shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-01-24 06:04:05 +03:00
Code

test: drop unneeded journal socket bind mounts

Browse Source 
(where BindJournalSockets=yes is implied)
This commit is contained in:
Mike Yuan 2024-04-26 16:54:25 +08:00
parent 263fa92bab
commit e2e6c23fdb
No known key found for this signature in database
GPG Key ID: 417471C0A40F58B3
2 changed files with 3 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
test/units/TEST-50-DISSECT.dissect.sh
View File

@ -9,12 +9,6 @@ set -o pipefail
# shellcheck source=test/units/util.sh # shellcheck source=test/units/util.sh
. "$(dirname "$0")"/util.sh . "$(dirname "$0")"/util.sh
BIND_LOG_SOCKETS=(
--property BindReadOnlyPaths=/dev/log
--property BindReadOnlyPaths=/run/systemd/journal/socket
--property BindReadOnlyPaths=/run/systemd/journal/stdout
)
systemd-dissect --json=short "$MINIMAL_IMAGE.raw" | \ systemd-dissect --json=short "$MINIMAL_IMAGE.raw" | \
grep -q -F '{"rw":"ro","designator":"root","partition_uuid":null,"partition_label":null,"fstype":"squashfs","architecture":null,"verity":"external"' grep -q -F '{"rw":"ro","designator":"root","partition_uuid":null,"partition_label":null,"fstype":"squashfs","architecture":null,"verity":"external"'
systemd-dissect "$MINIMAL_IMAGE.raw" | grep -q -F "MARKER=1" systemd-dissect "$MINIMAL_IMAGE.raw" | grep -q -F "MARKER=1"
@ -80,21 +74,19 @@ fi
systemd-dissect --umount "$IMAGE_DIR/mount" systemd-dissect --umount "$IMAGE_DIR/mount"
systemd-dissect --umount "$IMAGE_DIR/mount2" systemd-dissect --umount "$IMAGE_DIR/mount2"
systemd-run -P -p RootImage="$MINIMAL_IMAGE.raw" "${BIND_LOG_SOCKETS[@]}" cat /usr/lib/os-release | grep -q -F "MARKER=1" systemd-run -P -p RootImage="$MINIMAL_IMAGE.raw" cat /usr/lib/os-release | grep -q -F "MARKER=1"
mv "$MINIMAL_IMAGE.verity" "$MINIMAL_IMAGE.fooverity" mv "$MINIMAL_IMAGE.verity" "$MINIMAL_IMAGE.fooverity"
mv "$MINIMAL_IMAGE.roothash" "$MINIMAL_IMAGE.foohash" mv "$MINIMAL_IMAGE.roothash" "$MINIMAL_IMAGE.foohash"
systemd-run -P \ systemd-run -P \
-p RootImage="$MINIMAL_IMAGE.raw" \ -p RootImage="$MINIMAL_IMAGE.raw" \
-p RootHash="$MINIMAL_IMAGE.foohash" \ -p RootHash="$MINIMAL_IMAGE.foohash" \
-p RootVerity="$MINIMAL_IMAGE.fooverity" \ -p RootVerity="$MINIMAL_IMAGE.fooverity" \
"${BIND_LOG_SOCKETS[@]}" \
cat /usr/lib/os-release | grep -q -F "MARKER=1" cat /usr/lib/os-release | grep -q -F "MARKER=1"
# Let's use the long option name just here as a test # Let's use the long option name just here as a test
systemd-run -P \ systemd-run -P \
--property RootImage="$MINIMAL_IMAGE.raw" \ --property RootImage="$MINIMAL_IMAGE.raw" \
--property RootHash="$MINIMAL_IMAGE_ROOTHASH" \ --property RootHash="$MINIMAL_IMAGE_ROOTHASH" \
--property RootVerity="$MINIMAL_IMAGE.fooverity" \ --property RootVerity="$MINIMAL_IMAGE.fooverity" \
"${BIND_LOG_SOCKETS[@]}" \
cat /usr/lib/os-release | grep -q -F "MARKER=1" cat /usr/lib/os-release | grep -q -F "MARKER=1"
mv "$MINIMAL_IMAGE.fooverity" "$MINIMAL_IMAGE.verity" mv "$MINIMAL_IMAGE.fooverity" "$MINIMAL_IMAGE.verity"
mv "$MINIMAL_IMAGE.foohash" "$MINIMAL_IMAGE.roothash" mv "$MINIMAL_IMAGE.foohash" "$MINIMAL_IMAGE.roothash"
@ -142,56 +134,48 @@ systemd-run --wait -P \
-p RootImage="$MINIMAL_IMAGE.gpt" \ -p RootImage="$MINIMAL_IMAGE.gpt" \
-p RootHash="$MINIMAL_IMAGE_ROOTHASH" \ -p RootHash="$MINIMAL_IMAGE_ROOTHASH" \
-p MountAPIVFS=yes \ -p MountAPIVFS=yes \
"${BIND_LOG_SOCKETS[@]}" \
cat /usr/lib/os-release | grep -q -F "MARKER=1" cat /usr/lib/os-release | grep -q -F "MARKER=1"
systemd-run --wait -P \ systemd-run --wait -P \
-p RootImage="$MINIMAL_IMAGE.gpt" \ -p RootImage="$MINIMAL_IMAGE.gpt" \
-p RootHash="$MINIMAL_IMAGE_ROOTHASH" \ -p RootHash="$MINIMAL_IMAGE_ROOTHASH" \
-p RootImagePolicy='*' \ -p RootImagePolicy='*' \
-p MountAPIVFS=yes \ -p MountAPIVFS=yes \
"${BIND_LOG_SOCKETS[@]}" \
cat /usr/lib/os-release | grep -q -F "MARKER=1" cat /usr/lib/os-release | grep -q -F "MARKER=1"
(! systemd-run --wait -P \ (! systemd-run --wait -P \
-p RootImage="$MINIMAL_IMAGE.gpt" \ -p RootImage="$MINIMAL_IMAGE.gpt" \
-p RootHash="$MINIMAL_IMAGE_ROOTHASH" \ -p RootHash="$MINIMAL_IMAGE_ROOTHASH" \
-p RootImagePolicy='~' \ -p RootImagePolicy='~' \
-p MountAPIVFS=yes \ -p MountAPIVFS=yes \
"${BIND_LOG_SOCKETS[@]}" \
cat /usr/lib/os-release | grep -q -F "MARKER=1") cat /usr/lib/os-release | grep -q -F "MARKER=1")
(! systemd-run --wait -P \ (! systemd-run --wait -P \
-p RootImage="$MINIMAL_IMAGE.gpt" \ -p RootImage="$MINIMAL_IMAGE.gpt" \
-p RootHash="$MINIMAL_IMAGE_ROOTHASH" \ -p RootHash="$MINIMAL_IMAGE_ROOTHASH" \
-p RootImagePolicy='-' \ -p RootImagePolicy='-' \
-p MountAPIVFS=yes \ -p MountAPIVFS=yes \
"${BIND_LOG_SOCKETS[@]}" \
cat /usr/lib/os-release | grep -q -F "MARKER=1") cat /usr/lib/os-release | grep -q -F "MARKER=1")
(! systemd-run --wait -P \ (! systemd-run --wait -P \
-p RootImage="$MINIMAL_IMAGE.gpt" \ -p RootImage="$MINIMAL_IMAGE.gpt" \
-p RootHash="$MINIMAL_IMAGE_ROOTHASH" \ -p RootHash="$MINIMAL_IMAGE_ROOTHASH" \
-p RootImagePolicy='root=absent' \ -p RootImagePolicy='root=absent' \
-p MountAPIVFS=yes \ -p MountAPIVFS=yes \
"${BIND_LOG_SOCKETS[@]}" \
cat /usr/lib/os-release | grep -q -F "MARKER=1") cat /usr/lib/os-release | grep -q -F "MARKER=1")
systemd-run --wait -P \ systemd-run --wait -P \
-p RootImage="$MINIMAL_IMAGE.gpt" \ -p RootImage="$MINIMAL_IMAGE.gpt" \
-p RootHash="$MINIMAL_IMAGE_ROOTHASH" \ -p RootHash="$MINIMAL_IMAGE_ROOTHASH" \
-p RootImagePolicy='root=verity' \ -p RootImagePolicy='root=verity' \
-p MountAPIVFS=yes \ -p MountAPIVFS=yes \
"${BIND_LOG_SOCKETS[@]}" \
cat /usr/lib/os-release | grep -q -F "MARKER=1" cat /usr/lib/os-release | grep -q -F "MARKER=1"
systemd-run --wait -P \ systemd-run --wait -P \
-p RootImage="$MINIMAL_IMAGE.gpt" \ -p RootImage="$MINIMAL_IMAGE.gpt" \
-p RootHash="$MINIMAL_IMAGE_ROOTHASH" \ -p RootHash="$MINIMAL_IMAGE_ROOTHASH" \
-p RootImagePolicy='root=signed' \ -p RootImagePolicy='root=signed' \
-p MountAPIVFS=yes \ -p MountAPIVFS=yes \
"${BIND_LOG_SOCKETS[@]}" \
cat /usr/lib/os-release | grep -q -F "MARKER=1" cat /usr/lib/os-release | grep -q -F "MARKER=1"
(! systemd-run --wait -P \ (! systemd-run --wait -P \
-p RootImage="$MINIMAL_IMAGE.gpt" \ -p RootImage="$MINIMAL_IMAGE.gpt" \
-p RootHash="$MINIMAL_IMAGE_ROOTHASH" \ -p RootHash="$MINIMAL_IMAGE_ROOTHASH" \
-p RootImagePolicy='root=encrypted' \ -p RootImagePolicy='root=encrypted' \
-p MountAPIVFS=yes \ -p MountAPIVFS=yes \
"${BIND_LOG_SOCKETS[@]}" \
cat /usr/lib/os-release | grep -q -F "MARKER=1") cat /usr/lib/os-release | grep -q -F "MARKER=1")
systemd-dissect --root-hash "$MINIMAL_IMAGE_ROOTHASH" --mount "$MINIMAL_IMAGE.gpt" "$IMAGE_DIR/mount" systemd-dissect --root-hash "$MINIMAL_IMAGE_ROOTHASH" --mount "$MINIMAL_IMAGE.gpt" "$IMAGE_DIR/mount"
@ -211,17 +195,14 @@ systemd-run -P \
-p RootImage="$MINIMAL_IMAGE.gpt" \ -p RootImage="$MINIMAL_IMAGE.gpt" \
-p RootHash="$MINIMAL_IMAGE_ROOTHASH" \ -p RootHash="$MINIMAL_IMAGE_ROOTHASH" \
-p MountAPIVFS=yes \ -p MountAPIVFS=yes \
"${BIND_LOG_SOCKETS[@]}" \
cat /usr/lib/os-release | grep -q -F "MARKER=1" cat /usr/lib/os-release | grep -q -F "MARKER=1"
systemd-run -P \ systemd-run -P \
-p RootImage="$MINIMAL_IMAGE.raw" \ -p RootImage="$MINIMAL_IMAGE.raw" \
-p RootImageOptions="root:nosuid,dev home:ro,dev ro,noatime" \ -p RootImageOptions="root:nosuid,dev home:ro,dev ro,noatime" \
"${BIND_LOG_SOCKETS[@]}" \
mount | grep -F "squashfs" | grep -q -F "nosuid" mount | grep -F "squashfs" | grep -q -F "nosuid"
systemd-run -P \ systemd-run -P \
-p RootImage="$MINIMAL_IMAGE.gpt" \ -p RootImage="$MINIMAL_IMAGE.gpt" \
-p RootImageOptions="root:ro,noatime root:ro,dev" \ -p RootImageOptions="root:ro,noatime root:ro,dev" \
"${BIND_LOG_SOCKETS[@]}" \
mount | grep -F "squashfs" | grep -q -F "noatime" mount | grep -F "squashfs" | grep -q -F "noatime"
mkdir -p "$IMAGE_DIR/result" mkdir -p "$IMAGE_DIR/result"
@ -234,7 +215,6 @@ TemporaryFileSystem=/run
RootImage=$MINIMAL_IMAGE.raw RootImage=$MINIMAL_IMAGE.raw
RootImageOptions=root:ro,noatime home:ro,dev relatime,dev RootImageOptions=root:ro,noatime home:ro,dev relatime,dev
RootImageOptions=nosuid,dev RootImageOptions=nosuid,dev
BindReadOnlyPaths=/dev/log /run/systemd/journal/socket /run/systemd/journal/stdout
EOF EOF
systemctl start testservice-50a.service systemctl start testservice-50a.service
grep -F "squashfs" "$IMAGE_DIR/result/a" | grep -q -F "noatime" grep -F "squashfs" "$IMAGE_DIR/result/a" | grep -q -F "noatime"
@ -251,7 +231,6 @@ RootImageOptions=root:ro,noatime,nosuid home:ro,dev nosuid,dev
RootImageOptions=home:ro,dev nosuid,dev,%%foo RootImageOptions=home:ro,dev nosuid,dev,%%foo
# this is the default, but let's specify once to test the parser # this is the default, but let's specify once to test the parser
MountAPIVFS=yes MountAPIVFS=yes
BindReadOnlyPaths=/dev/log /run/systemd/journal/socket /run/systemd/journal/stdout
EOF EOF
systemctl start testservice-50b.service systemctl start testservice-50b.service
grep -F "squashfs" "$IMAGE_DIR/result/b" | grep -q -F "noatime" grep -F "squashfs" "$IMAGE_DIR/result/b" | grep -q -F "noatime"
@ -284,27 +263,23 @@ systemd-run -P \
-p TemporaryFileSystem=/run \ -p TemporaryFileSystem=/run \
-p RootImage="$MINIMAL_IMAGE.raw" \ -p RootImage="$MINIMAL_IMAGE.raw" \
