blob: d991fe52004df26415cb2891d90604fbfa1c8897 [file] [log] [blame] [raw]
/* SPDX-License-Identifier: LGPL-2.1+ */
#include "capability-util.h"
#include "dev-setup.h"
#include "fs-util.h"
#include "path-util.h"
#include "rm-rf.h"
#include "tmpfile-util.h"
int main(int argc, char *argv[]) {
_cleanup_(rm_rf_physical_and_freep) char *p = NULL;
const char *f;
struct stat st;
if (have_effective_cap(CAP_DAC_OVERRIDE) <= 0)
return EXIT_TEST_SKIP;
assert_se(mkdtemp_malloc("/tmp/test-dev-setupXXXXXX", &p) >= 0);
f = prefix_roota(p, "/run");
assert_se(mkdir(f, 0755) >= 0);
f = prefix_roota(p, "/run/systemd");
assert_se(make_inaccessible_nodes(f, 1, 1) >= 0);
f = prefix_roota(p, "/run/systemd/inaccessible/reg");
assert_se(stat(f, &st) >= 0);
assert_se(S_ISREG(st.st_mode));
assert_se((st.st_mode & 07777) == 0000);
f = prefix_roota(p, "/run/systemd/inaccessible/dir");
assert_se(stat(f, &st) >= 0);
assert_se(S_ISDIR(st.st_mode));
assert_se((st.st_mode & 07777) == 0000);
f = prefix_roota(p, "/run/systemd/inaccessible/fifo");
assert_se(stat(f, &st) >= 0);
assert_se(S_ISFIFO(st.st_mode));
assert_se((st.st_mode & 07777) == 0000);
f = prefix_roota(p, "/run/systemd/inaccessible/sock");
assert_se(stat(f, &st) >= 0);
assert_se(S_ISSOCK(st.st_mode));
assert_se((st.st_mode & 07777) == 0000);
f = prefix_roota(p, "/run/systemd/inaccessible/chr");
if (stat(f, &st) < 0)
assert_se(errno == ENOENT);
else {
assert_se(S_ISCHR(st.st_mode));
assert_se((st.st_mode & 07777) == 0000);
}
f = prefix_roota(p, "/run/systemd/inaccessible/blk");
if (stat(f, &st) < 0)
assert_se(errno == ENOENT);
else {
assert_se(S_ISBLK(st.st_mode));
assert_se((st.st_mode & 07777) == 0000);
}
return EXIT_SUCCESS;
}