStart=/bin/sh -c 'test ! -c /dev/mem' Type=oneshot PrivateDevices=yes diff --git a/test/test-execute/exec-privatenetwork-yes.service b/test/test-execute/exec-privatenetwork-yes.service index 494712e6a7..3df543ec93 100644 --- a/test/test-execute/exec-privatenetwork-yes.service +++ b/test/test-execute/exec-privatenetwork-yes.service @@ -2,5 +2,6 @@ Description=Test for PrivateNetwork [Service] -ExecStart=/bin/sh -c 'i=$(ip link | grep ": " | grep -v lo); echo $i; exit $(test -z $i)' +ExecStart=/bin/sh -x -c 'i=$$(ip link | grep ": " | grep -v ": lo:"); test -z "$$i"' +Type=oneshot PrivateNetwork=yes diff --git a/test/test-execute/exec-privatetmp-no.service b/test/test-execute/exec-privatetmp-no.service index d69e552a63..59f60f4755 100644 --- a/test/test-execute/exec-privatetmp-no.service +++ b/test/test-execute/exec-privatetmp-no.service @@ -2,6 +2,6 @@ Description=Test for PrivateTmp=no [Service] -ExecStart=/bin/sh -c 'exit $(test -f /tmp/test-exec_privatetmp)' +ExecStart=/bin/sh -x -c 'test -f /tmp/test-exec_privatetmp' Type=oneshot PrivateTmp=no diff --git a/test/test-execute/exec-privatetmp-yes.service b/test/test-execute/exec-privatetmp-yes.service index 881a040b87..907c291b81 100644 --- a/test/test-execute/exec-privatetmp-yes.service +++ b/test/test-execute/exec-privatetmp-yes.service @@ -2,6 +2,6 @@ Description=Test for PrivateTmp=yes [Service] -ExecStart=/bin/sh -c 'exit $(test ! -f /tmp/test-exec_privatetmp)' +ExecStart=/bin/sh -x -c 'test ! -f /tmp/test-exec_privatetmp' Type=oneshot PrivateTmp=yes diff --git a/test/test-execute/exec-runtimedirectory-mode.service b/test/test-execute/exec-runtimedirectory-mode.service index ba6d7ee39f..842721d5c2 100644 --- a/test/test-execute/exec-runtimedirectory-mode.service +++ b/test/test-execute/exec-runtimedirectory-mode.service @@ -2,7 +2,7 @@ Description=Test for RuntimeDirectoryMode [Service] -ExecStart=/bin/sh -c 's=$(stat -c %a /tmp/test-exec_runtimedirectory-mode); echo $s; exit $(test $s = "750")' +ExecStart=/bin/sh -x -c 'mode=$$(stat -c %%a /tmp/test-exec_runtimedirectory-mode); test "$$mode" = "750"' Type=oneshot RuntimeDirectory=test-exec_runtimedirectory-mode RuntimeDirectoryMode=0750 diff --git a/test/test-execute/exec-runtimedirectory-owner.service b/test/test-execute/exec-runtimedirectory-owner.service index 077e08d1c5..1f438c182e 100644 --- a/test/test-execute/exec-runtimedirectory-owner.service +++ b/test/test-execute/exec-runtimedirectory-owner.service @@ -2,7 +2,7 @@ Description=Test for RuntimeDirectory owner (must not be the default group of the user if Group is set) [Service] -ExecStart=/bin/sh -c 'f=/tmp/test-exec_runtimedirectory-owner;g=$(stat -c %G $f); echo "$g"; exit $(test $g = "nobody")' +ExecStart=/bin/sh -x -c 'group=$$(stat -c %%G /tmp/test-exec_runtimedirectory-owner); test "$$group" = "nobody"' Type=oneshot Group=nobody User=root diff --git a/test/test-execute/exec-runtimedirectory.service b/test/test-execute/exec-runtimedirectory.service index c12a6c63d6..ec46c9d49b 100644 --- a/test/test-execute/exec-runtimedirectory.service +++ b/test/test-execute/exec-runtimedirectory.service @@ -2,6 +2,6 @@ Description=Test for RuntimeDirectory [Service] -ExecStart=/bin/sh -c 'exit $(test -d /tmp/test-exec_runtimedirectory)' +ExecStart=/bin/sh -x -c 'test -d /tmp/test-exec_runtimedirectory' Type=oneshot RuntimeDirectory=test-exec_runtimedirectory diff --git a/test/test-execute/exec-systemcallerrornumber.service b/test/test-execute/exec-systemcallerrornumber.service index b11a952bd6..ff7da3c1a4 100644 --- a/test/test-execute/exec-systemcallerrornumber.service +++ b/test/test-execute/exec-systemcallerrornumber.service @@ -2,6 +2,7 @@ Description=Test for SystemCallErrorNumber [Service] -ExecStart=/bin/sh -c 'uname -a' +ExecStart=/bin/sh -x -c 'uname -a' +Type=oneshot SystemCallFilter=~uname SystemCallErrorNumber=EACCES diff --git a/test/test-execute/exec-systemcallfilter-failing.service