IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
I don't see where it would ever be a good thing that file copies done
via tmpfiles.d/ C lines cause the tmpfiles operation to fail if their
source happens to be missing. It's a problem if we can't set up the
destination properly (which is the job of systemd-tmpfiles after all),
but if the source is simply missing (NB: setting up the source is the job of
of the rules writer) this shouldn't be a problem.
This is useful for copying stuff into place if it happens to exist. For
example, if systemd-stub passes additional data into the initrd's
/.extra/ directory, we can copy it into a better place (e.g. /run/) with
this, where it will survive the initrd→host transition.
This mirrors behaviour of the recently added "^" line modifier which may
be used source "w" lines from credentials – there two the behaviour is
to simply skip the line if the source is missing.
getopt allows non-ambiguous abbreviations, so backwards-compat is maintained, and
people can use --kill-who (or even shorter abbreviations). English is flexible,
so in common speach people would use both forms, even if "whom" is technically
more correct. The advantage of using the longer form in the code is that we
effectively allow both forms, so we stop punishing people who DTGCT¹, but still
allow people to use the spoken form if they prefer.
1. Do the gramatically correct thing
When a service unit Requires= a socket, and the socket is restarted while the
service is in state=activating, the propagated restart is being discarded. This
is contrary to the documentation for Requires=, which states "this unit will be
stopped (or restarted) if one of the other units is explicitly stopped (or
restarted)".
When a service is triggered by a path unit, pass the
path unit name and the path that triggered it via env vars
to the spawned processes.
Note that this is best-effort, as there might be many triggers
at the same time, but we only get woken up by one.
Otherwise we might start writing to one of its partition before the
respective node is created under /dev, resulting in... interesting
stuff.
Resolves: #24390
In 'udevadm lock' the device /dev/loopX is locked instead of
/dev/loopXp1. Hence, 'udevadm wait' should wait for /dev/loopX.
For some reasons, the kernel sometimes does not emit uevent for
partitions, and 'udevadm wait' for partitions may fail.
Fixes#24360.
libdevmapper/device mapper driver can return semi-random failures when
opening verity devices, and we have fallback code to deal with it.
But the test was not expecting the fallback path, so it became unreliable.
Fixes https://github.com/systemd/systemd/issues/23866
While I had tested that a symlink to /dev/null works to "mask" a sysext
I must have gotten something wrong and thus the instructions in
519c2f0d6b don't work. What works,
at least at the moment, is to instead have an empty directory with the
extension name under /etc/extensions/.
Correct the info in the man page and add a test for it.
A sysext image that merely contains static binaries has no dependency
on the host distribution and should be able to be used anywhere.
Support the special '_any' value for the ID field in the extension to
opt-out of ID and VERSION_ID/SYSEXT_LEVEL matching.
See https://github.com/systemd/systemd/issues/24061
Test the functionality implemented in the previous commit ("cryptsetup: ask for
PIN when trying to activate using a LUKS2 token plugin"): when "tpm2-device" is
not specified, systemd-cryptsetup calls crypt_activate_by_token_pin() to try to
unlock using a LUKS2 token plugin, test whether this is able to obtain the
provided PIN.
Previously it was possible to set delegate property for scope, but you
were not able to allow unprivileged process to manage the scope's cgroup
hierarchy. This is useful when launching manager process that will run
unprivileged but is supposed to manage its own (scope) sub-hierarchy.
Fixes#21683
systemd-measure is not built without gnu-efi, which is the case, for
example, on ppc64le. Let's skip the relevant test case in this case
instead of failing.
```
The Meson build system
Version: 0.58.2
...
Host machine cpu family: ppc64
Host machine cpu: ppc64le
...
Message: Skipping systemd-measure.1 because HAVE_GNU_EFI is false
...
[ 115.711775] testsuite-70.sh[745]: + cat
[ 115.741996] testsuite-70.sh[832]: + /usr/lib/systemd/systemd-measure calculate --linux=/tmp/tpmdata1 --initrd=/tmp/tpmdata2
[ 115.754015] testsuite-70.sh[833]: + cmp - /tmp/result
[ 115.758004] testsuite-70.sh[832]: /usr/lib/systemd/tests/testdata/units/testsuite-70.sh: line 56: /usr/lib/systemd/systemd-measure: No such file or directory
[ 115.773851] testsuite-70.sh[833]: cmp: EOF on - which is empty
[ 115.983681] sh[835]: + systemctl poweroff --no-block
```
crypt_init_data_device() replaces the crypt_device struct with a
new allocation, losing the old one, which we get from crypt_init().
