e5f10cafe0
To support ProtectHome=y in a user namespace (which mounts the inaccessible nodes), the nodes need to be accessible by the user. Create these paths and devices in the user runtime directory so they can be used later if needed.
64 lines
2 KiB
C
64 lines
2 KiB
C
/* SPDX-License-Identifier: LGPL-2.1+ */
|
|
|
|
#include "capability-util.h"
|
|
#include "dev-setup.h"
|
|
#include "fs-util.h"
|
|
#include "path-util.h"
|
|
#include "rm-rf.h"
|
|
#include "tmpfile-util.h"
|
|
|
|
int main(int argc, char *argv[]) {
|
|
_cleanup_(rm_rf_physical_and_freep) char *p = NULL;
|
|
const char *f;
|
|
struct stat st;
|
|
|
|
if (have_effective_cap(CAP_DAC_OVERRIDE) <= 0)
|
|
return EXIT_TEST_SKIP;
|
|
|
|
assert_se(mkdtemp_malloc("/tmp/test-dev-setupXXXXXX", &p) >= 0);
|
|
|
|
f = prefix_roota(p, "/run");
|
|
assert_se(mkdir(f, 0755) >= 0);
|
|
|
|
f = prefix_roota(p, "/run/systemd");
|
|
assert_se(make_inaccessible_nodes(f, 1, 1) >= 0);
|
|
|
|
f = prefix_roota(p, "/run/systemd/inaccessible/reg");
|
|
assert_se(stat(f, &st) >= 0);
|
|
assert_se(S_ISREG(st.st_mode));
|
|
assert_se((st.st_mode & 07777) == 0000);
|
|
|
|
f = prefix_roota(p, "/run/systemd/inaccessible/dir");
|
|
assert_se(stat(f, &st) >= 0);
|
|
assert_se(S_ISDIR(st.st_mode));
|
|
assert_se((st.st_mode & 07777) == 0000);
|
|
|
|
f = prefix_roota(p, "/run/systemd/inaccessible/fifo");
|
|
assert_se(stat(f, &st) >= 0);
|
|
assert_se(S_ISFIFO(st.st_mode));
|
|
assert_se((st.st_mode & 07777) == 0000);
|
|
|
|
f = prefix_roota(p, "/run/systemd/inaccessible/sock");
|
|
assert_se(stat(f, &st) >= 0);
|
|
assert_se(S_ISSOCK(st.st_mode));
|
|
assert_se((st.st_mode & 07777) == 0000);
|
|
|
|
f = prefix_roota(p, "/run/systemd/inaccessible/chr");
|
|
if (stat(f, &st) < 0)
|
|
assert_se(errno == ENOENT);
|
|
else {
|
|
assert_se(S_ISCHR(st.st_mode));
|
|
assert_se((st.st_mode & 07777) == 0000);
|
|
}
|
|
|
|
f = prefix_roota(p, "/run/systemd/inaccessible/blk");
|
|
if (stat(f, &st) < 0)
|
|
assert_se(errno == ENOENT);
|
|
else {
|
|
assert_se(S_ISBLK(st.st_mode));
|
|
assert_se((st.st_mode & 07777) == 0000);
|
|
}
|
|
|
|
return EXIT_SUCCESS;
|
|
}
|