picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

test-execute: detect missing capsh in all tests

Browse source 
Fixes #5273.
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2017-02-12 00:21:02 -05:00
parent 8367fea557
commit 0608ba9826
1 changed files with 20 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
src/test/test-execute.c
View file

@ -158,6 +158,8 @@ static void test_exec_privatedevices(Manager *m) {
}
static void test_exec_privatedevices_capabilities(Manager *m) {
int r;
if (detect_container() > 0) {
log_notice("testing in container, skipping private device tests");
return;
@ -167,6 +169,14 @@ static void test_exec_privatedevices_capabilities(Manager *m) {
return;
}
/* We use capsh to test if the capabilities are
* properly set, so be sure that it exists */
r = find_binary("capsh", NULL);
if (r < 0) {
log_error_errno(r, "Skipping %s, could not find capsh binary: %m", __func__);
return;
}
test(m, "exec-privatedevices-yes-capability-mknod.service", 0, CLD_EXITED);
test(m, "exec-privatedevices-no-capability-mknod.service", 0, CLD_EXITED);
test(m, "exec-privatedevices-yes-capability-sys-rawio.service", 0, CLD_EXITED);
@ -174,6 +184,8 @@ static void test_exec_privatedevices_capabilities(Manager *m) {
}
static void test_exec_protectkernelmodules(Manager *m) {
int r;
if (detect_container() > 0) {
log_notice("testing in container, skipping protectkernelmodules tests");
return;
@ -183,6 +195,13 @@ static void test_exec_protectkernelmodules(Manager *m) {
return;
}
r = find_binary("capsh", NULL);
if (r < 0) {
log_error_errno(r, "Skipping %s, could not find capsh binary: %m", __func__);
return;
}
test(m, "exec-protectkernelmodules-no-capabilities.service", 0, CLD_EXITED);
test(m, "exec-protectkernelmodules-yes-capabilities.service", 0, CLD_EXITED);
test(m, "exec-protectkernelmodules-yes-mount-propagation.service", 0, CLD_EXITED);
@ -359,11 +378,9 @@ static void test_exec_runtimedirectory(Manager *m) {
static void test_exec_capabilityboundingset(Manager *m) {
int r;
/* We use capsh to test if the capabilities are
* properly set, so be sure that it exists */
r = find_binary("capsh", NULL);
if (r < 0) {
log_error_errno(r, "Skipping test_exec_capabilityboundingset, could not find capsh binary: %m");
log_error_errno(r, "Skipping %s, could not find capsh binary: %m", __func__);
return;
}