tmpfiles: add more tests

author: Franck Bui <fbui@suse.com> 2018-04-13 15:32:25 +0200
committer: Franck Bui <fbui@suse.com> 2018-07-30 16:04:23 +0200
commit: 9f36a8fb381afd99c1a8c46f71521cbb99472b6c (patch)
tree: 612860c674d1c48da1de6dfc7f8c13b48d346f4f /test
parent: tmpfiles: don't follow unsafe transitions in path_set_*() (diff)
download: systemd-9f36a8fb381afd99c1a8c46f71521cbb99472b6c.tar.xz
systemd-9f36a8fb381afd99c1a8c46f71521cbb99472b6c.zip
4 files changed, 377 insertions, 0 deletions
diff --git a/test/TEST-22-TMPFILES/test-02.sh b/test/TEST-22-TMPFILES/test-02.sh
new file mode 100755
index 0000000000..fe8b903298
--- /dev/null
+++ b/test/TEST-22-TMPFILES/test-02.sh
@@ -0,0 +1,95 @@
+#! /bin/bash
+#
+# Basic tests for types creating directories
+#
+
+set -e
+set -x
+
+rm -fr /tmp/{d,D,e}
+mkdir  /tmp/{d,D,e}
+
+#
+# 'd'
+#
+mkdir /tmp/d/2
+chmod 777 /tmp/d/2
+
+systemd-tmpfiles --create - <<EOF
+d     /tmp/d/1    0755 daemon daemon - -
+d     /tmp/d/2    0755 daemon daemon - -
+EOF
+
+test -d /tmp/d/1
+test $(stat -c %U:%G:%a /tmp/d/1) = "daemon:daemon:755"
+
+test -d /tmp/d/2
+test $(stat -c %U:%G:%a /tmp/d/2) = "daemon:daemon:755"
+
+#
+# 'D'
+#
+mkdir /tmp/D/2
+chmod 777 /tmp/D/2
+touch /tmp/D/2/foo
+
+systemd-tmpfiles --create - <<EOF
+D     /tmp/D/1    0755 daemon daemon - -
+D     /tmp/D/2    0755 daemon daemon - -
+EOF
+
+test -d /tmp/D/1
+test $(stat -c %U:%G:%a /tmp/D/1) = "daemon:daemon:755"
+
+test -d /tmp/D/2
+test $(stat -c %U:%G:%a /tmp/D/2) = "daemon:daemon:755"
+
+systemd-tmpfiles --remove - <<EOF
+D     /tmp/D/2    0755 daemon daemon - -
+EOF
+
+# the content of '2' should be removed
+test "$(echo /tmp/D/2/*)" = "/tmp/D/2/*"
+
+#
+# 'e'
+#
+mkdir -p /tmp/e/2/{d1,d2}
+chmod 777 /tmp/e/2
+chmod 777 /tmp/e/2/d*
+
+systemd-tmpfiles --create - <<EOF
+e     /tmp/e/1     0755 daemon daemon - -
+e     /tmp/e/2/*   0755 daemon daemon - -
+EOF
+
+! test -d /tmp/e/1
+
+test -d /tmp/e/2
+test $(stat -c %U:%G:%a /tmp/e/2) = "root:root:777"
+
+test -d /tmp/e/2/d1
+test $(stat -c %U:%G:%a /tmp/e/2/d1) = "daemon:daemon:755"
+test -d /tmp/e/2/d2
+test $(stat -c %U:%G:%a /tmp/e/2/d2) = "daemon:daemon:755"
+
+# 'e' operates on directories only
+mkdir -p /tmp/e/3/{d1,d2}
+chmod 777 /tmp/e/3
+chmod 777 /tmp/e/3/d*
+touch /tmp/e/3/f1
+chmod 644 /tmp/e/3/f1
+
+! systemd-tmpfiles --create - <<EOF
+e     /tmp/e/3/*   0755 daemon daemon - -
+EOF
+
+# the directories should have been processed although systemd-tmpfiles failed
+# previously due to the presence of a file.
