diff options
| author | Yu Watanabe <watanabe.yu+github@gmail.com> | 2024-12-15 02:36:42 +0100 |
|---|---|---|
| committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2024-12-16 15:55:44 +0100 |
| commit | e76fcd0e40a6910f4818a374c6a8d854d644ff93 (patch) | |
| tree | ec62be02ca2d2f71d81b04165cbd82dc04d26c9e /test | |
| parent | core/exec-invoke: fix ProtectHostname= value in log message (diff) | |
| download | systemd-e76fcd0e40a6910f4818a374c6a8d854d644ff93.tar.xz systemd-e76fcd0e40a6910f4818a374c6a8d854d644ff93.zip | |
core: make ProtectHostname= optionally take a hostname
Closes #35623.
Diffstat (limited to 'test')
| -rwxr-xr-x | test/units/TEST-07-PID1.protect-hostname.sh | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/test/units/TEST-07-PID1.protect-hostname.sh b/test/units/TEST-07-PID1.protect-hostname.sh index c2ede39553..10d448b80d 100755 --- a/test/units/TEST-07-PID1.protect-hostname.sh +++ b/test/units/TEST-07-PID1.protect-hostname.sh @@ -21,6 +21,33 @@ testcase_yes() { # can only set hostname. (! systemd-run --wait -p ProtectHostname=yes hostname foo) + # ProtectHostname=yes can optionally take a hostname. + systemd-run --wait -p ProtectHostnameEx=yes:hoge \ + -P bash -xec ' + test "$(hostname)" = "hoge" + (! hostname foo) + test "$(hostname)" = "hoge" + ' + + # Verify host hostname is unchanged. + test "$(hostname)" = "$LEGACY_HOSTNAME" + test "$(hostnamectl hostname)" = "$HOSTNAME_FROM_SYSTEMD" + + # ProtectHostname= supportes specifiers. + mkdir -p /run/systemd/system/ + cat >/run/systemd/system/test-protect-hostname-yes@.service <<EOF +[Service] +Type=oneshot +ExecStart=bash -xec 'test "\$\$(hostname)" = "%i"; (! hostname foo); test "\$\$(hostname)" = "%i"' +ProtectHostname=yes:%i +EOF + systemctl daemon-reload + systemctl start --wait test-protect-hostname-yes@hoge.example.com.service + + # Verify host hostname is unchanged. + test "$(hostname)" = "$LEGACY_HOSTNAME" + test "$(hostnamectl hostname)" = "$HOSTNAME_FROM_SYSTEMD" + systemd-run --wait -p ProtectHostname=yes -p PrivateMounts=yes \ findmnt --mountpoint /proc/sys/kernel/hostname } @@ -36,9 +63,51 @@ testcase_private() { test "$(hostname)" = "$LEGACY_HOSTNAME" test "$(hostnamectl hostname)" = "$HOSTNAME_FROM_SYSTEMD" + # ProtectHostname=private can optionally take a hostname. + systemd-run --wait -p ProtectHostnameEx=private:hoge \ + -P bash -xec ' + test "$(hostname)" = "hoge" + hostname foo + test "$(hostname)" = "foo" + ' + + # Verify host hostname is unchanged. + test "$(hostname)" = "$LEGACY_HOSTNAME" + test "$(hostnamectl hostname)" = "$HOSTNAME_FROM_SYSTEMD" + + # ProtectHostname= supportes specifiers. + mkdir -p /run/systemd/system/ + cat >/run/systemd/system/test-protect-hostname-private@.service <<EOF +[Service] +Type=oneshot +ExecStart=bash -xec 'test "\$\$(hostname)" = "%i"; hostname foo; test "\$\$(hostname)" = "foo"' +ProtectHostname=private:%i +EOF + systemctl daemon-reload + systemctl start --wait test-protect-hostname-private@hoge.example.com.service + + # Verify host hostname is unchanged. + test "$(hostname)" = "$LEGACY_HOSTNAME" + test "$(hostnamectl hostname)" = "$HOSTNAME_FROM_SYSTEMD" + # Verify /proc/sys/kernel/hostname is not bind mounted from host read-only. (! systemd-run --wait -p ProtectHostnameEx=private -p PrivateMounts=yes \ findmnt --mountpoint /proc/sys/kernel/hostname) } +testcase_invalid() { + # ProtectHostname=no cannot take hostname. + (! systemd-run --wait -p ProtectHostnameEx=no:hoge true) + + # Invalid hostname. + (! systemd-run --wait -p ProtectHostnameEx=yes: true) + (! systemd-run --wait -p ProtectHostnameEx=yes:.foo true) + (! systemd-run --wait -p ProtectHostnameEx=yes:foo.-example.com true) + (! systemd-run --wait -p ProtectHostnameEx=yes:foo..example.com true) + (! systemd-run --wait -p ProtectHostnameEx=private: true) + (! systemd-run --wait -p ProtectHostnameEx=private:.foo true) + (! systemd-run --wait -p ProtectHostnameEx=private:foo.-example.com true) + (! systemd-run --wait -p ProtectHostnameEx=private:foo..example.com true) +} + run_testcases |