Use crypt_set_data_device() instead.
Enhance the test to cover this option too.
This command takes a mountpoint, unmounts it and makes sure the
underlying partition devices and block device are removed before
exiting.
To mirror the --mount operation, we also add a --rmdir option which
does the opposite of --mkdir, and a -U option which is a shortcut
for --umount --rmdir.
On fast systems we might race against systemd and check the mount unit
after mounting it way too early before systemd had a chance to react to
the change.
```
[ 4.677701] H systemd[1]: Event source 0x210b3b0 (mount-monitor-dispatch) entered rate limit state.
...
[ 4.863731] H testsuite-64.sh[812]: + mount /logsysfsRxx
[ 4.865918] H kernel: EXT4-fs (vda2): mounted filesystem with ordered data mode. Opts: (null)
[ 4.866213] H testsuite-64.sh[812]: + systemctl status /logsysfsRxx
[ 4.877502] H testsuite-64.sh[919]: ○ logsysfsRxx.mount - /logsysfsRxx
[ 4.877502] H testsuite-64.sh[919]: Loaded: loaded (/etc/fstab; generated)
[ 4.877502] H testsuite-64.sh[919]: Active: inactive (dead)
[ 4.877502] H testsuite-64.sh[919]: Where: /logsysfsRxx
[ 4.877502] H testsuite-64.sh[919]: What: /dev/disk/by-uuid/deadbeef-dead-dead-beef-222222222222
[ 4.877502] H testsuite-64.sh[919]: Docs: man:fstab(5)
[ 4.877502] H testsuite-64.sh[919]: man:systemd-fstab-generator(8)
[ 4.877502] H testsuite-64.sh[919]: Aug 03 10:10:10 H systemd[1]: logsysfsRxx.mount: Processing implicit device dependencies
[ 4.877502] H testsuite-64.sh[919]: Aug 03 10:10:10 H systemd[1]: logsysfsRxx.mount: Added Requires dependency on /dev/disk/by-uuid/deadbeef-dead-dead-beef-222222222222
[ 4.877502] H testsuite-64.sh[919]: Aug 03 10:10:10 H systemd[1]: logsysfsRxx.mount: Added StopPropagatedFrom dependency on /dev/disk/by-uuid/deadbeef-dead-dead-beef-222222222222
[ 4.895683] H sh[920]: + systemctl poweroff --no-block
[ 4.906533] H systemd[1]: Found unit logsysfsRxx.mount at /run/systemd/generator/logsysfsRxx.mount (regular file)
[ 4.906594] H systemd[1]: Preset files don't specify rule for logsysfsRxx.mount. Enabling.
[ 4.906990] H systemd[1]: testsuite-64.service: Main process exited, code=exited, status=3/NOTIMPLEMENTED
[ 4.907057] H systemd[1]: testsuite-64.service: Failed with result 'exit-code'.
[ 4.907287] H systemd[1]: Failed to start testsuite-64.service.
[ 4.955293] H systemd[1]: Starting end.service...
[ 4.955736] H systemd-logind[809]: The system will power off now!
[ 4.955868] H systemd-logind[809]: System is powering down.
[ 4.975781] H systemd[1]: Event source 0x210b3b0 (mount-monitor-dispatch) left rate limit state.
[ 4.975821] H systemd[1]: logsysfsRxx.mount: Processing implicit device dependencies
[ 4.975857] H systemd[1]: logsysfsRxx.mount: Added Requires dependency on /dev/vda2
[ 4.975893] H systemd[1]: logsysfsRxx.mount: Added StopPropagatedFrom dependency on /dev/vda2
[ 4.975928] H systemd[1]: Unit blockdev@dev-vda2.target has alias blockdev@.target.
[ 4.975967] H systemd[1]: logsysfsRxx.mount: Added After dependency on /dev/vda2
[ 4.976081] H systemd[1]: logsysfsRxx.mount: Changed dead -> mounted
```
systemd-sysctl currently fails silently under any of these conditions:
- Missing permission to write a sysctl.
- Invalid sysctl (path doesn't exists).
- Ignore failure flag ('-' in front of the sysctl name).
Because of this behaviour, configuration issues can go unnoticed as
there is no way to detect those unless going through the logs.
--strict option forces systemd-sysctl to fail if a sysctl is invalid or
if permission are insufficient. Errors on sysctl marked as "ignore
failure" will still be ignored.
This imports credentials also via SMBIOS' "OEM vendor string" section,
similar to the existing import logic from fw_cfg.
