On Thu, Jan 23, 2014 at 01:34:57AM +0100, Ronny Chevalier wrote: > --- > test/TEST-04-SECCOMP/Makefile | 1 + > test/TEST-04-SECCOMP/test-seccomp.sh | 11 ++++ > test/TEST-04-SECCOMP/test.sh | 79 > +++++++++++++++++++++++++++++ > test/TEST-04-SECCOMP/will-fail.service | 6 +++ > test/TEST-04-SECCOMP/will-not-fail.service | 6 +++ > test/TEST-04-SECCOMP/will-not-fail2.service | 6 +++ > 6 files changed, 109 insertions(+) > create mode 120000 test/TEST-04-SECCOMP/Makefile > create mode 100755 test/TEST-04-SECCOMP/test-seccomp.sh > create mode 100755 test/TEST-04-SECCOMP/test.sh > create mode 100644 test/TEST-04-SECCOMP/will-fail.service > create mode 100644 test/TEST-04-SECCOMP/will-not-fail.service > create mode 100644 test/TEST-04-SECCOMP/will-not-fail2.service > > diff --git a/test/TEST-04-SECCOMP/Makefile b/test/TEST-04-SECCOMP/Makefile > new file mode 120000 > index 0000000..e9f93b1 > --- /dev/null > +++ b/test/TEST-04-SECCOMP/Makefile > @@ -0,0 +1 @@ > +../TEST-01-BASIC/Makefile > \ No newline at end of file > diff --git a/test/TEST-04-SECCOMP/test-seccomp.sh > b/test/TEST-04-SECCOMP/test-seccomp.sh > new file mode 100755 > index 0000000..fef334e > --- /dev/null > +++ b/test/TEST-04-SECCOMP/test-seccomp.sh > @@ -0,0 +1,11 @@ > +#!/bin/bash -x > + > +systemctl start will-fail.service > +systemctl start will-not-fail.service > +systemctl start will-not-fail2.service > +systemctl is-failed will-fail.service | grep failed || exit 1 > +systemctl is-failed will-not-fail.service | grep failed && exit 1 > +systemctl is-failed will-not-fail2.service | grep failed && exit 1
This is weird. You should be able to rely on the exit code rather than parsing the output, but it seems this was broken in e3e0314b. > + > +touch /testok > +exit 0 > diff --git a/test/TEST-04-SECCOMP/test.sh b/test/TEST-04-SECCOMP/test.sh > new file mode 100755 > index 0000000..c29192e > --- /dev/null > +++ b/test/TEST-04-SECCOMP/test.sh > @@ -0,0 +1,79 @@ > +#!/bin/bash > +# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- > +# ex: ts=8 sw=4 sts=4 et filetype=sh > +TEST_DESCRIPTION="seccomp tests" > + > +. $TEST_BASE_DIR/test-functions > + > +check_result_qemu() { > + ret=1 > + mkdir -p $TESTDIR/root > + mount ${LOOPDEV}p1 $TESTDIR/root > + [[ -e $TESTDIR/root/testok ]] && ret=0 > + [[ -f $TESTDIR/root/failed ]] && cp -a $TESTDIR/root/failed $TESTDIR > + cp -a $TESTDIR/root/var/log/journal $TESTDIR > + umount $TESTDIR/root > + [[ -f $TESTDIR/failed ]] && cat $TESTDIR/failed > + ls -l $TESTDIR/journal/*/*.journal > + test -s $TESTDIR/failed && ret=$(($ret+1)) > + return $ret > +} > + > +test_run() { > + if run_qemu; then > + check_result_qemu || return 1 > + else > + dwarn "can't run QEMU, skipping" > + fi > + if check_nspawn; then > + run_nspawn > + check_result_nspawn || return 1 > + else > + dwarn "can't run systemd-nspawn, skipping" > + fi > + return 0 > +} > + > +test_setup() { > + create_empty_image > + mkdir -p $TESTDIR/root > + mount ${LOOPDEV}p1 $TESTDIR/root > + > + # Create what will eventually be our root filesystem onto an overlay > + ( > + LOG_LEVEL=5 > + eval $(udevadm info --export --query=env --name=${LOOPDEV}p2) > + > + setup_basic_environment > + > + # setup the testsuite service > + cat >$initdir/etc/systemd/system/testsuite.service <<EOF > +[Unit] > +Description=Testsuite service > +After=multi-user.target > + > +[Service] > +ExecStart=/test-seccomp.sh > +Type=oneshot > +EOF > + > + # copy the units used by this test > + cp {will-fail,will-not-fail,will-not-fail2}.service \ > + $initdir/etc/systemd/system > + cp test-seccomp.sh $initdir/ > + > + setup_testsuite > + ) > + setup_nspawn_root > + > + ddebug "umount $TESTDIR/root" > + umount $TESTDIR/root > +} > + > +test_cleanup() { > + umount $TESTDIR/root 2>/dev/null > + [[ $LOOPDEV ]] && losetup -d $LOOPDEV > + return 0 > +} > + > +do_test "$@" > diff --git a/test/TEST-04-SECCOMP/will-fail.service > b/test/TEST-04-SECCOMP/will-fail.service > new file mode 100644 > index 0000000..18e034e > --- /dev/null > +++ b/test/TEST-04-SECCOMP/will-fail.service > @@ -0,0 +1,6 @@ > +[Unit] > +Description=Will fail > + > +[Service] > +ExecStart=/bin/echo "This should not be seen" > +SystemCallFilter=ioperm > diff --git a/test/TEST-04-SECCOMP/will-not-fail.service > b/test/TEST-04-SECCOMP/will-not-fail.service > new file mode 100644 > index 0000000..c56797f > --- /dev/null > +++ b/test/TEST-04-SECCOMP/will-not-fail.service > @@ -0,0 +1,6 @@ > +[Unit] > +Description=Will not fail > + > +[Service] > +ExecStart=/bin/echo "Foo bar" > +SystemCallFilter=~ioctl > diff --git a/test/TEST-04-SECCOMP/will-not-fail2.service > b/test/TEST-04-SECCOMP/will-not-fail2.service > new file mode 100644 > index 0000000..2df05e3 > --- /dev/null > +++ b/test/TEST-04-SECCOMP/will-not-fail2.service > @@ -0,0 +1,6 @@ > +[Unit] > +Description=Reset SystemCallFilter > + > +[Service] > +ExecStart=/bin/echo "Foo bar" > +SystemCallFilter= > -- > 1.8.5.3 > > _______________________________________________ > systemd-devel mailing list > systemd-devel@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/systemd-devel _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel