1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-02 10:51:20 +03:00
Commit Graph

574 Commits

Author SHA1 Message Date
Lennart Poettering
cc4338e435 tests: tighten check for TEST-06-SELINUX dependencies a bit
As it turns out /usr/share/selinux/devel/ is now included in more RPMs
than just selinux-policy-devel (specifically container-selinux, which is
pulled in by various container related RPMs). Let's hence tighten the
dependency check a bit and look for systemd's .if file, which is what we
actually care about.
2018-06-06 10:17:38 +02:00
Lennart Poettering
b5b74e4b12
Merge pull request #9167 from keszybz/ellipsization
Ellipsization fixes based on unit-testing and fuzzing
2018-06-04 13:45:03 +02:00
Yu Watanabe
2b633119a0 test: add test for trailing dot in WorkingDirectory= and RuntimeDirectory= 2018-06-03 23:59:51 +09:00
Zbigniew Jędrzejewski-Szmek
9924aef690 test-ellipsize: add tests for ellipsize_mem, fix bugs
First, ellipsize() and ellipsize_mem() should not read past the input
buffer. Those functions take an explicit length for the input data, so they
should not assume that the buffer is terminated by a nul.

Second, ellipsization was off in various cases where wide on multi-byte
characters were used.

We had some basic test for ellipsize(), but apparently it wasn't enough to
catch more serious cases.

Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8686.
2018-06-02 21:53:25 +02:00
Zbigniew Jędrzejewski-Szmek
03d1319b12 shared/logs-show: be more careful before using a _SOURCE_REALTIME_TIMESTAMP entry
journalctl -o short would display those entries, but journalctl -o short-full
would refuse. If the entry is bad, just fall back to the receive-side realtime
timestamp like we would if it was completely missing.
2018-05-31 14:30:23 +02:00
Zbigniew Jędrzejewski-Szmek
324d6aa926 shared/logs-show: fix mixup between length-based memory duplication and string operations
We'd look for a '=' separator using memchr, i.e. ignoring any nul bytes in the
string, but then do a strndup, which would terminate on any nul byte, and then
again do a memcmp, which would access memory past the chunk allocated by strndup.

Of course, we probably shouldn't allow keys with nul bytes in them. But we
currently do, so there might be journal files like that out there. So let's fix
the journal-reading code first.
2018-05-31 14:30:23 +02:00
Zbigniew Jędrzejewski-Szmek
e743ce7053 journal-remote: when an entry is rejected with -EBADMSG, do not rotate the journal file
Something is wrong with the entry (probably a missing timestamp), so no point
in rotating. But suppress the error in process_source(), so that the processing
of the data stream continues.

Also, just return 0 from writer_write() on success, the only caller doesn't
care.
2018-05-31 13:04:18 +02:00
Zbigniew Jędrzejewski-Szmek
a38f7fec44 fuzz-journal-remote: a fuzzer for journal-remote over-the-wire input 2018-05-31 13:04:18 +02:00
Sergio Lindo Mansilla
c2f32f616b Fix pattern to detect distribution
With operator '=', when in /etc/os-release:
ID_LIKE="opensuse suse" # Tumbleweed since at least 2018-04-24
or
ID_LIKE="suse opensuse" # Leap 15
2018-05-30 18:13:14 +02:00
Lennart Poettering
b294e5943f core: introduce specifiers for /tmp and /var/tmp
This corresponds nicely with the specifiers we already pass for
/var/lib, /var/cache, /run and so on.

This is particular useful to update the test-path service files to
operate without guessable files, thus allowing multiple parallel
test-path invocations to pass without issues (the idea is to set $TMPDIR
early on in the test to some private directory, and then only use the
new %T or %V specifier to refer to it).
2018-05-29 11:39:15 +02:00
Lennart Poettering
cdc0f9be92
Merge pull request #8817 from yuwata/cleanup-nsflags
core: allow to specify RestrictNamespaces= multiple times
2018-05-24 16:49:13 +02:00
Yu Watanabe
1c5873096e test-execute: remove state directories before running tests
Fixes #8679.
2018-05-10 22:50:51 -07:00
Joost Heitbrink
b6887d7ae4 test: add testcase for environment file variables with backslashes
systemd silently strips out backslashes in variables from environment
files. Add a testcase that explicitly tests for this behaviour.
2018-05-11 13:15:16 +09:00
Susant Sahani
4319c181d4 Networkd tests: add bridge link properties to test
Test the "[Bridge]" section keys

```
[Bridge]
UnicastFlood=true
HairPin=true
UseBPDU=true
FastLeave=true
AllowPortToBeRoot=true
Cost=555
Priority=23
```

```
test_bridge_init (__main__.BridgeTest) ... ok
test_bridge_port_priority (__main__.BridgeTest) ... ok
test_bridge_port_priority_set_zero (__main__.BridgeTest)
It should be possible to set the bridge port priority to 0 ... ok
test_bridge_port_property (__main__.BridgeTest)
Test the "[Bridge]" section keys ... ok

```
2018-05-10 10:41:30 -07:00
Yu Watanabe
1dcf96c29f test: add tests for merging RestrictNamespaces= 2018-05-05 11:07:37 +09:00
Lennart Poettering
0ea21d9e88 test: don't send image building output to /dev/null (#8886)
Yes, the output is sometimes annyoing, but /dev/null is not the right
place...

I figure this redirection was left in from some debugging session, let's
fix it, and make the setup_basic_environment invocation like in all
other test scripts.
2018-05-03 16:47:42 +03:00
Yu Watanabe
022fa82a8b oss-fuzz: add the reproducer case by oss-fuzz #8064 2018-05-03 16:57:29 +09:00
Lennart Poettering
3e7aa2edcd
test-functions: don't nest KVM (#8883)
Nested KVM is very flaky as we learnt from our CI. Hence, let's avoid
KVM whenever we detect we are already running inside of KVM.

Maybe one day nested KVM is fixed, at which point we can turn this on
again, but for now let's simply avoid nested KVM, since reliable CI is
more important than quick CI, I guess.

And yes, avoiding KVM for our qemu runs does make things substantially
slower, but I think it's not a complete loss.

Inspired by @evverx' findings in:

https://github.com/systemd/systemd/pull/8701#issuecomment-380213302
2018-05-02 20:06:13 +02:00
Yu Watanabe
9c6f2e5ab9 test: fix descriptions 2018-05-01 13:44:29 +09:00
Yu Watanabe
cfa24ca0e6 test: add tests for PrivateDevices= with '+' prefix 2018-05-01 13:44:24 +09:00
Yu Watanabe
545673d4b0 test: add tests for %j and %J specifier in test-execute (#8838)
Follow-up for 250e9fadbc.
2018-04-27 13:07:23 +02:00
Lennart Poettering
63d6135fea tests: compare with correct shell
We synthesize the passwd record for UID 0, hence we need to compare with
our synthesized data and not with the data stored in /etc/passwd
2018-04-19 11:41:28 +02:00
Franck Bui
80359410c4 sysusers: make sure to reset the returned value when EOF is reached in fget*ent_sane() wrappers (#8737)
To indicate that the there're no more entries, these wrappers return false but
did leave the passed pointed unmodified.

However EOF is not an error and is a very common case so initialize the output
argument to NULL even in this case so callers don't need to do that.

Fixes: #8721
2018-04-18 18:32:21 +02:00
Lennart Poettering
2cb36f7c1e
Merge pull request #8575 from keszybz/non-absolute-paths
Do not require absolute paths in ExecStart and friends
2018-04-17 15:54:10 +02:00
Zbigniew Jędrzejewski-Szmek
7e4a49b42b test-execute: make find invocation a bit more efficent, increase timeout
We go through the whole file system, so this test can take arbitrary time.  But
this test is still quite useful, so let's at least try to make it more efficent
by not descending at all into the directories we would filter out later on
anyway.

Also increase the timeout, in case the previous step doesn't help enough.
2018-04-16 16:09:46 +02:00
Zbigniew Jędrzejewski-Szmek
42345b178d test: drop the use of /bin/sh in various test services
This is not meant to be comprehensive, just the few cases where the /bin/sh -c wrapper
is obviously superfluous.
2018-04-16 16:09:46 +02:00
Zbigniew Jędrzejewski-Szmek
5008da1ec1 systemd: do not require absolute paths in ExecStart
Absolute paths make everything simple and quick, but sometimes this requirement
can be annoying. A good example is calling 'test', which will be located in
/usr/bin/ or /bin depending on the distro. The need the provide the full path
makes it harder a portable unit file in such cases.

This patch uses a fixed search path (DEFAULT_PATH which was already used as the
default value of $PATH), and if a non-absolute file name is found, it is
immediately resolved to a full path using this search path when the unit is
loaded. After that, everything behaves as if an absolute path was specified. In
particular, the executable must exist when the unit is loaded.
2018-04-16 16:09:46 +02:00
Lennart Poettering
7ce49e656b test: add test for prefix unit loading 2018-04-13 11:34:48 +02:00
Zbigniew Jędrzejewski-Szmek
c0af656c52 test-execute/exec-specifier.service: fix quoting
The lines would cause the whole service to fail to be loaded.
2018-04-12 16:20:02 +02:00
Zbigniew Jędrzejewski-Szmek
11a1589223 tree-wide: drop license boilerplate
Files which are installed as-is (any .service and other unit files, .conf
files, .policy files, etc), are left as is. My assumption is that SPDX
identifiers are not yet that well known, so it's better to retain the
extended header to avoid any doubt.

I also kept any copyright lines. We can probably remove them, but it'd nice to
obtain explicit acks from all involved authors before doing that.
2018-04-06 18:58:55 +02:00
Feng Sun
709e86f18f fix missed bracket of exec-personality-ppc64le.service (#8650)
Signed-off-by: Neil Sun <neilsun@yunify.com>
2018-04-04 11:10:42 +02:00
Evgeny Vereshchagin
053edc5b04 tests: run udevadm settle after sfdisk (#8610)
This makes the script wait for the newly created partition to
show up before trying to put a filesystem on it, which should
prevent the tests from failing with the following error:
```
New situation:
Disklabel type: dos
Disk identifier: 0x3541a0ec

Device       Boot  Start    End Sectors  Size Id Type
/dev/loop6p1        2048 800767  798720  390M 83 Linux
/dev/loop6p2      800768 819199   18432    9M 83 Linux

The partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks.
The file /dev/loop6p1 does not exist and no size was specified.
make: *** [setup] Error 1
F: Failed to mkfs -t ext4
Makefile:4: recipe for target 'setup' failed
```
2018-03-29 13:20:57 +09:00
Zbigniew Jędrzejewski-Szmek
e2093454a2 shared/specifier: be less extravagant with memory allocations
ubsan times out because we do too many allocations:

$ valgrind build/fuzz-unit-file test/fuzz-regressions/fuzz-unit-file/oss-fuzz-6977-full
...
test/fuzz-regressions/fuzz-unit-file/oss-fuzz-6977-full... ok
==1757==
==1757== HEAP SUMMARY:
==1757==     in use at exit: 0 bytes in 0 blocks
==1757==   total heap usage: 199,997 allocs, 199,997 frees, 90,045,318,585 bytes allocated

...
==3256==   total heap usage: 100,120 allocs, 100,120 frees, 13,097,140 bytes allocated

https://oss-fuzz.com/v2/issue/4651449704251392/6977 should now be really fixed.

e3c3d6761b was the first attempt, but even with this change, e3c3d6761b
still makes sense.
2018-03-28 10:38:45 +02:00
Lennart Poettering
967bae687c run-integration-tests: show number of tests run 2018-03-23 15:46:11 +01:00
Lennart Poettering
ce6b7858ca run-integration-tests: show make command line executed
That makes it much easier to figure out what to type to just run one
specific test for debugging.
2018-03-23 15:45:47 +01:00
Lennart Poettering
67321fdf3e test: bypass selinux integration test if selinux policy devel package is not installed
With this "sudo ./run-integration-tests.sh" should work fully without
exception, even on systems lacking SELinux (in which case that test will
just be skipped)
2018-03-23 15:29:35 +01:00
Lennart Poettering
959071cac2
Merge pull request #8552 from keszybz/test-improvements
Test and diagnostics improvements
2018-03-23 15:26:54 +01:00
Zbigniew Jędrzejewski-Szmek
a5935c6601 test-execute: skip exec-specifier-interpolation if perl is missing 2018-03-22 15:57:56 +01:00
Zbigniew Jędrzejewski-Szmek
6b08180ca6 test-execute: allow sit0@ to exist in private network namespace
It's always visible:

$ sudo modprobe sit
$ sudo unshare -n ip l
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    ...
2: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    ...
2018-03-22 15:57:56 +01:00
Zbigniew Jędrzejewski-Szmek
c725631f4b test-execute: simplify checks if grep output is empty
grep already indicates if it matched anything by return value.
Additional advantage is then that if the test fails, the unexpected
matching lines are visible in the log output.
2018-03-22 15:57:56 +01:00
Zbigniew Jędrzejewski-Szmek
b1ffacb631 tests: skip udev-test when perl is not installed 2018-03-22 15:57:56 +01:00
juergbi
39362f6f7d main: add NoNewPrivileges config option (#8475)
This makes it possible to disable new privileges for the whole system.
2018-03-21 23:41:19 +01:00
Lennart Poettering
ed1738a24a
Merge pull request #8487 from keszybz/oss-fuzz-fixes
Oss fuzz fixes, another batch
2018-03-21 11:50:57 +01:00
Zbigniew Jędrzejewski-Szmek
e3c3d6761b core/load-fragment: reject overly long paths early
No need to go through the specifier_printf() if the path is already too long in
the unexpanded form (since specifiers increase the length of the string in all
practical cases).

In the oss-fuzz test case, valgrind reports:
  total heap usage: 179,044 allocs, 179,044 frees, 72,687,755,703 bytes allocated
and the original config file is ~500kb. This isn't really a security issue,
since the config file has to be trusted any way, but just a matter of
preventing accidental resource exhaustion.

https://oss-fuzz.com/v2/issue/4651449704251392/6977

While at it, fix order of arguments in the neighbouring log_syntax() call.
2018-03-21 00:46:13 +01:00
Zbigniew Jędrzejewski-Szmek
e127f26b1a basic/calendarspec: add check for repeat values that would overflow
https://oss-fuzz.com/v2/issue/4651449704251392/7004
2018-03-21 00:46:13 +01:00
Lennart Poettering
8c637fe242
Merge pull request #8452 from keszybz/use-libmount-more
Use libmount in systemd-shutdown, add tests
2018-03-20 09:53:34 +01:00
Evgeny Vereshchagin
e4711004d6
Merge pull request #8461 from keszybz/oss-fuzz-fixes
Oss fuzz fixes
2018-03-19 00:06:44 +03:00
Zbigniew Jędrzejewski-Szmek
bd0763b642 fuzz-unit-file: simply do not test ListenNetlink= at all
msan doesn't understand sscanf with %ms, so it falsely reports unitialized
memory. Using sscanf with %ms is quite convenient in
socket_address_parse_netlink(), so let's just not run the fuzzer for
ListenNetlink= at all for now. If msan is fixed, we can remove this.

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6884
2018-03-18 21:05:43 +01:00
Yu Watanabe
6f1ea95493
Merge pull request #8471 from filbranden/envnewline1
basic/env-util: Allow newlines in values of environment variables
2018-03-18 20:29:55 +09:00
Franck Bui
97e34e945c test: add a sysusers test with NIS entries 2018-03-17 14:18:26 +01:00
Zbigniew Jędrzejewski-Szmek
1c56d50109 fuzz: add test case for oss-fuzz #6897 and a work-around
The orignal reproducer from oss-fuzz depends on the hostname (via %H and %c).
The hostname needs a dash for msan to report this, so a simpler case from
@evverx with the dash hardcoded is also added.

The issue is a false positive from msan, which does not instruct stpncpy
(https://github.com/google/sanitizers/issues/926). Let's add a work-around
until this is fixed.
2018-03-17 09:48:22 +01:00
Zbigniew Jędrzejewski-Szmek
10062bbc35 unit-file: do not allow bogus IOSchedulingClass values
We have only three bits of space, i.e. 8 possible classes. Immediately reject
anything outside of that range. Add the fuzzer test case and an additional
unit test.

oss-fuzz #6908.
2018-03-17 09:01:53 +01:00
Zbigniew Jędrzejewski-Szmek
064c593899 core/service: fix memleak of USBFunctionStrings and USBFunctionDescriptors
oss-fuzz #6892.
2018-03-17 09:01:53 +01:00
Zbigniew Jędrzejewski-Szmek
4b8d0cdf04 Add .gitattributes for test/fuzz-regressions
Those reproducers are essentially binary, hence let's ignore whitespace
in them.
2018-03-17 09:01:53 +01:00
Zbigniew Jędrzejewski-Szmek
7435315812 basic/calendarspec: set a limit on length of calendarspec component chains
We probably should allow very deep calls of our recursive functions. Let's add
a limit to avoid resource exhaustion. 240 is 10 per hour (if somebody is using
this for time based triggers...), so it should be more than enough for most use
cases, and is conveniently below the 250 stack limit in msan.

oss-fuzz #6917.
2018-03-17 08:59:25 +01:00
Filipe Brandenburger
9b796f3523 test-execute: Introduce tests for environment values containing newlines
Also fix one case where the presence of a newline was used to generate
an invalid environment assignment.

Tested: with mkosi, which builds the local tree and run ninja tests.
2018-03-16 16:31:17 -07:00
Zbigniew Jędrzejewski-Szmek
1fd8edb53a test-umount: add a simple test for swap_list_get()
The implementation seems buggy:
/* test_swap_list("/home/zbyszek/src/systemd/test/test-umount/example.swaps") */
path=0 o= f=0x0 try-ro=no dev=0:0
path=/some/swapfile2 o= f=0x0 try-ro=no dev=0:0
path=/some/swapfile o= f=0x0 try-ro=no dev=0:0
path=/dev/dm-2 o= f=0x0 try-ro=no dev=0:0
2018-03-16 10:12:50 +01:00
Zbigniew Jędrzejewski-Szmek
6fa392bf91 tests: add a simple test for the mountinfo parsing logic 2018-03-16 10:12:50 +01:00
Zbigniew Jędrzejewski-Szmek
55a30fd4e8 basic/calendarspec: fix assert crash when year is too large in calendarspec_from_time_t()
gmtime_r() will return NULL in that case, and we would crash.

I committed the reproducer case in fuzz-regressions/, even though we don't have
ubsan hooked up yet. Let's add it anyway in case it is useful in the future. We
actually crash anyway when compiled with asserts, so this can be easily
reproduced without ubsan.

oss-fuzz #6886.
2018-03-14 16:50:09 +01:00
Zbigniew Jędrzejewski-Szmek
20d52ab60e shared/conf-parser: fix crash when specifiers cannot be resolved in config_parse_device_allow()
oss-fuzz #6885.
2018-03-14 16:50:08 +01:00
Zbigniew Jędrzejewski-Szmek
8d89e51f3c fuzz: commit test case for oss-fuzz issue 6884
This seems to be a false positive in msan:
https://github.com/google/sanitizers/issues/767.

I don't see anything wrong with the code either, and valgrind does not see the
issue. Anyway, let's add the test case.

We don't have msan hooked up yet, but hopefully we'll in the future.

oss-fuzz #6884.
2018-03-14 15:20:02 +01:00
Zbigniew Jędrzejewski-Szmek
52d4d1d339 test: run all fuzz regression tests with all sanitizers
We currently have just one sanitizer for tests, asan, but we may add more in
the future. So let's keep the loop over the sanitizers in meson.build, but
just enable all regression cases under all sanitizers. If it fails under one
of them, it might fail under a different one.

In subsequent commits I'll add test cases which might not fail under asan,
but it's good to commit them for future use.

The test names are made more verbose:
256/257 fuzz-dns-packet:oss-fuzz-5465:address   OK       0.04 s
257/257 fuzz-dns-packet:issue-7888:address      OK       0.03 s
2018-03-14 14:27:04 +01:00
Zbigniew Jędrzejewski-Szmek
170dd5f916 fuzz-unit-file: add a dump of systemd.directives(7) as a corpus entry
$ ( echo service; man systemd.directives|grep =|grep -v -e --|sed 's/ //g'
  ) >> test/fuzz-corpus/unit-file/directives.service
2018-03-11 16:33:59 +01:00
Zbigniew Jędrzejewski-Szmek
ec7a02ea54 Add fuzzer for unit file parser 2018-03-11 16:33:59 +01:00
Franck Bui
e04fc13f5f test: add tests for systemd-tmpfiles 2018-03-05 21:49:11 +01:00
Franck Bui
caced73270 test: fix setup_suse() to make it work with an already populated root 2018-03-05 19:24:23 +01:00
Yu Watanabe
e5ba1d324d test-execute: use CAP_CHOWN instead of CAP_NET_ADMIN
CAP_NET_ADMIN is somtrimes dropped by container runtime.
This changes to use CAP_CHOWN instead of CAP_NET_ADMIN, as it is
less likely to be dropped.
2018-03-05 00:02:22 +09:00
Yu Watanabe
b6dc25eebc test-execute: rename tests for AmbientCapabilities=
The unit files for test-execute are named like
`exec-(setting-name-in-lower-character)-(optional-text).service`.
However, test units for AmbientCapabilities= are not following this.
So, let's rename them for the consistency.
This does not change anything in the functionality of the test.
2018-03-04 16:37:58 +09:00
Michael Vogt
1825c909ff sysusers: support u username -:300 style syntax (#8325)
This PR implements the first part of RFE #8046. I.e. this allows to
write:
```
u username -:300
```
Where the uid is chosen automatically but the gid is fixed.
2018-03-02 12:56:44 +01:00
Zbigniew Jędrzejewski-Szmek
48449f41b4
Merge pull request #8303 from yuwata/fix-8276
test: use synthesize_nobody() in test-execute
2018-03-02 12:53:11 +01:00
Zbigniew Jędrzejewski-Szmek
47920c4a26
Merge pull request #8316 from yuwata/fix-8315
sysusers: do not create duplicated groups when create users
2018-03-02 11:32:25 +01:00
Yu Watanabe
69b0740785 test-execute: add tests with user/group daemon
The nobody user/group may not synthesized by systemd.
To run tests the functionalities in such situation, this adds tests
by user/group by daemon, as it is expected to exists all environments.
2018-03-02 16:42:53 +09:00
Filipe Brandenburger
67348e791d test: masked unit with drop-ins 2018-03-01 21:14:13 -08:00
Yu Watanabe
d4f0412de4 sysusers: do not implicitly create group by 'm' if 'u' with the same name exists
The commit e2c2060f7b makes 'm' lines
disturb 'u' lines.
This fixes the disturbance.
2018-03-02 07:38:28 +09:00
Yu Watanabe
fb5dfbc2d8 test: add a test for sysusers
The test cases for sysusers did not cover the situation reported in
issue #8315. Let's add one more test case.
2018-03-02 07:12:40 +09:00
Yu Watanabe
d2f95a223f test-execute: add a test for the case that NOBODY_GROUP_NAME is nogroup 2018-03-01 18:31:26 +09:00
Filipe Brandenburger
27e2779bed rule-syntax-check: fix handling of runaway strings in comma splitting (#8298)
A runaway string should still be returned by the code that splits on
commas, so add a '?' to the regex so that the last '"?' in a string
still produces a valid block for the split code.