-p MountImages="$MINIMAL_IMAGE.gpt:/run/img1 $MINIMAL_IMAGE.raw:/run/img2" \ -p MountImages="$MINIMAL_IMAGE.gpt:/run/img1 $MINIMAL_IMAGE.raw:/run/img2" \
"${BIND_LOG_SOCKETS[@]}" \
cat /usr/lib/os-release | grep -q -F "MARKER=1" cat /usr/lib/os-release | grep -q -F "MARKER=1"
systemd-run -P \ systemd-run -P \
-p TemporaryFileSystem=/run \ -p TemporaryFileSystem=/run \
-p RootImage="$MINIMAL_IMAGE.raw" \ -p RootImage="$MINIMAL_IMAGE.raw" \
-p MountImages="$MINIMAL_IMAGE.gpt:/run/img1 $MINIMAL_IMAGE.raw:/run/img2" \ -p MountImages="$MINIMAL_IMAGE.gpt:/run/img1 $MINIMAL_IMAGE.raw:/run/img2" \
"${BIND_LOG_SOCKETS[@]}" \
cat /run/img1/usr/lib/os-release | grep -q -F "MARKER=1" cat /run/img1/usr/lib/os-release | grep -q -F "MARKER=1"
systemd-run -P \ systemd-run -P \
-p TemporaryFileSystem=/run \ -p TemporaryFileSystem=/run \
-p RootImage="$MINIMAL_IMAGE.gpt" \ -p RootImage="$MINIMAL_IMAGE.gpt" \
-p RootHash="$MINIMAL_IMAGE_ROOTHASH" \ -p RootHash="$MINIMAL_IMAGE_ROOTHASH" \
-p MountImages="$MINIMAL_IMAGE.gpt:/run/img1 $MINIMAL_IMAGE.raw:/run/img2" \ -p MountImages="$MINIMAL_IMAGE.gpt:/run/img1 $MINIMAL_IMAGE.raw:/run/img2" \
"${BIND_LOG_SOCKETS[@]}" \
cat /run/img2/usr/lib/os-release | grep -q -F "MARKER=1" cat /run/img2/usr/lib/os-release | grep -q -F "MARKER=1"
cat >/run/systemd/system/testservice-50c.service <<EOF cat >/run/systemd/system/testservice-50c.service <<EOF
[Service] [Service]
MountAPIVFS=yes MountAPIVFS=yes
TemporaryFileSystem=/run TemporaryFileSystem=/run
RootImage=$MINIMAL_IMAGE.raw RootImage=$MINIMAL_IMAGE.raw
BindReadOnlyPaths=/dev/log /run/systemd/journal/socket /run/systemd/journal/stdout
MountImages=$MINIMAL_IMAGE.gpt:/run/img1:root:noatime:home:relatime MountImages=$MINIMAL_IMAGE.gpt:/run/img1:root:noatime:home:relatime
MountImages=$MINIMAL_IMAGE.raw:/run/img2\:3:nosuid MountImages=$MINIMAL_IMAGE.raw:/run/img2\:3:nosuid
ExecStart=bash -c "cat /run/img1/usr/lib/os-release >/run/result/c" ExecStart=bash -c "cat /run/img1/usr/lib/os-release >/run/result/c"
@ -352,42 +327,34 @@ systemctl is-active testservice-50d.service
systemd-run -P \ systemd-run -P \
--property ExtensionImages=/tmp/app0.raw \ --property ExtensionImages=/tmp/app0.raw \
--property RootImage="$MINIMAL_IMAGE.raw" \ --property RootImage="$MINIMAL_IMAGE.raw" \
"${BIND_LOG_SOCKETS[@]}" \
cat /opt/script0.sh | grep -q -F "extension-release.app0" cat /opt/script0.sh | grep -q -F "extension-release.app0"
systemd-run -P \ systemd-run -P \
--property ExtensionImages=/tmp/app0.raw \ --property ExtensionImages=/tmp/app0.raw \
--property RootImage="$MINIMAL_IMAGE.raw" \ --property RootImage="$MINIMAL_IMAGE.raw" \
"${BIND_LOG_SOCKETS[@]}" \
cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1" cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1"
systemd-run -P \ systemd-run -P \
--property ExtensionImages="/tmp/app0.raw /tmp/app1.raw" \ --property ExtensionImages="/tmp/app0.raw /tmp/app1.raw" \
--property RootImage="$MINIMAL_IMAGE.raw" \ --property RootImage="$MINIMAL_IMAGE.raw" \
"${BIND_LOG_SOCKETS[@]}" \
cat /opt/script0.sh | grep -q -F "extension-release.app0" cat /opt/script0.sh | grep -q -F "extension-release.app0"
