mirrors/systemd
0
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-11-27 04:03:36 +08:00
Code Issues Packages Projects Releases Wiki Activity

tests: add integration test for RestrictNetworkInterfaces=

Browse Source 
Signed-off-by: Mauricio Vásquez <mauricio@kinvolk.io>
This commit is contained in:
Mauricio Vásquez 2021-02-25 19:59:36 -05:00
parent 2ce150f5ec
commit 00d6fceeb3
10 changed files with 122 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
test/TEST-62-RESTRICT-IFACES/Makefile Symbolic link
View File

@ -0,0 +1 @@
../TEST-01-BASIC/Makefile

9
test/TEST-62-RESTRICT-IFACES/test.sh Executable file
View File

@ -0,0 +1,9 @@
#!/usr/bin/env bash
TEST_NO_NSPAWN=1
set -e
TEST_DESCRIPTION="test RestrictNetworkInterfaces="
. $TEST_BASE_DIR/test-functions
do_test "$@" 62

1
test/test-functions
View File

@ -673,6 +673,7 @@ setup_basic_environment() {
has_user_dbus_socket && install_user_dbus has_user_dbus_socket && install_user_dbus
setup_selinux setup_selinux
strip_binaries strip_binaries
instmods veth
install_depmod_files install_depmod_files
generate_module_dependencies generate_module_dependencies
if get_bool "$IS_BUILT_WITH_ASAN"; then if get_bool "$IS_BUILT_WITH_ASAN"; then

8
test/units/testsuite-62-1.service Normal file
View File

@ -0,0 +1,8 @@
[Unit]
Description=TEST-62-RESTRICT-IFACES-all-pings-work
[Service]
ExecStart=/bin/sh -c 'ping -c 1 -W 0.2 192.168.113.1'
ExecStart=/bin/sh -c 'ping -c 1 -W 0.2 192.168.113.5'
ExecStart=/bin/sh -c 'ping -c 1 -W 0.2 192.168.113.9'
RestrictNetworkInterfaces=
Type=oneshot

9
test/units/testsuite-62-2.service Normal file
View File

@ -0,0 +1,9 @@
[Unit]
Description=TEST-62-RESTRICT-IFACES-allow-list
[Service]
ExecStart=/bin/sh -c 'ping -c 1 -W 0.2 192.168.113.1'
ExecStart=/bin/sh -c 'ping -c 1 -W 0.2 192.168.113.5'
ExecStart=/bin/sh -c '! ping -c 1 -W 0.2 192.168.113.9'
RestrictNetworkInterfaces=veth0
RestrictNetworkInterfaces=veth1
Type=oneshot

9
test/units/testsuite-62-3.service Normal file
View File

@ -0,0 +1,9 @@
[Unit]
Description=TEST-62-RESTRICT-IFACES-deny-list
[Service]
ExecStart=/bin/sh -c '! ping -c 1 -W 0.2 192.168.113.1'
ExecStart=/bin/sh -c '! ping -c 1 -W 0.2 192.168.113.5'
ExecStart=/bin/sh -c 'ping -c 1 -W 0.2 192.168.113.9'
RestrictNetworkInterfaces=~veth0
RestrictNetworkInterfaces=~veth1
Type=oneshot

9
test/units/testsuite-62-4.service Normal file
View File

@ -0,0 +1,9 @@
[Unit]
Description=TEST-62-RESTRICT-IFACES-empty-assigment
[Service]
ExecStart=/bin/sh -c 'ping -c 1 -W 0.2 192.168.113.1'
ExecStart=/bin/sh -c 'ping -c 1 -W 0.2 192.168.113.5'
ExecStart=/bin/sh -c 'ping -c 1 -W 0.2 192.168.113.9'
RestrictNetworkInterfaces=veth0
RestrictNetworkInterfaces=
Type=oneshot

10
test/units/testsuite-62-5.service Normal file
View File

@ -0,0 +1,10 @@
[Unit]
Description=TEST-62-RESTRICT-IFACES-invert-assigment
[Service]
ExecStart=/bin/sh -c '! ping -c 1 -W 0.2 192.168.113.1'
ExecStart=/bin/sh -c 'ping -c 1 -W 0.2 192.168.113.5'
ExecStart=/bin/sh -c '! ping -c 1 -W 0.2 192.168.113.9'
RestrictNetworkInterfaces=veth0
RestrictNetworkInterfaces=veth0 veth1
RestrictNetworkInterfaces=~veth0
Type=oneshot

6
test/units/testsuite-62.service Normal file
View File

@ -0,0 +1,6 @@
Description=TEST-62-RESTRICT-IFACES
[Service]
ExecStartPre=rm -f /failed /testok
ExecStart=/usr/lib/systemd/tests/testdata/units/%N.sh
Type=oneshot

60
test/units/testsuite-62.sh Executable file
View File

@ -0,0 +1,60 @@
#!/usr/bin/env bash
set -ex
set -o pipefail
setup() {
systemd-analyze log-level debug
systemd-analyze log-target console
for i in `seq 0 3`;
do
ip netns del ns${i} || true
ip link del veth${i} || true
ip netns add ns${i}
ip link add veth${i} type veth peer name veth${i}_
ip link set veth${i}_ netns ns${i}
ip -n ns${i} link set dev veth${i}_ up
ip -n ns${i} link set dev lo up
ip -n ns${i} addr add "192.168.113."$((4*i+1))/30 dev veth${i}_
ip link set dev veth${i} up
ip addr add "192.168.113."$((4*i+2))/30 dev veth${i}
done
}
teardown() {
set +e
for i in `seq 0 3`;
do
ip netns del ns${i}
ip link del veth${i}
done
systemd-analyze log-level info
}
KERNEL_VERSION="$(uname -r)"
KERNEL_MAJOR="${KERNEL_VERSION%%.*}"
KERNEL_MINOR="${KERNEL_VERSION#$KERNEL_MAJOR.}"
KERNEL_MINOR="${KERNEL_MINOR%%.*}"
MAJOR_REQUIRED=5
MINOR_REQUIRED=7
if [[ "$KERNEL_MAJOR" -lt $MAJOR_REQUIRED || ("$KERNEL_MAJOR" -eq $MAJOR_REQUIRED && "$KERNEL_MINOR" -lt $MINOR_REQUIRED) ]]; then
echo "kernel is not 5.7+" >>/skipped
exit 0
fi
trap teardown EXIT
setup
systemctl start --wait testsuite-62-1.service
systemctl start --wait testsuite-62-2.service
systemctl start --wait testsuite-62-3.service
systemctl start --wait testsuite-62-4.service
systemctl start --wait testsuite-62-5.service
echo OK > /testok
exit 0