blob: aabc56f3481fa6885cc8c44b69921ae5c8ed519b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
#!/usr/bin/env bash
set -ex
systemd-analyze log-level debug
# Verify that the creds are properly loaded and we can read them from the service's unpriv user
systemd-run -p LoadCredential=passwd:/etc/passwd \
-p LoadCredential=shadow:/etc/shadow \
-p SetCredential=dog:wuff \
-p DynamicUser=1 \
--wait \
--pipe \
cat '${CREDENTIALS_DIRECTORY}/passwd' '${CREDENTIALS_DIRECTORY}/shadow' '${CREDENTIALS_DIRECTORY}/dog' > /tmp/ts54-concat
( cat /etc/passwd /etc/shadow && echo -n wuff ) | cmp /tmp/ts54-concat
rm /tmp/ts54-concat
# Verify that the creds are immutable
! systemd-run -p LoadCredential=passwd:/etc/passwd \
-p DynamicUser=1 \
--wait \
touch '${CREDENTIALS_DIRECTORY}/passwd'
! systemd-run -p LoadCredential=passwd:/etc/passwd \
-p DynamicUser=1 \
--wait \
rm '${CREDENTIALS_DIRECTORY}/passwd'
systemd-analyze log-level info
echo OK > /testok
exit 0
|