systemd-run -P \ systemd-run -P \
--property ExtensionImages="/tmp/app0.raw /tmp/app1.raw" \ --property ExtensionImages="/tmp/app0.raw /tmp/app1.raw" \
--property RootImage="$MINIMAL_IMAGE.raw" \ --property RootImage="$MINIMAL_IMAGE.raw" \
"${BIND_LOG_SOCKETS[@]}" \
cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1" cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1"
systemd-run -P \ systemd-run -P \
--property ExtensionImages="/tmp/app0.raw /tmp/app1.raw" \ --property ExtensionImages="/tmp/app0.raw /tmp/app1.raw" \
--property RootImage="$MINIMAL_IMAGE.raw" \ --property RootImage="$MINIMAL_IMAGE.raw" \
"${BIND_LOG_SOCKETS[@]}" \
cat /opt/script1.sh | grep -q -F "extension-release.app2" cat /opt/script1.sh | grep -q -F "extension-release.app2"
systemd-run -P \ systemd-run -P \
--property ExtensionImages="/tmp/app0.raw /tmp/app1.raw" \ --property ExtensionImages="/tmp/app0.raw /tmp/app1.raw" \
--property RootImage="$MINIMAL_IMAGE.raw" \ --property RootImage="$MINIMAL_IMAGE.raw" \
"${BIND_LOG_SOCKETS[@]}" \
cat /usr/lib/systemd/system/other_file | grep -q -F "MARKER=1" cat /usr/lib/systemd/system/other_file | grep -q -F "MARKER=1"
systemd-run -P \ systemd-run -P \
--property ExtensionImages=/tmp/app-nodistro.raw \ --property ExtensionImages=/tmp/app-nodistro.raw \
--property RootImage="$MINIMAL_IMAGE.raw" \ --property RootImage="$MINIMAL_IMAGE.raw" \
"${BIND_LOG_SOCKETS[@]}" \
cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1" cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1"
systemd-run -P \ systemd-run -P \
--property ExtensionImages=/etc/service-scoped-test.raw \ --property ExtensionImages=/etc/service-scoped-test.raw \
--property RootImage="$MINIMAL_IMAGE.raw" \ --property RootImage="$MINIMAL_IMAGE.raw" \
"${BIND_LOG_SOCKETS[@]}" \
cat /etc/systemd/system/some_file | grep -q -F "MARKER_CONFEXT_123" cat /etc/systemd/system/some_file | grep -q -F "MARKER_CONFEXT_123"
# Check that two identical verity images at different paths do not fail with -ELOOP from OverlayFS # Check that two identical verity images at different paths do not fail with -ELOOP from OverlayFS
@ -412,7 +379,6 @@ ln -fs /tmp/symlink-test/app-nodistro-v1.raw /tmp/symlink-test/app-nodistro.raw
systemd-run -P \ systemd-run -P \
--property ExtensionImages=/tmp/symlink-test/app-nodistro.raw \ --property ExtensionImages=/tmp/symlink-test/app-nodistro.raw \
--property RootImage="$MINIMAL_IMAGE.raw" \ --property RootImage="$MINIMAL_IMAGE.raw" \
"${BIND_LOG_SOCKETS[@]}" \
cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1" cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1"
# Symlink check again but for confext # Symlink check again but for confext
@ -422,20 +388,17 @@ ln -fs /etc/symlink-test/service-scoped-test-v1.raw /etc/symlink-test/service-sc
systemd-run -P \ systemd-run -P \
--property ExtensionImages=/etc/symlink-test/service-scoped-test.raw \ --property ExtensionImages=/etc/symlink-test/service-scoped-test.raw \
--property RootImage="$MINIMAL_IMAGE.raw" \ --property RootImage="$MINIMAL_IMAGE.raw" \