+test -d /tmp/e/3/d1
+test $(stat -c %U:%G:%a /tmp/e/3/d1) = "daemon:daemon:755"
+test -d /tmp/e/3/d2
+test $(stat -c %U:%G:%a /tmp/e/3/d2) = "daemon:daemon:755"
+
+test -f /tmp/e/3/f1
+test $(stat -c %U:%G:%a /tmp/e/3/f1) = "root:root:644"
diff --git a/test/TEST-22-TMPFILES/test-03.sh b/test/TEST-22-TMPFILES/test-03.sh
new file mode 100755
index 0000000000..68f34cb392
--- /dev/null
+++ b/test/TEST-22-TMPFILES/test-03.sh
@@ -0,0 +1,236 @@
+#! /bin/bash
+#
+# Basic tests for types creating/writing files
+#
+
+set -e
+set -x
+
+rm -fr /tmp/{f,F,w}
+mkdir  /tmp/{f,F,w}
+touch /tmp/file-owned-by-root
+
+#
+# 'f'
+#
+systemd-tmpfiles --create - <<EOF
+f     /tmp/f/1    0644 - - - -
+f     /tmp/f/2    0644 - - - This string should be written
+EOF
+
+### '1' should exist and be empty
+test -f /tmp/f/1; ! test -s /tmp/f/1
+test $(stat -c %U:%G:%a /tmp/f/1) = "root:root:644"
+
+test $(stat -c %U:%G:%a /tmp/f/2) = "root:root:644"
+test "$(< /tmp/f/2)" = "This string should be written"
+
+### The perms are supposed to be updated even if the file already exists.
+systemd-tmpfiles --create - <<EOF
+f     /tmp/f/1    0666 nobody nogroup - This string should not be written
+EOF
+
+# file should be empty
+! test -s /tmp/f/1
+test $(stat -c %U:%G:%a /tmp/f/1) = "nobody:nogroup:666"
+
+### But we shouldn't try to set perms on an existing file which is not a
+### regular one.
+mkfifo /tmp/f/fifo
+chmod 644 /tmp/f/fifo
+
+! systemd-tmpfiles --create - <<EOF
+f     /tmp/f/fifo    0666 nobody nogroup - This string should not be written
+EOF
+
+test -p /tmp/f/fifo
+test $(stat -c %U:%G:%a /tmp/f/fifo) = "root:root:644"
+
+### 'f' should not follow symlinks.
+ln -s missing /tmp/f/dangling
+ln -s /tmp/file-owned-by-root /tmp/f/symlink
+
+! systemd-tmpfiles --create - <<EOF
+f     /tmp/f/dangling    0644 nobody nogroup - -
+f     /tmp/f/symlink     0644 nobody nogroup - -
+EOF
+! test -e /tmp/f/missing
+test $(stat -c %U:%G:%a /tmp/file-owned-by-root) = "root:root:644"
+
+### Handle read-only filesystem gracefully: we shouldn't fail if the target
+### already exists and have the correct perms.
+mkdir /tmp/f/rw-fs
+mkdir /tmp/f/ro-fs
+
+touch /tmp/f/rw-fs/foo
+chmod 644 /tmp/f/rw-fs/foo
+
+mount -o bind,ro /tmp/f/rw-fs /tmp/f/ro-fs
+
+systemd-tmpfiles --create - <<EOF
+f     /tmp/f/ro-fs/foo    0644 - - - - This string should not be written
+EOF
+test -f /tmp/f/ro-fs/foo; ! test -s /tmp/f/ro-fs/foo
+
+! systemd-tmpfiles --create - <<EOF
+f     /tmp/f/ro-fs/foo    0666 - - - -
+EOF
+test $(stat -c %U:%G:%a /tmp/f/fifo) = "root:root:644"
+
+! systemd-tmpfiles --create - <<EOF
+f     /tmp/f/ro-fs/bar    0644 - - - -
+EOF
+! test -e /tmp/f/ro-fs/bar
+
+### 'f' shouldn't follow unsafe paths.