Tested:

  ACTION=="remove\"GOTO=""

Which then produced:

  $ test/rule-syntax-check.py src/login/70-uaccess.rules
  # looking at src/login/70-uaccess.rules
  Invalid line src/login/70-uaccess.rules:10: ACTION=="remove\"GOTO=""
    clause: ACTION=="remove\"GOTO=""
2018-02-28 03:11:38 +03:00
Zbigniew Jędrzejewski-Szmek
10eeab67aa
Merge pull request #8297 from filbranden/udevrule1
Udev rule syntax checker updates
2018-02-27 22:35:19 +01:00
Filipe Brandenburger
c9715ffce3 rule-syntax-check: allow commas inside quoted strings
Using a regex to match the groups is smarter than the split(',') that
would break in those cases.

Tested:

  SUBSYSTEM=="usb", ENV{ID_USB_INTERFACES}=="*:060101:*,*:070202:*", TAG+="uaccess"

Rule checker doesn't break there after this commit.
2018-02-27 13:11:07 -08:00
Filipe Brandenburger
d498347a01 rule-syntax-check: add support for escaped double quotes
Add support to backslash-escaped double quote inside a string.

Tested by modifying src/login/70-uaccess.rules to include:

  ACTION=="remove" it", GOTO="uaccess_end"

And had the rule checker complain about it:

  $ test/rule-syntax-check.py src/login/70-uaccess.rules
  # looking at src/login/70-uaccess.rules
  Invalid line src/login/70-uaccess.rules:10: ACTION=="remove" it", GOTO="uaccess_end"
    clause: ACTION=="remove" it"
2018-02-27 11:15:42 -08:00
Franck Bui
75a56cb632 rule-syntax-check: values can contain escaped double quotes
This is true since commit 7e760b79ad.

Note that the changes in the regex expressions relies on the fact that the
script assumes that the comma separator is mandatory.

Add a comment in the script to clarify this.
2018-02-27 14:42:09 +01:00
Franck Bui
905ca72a8f rule-syntax-check: PROGRAM is not supposed to get value assigned
In udev man page, "PROGRAM" key is part of the keys which are used for
matching purposes so it should only be used with the compare operator "==".

Actually it doesn't really make sense to assign it a value.

udev code allows both "=" and "==" for PROGRAM and both are handled the same
way but for consistencies it's better to have only the compare operator allowed
by the rule syntax checker.

No rules shipped by systemd use PROGRAM key so nothing need to be changed in
our rule files.
2018-02-27 14:38:23 +01:00
Yu Watanabe
4c40f267c7 test: use "$$" to pass a literal dollar sign
Follow-up for 9323298657.
2018-02-26 12:50:07 +09:00
Yu Watanabe
ac1f08b92b test: use setup_fake_runtime_dir() in test-execute 2018-02-26 12:50:03 +09:00
Lennart Poettering
72a1db0bb2 test: don't complain if bpffs is world-writable
Apparently, world-writable bpffs is intended by the kernel folks, hence
let's make sure we don't choke on it on our tests.
2018-02-21 16:43:36 +01:00
Yu Watanabe
9323298657 test: fix test for TemporaryFileSystem= (#8241)
This makes test-execute work on SELinux enabled systems.

Fixes the issue reported at
https://github.com/systemd/systemd/pull/7908#discussion_r169583540
2018-02-21 16:43:35 +01:00
Alan Jenkins
59e00b2a16
Merge pull request #7908 from yuwata/rfe-7895
core: add TemporaryFileSystem= setting and 'tmpfs' option to ProtectHome=
2018-02-21 08:57:11 +00:00
Evgeny Vereshchagin
24a01950a3 tests: stop using nobody in test-udev.pl (#8239)
`nobody` is a special user, whose credentials should be extracted with
`get_user_creds`. `getpwnam` called in `test-udev.pl` is a bit different,
which causes the test to fail with the following error:
```
device '/devices/pci0000:00/0000:00:1f.2/host0/target0:0:0/0:0:0:0/block/sda' expecting node/link 'node'
  expected permissions are: nobody::0600
  created permissions are : 65534:0:0600
permissions: error
add:         ok
remove:      ok
```
The ideal fix would probably be to implement `get_user_creds` in Perl, but in this
PR the issue is simply got around by using `daemon` instead of `nobody`.

Closes https://github.com/systemd/systemd/issues/8196.
2018-02-21 08:34:42 +01:00
Yu Watanabe
4cac89bd7c test: add tests for TemporaryFileSystem= 2018-02-21 09:18:14 +09:00
Evgeny Vereshchagin
31ce89e7d9 tests: reset _found at the end of each iteration (#8195)
This makes `inst_rules` really print all rules it skips.
2018-02-16 14:26:26 +01:00
Dimitri John Ledkov
9c869ff6bf test/test-functions: Debian/Ubuntu, now ship 95-dm-notify.rules, copy it
This fixes cryptsetup tests on recent Ubuntu/Debian systems (current
development series).

