diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-12 03:50:45 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-12 03:50:45 +0000 |
| commit | efeb864cb547a2cbf96dc0053a8bdb4d9190b364 (patch) | |
| tree | c0b83368f18be983fcc763200c4c24d633244588 /src/test/test-bpf-restrict-fs.c | |
| parent | Releasing progress-linux version 255.5-1~progress7.99u1. (diff) | |
| download | systemd-efeb864cb547a2cbf96dc0053a8bdb4d9190b364.tar.xz systemd-efeb864cb547a2cbf96dc0053a8bdb4d9190b364.zip | |
Merging upstream version 256.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
| -rw-r--r-- | src/test/test-bpf-restrict-fs.c (renamed from src/test/test-bpf-lsm.c) | 30 |
1 files changed, 15 insertions, 15 deletions
diff --git a/src/test/test-bpf-lsm.c b/src/test/test-bpf-restrict-fs.c index 42ea64c..7ece337 100644 --- a/src/test/test-bpf-lsm.c +++ b/src/test/test-bpf-restrict-fs.c @@ -1,6 +1,6 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ -#include "bpf-lsm.h" +#include "bpf-restrict-fs.h" #include "load-fragment.h" #include "manager.h" #include "process-util.h" @@ -46,7 +46,7 @@ static int test_restrict_filesystems(Manager *m, const char *unit_name, const ch while (!IN_SET(SERVICE(u)->state, SERVICE_DEAD, SERVICE_FAILED)) { r = sd_event_run(m->event, UINT64_MAX); if (r < 0) - return log_error_errno(errno, "Event run failed %m"); + return log_error_errno(r, "Event run failed %m"); } cld_code = SERVICE(u)->exec_command[SERVICE_EXEC_START]->exec_status.code; @@ -68,35 +68,35 @@ int main(int argc, char *argv[]) { test_setup_logging(LOG_DEBUG); - assert_se(getrlimit(RLIMIT_MEMLOCK, &rl) >= 0); + ASSERT_OK(getrlimit(RLIMIT_MEMLOCK, &rl)); rl.rlim_cur = rl.rlim_max = MAX(rl.rlim_max, CAN_MEMLOCK_SIZE); (void) setrlimit_closest(RLIMIT_MEMLOCK, &rl); if (!can_memlock()) return log_tests_skipped("Can't use mlock()"); - if (!lsm_bpf_supported(/* initialize = */ true)) + if (!bpf_restrict_fs_supported(/* initialize = */ true)) return log_tests_skipped("LSM BPF hooks are not supported"); r = enter_cgroup_subroot(NULL); if (r == -ENOMEDIUM) return log_tests_skipped("cgroupfs not available"); - assert_se(get_testdata_dir("units", &unit_dir) >= 0); - assert_se(set_unit_path(unit_dir) >= 0); + ASSERT_OK(get_testdata_dir("units", &unit_dir)); + ASSERT_OK(set_unit_path(unit_dir)); assert_se(runtime_dir = setup_fake_runtime_dir()); - assert_se(manager_new(RUNTIME_SCOPE_SYSTEM, MANAGER_TEST_RUN_BASIC, &m) >= 0); - assert_se(manager_startup(m, NULL, NULL, NULL) >= 0); + ASSERT_OK(manager_new(RUNTIME_SCOPE_SYSTEM, MANAGER_TEST_RUN_BASIC, &m)); + ASSERT_OK(manager_startup(m, NULL, NULL, NULL)); /* We need to enable access to the filesystem where the binary is so we - * add @common-block */ - assert_se(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/tracing/printk_formats", STRV_MAKE("@common-block")) < 0); - assert_se(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/tracing/printk_formats", STRV_MAKE("tracefs", "@common-block")) >= 0); - assert_se(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/tracing/printk_formats", STRV_MAKE("tracefs", "@common-block", "~tracefs")) < 0); - assert_se(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/debug/sleep_time", STRV_MAKE("@common-block")) < 0); - assert_se(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/debug/sleep_time", STRV_MAKE("debugfs", "@common-block")) >= 0); - assert_se(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/debug/sleep_time", STRV_MAKE("~debugfs")) < 0); + * add @common-block and @application */ + ASSERT_LT(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/tracing/printk_formats", STRV_MAKE("@common-block", "@application")), 0); + ASSERT_OK(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/tracing/printk_formats", STRV_MAKE("tracefs", "@common-block", "@application"))); + ASSERT_LT(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/tracing/printk_formats", STRV_MAKE("tracefs", "@common-block", "@application", "~tracefs")), 0); + ASSERT_LT(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/debug/sleep_time", STRV_MAKE("@common-block", "@application")), 0); + ASSERT_OK(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/debug/sleep_time", STRV_MAKE("debugfs", "@common-block", "@application"))); + ASSERT_LT(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/debug/sleep_time", STRV_MAKE("~debugfs")), 0); return 0; } |