+mkdir /tmp/f/nobody
+ln -s /root /tmp/f/nobody/unsafe-symlink
+chown -R --no-dereference nobody:nogroup /tmp/f/nobody
+
+! systemd-tmpfiles --create - <<EOF
+f     /tmp/f/nobody/unsafe-symlink/exploit    0644 nobody nogroup - -
+EOF
+! test -e /tmp/f/nobody/unsafe-symlink/exploit
+
+#
+# 'F'
+#
+echo "This should be truncated" >/tmp/F/truncated
+echo "This should be truncated" >/tmp/F/truncated-with-content
+
+systemd-tmpfiles --create - <<EOF
+F     /tmp/F/created                0644 - - - -
+F     /tmp/F/created-with-content   0644 - - - new content
+F     /tmp/F/truncated              0666 nobody nogroup - -
+F     /tmp/F/truncated-with-content 0666 nobody nogroup - new content
+EOF
+
+test -f /tmp/F/created; ! test -s /tmp/F/created
+test -f /tmp/F/created-with-content
+test "$(< /tmp/F/created-with-content)" = "new content"
+test -f /tmp/F/truncated; ! test -s /tmp/F/truncated
+test $(stat -c %U:%G:%a /tmp/F/truncated) = "nobody:nogroup:666"
+test -s /tmp/F/truncated-with-content
+test $(stat -c %U:%G:%a /tmp/F/truncated-with-content) = "nobody:nogroup:666"
+
+### We shouldn't try to truncate anything but regular files since the behavior is
+### unspecified in the other cases.
+mkfifo /tmp/F/fifo
+
+! systemd-tmpfiles --create - <<EOF
+F     /tmp/F/fifo                0644 - - - -
+EOF
+
+test -p /tmp/F/fifo
+
+### 'F' should not follow symlinks.
+ln -s missing /tmp/F/dangling
+ln -s /tmp/file-owned-by-root /tmp/F/symlink
+
+! systemd-tmpfiles --create - <<EOF
+f     /tmp/F/dangling    0644 nobody nogroup - -
+f     /tmp/F/symlink     0644 nobody nogroup - -
+EOF
+! test -e /tmp/F/missing
+test $(stat -c %U:%G:%a /tmp/file-owned-by-root) = "root:root:644"
+
+### Handle read-only filesystem gracefully: we shouldn't fail if the target
+### already exists and is empty.
+mkdir /tmp/F/rw-fs
+mkdir /tmp/F/ro-fs
+
+touch /tmp/F/rw-fs/foo
+chmod 644 /tmp/F/rw-fs/foo
+
+mount -o bind,ro /tmp/F/rw-fs /tmp/F/ro-fs
+
+systemd-tmpfiles --create - <<EOF
+F     /tmp/F/ro-fs/foo    0644 - - - -
+EOF
+test -f /tmp/F/ro-fs/foo; ! test -s /tmp/F/ro-fs/foo
+
+echo "truncating is not allowed anymore" >/tmp/F/rw-fs/foo
+! systemd-tmpfiles --create - <<EOF
+F     /tmp/F/ro-fs/foo    0644 - - - -
+EOF
+
+! systemd-tmpfiles --create - <<EOF
+F     /tmp/F/ro-fs/foo    0644 - - - - This string should not be written
+EOF
+test -f /tmp/F/ro-fs/foo; ! test -s /tmp/F/ro-fs/foo
+
+# Trying to change the perms should fail.
+>/tmp/F/rw-fs/foo
+! systemd-tmpfiles --create - <<EOF
+F     /tmp/F/ro-fs/foo    0666 - - - -
+EOF
+test $(stat -c %U:%G:%a /tmp/F/ro-fs/foo) = "root:root:644"
+
+### Try to create a new file.
+! systemd-tmpfiles --create - <<EOF
+F     /tmp/F/ro-fs/bar    0644 - - - -
+EOF
+! test -e /tmp/F/ro-fs/bar
+
+### 'F' shouldn't follow unsafe paths.
+mkdir /tmp/F/nobody
+ln -s /root /tmp/F/nobody/unsafe-symlink
+chown -R --no-dereference nobody:nogroup /tmp/F/nobody
+
+! systemd-tmpfiles --create - <<EOF
+F     /tmp/F/nobody/unsafe-symlink/exploit    0644 nobody nogroup - -
+EOF
+! test -e /tmp/F/nobody/unsafe-symlink/exploit
+
+#
+# 'w'
+#
+touch /tmp/w/overwritten
+
+### nop if the target does not exist.
+systemd-tmpfiles --create - <<EOF
+w     /tmp/w/unexistent    0644 - - - new content
+EOF
+! test -e /tmp/w/unexistent
+
+### no argument given -> fails.
+! systemd-tmpfiles --create - <<EOF
+w     /tmp/w/unexistent    0644 - - - -
+EOF
+
+### write into an empty file.