"${BIND_LOG_SOCKETS[@]}" \
cat /etc/systemd/system/some_file | grep -q -F "MARKER_CONFEXT_123" cat /etc/systemd/system/some_file | grep -q -F "MARKER_CONFEXT_123"
# And again mixing sysext and confext # And again mixing sysext and confext
systemd-run -P \ systemd-run -P \
--property ExtensionImages=/tmp/symlink-test/app-nodistro.raw \ --property ExtensionImages=/tmp/symlink-test/app-nodistro.raw \
--property ExtensionImages=/etc/symlink-test/service-scoped-test.raw \ --property ExtensionImages=/etc/symlink-test/service-scoped-test.raw \
--property RootImage="$MINIMAL_IMAGE.raw" \ --property RootImage="$MINIMAL_IMAGE.raw" \
"${BIND_LOG_SOCKETS[@]}" \
cat /etc/systemd/system/some_file | grep -q -F "MARKER_CONFEXT_123" cat /etc/systemd/system/some_file | grep -q -F "MARKER_CONFEXT_123"
systemd-run -P \ systemd-run -P \
--property ExtensionImages=/tmp/symlink-test/app-nodistro.raw \ --property ExtensionImages=/tmp/symlink-test/app-nodistro.raw \
--property ExtensionImages=/etc/symlink-test/service-scoped-test.raw \ --property ExtensionImages=/etc/symlink-test/service-scoped-test.raw \
--property RootImage="$MINIMAL_IMAGE.raw" \ --property RootImage="$MINIMAL_IMAGE.raw" \
"${BIND_LOG_SOCKETS[@]}" \
cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1" cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1"
cat >/run/systemd/system/testservice-50e.service <<EOF cat >/run/systemd/system/testservice-50e.service <<EOF
@ -445,7 +408,6 @@ TemporaryFileSystem=/run /var/lib
StateDirectory=app0 StateDirectory=app0
RootImage=$MINIMAL_IMAGE.raw RootImage=$MINIMAL_IMAGE.raw
ExtensionImages=/tmp/app0.raw /tmp/app1.raw:nosuid ExtensionImages=/tmp/app0.raw /tmp/app1.raw:nosuid
BindReadOnlyPaths=/dev/log /run/systemd/journal/socket /run/systemd/journal/stdout
# Relevant only for sanitizer runs # Relevant only for sanitizer runs
UnsetEnvironment=LD_PRELOAD UnsetEnvironment=LD_PRELOAD
ExecStart=bash -c '/opt/script0.sh | grep ID' ExecStart=bash -c '/opt/script0.sh | grep ID'
@ -473,12 +435,10 @@ mkdir -p "$IMAGE_DIR/app0" "$IMAGE_DIR/app1" "$IMAGE_DIR/app-nodistro" "$IMAGE_D
(! systemd-run -P \ (! systemd-run -P \
--property ExtensionDirectories="$IMAGE_DIR/nonexistent" \ --property ExtensionDirectories="$IMAGE_DIR/nonexistent" \
--property RootImage="$MINIMAL_IMAGE.raw" \ --property RootImage="$MINIMAL_IMAGE.raw" \
"${BIND_LOG_SOCKETS[@]}" \
cat /opt/script0.sh) cat /opt/script0.sh)
(! systemd-run -P \ (! systemd-run -P \
--property ExtensionDirectories="$IMAGE_DIR/app0" \ --property ExtensionDirectories="$IMAGE_DIR/app0" \
--property RootImage="$MINIMAL_IMAGE.raw" \ --property RootImage="$MINIMAL_IMAGE.raw" \
"${BIND_LOG_SOCKETS[@]}" \
cat /opt/script0.sh) cat /opt/script0.sh)
systemd-dissect --mount /tmp/app0.raw "$IMAGE_DIR/app0" systemd-dissect --mount /tmp/app0.raw "$IMAGE_DIR/app0"
systemd-dissect --mount /tmp/app1.raw "$IMAGE_DIR/app1" systemd-dissect --mount /tmp/app1.raw "$IMAGE_DIR/app1"
@ -487,42 +447,34 @@ systemd-dissect --mount /etc/service-scoped-test.raw "$IMAGE_DIR/service-scoped-
systemd-run -P \ systemd-run -P \