Functionality-wise this is very similar to the existing fw_cfg logic,
both of which are easily settable on the qemu command line.
Pros and cons of each:
SMBIOS OEM vendor strings:
- pro: fast, because memory mapped
- pro: somewhat VMM independent, at least in theory
- pro: qemu upstream sees this as the future
- pro: no additional kernel module needed
- con: strings only, thus binary data is base64 encoded
fw_cfg:
- pro: has been supported for longer in qemu
- pro: supports binary data
- con: slow, because IO port based
- con: only qemu
- con: requires qemu_fw_cfg.ko kernel module
- con: qemu upstream sees this as legacy
Otherwise the return value of the last command is propagated, which may
cause spurious test failures. E.g., pkill returns 1 if no process
matched, which may be a problem in cleanup session:
cleanup_session() {
...
pkill -u "$(id -u logind-test-user)"
sleep 1
pkill -KILL -u "$(id -u logind-test-user)"
}
If there are no remaining processes when the final pkill runs, it will
return 1 and therefore cleanup_session will return 1 as well.
Otherwise, idle action may be triggered before starting the test user
session.
This also introduce create_session() and cleanup_session() helper
functions.
Fixes#23952.
Reduce the number of iterations in some of the test cases, since they
generate a huge amount of uevents and basically DoS udev (which can't
keep up while being slowed down by ASan). To avoid this, let's reduce
the number of iterations and bump the timeout when running under ASan,
since we're not interested in performance in such cases.
- use test_append_files() to install additional commands
- drop use of expect
- include assert.sh and use assertions at several places
- use timeout command at several places
- always use logind-test-user
- etc
Replace the call to the `end.service` with `systemctl poweroff`, since
it seems to cause issues no matter what `--job-mode=` is used:
```
[ 129.070993] testsuite-21.sh[380]: ++ systemctl start --job-mode=flush end.service
[ 129.154985] testsuite-21.sh[912]: Failed to start end.service: Transaction for end.service/start is destructive (sysinit.target has 'stop' job queued, but 'start' is included in transaction).
[ 129.159636] testsuite-21.sh[912]: See system logs and 'systemctl status end.service' for details.
```
Also, add a "safety net" which bypasses the manager and does the
poweroff directly, since sometimes the D-Bus call performed by
`systemctl` might timeout (as the manager might be still processing data
from the fuzzing):
```
[ 115.776778] sh[894]: + systemctl poweroff --no-block
[ 166.164242] testsuite-21.sh[893]: Failed to start transient service unit: Connection timed out
[ 166.269289] sh[894]: Call to PowerOff failed: Connection timed out
```
Otherwise it oversaturates the journal, which in some cases can't keep
up with the load of messages (due to the performance penalty caused by
sanitizers), and gets killed by a watchdog.
Let's keep the debug logs in the journal, while logging only
testsute-*.sh stdout/stderr to the console (ba7abf7). This should make
the test output log a bit more readable and potentially the tests itself
a bit faster by avoiding console oversaturation.
Also, it should significantly reduce the size of artifacts kept by CIs.
Bash will generate a very nice message for us:
/tmp/ff.sh: line 1: SOMEVAR: parameter null or not set
Let's save some keystrokes by not replacing this with our own inferior
messages.
Many sandboxing options add implicit DeviceAllow rules, which might be confusing
for users running systemd-analyze security and not expecting it.
Print the list.
Fixes https://github.com/systemd/systemd/issues/23185
1449b0f8a9 fixed seccomp arch check for the offline case,
but broke it for the normal case, as when coming from D-Bus the
list of seccomp architectures is already converted to string.
Fixes https://github.com/systemd/systemd/issues/23224
Follow-up for 2362fdde1b
When --machine is specified with --ephemeral, no random suffix is added, so
the recently added assert would fail.
Add a top-level variable with the expected file name for nspawn files, and
compute it when the rest of the names are computed.
When --ephemeral is used, a random 16 characters suffix is added to the image
name, so matching on .nspawn files based on the image name no longer works.
Fixes https://github.com/systemd/systemd/issues/13297
The implementation of MountImageUnit()/systemctl mount-image was
changed to use a /proc/self/fd path as the source, but that causes
the dm-verity files autodiscovery to fail, as it looks for files
in the same directory as the image.
Use the original file path when setting up dm-verity.
