|
 |
17b0f1 |
From cac429e0a75667c021782210045c8e365f5cc8b0 Mon Sep 17 00:00:00 2001
|
|
|
17b0f1 |
From: Evgeny Vereshchagin <evvers@ya.ru>
|
|
|
17b0f1 |
Date: Thu, 29 Oct 2015 14:12:22 +0300
|
|
|
17b0f1 |
Subject: [PATCH] test: add test for capability bounding set parsing
|
|
|
17b0f1 |
|
|
|
17b0f1 |
Cherry-picked from: a8107a54
|
|
|
17b0f1 |
Resolves: #1387398
|
|
|
17b0f1 |
---
|
|
|
17b0f1 |
src/test/test-unit-file.c | 45 +++++++++++++++++++++++++++++++++++++++
|
|
|
17b0f1 |
1 file changed, 45 insertions(+)
|
|
|
17b0f1 |
|
|
|
17b0f1 |
diff --git a/src/test/test-unit-file.c b/src/test/test-unit-file.c
|
|
|
17b0f1 |
index 0384305051..0f00a8fff1 100644
|
|
|
17b0f1 |
--- a/src/test/test-unit-file.c
|
|
|
17b0f1 |
+++ b/src/test/test-unit-file.c
|
|
|
17b0f1 |
@@ -24,6 +24,7 @@
|
|
|
17b0f1 |
#include <stdio.h>
|
|
|
17b0f1 |
#include <stddef.h>
|
|
|
17b0f1 |
#include <string.h>
|
|
|
17b0f1 |
+#include <sys/capability.h>
|
|
|
17b0f1 |
#include <unistd.h>
|
|
|
17b0f1 |
#include <fcntl.h>
|
|
|
17b0f1 |
|
|
|
17b0f1 |
@@ -545,6 +546,9 @@ static void test_install_printf(void) {
|
|
|
17b0f1 |
expect(i4, "%U", "0");
|
|
|
17b0f1 |
}
|
|
|
17b0f1 |
|
|
|
17b0f1 |
+static uint64_t make_cap(int cap) {
|
|
|
17b0f1 |
+ return ((uint64_t) 1ULL << (uint64_t) cap);
|
|
|
17b0f1 |
+}
|
|
|
17b0f1 |
|
|
|
17b0f1 |
static void test_config_parse_rlimit(void) {
|
|
|
17b0f1 |
struct rlimit * rl[_RLIMIT_MAX] = {};
|
|
|
17b0f1 |
@@ -661,6 +665,46 @@ static void test_config_parse_rlimit(void) {
|
|
|
17b0f1 |
free(rl[RLIMIT_RTTIME]);
|
|
|
17b0f1 |
}
|
|
|
17b0f1 |
|
|
|
17b0f1 |
+static void test_config_parse_bounding_set(void) {
|
|
|
17b0f1 |
+ /* int config_parse_bounding_set(
|
|
|
17b0f1 |
+ const char *unit,
|
|
|
17b0f1 |
+ const char *filename,
|
|
|
17b0f1 |
+ unsigned line,
|
|
|
17b0f1 |
+ const char *section,
|
|
|
17b0f1 |
+ unsigned section_line,
|
|
|
17b0f1 |
+ const char *lvalue,
|
|
|
17b0f1 |
+ int ltype,
|
|
|
17b0f1 |
+ const char *rvalue,
|
|
|
17b0f1 |
+ void *data,
|
|
|
17b0f1 |
+ void *userdata) */
|
|
|
17b0f1 |
+ int r;
|
|
|
17b0f1 |
+ uint64_t capability_bounding_set_drop = 0;
|
|
|
17b0f1 |
+
|
|
|
17b0f1 |
+ r = config_parse_bounding_set(NULL, "fake", 1, "section", 1,
|
|
|
17b0f1 |
+ "CapabilityBoundingSet", 0, "CAP_NET_RAW",
|
|
|
17b0f1 |
+ &capability_bounding_set_drop, NULL);
|
|
|
17b0f1 |
+ assert_se(r >= 0);
|
|
|
17b0f1 |
+ assert_se(capability_bounding_set_drop == ~make_cap(CAP_NET_RAW));
|
|
|
17b0f1 |
+
|
|
|
17b0f1 |
+ r = config_parse_bounding_set(NULL, "fake", 1, "section", 1,
|
|
|
17b0f1 |
+ "CapabilityBoundingSet", 0, "CAP_NET_ADMIN",
|
|
|
17b0f1 |
+ &capability_bounding_set_drop, NULL);
|
|
|
17b0f1 |
+ assert_se(r >= 0);
|
|
|
17b0f1 |
+ assert_se(capability_bounding_set_drop == ~(make_cap(CAP_NET_RAW) | make_cap(CAP_NET_ADMIN)));
|
|
|
17b0f1 |
+
|
|
|
17b0f1 |
+ r = config_parse_bounding_set(NULL, "fake", 1, "section", 1,
|
|
|
17b0f1 |
+ "CapabilityBoundingSet", 0, "",
|
|
|
17b0f1 |
+ &capability_bounding_set_drop, NULL);
|
|
|
17b0f1 |
+ assert_se(r >= 0);
|
|
|
17b0f1 |
+ assert_se(capability_bounding_set_drop == ~((uint64_t) 0ULL));
|
|
|
17b0f1 |
+
|
|
|
17b0f1 |
+ r = config_parse_bounding_set(NULL, "fake", 1, "section", 1,
|
|
|
17b0f1 |
+ "CapabilityBoundingSet", 0, "~",
|
|
|
17b0f1 |
+ &capability_bounding_set_drop, NULL);
|
|
|
17b0f1 |
+ assert_se(r >= 0);
|
|
|
17b0f1 |
+ assert_se(capability_bounding_set_drop == (uint64_t) 0ULL);
|
|
|
17b0f1 |
+}
|
|
|
17b0f1 |
+
|
|
|
17b0f1 |
int main(int argc, char *argv[]) {
|
|
|
17b0f1 |
int r;
|
|
|
17b0f1 |
|
|
|
17b0f1 |
@@ -670,6 +714,7 @@ int main(int argc, char *argv[]) {
|
|
|
17b0f1 |
r = test_unit_file_get_set();
|
|
|
17b0f1 |
test_config_parse_exec();
|
|
|
17b0f1 |
test_config_parse_rlimit();
|
|
|
17b0f1 |
+ test_config_parse_bounding_set();
|
|
|
17b0f1 |
test_load_env_file_1();
|
|
|
17b0f1 |
test_load_env_file_2();
|
|
|
17b0f1 |
test_load_env_file_3();
|