tests: Add capability tests for ProtectKernelLogs

2019-11-04 17:20:47 -08:00 · 2019-11-04 17:20:47 -08:00 · 07cab0f72b
parent 8470304018
commit 07cab0f72b
3 changed files with 16 additions and 0 deletions
--- a/test/meson.build
+++ b/test/meson.build
@ -109,6 +109,8 @@ test_data_files = '''
        test-execute/exec-privatetmp-no.service
        test-execute/exec-privatetmp-yes.service
        test-execute/exec-protecthome-tmpfs-vs-protectsystem-strict.service
+        test-execute/exec-protectkernellogs-yes-capabilities.service
+        test-execute/exec-protectkernellogs-no-capabilities.service
        test-execute/exec-protectkernelmodules-no-capabilities.service
        test-execute/exec-protectkernelmodules-yes-capabilities.service
        test-execute/exec-protectkernelmodules-yes-mount-propagation.service
--- a/test/test-execute/exec-protectkernellogs-no-capabilities.service
+++ b/test/test-execute/exec-protectkernellogs-no-capabilities.service
@ -0,0 +1,7 @@
+[Unit]
+Description=Test CAP_SYSLOG for ProtectKernelLogs=no
+
+[Service]
+ProtectKernelLogs=no
+ExecStart=/bin/sh -x -c 'capsh --print | grep cap_syslog'
+Type=oneshot
--- a/test/test-execute/exec-protectkernellogs-yes-capabilities.service
+++ b/test/test-execute/exec-protectkernellogs-yes-capabilities.service
@ -0,0 +1,7 @@
+[Unit]
+Description=Test CAP_SYSLOG for ProtectKernelLogs=yes
+
+[Service]
+ProtectKernelLogs=yes
+ExecStart=/bin/sh -x -c '! capsh --print | grep cap_syslog'
+Type=oneshot