--property ExtensionDirectories="$IMAGE_DIR/app0" \ --property ExtensionDirectories="$IMAGE_DIR/app0" \
--property RootImage="$MINIMAL_IMAGE.raw" \ --property RootImage="$MINIMAL_IMAGE.raw" \
"${BIND_LOG_SOCKETS[@]}" \
cat /opt/script0.sh | grep -q -F "extension-release.app0" cat /opt/script0.sh | grep -q -F "extension-release.app0"
systemd-run -P \ systemd-run -P \
--property ExtensionDirectories="$IMAGE_DIR/app0" \ --property ExtensionDirectories="$IMAGE_DIR/app0" \
--property RootImage="$MINIMAL_IMAGE.raw" \ --property RootImage="$MINIMAL_IMAGE.raw" \
"${BIND_LOG_SOCKETS[@]}" \
cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1" cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1"
systemd-run -P \ systemd-run -P \
--property ExtensionDirectories="$IMAGE_DIR/app0 $IMAGE_DIR/app1" \ --property ExtensionDirectories="$IMAGE_DIR/app0 $IMAGE_DIR/app1" \
--property RootImage="$MINIMAL_IMAGE.raw" \ --property RootImage="$MINIMAL_IMAGE.raw" \
"${BIND_LOG_SOCKETS[@]}" \
cat /opt/script0.sh | grep -q -F "extension-release.app0" cat /opt/script0.sh | grep -q -F "extension-release.app0"
systemd-run -P \ systemd-run -P \
--property ExtensionDirectories="$IMAGE_DIR/app0 $IMAGE_DIR/app1" \ --property ExtensionDirectories="$IMAGE_DIR/app0 $IMAGE_DIR/app1" \
--property RootImage="$MINIMAL_IMAGE.raw" \ --property RootImage="$MINIMAL_IMAGE.raw" \
"${BIND_LOG_SOCKETS[@]}" \
cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1" cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1"
systemd-run -P \ systemd-run -P \
--property ExtensionDirectories="$IMAGE_DIR/app0 $IMAGE_DIR/app1" \ --property ExtensionDirectories="$IMAGE_DIR/app0 $IMAGE_DIR/app1" \
--property RootImage="$MINIMAL_IMAGE.raw" \ --property RootImage="$MINIMAL_IMAGE.raw" \
"${BIND_LOG_SOCKETS[@]}" \
cat /opt/script1.sh | grep -q -F "extension-release.app2" cat /opt/script1.sh | grep -q -F "extension-release.app2"
systemd-run -P \ systemd-run -P \
--property ExtensionDirectories="$IMAGE_DIR/app0 $IMAGE_DIR/app1" \ --property ExtensionDirectories="$IMAGE_DIR/app0 $IMAGE_DIR/app1" \
--property RootImage="$MINIMAL_IMAGE.raw" \ --property RootImage="$MINIMAL_IMAGE.raw" \
"${BIND_LOG_SOCKETS[@]}" \
cat /usr/lib/systemd/system/other_file | grep -q -F "MARKER=1" cat /usr/lib/systemd/system/other_file | grep -q -F "MARKER=1"
systemd-run -P \ systemd-run -P \
--property ExtensionDirectories="$IMAGE_DIR/app-nodistro" \ --property ExtensionDirectories="$IMAGE_DIR/app-nodistro" \
--property RootImage="$MINIMAL_IMAGE.raw" \ --property RootImage="$MINIMAL_IMAGE.raw" \
"${BIND_LOG_SOCKETS[@]}" \
cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1" cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1"
systemd-run -P \ systemd-run -P \
--property ExtensionDirectories="$IMAGE_DIR/service-scoped-test" \ --property ExtensionDirectories="$IMAGE_DIR/service-scoped-test" \
--property RootImage="$MINIMAL_IMAGE.raw" \ --property RootImage="$MINIMAL_IMAGE.raw" \
"${BIND_LOG_SOCKETS[@]}" \
cat /etc/systemd/system/some_file | grep -q -F "MARKER_CONFEXT_123" cat /etc/systemd/system/some_file | grep -q -F "MARKER_CONFEXT_123"
