Merge pull request #8817 from yuwata/cleanup-nsflags

core: allow to specify RestrictNamespaces= multiple times
author: Lennart Poettering <lennart@poettering.net> 2018-05-24 16:49:13 +0200
committer: GitHub <noreply@github.com> 2018-05-24 16:49:13 +0200
commit: cdc0f9be925c79f52452938f39013062325da27a (patch)
tree: dfd01079f60ca2b6cc85baa298911a7bb375dae9 /test
parent: cea79e664394d4ca89016919cef36a55dc51a369 (diff)
parent: b086654c6a75119b660235ffb08bb4963835fc7c (diff)
download: systemd-cdc0f9be925c79f52452938f39013062325da27a.tar.gz
systemd-cdc0f9be925c79f52452938f39013062325da27a.tar.bz2
systemd-cdc0f9be925c79f52452938f39013062325da27a.zip
4 files changed, 29 insertions, 0 deletions
diff --git a/test/meson.build b/test/meson.build
index 7c20788d0d..162f63f1ed 100644
--- a/test/meson.build
+++ b/test/meson.build
@@ -99,6 +99,9 @@ test_data_files = '''
         test-execute/exec-readonlypaths-with-bindpaths.service
         test-execute/exec-readonlypaths.service
         test-execute/exec-readwritepaths-mount-propagation.service
+        test-execute/exec-restrictnamespaces-merge-all.service
+        test-execute/exec-restrictnamespaces-merge-and.service
+        test-execute/exec-restrictnamespaces-merge-or.service
         test-execute/exec-restrictnamespaces-mnt-blacklist.service
         test-execute/exec-restrictnamespaces-mnt.service
         test-execute/exec-restrictnamespaces-no.service
diff --git a/test/test-execute/exec-restrictnamespaces-merge-all.service b/test/test-execute/exec-restrictnamespaces-merge-all.service
new file mode 100644
index 0000000000..de98cd0a2e
--- /dev/null
+++ b/test/test-execute/exec-restrictnamespaces-merge-all.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=Test merging RestrictNamespaces= with all flags
+
+[Service]
+RestrictNamespaces=mnt pid cgroup net uts ipc user
+RestrictNamespaces=net
+ExecStart=unshare -m -u -i -n -p -f
+Type=oneshot
diff --git a/test/test-execute/exec-restrictnamespaces-merge-and.service b/test/test-execute/exec-restrictnamespaces-merge-and.service
new file mode 100644
index 0000000000..6702e6aab2
--- /dev/null
+++ b/test/test-execute/exec-restrictnamespaces-merge-and.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=Test merging RestrictNamespaces= with AND
+
+[Service]
+RestrictNamespaces=mnt pid
+RestrictNamespaces=~mnt usr
+ExecStart=unshare -p -f
+ExecStart=sh -c '! unshare -m -u -i -n'
+Type=oneshot
diff --git a/test/test-execute/exec-restrictnamespaces-merge-or.service b/test/test-execute/exec-restrictnamespaces-merge-or.service
new file mode 100644
index 0000000000..a52455204d
--- /dev/null
+++ b/test/test-execute/exec-restrictnamespaces-merge-or.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=Test merging RestrictNamespaces= with OR
+
+[Service]
+RestrictNamespaces=mnt pid
+RestrictNamespaces=mnt uts
+ExecStart=unshare -m -u -p -f
+ExecStart=sh -c '! unshare -u -i -n'
+Type=oneshot
author	Lennart Poettering <lennart@poettering.net>	2018-05-24 16:49:13 +0200
committer	GitHub <noreply@github.com>	2018-05-24 16:49:13 +0200
commit	cdc0f9be925c79f52452938f39013062325da27a (patch)
tree	dfd01079f60ca2b6cc85baa298911a7bb375dae9 /test
parent	cea79e664394d4ca89016919cef36a55dc51a369 (diff)
parent	b086654c6a75119b660235ffb08bb4963835fc7c (diff)
download	systemd-cdc0f9be925c79f52452938f39013062325da27a.tar.gz systemd-cdc0f9be925c79f52452938f39013062325da27a.tar.bz2 systemd-cdc0f9be925c79f52452938f39013062325da27a.zip