1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-26 03:22:00 +03:00
Commit Graph

58 Commits

Author SHA1 Message Date
Ronny Chevalier
50f130c286 test-execute: add nfsnobody alternative as a nobody user 2016-02-28 15:00:18 +01:00
Ronny Chevalier
19c0b0b9a5 core: set NoNewPrivileges for seccomp if we don't have CAP_SYS_ADMIN
The manpage of seccomp specify that using seccomp with
SECCOMP_SET_MODE_FILTER will return EACCES if the caller do not have
CAP_SYS_ADMIN set, or if the no_new_privileges bit is not set. Hence,
without NoNewPrivilege set, it is impossible to use a SystemCall*
directive with a User directive set in system mode.

Now, NoNewPrivileges is set if we are in user mode, or if we are in
system mode and we don't have CAP_SYS_ADMIN, and SystemCall*
directives are used.
2016-02-28 14:44:26 +01:00
Evgeny Vereshchagin
252549990f tests: add test for https://github.com/systemd/systemd/issues/2637
+ perl -e 'exit(!(qq{0} eq qq{\x25U}))'
exec-spec-interpolation.service: Main process exited, code=exited, status=1/FAILURE
exec-spec-interpolation.service: Unit entered failed state.
exec-spec-interpolation.service: Failed with result 'exit-code'.
        PID: 11270
        Start Timestamp: Wed 2016-02-17 22:21:31 UTC
        Exit Timestamp: Wed 2016-02-17 22:21:31 UTC
        Exit Code: exited
        Exit Status: 1
Assertion 'service->main_exec_status.status == status_expected' failed at src/test/test-execute.c:65, function check(). Aborting.
2016-02-17 22:40:26 +00:00
Ismo Puustinen
70d7aea5c7 tests: test ambient capabilities.
The ambient capability tests are only run if the kernel has support for
ambient capabilities.
2016-01-12 12:14:50 +02:00
Filipe Brandenburger
4c80d201ac test-execute: Add tests for new PassEnvironment= directive
Check the base case, plus erasing the list, listing the same variable
name more than once and when variables are absent from the manager
execution environment.

Confirmed that `sudo ./test-execute` passes and that modifying the test
cases (or the values of the set variables in test-execute.c) is enough
to make the test cases fail.
2015-11-11 07:55:23 -08:00
Filipe Brandenburger
cdaf507048 test-execute: Fix systemd escaping and shell issues
In most cases, systemd requires escaping $ (for systemd variable
substitution) and % (for specifiers) by doubling them. This was somewhat
of an issue in tests like exec-environment*.service where systemd was
doing the substitutions and we were not really checking that those were
available in the actual environment of the command. Fix that.

Expressions such as `exit $(test ...)` are incorrect. They only work
because $(test ...) will produce no output, so the command will become a
bare "exit" which will exit with the status of the latest executed
command which turns out to be the test... The direct approach is simply
calling "test" as the last command, for which the shell will propagate
the exit status.

One situation where this was breaking tests was on `exit $(test ...) &&
$(test ...) && $(test ...)` where the second and third tests were not
really executing, since the first command is actually `exit` so && was
doing nothing there. Fixed it by just using `test ... && test ... &&
test ...` as it was initially intended.

Pass -x to all shell executions for them to produce useful debugging
output to stderr. Consequently, removed most of the explicit `echo`s
that are no longer needed.

Mark all units as Type=oneshot explicitly.

Also made sure all shell variables are properly quoted.

v2: Added an explicit LC_ALL=C to ionice invocations since some locales
(such as French) will add a space before the colon in the output.

Tested by running `sudo ./test-execute` and confirming all tests enabled
on my system (essentially all of them except for the s390 one) passed.
Tweaked the variables or options or expected values and confirmed the
tests do indeed fail when the values are not exactly the expected ones.

v2: Also tested with `LANG=fr_FR.UTF-8 sudo ./test-execute` to confirm
it still works in a different locale.
2015-11-10 07:58:29 -08:00
Evgeny Vereshchagin
64810140a1 test-execute: don't use /usr/bin/uname. use sh and PATH 2015-11-06 15:45:32 +00:00
Ronny Chevalier
ac40081621 test-execute: move all files related to a specific directory
To avoid polluting test/
2015-10-31 15:07:19 +01:00