The original workaround didn't work, as `systemd-repart` kept failing
even when the `/dev/loopX` device was present:
```
[ 13.959419] H testsuite-58.sh[280]: + LOOP=/dev/loop1
[ 13.959636] H testsuite-58.sh[280]: + :
[ 13.959764] H testsuite-58.sh[280]: + test -e /dev/loop1
[ 13.959895] H testsuite-58.sh[280]: + break
[ 13.960023] H testsuite-58.sh[280]: + systemd-repart --pretty=yes --definitions=/tmp/testsuite-58-sector/ --seed=750b6cd5c4ae4012a15e7be3c29e6a47 --empty=require --dry-run=no /dev/loop1
[ 13.970538] H testsuite-58.sh[363]: Device '/dev/loop1' has no dm-crypt/dm-verity device, no need to look for underlying block device.
[ 13.970538] H testsuite-58.sh[363]: Failed to determine canonical path for '/dev/loop1': No such file or directory
[ 13.970538] H testsuite-58.sh[363]: Failed to open file or determine backing device of /dev/loop1: No such file or directory
```
A reattach might go from img.raw to img_0.1.raw or viceversa, but this is
not allowed right now as we try to match the full name.
Also take into account that running strcspn(a, '/') on an image name, without
leading path, will return the length of the full string, but the versions
might be different so they won't match, eg:
img_0.1.raw -> 12
img_0.1.1.raw -> 14
So adjust the check to take that into account, and skip it if we are not
dealing with directories
On a very slow machine, things are executed out-of-order, and something
pins the previously-exited unit. Instead of fighting with this with daemon-reload,
let's just use a different cleanup unit.
Hopefully fixes#22755.
Add tests for enrolling and unlocking. Various cases are tested:
- Default PCR 7 policy w/o PIN, good and bad cases (wrong PCR)
- PCR 7 + PIN policy, good and bad cases (wrong PCR, wrong PIN)
- Non-default PCR 0+7 policy w/o PIN, good and bad cases (wrong PCR 0)
v2: rename test, fix tss2 library installation, fix CI failures
v3: fix ppc64, load module
It seems there exists a short time period that we cannot see the
loopback device after `losetup` is finished:
```
testsuite-58.sh[367]: ++ losetup -b 1024 -P --show -f /tmp/testsuite-58-sector-1024.img
kernel: loop1: detected capacity change from 0 to 204800
testsuite-58.sh[285]: + LOOP=/dev/loop1
testsuite-58.sh[285]: + systemd-repart --pretty=yes --definitions=/tmp/testsuite-58-sector/ --seed=750b6cd5c4ae4012a15e7be3c29e6a47 --empty=require --dry-run=no /dev/loop1
testsuite-58.sh[368]: Device '/dev/loop1' has no dm-crypt/dm-verity device, no need to look for underlying block device.
testsuite-58.sh[368]: Failed to determine canonical path for '/dev/loop1': No such file or directory
testsuite-58.sh[368]: Failed to open file or determine backing device of /dev/loop1: No such file or directory
```
The Ubuntu CI on ppc64el seems to have a issue on tmpfs, and files
may not be fsynced. See c10caebb98.
For safety, let's use /var/tmp to store disk images.
Unprivileged overlayfs is supported since Linux 5.11. The only
change needed to get ExtensionDirectories to work is to avoid
hard-coding the staging directory to the system manager runtime
directory, everything else just works (TM).
The first ExecStartPre or the first ExecStart commands would get the metadata,
but not the subsequent ones. Also check that we do not pass it in
ExecStartPost.
The test would fail when the the same handler was used for multiple
*failing* units. We need to call 'reset-failed' to let the manager forget
about the earlier ones.
systemd-analyze log-target console is removed, because it's easier to follow
the logs if logging it to the journal.
Remove the list logic, and simply skip passing metadata if more than one
unit triggered an OnFailure/OnSuccess handler.
Instead of a single env var to loop over, provide each separate item
as its own variable.
Fixes https://github.com/systemd/systemd/issues/22370
The only piece missing was to somehow make /proc appear in the
new user+mount namespace. It is not possible to mount a new
/proc instance, not even with hidepid=invisible,subset=pid, in
a user namespace unless a PID namespace is created too (and also
at the same time as the other namespaces, it is not possible to
mount a new /proc in a child process that creates a PID namespace
forked from a parent that created a user+mount namespace, it has
to happen at the same time).
Use the host's /proc with a bind-mount as a fallback for this
case. User session services would already run with it, so
nothing is lost.
IIUC, pipefail doesn't matter for a sequence of commands joined with &&, and we
don't have any pipes. And such a failing expression also does not trigger an
exit, so the set +e/set -e were noops.