Bug-Launchpad: https://launchpad.net/bugs/1749432
2018-02-15 17:48:31 +01:00
Yu Watanabe
24c2c5689d
Merge pull request #8058 from keszybz/sysusers-inline
Extend sysusers for package installation scripts
2018-02-05 16:50:51 +09:00
Batuhan Osman Taşkaya
278391c2fe test: sort imports and use "new" string formatting
Followed PEP8 and PEP3101 rules (#8079)
Imports re-ordered by Alphabetical Standarts for following PEP8
Old type string formattings (" example %s " % exampleVar ) re-writed as new type string
formattings ( " example {} ".format(exampleVar) ) for following PEP3101
2018-02-05 07:28:53 +01:00
Zbigniew Jędrzejewski-Szmek
4e9fe38dc0 test/TEST-21-SYSUSERS: add tests for new functionality 2018-02-02 10:40:24 +01:00
Michael Vogt
b9ee05c266 sysusers: allow force reusing existing user/group IDs (#8037)
On Debian/Ubuntu systems the default passwd/group files use a
slightly strange mapping. E.g. in passwd:
```
man6:12::/var/cache/man:/sbin/nologin
```
and in group:
```
disk6:
man12:
```

This is not supported in systemd-sysusers right now because
sysusers will not re-use an existing uid/gid in its normal
mode of operation. Unfortunately this reuse is needed to
replicate the default Debian/Ubuntu users/groups.

This commit enforces reuse when the "uid:gid" syntax is used
to fix this.

I also added a test that replicates the Debian base-passwd
passwd/group file to ensure things are ok.
2018-02-01 13:47:50 +09:00
Evgeny Vereshchagin
4c0d481095
Merge pull request #7933 from keszybz/fuzz-regression
test: add fuzzer regression testing
2018-01-27 12:56:42 +03:00
Zbigniew Jędrzejewski-Szmek
b68dfb9e83 Hook up oss-fuzz test cases as tests
This is a bit painful because a separate build of systemd is necessary. The
tests are guarded by tests!=false and slow-tests==true. Running them is not
slow, but compilation certainly is. If this proves unwieldy, we can add a
separate option controlling those builds later.

The build for each sanitizer has its own directory, and we build all fuzzer
tests there, and then pull them out one-by-one by linking into the target
position as necessary. It would be nicer to just build the desired fuzzer, but
we need to build the whole nested build as one unit.

[I also tried making systemd and nested meson subproject. This would work
nicely, but meson does not allow that because the nested target names are the
same as the outer project names. If that is ever fixed, that would be the way
to go.]

v2:
- make sure things still work if memory sanitizer is not available
v3:
- switch to syntax which works with meson 0.42.1 found in Ubuntu
2018-01-27 09:03:46 +01:00
Michael Vogt
28e7fad73f sysusers: ensure GID in uid:gid syntax exists
Ensure that the GID already exists or is created when the new
"uid:gid" syntax is used. This ensures the behaviour is always
predictable.
2018-01-25 17:43:08 +01:00
Michael Vogt
e2c2060f7b sysusers: make ADD_GROUP always create a group
Do not merge group creation with user creation because with the
new uid:gid syntax this can result in confusing (and unwanted)
behavior.
2018-01-25 12:51:06 +01:00
Michael Vogt
1e589ed264 test: add TEST-21-SYSUSERS test
This test tests the systemd-sysuser binary via the --root=$TESTDIR
option and ensures that for the given inputs the expected passwd
and group files will be generated.
2018-01-25 12:51:00 +01:00
Jonathan Rudenberg
2bd37c5be2 fuzz: add DHCP server fuzzer 2018-01-19 21:48:14 -05:00
Jonathan Rudenberg
8137e92dbe test: add regression test for oss-fuzz issue 5465
Fixed in #7923
2018-01-20 09:07:24 +11:00
Jonathan Rudenberg
118452ade6 test: add regression test for #7888 2018-01-20 09:07:14 +11:00
Lennart Poettering
db256aab13 core: be stricter when handling PID files and MAINPID sd_notify() messages
Let's be more restrictive when validating PID files and MAINPID=
messages: don't accept PIDs that make no sense, and if the configuration
source is not trusted, don't accept out-of-cgroup PIDs. A configuratin
source is considered trusted when the PID file is owned by root, or the
message was received from root.

This should lock things down a bit, in case service authors write out
PID files from unprivileged code or use NotifyAccess=all with
unprivileged code. Note that doing so was always problematic, just now
it's a bit less problematic.

When we open the PID file we'll now use the CHASE_SAFE chase_symlinks()
logic, to ensure that we won't follow an unpriviled-owned symlink to a
privileged-owned file thinking this was a valid privileged PID file,
even though it really isn't.

Fixes: #6632
2018-01-11 15:12:16 +01:00
bleep_blop
7629744a3d separate flags from shebang 2017-12-25 19:48:49 +01:00
Jörg Thalheim
2a5fcfae02 more portable perl shebangs (#7701)
same motivation as in #5816:

- distributions have scripts to rewrite shebangs on installation and
  they know what locations to rely on.
- For tests/compilation we should rather rely on the user to have setup
  there PATH correctly.
2017-12-19 11:13:34 +01:00
Lennart Poettering
c4b0c4599d test: fix TEST-13-NSPAWN-SMOKE
We need to specify a full path to the "ip" binary and busybox "ip" has a
slightly different output than the normal ip, and won't show "DOWN".
hence instead ensure that at lest not "UP" is in there.
2017-12-15 20:51:55 +01:00
Lennart Poettering
3d710b0440 test: make sure "make" in the test directories works again
Fixes: #7648
2017-12-15 19:48:08 +01:00
Zbigniew Jędrzejewski-Szmek
bdd2bbc445
Merge pull request #7469 from kinvolk/dongsu/nspawn-netns
nspawn: introduce an option for specifying network namespace path
2017-12-14 22:47:57 +01:00
Iago López Galeiras
f3d33947ea test: add smoke tests for --network-namespace-path
We create net ns with `ip netns`, pass the created ns to nspawn and
check the loopback interface is DOWN.
2017-12-14 17:34:26 +01:00
Daniel Black
a327431bd1 core: add EXTEND_TIMEOUT_USEC={usec} - prevent timeouts in startup/runtime/shutdown (#7214)
With Type=notify services, EXTEND_TIMEOUT_USEC= messages will delay any startup/
runtime/shutdown timeouts.

