2014-02-13 3:34 GMT+01:00 Dave Reisner <d...@falconindy.com>:
> On Thu, Jan 23, 2014 at 01:34:57AM +0100, Ronny Chevalier wrote:
>> ---
>> test/TEST-04-SECCOMP/Makefile | 1 +
>> test/TEST-04-SECCOMP/test-seccomp.sh | 11 ++++
>> test/TEST-04-SECCOMP/test.sh | 79
>> +++++++++++++++++++++++++++++
>> test/TEST-04-SECCOMP/will-fail.service | 6 +++
>> test/TEST-04-SECCOMP/will-not-fail.service | 6 +++
>> test/TEST-04-SECCOMP/will-not-fail2.service | 6 +++
>> 6 files changed, 109 insertions(+)
>> create mode 120000 test/TEST-04-SECCOMP/Makefile
>> create mode 100755 test/TEST-04-SECCOMP/test-seccomp.sh
>> create mode 100755 test/TEST-04-SECCOMP/test.sh
>> create mode 100644 test/TEST-04-SECCOMP/will-fail.service
>> create mode 100644 test/TEST-04-SECCOMP/will-not-fail.service
>> create mode 100644 test/TEST-04-SECCOMP/will-not-fail2.service
>>
>> diff --git a/test/TEST-04-SECCOMP/Makefile b/test/TEST-04-SECCOMP/Makefile
>> new file mode 120000
>> index 0000000..e9f93b1
>> --- /dev/null
>> +++ b/test/TEST-04-SECCOMP/Makefile
>> @@ -0,0 +1 @@
>> +../TEST-01-BASIC/Makefile
>> \ No newline at end of file
>> diff --git a/test/TEST-04-SECCOMP/test-seccomp.sh
>> b/test/TEST-04-SECCOMP/test-seccomp.sh
>> new file mode 100755
>> index 0000000..fef334e
>> --- /dev/null
>> +++ b/test/TEST-04-SECCOMP/test-seccomp.sh
>> @@ -0,0 +1,11 @@
>> +#!/bin/bash -x
>> +
>> +systemctl start will-fail.service
>> +systemctl start will-not-fail.service
>> +systemctl start will-not-fail2.service
>> +systemctl is-failed will-fail.service | grep failed || exit 1
>> +systemctl is-failed will-not-fail.service | grep failed && exit 1
>> +systemctl is-failed will-not-fail2.service | grep failed && exit 1
>
> This is weird. You should be able to rely on the exit code rather than
> parsing the output, but it seems this was broken in e3e0314b.
>
Yes, this is why I did this.
>> +
>> +touch /testok
>> +exit 0
>> diff --git a/test/TEST-04-SECCOMP/test.sh b/test/TEST-04-SECCOMP/test.sh
>> new file mode 100755
>> index 0000000..c29192e
>> --- /dev/null
>> +++ b/test/TEST-04-SECCOMP/test.sh
>> @@ -0,0 +1,79 @@
>> +#!/bin/bash
>> +# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
>> +# ex: ts=8 sw=4 sts=4 et filetype=sh
>> +TEST_DESCRIPTION="seccomp tests"
>> +
>> +. $TEST_BASE_DIR/test-functions
>> +
>> +check_result_qemu() {
>> + ret=1
>> + mkdir -p $TESTDIR/root
>> + mount ${LOOPDEV}p1 $TESTDIR/root
>> + [[ -e $TESTDIR/root/testok ]] && ret=0
>> + [[ -f $TESTDIR/root/failed ]] && cp -a $TESTDIR/root/failed $TESTDIR
>> + cp -a $TESTDIR/root/var/log/journal $TESTDIR
>> + umount $TESTDIR/root
>> + [[ -f $TESTDIR/failed ]] && cat $TESTDIR/failed
>> + ls -l $TESTDIR/journal/*/*.journal
>> + test -s $TESTDIR/failed && ret=$(($ret+1))
>> + return $ret
>> +}
>> +
>> +test_run() {
>> + if run_qemu; then
>> + check_result_qemu || return 1
>> + else
>> + dwarn "can't run QEMU, skipping"
>> + fi
>> + if check_nspawn; then
>> + run_nspawn
>> + check_result_nspawn || return 1
>> + else
>> + dwarn "can't run systemd-nspawn, skipping"
>> + fi
>> + return 0
>> +}
>> +
>> +test_setup() {
>> + create_empty_image
>> + mkdir -p $TESTDIR/root
>> + mount ${LOOPDEV}p1 $TESTDIR/root
>> +
>> + # Create what will eventually be our root filesystem onto an overlay
>> + (
>> + LOG_LEVEL=5
>> + eval $(udevadm info --export --query=env --name=${LOOPDEV}p2)
>> +
>> + setup_basic_environment
>> +
>> + # setup the testsuite service
>> + cat >$initdir/etc/systemd/system/testsuite.service <<EOF
>> +[Unit]
>> +Description=Testsuite service
>> +After=multi-user.target
>> +
>> +[Service]
>> +ExecStart=/test-seccomp.sh
>> +Type=oneshot
>> +EOF
>> +
>> + # copy the units used by this test
>> + cp {will-fail,will-not-fail,will-not-fail2}.service \
>> + $initdir/etc/systemd/system
>> + cp test-seccomp.sh $initdir/
>> +
>> + setup_testsuite
>> + )
>> + setup_nspawn_root
>> +
>> + ddebug "umount $TESTDIR/root"
>> + umount $TESTDIR/root
>> +}
>> +
>> +test_cleanup() {
>> + umount $TESTDIR/root 2>/dev/null
>> + [[ $LOOPDEV ]] && losetup -d $LOOPDEV
>> + return 0
>> +}
>> +
>> +do_test "$@"
>> diff --git a/test/TEST-04-SECCOMP/will-fail.service
>> b/test/TEST-04-SECCOMP/will-fail.service
>> new file mode 100644
>> index 0000000..18e034e
>> --- /dev/null
>> +++ b/test/TEST-04-SECCOMP/will-fail.service
>> @@ -0,0 +1,6 @@
>> +[Unit]
>> +Description=Will fail
>> +
>> +[Service]
>> +ExecStart=/bin/echo "This should not be seen"
>> +SystemCallFilter=ioperm
>> diff --git a/test/TEST-04-SECCOMP/will-not-fail.service
>> b/test/TEST-04-SECCOMP/will-not-fail.service
>> new file mode 100644
>> index 0000000..c56797f
>> --- /dev/null
>> +++ b/test/TEST-04-SECCOMP/will-not-fail.service
>> @@ -0,0 +1,6 @@
>> +[Unit]
>> +Description=Will not fail
>> +
>> +[Service]
>> +ExecStart=/bin/echo "Foo bar"
>> +SystemCallFilter=~ioctl
>> diff --git a/test/TEST-04-SECCOMP/will-not-fail2.service
>> b/test/TEST-04-SECCOMP/will-not-fail2.service
>> new file mode 100644
>> index 0000000..2df05e3
>> --- /dev/null
>> +++ b/test/TEST-04-SECCOMP/will-not-fail2.service
>> @@ -0,0 +1,6 @@
>> +[Unit]
>> +Description=Reset SystemCallFilter
>> +
>> +[Service]
>> +ExecStart=/bin/echo "Foo bar"
>> +SystemCallFilter=
>> --
>> 1.8.5.3
>>
>> _______________________________________________
>> systemd-devel mailing list
>> systemd-devel@lists.freedesktop.org
>> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