A bind mount is added directly from private on the host to the actual
destination directory, no need for the symlinks (which cannot be created
as the bind mount happens first and creates the target as an actual directory)
Fixes https://github.com/systemd/systemd/issues/22264
When a Condition*= fails, and a service has Restart=always,
the service is not restarted.
Follow the same behaviour for ExecCondition= to avoid inconsistencies.
Fixes#22257
Wraps nspawn to be able to use pexpect. The test logs in on the console
and runs screen. In one screen window it types in shutdown commands and
checks whether a wall message was sent to the other.
Add a new setting that follows the same principle and implementation
as ExtensionImages, but using directories as sources.
It will be used to implement support for extending portable images
with directories, since portable services can already use a directory
as root.
Otherwise we might hit a window where the coredump happens before
midnight, but we check for it after midnight, which yields no results.
E.g.:
```
$ coredumpctl --no-legend --no-pager --file system.journal
Wed 2022-01-05 01:00:06 CET 359 0 0 SIGABRT journal /usr/bin/udevadm n/a
$ coredumpctl --since 23:59:55 --no-legend --no-pager --file system.journal
No coredumps found.
$ coredumpctl --since "2022-01-04 23:59:59" --no-legend --no-pager --file system.journal
Wed 2022-01-05 01:00:06 CET 359 0 0 SIGABRT journal /usr/bin/udevadm n/a
```
The user may be busy when auto-rebalancing the user's home device.
Workaround for #21589.
---
Dec 01 15:03:15 H systemd-homework[1078]: Provided password unlocks user record.
Dec 01 15:03:15 H systemd-homework[1078]: Image file '/home/test-user.home' already locked, can't use.
Dec 01 15:03:15 H systemd-homed[240]: Worker reported error code EADDRINUSE.
Dec 01 15:03:15 H systemd-homed[240]: Activation failed: Address already in use
---
When conditions fail on a service unit, a path unit can cause
PID 1 to busy loop as it keeps trying to activate the service unit.
To avoid this from happening, add a trigger limit to the path unit,
identical to the trigger limit we have for socket units.
Initially, let's start with a high limit and not make it configurable.
If needed, we can add properties to configure the rate limit similar
to the ones we have for socket units.
On some runs `sleep infinity` run by the user manager uses over 3M of
memory, which is higher than the MemoryHigh= set on testbloat and
testmunch. If no pgscan is generated, then systemd-oomd sorts by memory
usage which leads to a situation where testchill (using 3M) could be
targeted over testbloat (1M-2M).
Fix this by setting reasonable MemoryHigh= values for all of these test
units. Even if somehow testchill throttles a bit at 3M, testbloat and
testmunch should still be trying to use over 100M at memory and will
throttle down to 5M and 6M with the new values. This should reflect
the desired state in pgscan and memory usage during the test run.
Fixes#21684
The openssl binary is an optional dependency.
If systemd has been built with OpenSSL support, we want to test its
OpenSSL functionality.
So record a failure message in /failed if the binary is missing.
See https://github.com/systemd/systemd/pull/21724#issuecomment-992707614
Otherwise we might miss the "Device path too long" message:
```
[ 21.083274] testsuite-64.sh[374]: swapoff /dev/vda1
[ 21.089841] testsuite-64.sh[376]: ++ mktemp
[ 21.095115] testsuite-64.sh[271]: + logfile=/tmp/tmp.a1MULA35wL
[ 21.095115] testsuite-64.sh[271]: + journalctl -b -q --no-pager -o short-monotonic -p info --grep 'Device path.*vda.?'\'' too long to fit into unit name'
...
[ 21.277360] systemd[1]: testsuite-64.service: Main process exited, code=exited, status=1/FAILURE
[ 21.277508] systemd[1]: testsuite-64.service: Failed with result 'exit-code'.
...
[ 21.323500] systemd[1]: Device path '/sys/devices/pci0000:00/0000:00:03.0/0000:01:00.0/0000:02:00.0/0000:03:00.0/0000:04:00.0/0000:05:00.0/0000:06:00.0/0000:07:00.0/0000:08:00.0/0000:09:00.0/0000:0a:00.0/0000:0b:00.0/0000:0c:00.0/0000:0d:00.0/0000:0e:00.0/0000:0f:00.0/0000:10:00.0/0000:11:00.0/0000:12:00.0/0000:13:00.0/0000:14:00.0/0000:15:00.0/0000:16:00.0/0000:17:00.0/0000:18:00.0/0000:19:00.0/0000:1a:00.0/virtio0/block/vda/vda1' too long to fit into unit name, ignoring device.
```
