diff options
Diffstat (limited to '')
| -rw-r--r-- | src/test/test-bpf-restrict-fs.c (renamed from src/test/test-bpf-lsm.c) | 30 |
1 files changed, 15 insertions, 15 deletions
diff --git a/src/test/test-bpf-lsm.c b/src/test/test-bpf-restrict-fs.c index 42ea64c..7ece337 100644 --- a/src/test/test-bpf-lsm.c +++ b/src/test/test-bpf-restrict-fs.c @@ -1,6 +1,6 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ -#include "bpf-lsm.h" +#include "bpf-restrict-fs.h" #include "load-fragment.h" #include "manager.h" #include "process-util.h" @@ -46,7 +46,7 @@ static int test_restrict_filesystems(Manager *m, const char *unit_name, const ch while (!IN_SET(SERVICE(u)->state, SERVICE_DEAD, SERVICE_FAILED)) { r = sd_event_run(m->event, UINT64_MAX); if (r < 0) - return log_error_errno(errno, "Event run failed %m"); + return log_error_errno(r, "Event run failed %m"); } cld_code = SERVICE(u)->exec_command[SERVICE_EXEC_START]->exec_status.code; @@ -68,35 +68,35 @@ int main(int argc, char *argv[]) { test_setup_logging(LOG_DEBUG); - assert_se(getrlimit(RLIMIT_MEMLOCK, &rl) >= 0); + ASSERT_OK(getrlimit(RLIMIT_MEMLOCK, &rl)); rl.rlim_cur = rl.rlim_max = MAX(rl.rlim_max, CAN_MEMLOCK_SIZE); (void) setrlimit_closest(RLIMIT_MEMLOCK, &rl); if (!can_memlock()) return log_tests_skipped("Can't use mlock()"); - if (!lsm_bpf_supported(/* initialize = */ true)) + if (!bpf_restrict_fs_supported(/* initialize = */ true)) return log_tests_skipped("LSM BPF hooks are not supported"); r = enter_cgroup_subroot(NULL); if (r == -ENOMEDIUM) return log_tests_skipped("cgroupfs not available"); - assert_se(get_testdata_dir("units", &unit_dir) >= 0); - assert_se(set_unit_path(unit_dir) >= 0); + ASSERT_OK(get_testdata_dir("units", &unit_dir)); + ASSERT_OK(set_unit_path(unit_dir)); assert_se(runtime_dir = setup_fake_runtime_dir()); - assert_se(manager_new(RUNTIME_SCOPE_SYSTEM, MANAGER_TEST_RUN_BASIC, &m) >= 0); - assert_se(manager_startup(m, NULL, NULL, NULL) >= 0); + ASSERT_OK(manager_new(RUNTIME_SCOPE_SYSTEM, MANAGER_TEST_RUN_BASIC, &m)); + ASSERT_OK(manager_startup(m, NULL, NULL, NULL)); /* We need to enable access to the filesystem where the binary is so we - * add @common-block */ - assert_se(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/tracing/printk_formats", STRV_MAKE("@common-block")) < 0); - assert_se(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/tracing/printk_formats", STRV_MAKE("tracefs", "@common-block")) >= 0); - assert_se(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/tracing/printk_formats", STRV_MAKE("tracefs", "@common-block", "~tracefs")) < 0); - assert_se(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/debug/sleep_time", STRV_MAKE("@common-block")) < 0); - assert_se(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/debug/sleep_time", STRV_MAKE("debugfs", "@common-block")) >= 0); - assert_se(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/debug/sleep_time", STRV_MAKE("~debugfs")) < 0); + * add @common-block and @application */ + ASSERT_LT(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/tracing/printk_formats", STRV_MAKE("@common-block", "@application")), 0); + ASSERT_OK(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/tracing/printk_formats", STRV_MAKE("tracefs", "@common-block", "@application"))); + ASSERT_LT(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/tracing/printk_formats", STRV_MAKE("tracefs", "@common-block", "@application", "~tracefs")), 0); + ASSERT_LT(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/debug/sleep_time", STRV_MAKE("@common-block", "@application")), 0); + ASSERT_OK(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/debug/sleep_time", STRV_MAKE("debugfs", "@common-block", "@application"))); + ASSERT_LT(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/debug/sleep_time", STRV_MAKE("~debugfs")), 0); return 0; } |