A service that hasn't timed out, i.e, start time < TimeStartSec,
runtime < RuntimeMaxSec and stop time < TimeoutStopSec, may by sending
EXTEND_TIMEOUT_USEC=, allow the service to continue beyond the limit for
the execution phase (i.e TimeStartSec, RunTimeMaxSec and TimeoutStopSec).

EXTEND_TIMEOUT_USEC= must continue to be sent (in the same way as
WATCHDOG=1) within the time interval specified to continue to reprevent
the timeout from occuring.

Watchdog timeouts are also extended if a EXTEND_TIMEOUT_USEC is greater
than the remaining time on the watchdog counter.

Fixes #5868.
2017-12-14 12:17:43 +01:00
Dongsu Park
25fd814316 test: add CLI smoke tests for --network-namespace-path of nspawn
Since the new option `--network-namespace-path=` of systemd-nspawn
cannot be used together with other network-related options, we need
to add more smoke tests for checking these conditions of options.
2017-12-13 10:21:06 +00:00
Lennart Poettering
ea781d0dd8
Merge pull request #7554 from keszybz/autodetect-build
Autodetect build directory ignoring mkosi artefacts
2017-12-07 09:07:40 +01:00
Zbigniew Jędrzejewski-Szmek
2535f23dd8 run-integration-test: allow argument to be overriden
This is useful for "sudo test/run-integration-tests.sh clean".
2017-12-06 15:16:55 +01:00
Zbigniew Jędrzejewski-Szmek
ded65775a2 tests: try to autodetect directory better
Ignore mkosi.builddir. In the future we can also add other patterns
if necessary.

run-intergration-tests.sh is updated to use the new script, and modified
to work from arbitrary directory.

Follow-up for #7494.
2017-12-06 15:16:35 +01:00
Lennart Poettering
66d73cc728 test-execute: use the "nogroup" group if it exists for testing
We currently look for "nobody" and "nfsnobody" when testing groups, both
of which do not exist on Ubuntu, our main testing environment. Let's
extend the tests slightly to also use "nogroup" if it exists.
2017-12-06 13:40:50 +01:00
Yu Watanabe
4e79aeaa65 test-execute: add tests for CPUAffinity= 2017-12-06 10:44:20 +09:00
Zbigniew Jędrzejewski-Szmek
11d0f6cb67
Merge pull request #7532 from yuwata/test-execute
test-execute: add test for that DynamicUser= migrates StateDirectory=
2017-12-05 21:43:14 +01:00
Yu Watanabe
028f3a7f9c test-execute: add test for that DynamicUser= migrate StateDirectory=
Test for 949befd3f0.
2017-12-06 00:37:09 +09:00
Yu Watanabe
f0e018e748 test-execute: cleanup
This makes rename the test units by a consistent naming scheme,
add several logs, and sort internal functions.
No functional change.
2017-12-06 00:36:55 +09:00
Lennart Poettering
8fe9c8d920 test: add a simple script that runs all our integration tests one after the other 2017-12-05 13:49:13 +01:00
Lennart Poettering
9b45c2bf02 tests: don't use "netcat" for testing TEST-10-ISSUE-2467
Apparently there are a myriad of netcat implementations around, and they
all behave slightly differently. The one I have on my Fedora 27
installation will cause a failure when invoked as "nc -U" on an AF_UNIX
socket whose connections are immediately disconnected, thus causing the
test to fail.

Let's avoid all ambiguities in this regard, and drop usage of netcat
altoegther. Instead let's use a FIFO in the file system, which we can
connect to with only shell commands, and is hence much simpler and
more reliable to test with.

The actual test is supposed to validate that PID 1 doesn't hang when
activation of a socket-activated service fails, hence which transport
mechanism is used ultimately doesn't matter, as long as we activate the
service, and we do here...
2017-12-05 13:49:13 +01:00
Lennart Poettering
f2d566b728 tests: make TEST-10-ISSUE-2467 also run in nspawn
No reason not to run it in nspawn, and it's easier to debug than the
qemu version.
2017-12-05 13:49:13 +01:00
Lennart Poettering
7ae8162f29 tests: fix description of TEST-14-MACHINE-ID
It used the same description as TEST-01, and that's hardly helpful.
2017-11-29 12:34:12 +01:00
Zbigniew Jędrzejewski-Szmek
3113b5aca0 test: increase the timeout for hwdb-test
This test does a lot of mmap/madvise/unmmap, which is slow under address sanitizer.
Just increase the timeout to avoid spurious failure.
2017-11-26 15:07:53 +01:00
Yu Watanabe
07b3a02643 test: set log_level to info in test-hwdb and check-help-*
These tests check the stderr. So, if the systemd.log_level=debug
is set in the kernel command line, then these tests fail.
This set log_level to info in hwdb-test.sh and meson-check-help.sh,
the kernel command line not to change the output of the target
programs.

Fixes #7362.
2017-11-26 00:01:55 +09:00
Lennart Poettering
dd202b8859 test: skip DELEGATE test if the kernel can't do cgroupv2 (#7445)
Fixes: #7440
2017-11-24 15:29:06 +01:00
Yu Watanabe
8b3c4b5757 test-execute: test more % specifiers (#7450) 2017-11-24 10:17:28 +01:00
Evgeny Vereshchagin
71050acb68 tests: install test as part of BASICTOOLS (#7434)
This makes TEST-19-DELEGATE, which is currently failing, work.

