diff options
Diffstat (limited to 'test/TEST-80-NOTIFYACCESS')
7 files changed, 138 insertions, 0 deletions
diff --git a/test/TEST-80-NOTIFYACCESS/TEST-80-NOTIFYACCESS.units/fdstore-nopin.service b/test/TEST-80-NOTIFYACCESS/TEST-80-NOTIFYACCESS.units/fdstore-nopin.service new file mode 100644 index 0000000..f658853 --- /dev/null +++ b/test/TEST-80-NOTIFYACCESS/TEST-80-NOTIFYACCESS.units/fdstore-nopin.service @@ -0,0 +1,6 @@ +[Service] +Type=notify +NotifyAccess=all +FileDescriptorStoreMax=10 +FileDescriptorStorePreserve=restart +ExecStart=/usr/lib/systemd/tests/testdata/TEST-80-NOTIFYACCESS.units/fdstore-pin.sh 0 diff --git a/test/TEST-80-NOTIFYACCESS/TEST-80-NOTIFYACCESS.units/fdstore-pin.service b/test/TEST-80-NOTIFYACCESS/TEST-80-NOTIFYACCESS.units/fdstore-pin.service new file mode 100644 index 0000000..393b5ac --- /dev/null +++ b/test/TEST-80-NOTIFYACCESS/TEST-80-NOTIFYACCESS.units/fdstore-pin.service @@ -0,0 +1,6 @@ +[Service] +Type=notify +NotifyAccess=all +FileDescriptorStoreMax=10 +FileDescriptorStorePreserve=yes +ExecStart=/usr/lib/systemd/tests/testdata/TEST-80-NOTIFYACCESS.units/fdstore-pin.sh 1 diff --git a/test/TEST-80-NOTIFYACCESS/TEST-80-NOTIFYACCESS.units/fdstore-pin.sh b/test/TEST-80-NOTIFYACCESS/TEST-80-NOTIFYACCESS.units/fdstore-pin.sh new file mode 100755 index 0000000..4cb041a --- /dev/null +++ b/test/TEST-80-NOTIFYACCESS/TEST-80-NOTIFYACCESS.units/fdstore-pin.sh @@ -0,0 +1,47 @@ +#!/usr/bin/env bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -eux +set -o pipefail + +PINNED="$1" +COUNTER="/tmp/fdstore-invoked.$PINNED" +FILE="/tmp/fdstore-data.$PINNED" + +# This script is called six times: thrice from a service unit where the fdstore +# is pinned, and thrice where it isn't. The second iteration of each series is +# a restart, the third a stop followed by a start + +if [ -e "$COUNTER" ] ; then + read -r N < "$COUNTER" +else + N=0 +fi + +echo "Invocation #$N with PINNED=$PINNED." + +if [ "$N" -eq 0 ] ; then + # First iteration + test "${LISTEN_FDS:-0}" -eq 0 + test ! -e "$FILE" + echo waldi > "$FILE" + systemd-notify --fd=3 --fdname="fd-$N-$PINNED" 3< "$FILE" +elif [ "$N" -eq 1 ] || { [ "$N" -eq 2 ] && [ "$PINNED" -eq 1 ]; } ; then + # Second iteration, or iteration with pinning on + test "${LISTEN_FDS:-0}" -eq 1 + # We reopen fd #3 here, so that the read offset is at zero each time (hence no <&3 hereā¦) + read -r word < /proc/self/fd/3 + test "$word" = "waldi" +else + test "${LISTEN_FDS:-0}" -eq 0 + test -e "$FILE" +fi + +if [ "$N" -ge 2 ] ; then + rm "$COUNTER" "$FILE" +else + echo $((N + 1)) > "$COUNTER" +fi + +systemd-notify --ready --status="Ready" + +exec sleep infinity diff --git a/test/TEST-80-NOTIFYACCESS/TEST-80-NOTIFYACCESS.units/fdstore-pin.target b/test/TEST-80-NOTIFYACCESS/TEST-80-NOTIFYACCESS.units/fdstore-pin.target new file mode 100644 index 0000000..319b7e1 --- /dev/null +++ b/test/TEST-80-NOTIFYACCESS/TEST-80-NOTIFYACCESS.units/fdstore-pin.target @@ -0,0 +1,3 @@ +[Unit] +After=fdstore-pin.service fdstore-nopin.service +Wants=fdstore-pin.service fdstore-nopin.service diff --git a/test/TEST-80-NOTIFYACCESS/TEST-80-NOTIFYACCESS.units/notify.service b/test/TEST-80-NOTIFYACCESS/TEST-80-NOTIFYACCESS.units/notify.service new file mode 100644 index 0000000..5693be6 --- /dev/null +++ b/test/TEST-80-NOTIFYACCESS/TEST-80-NOTIFYACCESS.units/notify.service @@ -0,0 +1,4 @@ +[Service] +Type=notify +NotifyAccess=all +ExecStart=/usr/lib/systemd/tests/testdata/TEST-80-NOTIFYACCESS.units/test.sh diff --git a/test/TEST-80-NOTIFYACCESS/TEST-80-NOTIFYACCESS.units/test.sh b/test/TEST-80-NOTIFYACCESS/TEST-80-NOTIFYACCESS.units/test.sh new file mode 100755 index 0000000..565ed8d --- /dev/null +++ b/test/TEST-80-NOTIFYACCESS/TEST-80-NOTIFYACCESS.units/test.sh @@ -0,0 +1,63 @@ +#!/usr/bin/env bash +# SPDX-License-Identifier: LGPL-2.1-or-later +# shellcheck disable=SC2016 +set -eux +set -o pipefail + +sync_in() { + read -r x < /tmp/syncfifo2 + test "$x" = "$1" +} + +sync_out() { + echo "$1" > /tmp/syncfifo1 +} + +export SYSTEMD_LOG_LEVEL=debug + +echo "toplevel PID: $BASHPID" + +systemd-notify --status="Test starts" +sync_out a +sync_in b +( + echo "subshell PID: $BASHPID" + + # Make us main process + systemd-notify --pid="$BASHPID" + + # Lock down access to just us + systemd-notify "NOTIFYACCESS=main" + + # This should still work + systemd-notify --status="Sending READY=1 in an unprivileged process" + + # Send as subprocess of the subshell, this should not work + systemd-notify --ready --pid=self --status "BOGUS1" + + sync_out c + sync_in d + + # Move main process back to toplevel + systemd-notify --pid=parent "MAINPID=$$" + + # Should be dropped again + systemd-notify --status="BOGUS2" --pid=parent + + # Apparently, bash will automatically invoke the last command in a subshell + # via a simple execve() rather than fork()ing first. But we want that the + # previous command uses the subshell's PID, hence let's insert a final, + # bogus redundant command as last command to run in the subshell, so that + # bash can't optimize things like that. + echo "bye" +) + +echo "toplevel again: $BASHPID" + +systemd-notify --ready --status="OK" +systemd-notify "NOTIFYACCESS=none" +systemd-notify --status="BOGUS3" + +sync_out e + +exec sleep infinity diff --git a/test/TEST-80-NOTIFYACCESS/meson.build b/test/TEST-80-NOTIFYACCESS/meson.build new file mode 100644 index 0000000..f78c6fd --- /dev/null +++ b/test/TEST-80-NOTIFYACCESS/meson.build @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +integration_tests += [ + integration_test_template + { + 'name' : fs.name(meson.current_source_dir()), + }, +] + +testdata_subdirs += [meson.current_source_dir() / 'TEST-80-NOTIFYACCESS.units'] |