1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include "blockdev-util.h"
#include "errno-util.h"
#include "tests.h"
static void test_path_is_encrypted_one(const char *p, int expect) {
int r;
r = path_is_encrypted(p);
if (IN_SET(r, -ENOENT, -ELOOP) || (r < 0 && ERRNO_IS_PRIVILEGE(r)))
/* This might fail, if btrfs is used and we run in a container. In that case we cannot
* resolve the device node paths that BTRFS_IOC_DEV_INFO returns, because the device nodes
* are unlikely to exist in the container. But if we can't stat() them we cannot determine
* the dev_t of them, and thus cannot figure out if they are encrypted. Hence let's just
* ignore ENOENT here. Also skip the test if we lack privileges.
* ELOOP might happen if the mount point is a symlink, as seen with under
* some rpm-ostree distros */
return;
assert_se(r >= 0);
log_info("%s encrypted: %s", p, yes_no(r));
assert_se(expect < 0 || ((r > 0) == (expect > 0)));
}
TEST(path_is_encrypted) {
int booted = sd_booted(); /* If this is run in build environments such as koji, /dev/ might be a
* regular fs. Don't assume too much if not running under systemd. */
log_info("/* %s (sd_booted=%d) */", __func__, booted);
test_path_is_encrypted_one("/home", -1);
test_path_is_encrypted_one("/var", -1);
test_path_is_encrypted_one("/", -1);
test_path_is_encrypted_one("/proc", false);
test_path_is_encrypted_one("/sys", false);
test_path_is_encrypted_one("/dev", booted > 0 ? false : -1);
}
DEFINE_TEST_MAIN(LOG_INFO);
|