Closes https://github.com/systemd/systemd/issues/7425.
2017-11-23 13:28:12 +01:00
Zbigniew Jędrzejewski-Szmek
6b97bf2287 meson: re-attach rule-syntax-check.py test
39/248 rule-syntax-check                       OK     0.07 s

--- command ---
/home/zbyszek/src/systemd-work/test/rule-syntax-check.py \
    /home/zbyszek/src/systemd-work/build/../rules/60-block.rules \
    /home/zbyszek/src/systemd-work/build/../rules/60-cdrom_id.rules \
    /home/zbyszek/src/systemd-work/build/../rules/60-drm.rules \
    /home/zbyszek/src/systemd-work/build/../rules/60-evdev.rules \
    /home/zbyszek/src/systemd-work/build/../rules/60-input-id.rules \
    /home/zbyszek/src/systemd-work/build/../rules/60-persistent-alsa.rules \
    /home/zbyszek/src/systemd-work/build/../rules/60-persistent-input.rules \
    /home/zbyszek/src/systemd-work/build/../rules/60-persistent-storage.rules \
    /home/zbyszek/src/systemd-work/build/../rules/60-persistent-storage-tape.rules \
    /home/zbyszek/src/systemd-work/build/../rules/60-persistent-v4l.rules \
    /home/zbyszek/src/systemd-work/build/../rules/60-sensor.rules \
    /home/zbyszek/src/systemd-work/build/../rules/60-serial.rules \
    /home/zbyszek/src/systemd-work/build/../rules/70-joystick.rules \
    /home/zbyszek/src/systemd-work/build/../rules/70-mouse.rules \
    /home/zbyszek/src/systemd-work/build/../rules/70-touchpad.rules \
    /home/zbyszek/src/systemd-work/build/../rules/75-net-description.rules \
    /home/zbyszek/src/systemd-work/build/../rules/75-probe_mtd.rules \
    /home/zbyszek/src/systemd-work/build/../rules/78-sound-card.rules \
    /home/zbyszek/src/systemd-work/build/../rules/80-drivers.rules \
    /home/zbyszek/src/systemd-work/build/../rules/80-net-setup-link.rules \
    /home/zbyszek/src/systemd-work/build/rules/50-udev-default.rules \
    /home/zbyszek/src/systemd-work/build/rules/64-btrfs.rules \
    /home/zbyszek/src/systemd-work/build/rules/99-systemd.rules
--- stdout ---
...
-------

It got dropped by mistake in 72cdb3e783.
2017-11-22 12:46:08 +01:00
Zbigniew Jędrzejewski-Szmek
2956395c83 rule-test-syntax: modernize syntax and add debug message 2017-11-22 12:29:58 +01:00
Zbigniew Jędrzejewski-Szmek
ffb70e4424
Merge pull request #7381 from poettering/cgroup-unified-delegate-rework
Fix delegation in the unified hierarchy + more cgroup work
2017-11-22 07:42:08 +01:00
Lennart Poettering
23209bcd37 test: fix UDEV-WANTS testcase for non-bash shells (#7407)
testsuite.sh uses "set -o pipefile", which is a bashism, hence use bash
to invoke the script.
2017-11-21 17:38:43 +01:00
Lennart Poettering
0b0c55fafd
Merge pull request #7363 from poettering/success-action
Generalize FailureAction=, and add SuccessAction=
2017-11-21 11:57:42 +01:00
Lennart Poettering
e7266e98f9 test: fix UDEV-WANTS testcase for non-bash shells
testsuite.sh uses "set -o pipefile", which is a bashism, hence use bash
to invoke the script.
2017-11-21 11:54:08 +01:00
Lennart Poettering
b961baf1ce test: add a test case that validates cgroup delegation
This test runs on the unified hierarchy, and ensures that cgroup
delegation works properly, i.e. writ access is granted and the requested
controllers are enabled.
2017-11-21 11:54:08 +01:00
Zbigniew Jędrzejewski-Szmek
7624e721c8 test: fall back to /boot if bootctl -p fails (#7397)
It doesn't really matter why.
2017-11-20 20:08:11 +01:00
Lennart Poettering
24aab7936c test: add testcase for FailureAction=/SuccessAction=
it also ensures that rebooting once gets us back up. Yay!
2017-11-20 16:37:22 +01:00
Lennart Poettering
4ff183d419
Merge pull request #7154 from keszybz/bootspec
List bootspec entries in bootctl and use the default for kexec
2017-11-20 13:06:33 +01:00
Lennart Poettering
0133d5553a
Merge pull request #7198 from poettering/stdin-stdout
Add StandardInput=data, StandardInput=file:... and more
2017-11-19 19:49:11 +01:00
Zbigniew Jędrzejewski-Szmek
3a726fcd08 Add license headers and SPDX identifiers to meson.build files
So far I avoided adding license headers to meson files, but they are pretty
big and important and should carry license headers like everything else.
I added my own copyright, even though other people modified those files too.
But this is mostly symbolic, so I hope that's OK.
2017-11-19 19:08:15 +01:00
Zbigniew Jędrzejewski-Szmek
d9215cd838 Add SPDX license headers to various assorted files 2017-11-19 19:08:15 +01:00
Zbigniew Jędrzejewski-Szmek
35df744355 Add SPDX license headers to python scripts 2017-11-19 19:08:15 +01:00
Zbigniew Jędrzejewski-Szmek
906bbac474 test: do not hardcode location of EFI partition 2017-11-19 12:36:20 +01:00
Lennart Poettering
666d787787 test: add basic test for StandardInput=file: 2017-11-17 11:13:44 +01:00
Lennart Poettering
da543f6a77 test: add tests for StandardInputText= and StandardInputData= 2017-11-17 11:13:44 +01:00
Zbigniew Jędrzejewski-Szmek
f886559e55
Merge pull request #7186 from poettering/track-deps
rework unit dependency data structure to track why deps get created
2017-11-12 16:14:41 +01:00
Yu Watanabe
7f749487c5 test-execute: change path to python3 (#7306)
Change python3 path from /bin/python3 to /usr/bin/python3 to make
the test work on Ubuntu Xenial.

Follow-up for #7178.
2017-11-12 16:09:00 +01:00
Yu Watanabe
7a18854fe7 test-execute: update test for SystemCallErrorNumber= 2017-11-11 21:54:29 +09:00
Yu Watanabe
b4891260b9 test: add tests for syscall:errno style in SystemCallFilter= 2017-11-11 21:54:20 +09:00