cat >/run/systemd/system/testservice-50f.service <<EOF cat >/run/systemd/system/testservice-50f.service <<EOF
[Service] [Service]
@ -530,7 +482,6 @@ MountAPIVFS=yes
TemporaryFileSystem=/run /var/lib TemporaryFileSystem=/run /var/lib
StateDirectory=app0 StateDirectory=app0
RootImage=$MINIMAL_IMAGE.raw RootImage=$MINIMAL_IMAGE.raw
BindReadOnlyPaths=/dev/log /run/systemd/journal/socket /run/systemd/journal/stdout
ExtensionDirectories=$IMAGE_DIR/app0 $IMAGE_DIR/app1 ExtensionDirectories=$IMAGE_DIR/app0 $IMAGE_DIR/app1
# Relevant only for sanitizer runs # Relevant only for sanitizer runs
UnsetEnvironment=LD_PRELOAD UnsetEnvironment=LD_PRELOAD
@ -600,7 +551,7 @@ ln -s "$MINIMAL_IMAGE.raw" "$VDIR/${VBASE}_33.raw"
ln -s "$MINIMAL_IMAGE.raw" "$VDIR/${VBASE}_34.raw" ln -s "$MINIMAL_IMAGE.raw" "$VDIR/${VBASE}_34.raw"
ln -s "$MINIMAL_IMAGE.raw" "$VDIR/${VBASE}_35.raw" ln -s "$MINIMAL_IMAGE.raw" "$VDIR/${VBASE}_35.raw"
systemd-run -P -p RootImage="$VDIR" "${BIND_LOG_SOCKETS[@]}" cat /usr/lib/os-release | grep -q -F "MARKER=1" systemd-run -P -p RootImage="$VDIR" cat /usr/lib/os-release | grep -q -F "MARKER=1"
rm "$VDIR/${VBASE}_33.raw" "$VDIR/${VBASE}_34.raw" "$VDIR/${VBASE}_35.raw" rm "$VDIR/${VBASE}_33.raw" "$VDIR/${VBASE}_34.raw" "$VDIR/${VBASE}_35.raw"
rmdir "$VDIR" rmdir "$VDIR"
@ -678,7 +629,6 @@ systemd-run --unit=test-root-ephemeral \
-p RootDirectory=/tmp/img \ -p RootDirectory=/tmp/img \
-p RootEphemeral=yes \ -p RootEphemeral=yes \
-p Type=exec \ -p Type=exec \
"${BIND_LOG_SOCKETS[@]}" \
bash -c "touch /abc && sleep infinity" bash -c "touch /abc && sleep infinity"
test -n "$(ls -A /var/lib/systemd/ephemeral-trees)" test -n "$(ls -A /var/lib/systemd/ephemeral-trees)"
systemctl stop test-root-ephemeral systemctl stop test-root-ephemeral
@ -728,7 +678,7 @@ grep -q -F "MARKER_CONFEXT_123" /etc/testfile
systemd-confext unmerge systemd-confext unmerge
rm -rf /run/confexts/ testjob/ rm -rf /run/confexts/ testjob/
systemd-run -P -p RootImage="$MINIMAL_IMAGE.raw" "${BIND_LOG_SOCKETS[@]}" cat /run/host/os-release | cmp "$OS_RELEASE" systemd-run -P -p RootImage="$MINIMAL_IMAGE.raw" cat /run/host/os-release | cmp "$OS_RELEASE"
# Test that systemd-sysext reloads the daemon. # Test that systemd-sysext reloads the daemon.
mkdir -p /var/lib/extensions/ mkdir -p /var/lib/extensions/

3
test/units/TEST-82-SOFTREBOOT.sh
View File

@ -242,9 +242,6 @@ EOF
systemd-run --service-type=exec --unit=TEST-82-SOFTREBOOT-survive.service \ systemd-run --service-type=exec --unit=TEST-82-SOFTREBOOT-survive.service \
--property TemporaryFileSystem="/run /tmp /var" \ --property TemporaryFileSystem="/run /tmp /var" \
--property RootImage=/tmp/minimal_0.raw \ --property RootImage=/tmp/minimal_0.raw \
--property BindReadOnlyPaths=/dev/log \
--property BindReadOnlyPaths=/run/systemd/journal/socket \
--property BindReadOnlyPaths=/run/systemd/journal/stdout \
--property SurviveFinalKillSignal=yes \ --property SurviveFinalKillSignal=yes \
--property IgnoreOnIsolate=yes \ --property IgnoreOnIsolate=yes \
--property DefaultDependencies=no \ --property DefaultDependencies=no \