+systemd-tmpfiles --create - <<EOF
+w     /tmp/w/overwritten    0644 - - - old content
+EOF
+test -f /tmp/w/overwritten
+test "$(< /tmp/w/overwritten)" = "old content"
+
+### new content is overwritten
+systemd-tmpfiles --create - <<EOF
+w     /tmp/w/overwritten    0644 - - - new content
+EOF
+test -f /tmp/w/overwritten
+test "$(< /tmp/w/overwritten)" = "new content"
+
+### writing into an 'exotic' file sould be allowed.
+systemd-tmpfiles --create - <<EOF
+w     /dev/null    - - - - new content
+EOF
+
+### 'w' follows symlinks
+ln -s ./overwritten /tmp/w/symlink
+systemd-tmpfiles --create - <<EOF
+w     /tmp/w/symlink    - - - - $(readlink -e /tmp/w/symlink)
+EOF
+readlink -e /tmp/w/symlink
+test "$(< /tmp/w/overwritten)" = "/tmp/w/overwritten"
+
+### 'w' shouldn't follow unsafe paths.
+mkdir /tmp/w/nobody
+ln -s /root /tmp/w/nobody/unsafe-symlink
+chown -R --no-dereference nobody:nogroup /tmp/w/nobody
+
+! systemd-tmpfiles --create - <<EOF
+f     /tmp/w/nobody/unsafe-symlink/exploit    0644 nobody nogroup - -
+EOF
+! test -e /tmp/w/nobody/unsafe-symlink/exploit
diff --git a/test/TEST-22-TMPFILES/test-04.sh b/test/TEST-22-TMPFILES/test-04.sh
new file mode 100755
index 0000000000..324bb80200
--- /dev/null
+++ b/test/TEST-22-TMPFILES/test-04.sh
@@ -0,0 +1,44 @@
+#! /bin/bash
+#
+# Basic tests for types creating fifos
+#
+
+set -e
+set -x
+
+rm -fr /tmp/p
+mkdir  /tmp/p
+touch  /tmp/p/f1
+
+systemd-tmpfiles --create - <<EOF
+p     /tmp/p/fifo1    0666 - - - -
+EOF
+
+test -p /tmp/p/fifo1
+test $(stat -c %U:%G:%a /tmp/p/fifo1) = "root:root:666"
+
+# it should refuse to overwrite an existing file
+! systemd-tmpfiles --create - <<EOF
+p     /tmp/p/f1    0666 - - - -
+EOF
+
+test -f /tmp/p/f1
+
+# unless '+' prefix is used
+systemd-tmpfiles --create - <<EOF
+p+     /tmp/p/f1    0666 - - - -
+EOF
+
+test -p /tmp/p/f1
+test $(stat -c %U:%G:%a /tmp/p/f1) = "root:root:666"
+
+#
+# Must be fixed
+#
+# mkdir /tmp/p/nobody
+# #ln -s /root /tmp/F/nobody/unsafe-symlink
+# chown -R --no-dereference nobody:nogroup /tmp/p/nobody
+#
+# systemd-tmpfiles --create - <<EOF
+# p      /tmp/p/nobody/fifo2    0666 nobody nogroup - -
+# EOF
diff --git a/test/TEST-22-TMPFILES/test.sh b/test/TEST-22-TMPFILES/test.sh
index 5b8abbfff5..13e191bd92 100755
--- a/test/TEST-22-TMPFILES/test.sh
+++ b/test/TEST-22-TMPFILES/test.sh
@@ -14,6 +14,8 @@ test_setup() {
     inst_binary stat
     inst_binary seq
     inst_binary xargs
+    inst_binary mkfifo
+    inst_binary readlink
 
     # mask some services that we do not want to run in these tests
     ln -fs /dev/null $initdir/etc/systemd/system/systemd-hwdb-update.service
author	Franck Bui <fbui@suse.com>	2018-04-13 15:32:25 +0200
committer	Franck Bui <fbui@suse.com>	2018-07-30 16:04:23 +0200
commit	9f36a8fb381afd99c1a8c46f71521cbb99472b6c (patch)
tree	612860c674d1c48da1de6dfc7f8c13b48d346f4f /test
parent	tmpfiles: don't follow unsafe transitions in path_set_*() (diff)
download	systemd-9f36a8fb381afd99c1a8c46f71521cbb99472b6c.tar.xz systemd-9f36a8fb381afd99c1a8c46f71521cbb99472b6c.zip