b/test/test-execute/exec-systemcallfilter-failing.service index c6ce9368c9..5c6422f0fd 100644 --- a/test/test-execute/exec-systemcallfilter-failing.service +++ b/test/test-execute/exec-systemcallfilter-failing.service @@ -3,6 +3,7 @@ Description=Test for SystemCallFilter [Service] ExecStart=/bin/echo "This should not be seen" +Type=oneshot SystemCallFilter=ioperm SystemCallFilter=~ioperm SystemCallFilter=ioperm diff --git a/test/test-execute/exec-systemcallfilter-failing2.service b/test/test-execute/exec-systemcallfilter-failing2.service index b7f7c2aff9..3516078e1f 100644 --- a/test/test-execute/exec-systemcallfilter-failing2.service +++ b/test/test-execute/exec-systemcallfilter-failing2.service @@ -3,4 +3,5 @@ Description=Test for SystemCallFilter [Service] ExecStart=/bin/echo "This should not be seen" +Type=oneshot SystemCallFilter=~write open execve exit_group close mmap munmap fstat DONOTEXIST diff --git a/test/test-execute/exec-systemcallfilter-not-failing.service b/test/test-execute/exec-systemcallfilter-not-failing.service index feb206ab6d..c794b67edd 100644 --- a/test/test-execute/exec-systemcallfilter-not-failing.service +++ b/test/test-execute/exec-systemcallfilter-not-failing.service @@ -3,6 +3,7 @@ Description=Test for SystemCallFilter [Service] ExecStart=/bin/echo "Foo bar" +Type=oneshot SystemCallFilter=~read write open execve ioperm SystemCallFilter=ioctl SystemCallFilter=read write open execve diff --git a/test/test-execute/exec-systemcallfilter-not-failing2.service b/test/test-execute/exec-systemcallfilter-not-failing2.service index cca469aa3d..a62c81bd48 100644 --- a/test/test-execute/exec-systemcallfilter-not-failing2.service +++ b/test/test-execute/exec-systemcallfilter-not-failing2.service @@ -3,4 +3,5 @@ Description=Test for SystemCallFilter [Service] ExecStart=/bin/echo "Foo bar" +Type=oneshot SystemCallFilter= diff --git a/test/test-execute/exec-umask-0177.service b/test/test-execute/exec-umask-0177.service index af9295888e..a5e8fc4dbc 100644 --- a/test/test-execute/exec-umask-0177.service +++ b/test/test-execute/exec-umask-0177.service @@ -2,6 +2,7 @@ Description=Test for UMask [Service] -ExecStart=/bin/sh -c 'touch /tmp/test-exec-umask; s=$(stat -c %a /tmp/test-exec-umask); echo $s; exit $(test $s = "600")' +ExecStart=/bin/sh -x -c 'touch /tmp/test-exec-umask; mode=$$(stat -c %%a /tmp/test-exec-umask); test "$$mode" = "600"' +Type=oneshot UMask=0177 PrivateTmp=yes diff --git a/test/test-execute/exec-umask-default.service b/test/test-execute/exec-umask-default.service index 41e20a60a1..487f5e9b94 100644 --- a/test/test-execute/exec-umask-default.service +++ b/test/test-execute/exec-umask-default.service @@ -2,5 +2,6 @@ Description=Test for UMask default [Service] -ExecStart=/bin/sh -c 'touch /tmp/test-exec-umask; s=$(stat -c %a /tmp/test-exec-umask); echo $s; exit $(test $s = "644")' +ExecStart=/bin/sh -x -c 'touch /tmp/test-exec-umask; mode=$$(stat -c %%a /tmp/test-exec-umask); test "$$mode" = "644"' +Type=oneshot PrivateTmp=yes diff --git a/test/test-execute/exec-user.service b/test/test-execute/exec-user.service index 2ca08ebb42..0a00c1abc4 100644 --- a/test/test-execute/exec-user.service +++ b/test/test-execute/exec-user.service @@ -2,5 +2,6 @@ Description=Test for User [Service] -ExecStart=/bin/sh -c 'exit $(test "$USER" = nobody)' +ExecStart=/bin/sh -x -c 'test "$$USER" = "nobody"' +Type=oneshot User=nobody diff --git a/test/test-execute/exec-workingdirectory.service b/test/test-execute/exec-workingdirectory.service index 10855d682a..fe3c420d2d 100644 --- a/test/test-execute/exec-workingdirectory.service +++ b/test/test-execute/exec-workingdirectory.service @@ -2,6 +2,6 @@ Description=Test for WorkingDirectory [Service] -ExecStart=/bin/sh -c 'echo $PWD; exit $(test $PWD = "/tmp/test-exec_workingdirectory")' +ExecStart=/bin/sh -x -c 'test "$$PWD" = "/tmp/test-exec_workingdirectory"' Type=oneshot WorkingDirectory=/tmp/test-exec_workingdirectory