1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-31 07:51:21 +03:00
Commit Graph

406 Commits

Author SHA1 Message Date
Michael Vogt
1825c909ff sysusers: support u username -:300 style syntax (#8325)
This PR implements the first part of RFE #8046. I.e. this allows to
write:
```
u username -:300
```
Where the uid is chosen automatically but the gid is fixed.
2018-03-02 12:56:44 +01:00
Zbigniew Jędrzejewski-Szmek
48449f41b4
Merge pull request #8303 from yuwata/fix-8276
test: use synthesize_nobody() in test-execute
2018-03-02 12:53:11 +01:00
Zbigniew Jędrzejewski-Szmek
47920c4a26
Merge pull request #8316 from yuwata/fix-8315
sysusers: do not create duplicated groups when create users
2018-03-02 11:32:25 +01:00
Yu Watanabe
69b0740785 test-execute: add tests with user/group daemon
The nobody user/group may not synthesized by systemd.
To run tests the functionalities in such situation, this adds tests
by user/group by daemon, as it is expected to exists all environments.
2018-03-02 16:42:53 +09:00
Filipe Brandenburger
67348e791d test: masked unit with drop-ins 2018-03-01 21:14:13 -08:00
Yu Watanabe
d4f0412de4 sysusers: do not implicitly create group by 'm' if 'u' with the same name exists
The commit e2c2060f7b makes 'm' lines
disturb 'u' lines.
This fixes the disturbance.
2018-03-02 07:38:28 +09:00
Yu Watanabe
fb5dfbc2d8 test: add a test for sysusers
The test cases for sysusers did not cover the situation reported in
issue #8315. Let's add one more test case.
2018-03-02 07:12:40 +09:00
Yu Watanabe
d2f95a223f test-execute: add a test for the case that NOBODY_GROUP_NAME is nogroup 2018-03-01 18:31:26 +09:00
Filipe Brandenburger
27e2779bed rule-syntax-check: fix handling of runaway strings in comma splitting (#8298)
A runaway string should still be returned by the code that splits on
commas, so add a '?' to the regex so that the last '"?' in a string
still produces a valid block for the split code.

Tested:

  ACTION=="remove\"GOTO=""

Which then produced:

  $ test/rule-syntax-check.py src/login/70-uaccess.rules
  # looking at src/login/70-uaccess.rules
  Invalid line src/login/70-uaccess.rules:10: ACTION=="remove\"GOTO=""
    clause: ACTION=="remove\"GOTO=""
2018-02-28 03:11:38 +03:00
Zbigniew Jędrzejewski-Szmek
10eeab67aa
Merge pull request #8297 from filbranden/udevrule1
Udev rule syntax checker updates
2018-02-27 22:35:19 +01:00
Filipe Brandenburger
c9715ffce3 rule-syntax-check: allow commas inside quoted strings
Using a regex to match the groups is smarter than the split(',') that
would break in those cases.

Tested:

  SUBSYSTEM=="usb", ENV{ID_USB_INTERFACES}=="*:060101:*,*:070202:*", TAG+="uaccess"

Rule checker doesn't break there after this commit.
2018-02-27 13:11:07 -08:00
Filipe Brandenburger
d498347a01 rule-syntax-check: add support for escaped double quotes
Add support to backslash-escaped double quote inside a string.

Tested by modifying src/login/70-uaccess.rules to include:

  ACTION=="remove" it", GOTO="uaccess_end"

And had the rule checker complain about it:

  $ test/rule-syntax-check.py src/login/70-uaccess.rules
  # looking at src/login/70-uaccess.rules
  Invalid line src/login/70-uaccess.rules:10: ACTION=="remove" it", GOTO="uaccess_end"
    clause: ACTION=="remove" it"
2018-02-27 11:15:42 -08:00
Franck Bui
75a56cb632 rule-syntax-check: values can contain escaped double quotes
This is true since commit 7e760b79ad.

Note that the changes in the regex expressions relies on the fact that the
script assumes that the comma separator is mandatory.

Add a comment in the script to clarify this.
2018-02-27 14:42:09 +01:00
Franck Bui
905ca72a8f rule-syntax-check: PROGRAM is not supposed to get value assigned
In udev man page, "PROGRAM" key is part of the keys which are used for
matching purposes so it should only be used with the compare operator "==".

Actually it doesn't really make sense to assign it a value.

udev code allows both "=" and "==" for PROGRAM and both are handled the same
way but for consistencies it's better to have only the compare operator allowed
by the rule syntax checker.

No rules shipped by systemd use PROGRAM key so nothing need to be changed in
our rule files.
2018-02-27 14:38:23 +01:00
Yu Watanabe
4c40f267c7 test: use "$$" to pass a literal dollar sign
Follow-up for 9323298657.
2018-02-26 12:50:07 +09:00
Yu Watanabe
ac1f08b92b test: use setup_fake_runtime_dir() in test-execute 2018-02-26 12:50:03 +09:00
Lennart Poettering
72a1db0bb2 test: don't complain if bpffs is world-writable
Apparently, world-writable bpffs is intended by the kernel folks, hence
let's make sure we don't choke on it on our tests.
2018-02-21 16:43:36 +01:00
Yu Watanabe
9323298657 test: fix test for TemporaryFileSystem= (#8241)
This makes test-execute work on SELinux enabled systems.

Fixes the issue reported at
https://github.com/systemd/systemd/pull/7908#discussion_r169583540
2018-02-21 16:43:35 +01:00
Alan Jenkins
59e00b2a16
Merge pull request #7908 from yuwata/rfe-7895
core: add TemporaryFileSystem= setting and 'tmpfs' option to ProtectHome=
2018-02-21 08:57:11 +00:00
Evgeny Vereshchagin
24a01950a3 tests: stop using nobody in test-udev.pl (#8239)
`nobody` is a special user, whose credentials should be extracted with
`get_user_creds`. `getpwnam` called in `test-udev.pl` is a bit different,
which causes the test to fail with the following error:
```
device '/devices/pci0000:00/0000:00:1f.2/host0/target0:0:0/0:0:0:0/block/sda' expecting node/link 'node'
  expected permissions are: nobody::0600
  created permissions are : 65534:0:0600
permissions: error
add:         ok
remove:      ok
```
The ideal fix would probably be to implement `get_user_creds` in Perl, but in this
PR the issue is simply got around by using `daemon` instead of `nobody`.

Closes https://github.com/systemd/systemd/issues/8196.
2018-02-21 08:34:42 +01:00
Yu Watanabe
4cac89bd7c test: add tests for TemporaryFileSystem= 2018-02-21 09:18:14 +09:00
Evgeny Vereshchagin
31ce89e7d9 tests: reset _found at the end of each iteration (#8195)
This makes `inst_rules` really print all rules it skips.
2018-02-16 14:26:26 +01:00
Dimitri John Ledkov
9c869ff6bf test/test-functions: Debian/Ubuntu, now ship 95-dm-notify.rules, copy it
This fixes cryptsetup tests on recent Ubuntu/Debian systems (current
development series).

Bug-Launchpad: https://launchpad.net/bugs/1749432
2018-02-15 17:48:31 +01:00
Yu Watanabe
24c2c5689d
Merge pull request #8058 from keszybz/sysusers-inline
Extend sysusers for package installation scripts
2018-02-05 16:50:51 +09:00
Batuhan Osman Taşkaya
278391c2fe test: sort imports and use "new" string formatting
Followed PEP8 and PEP3101 rules (#8079)
Imports re-ordered by Alphabetical Standarts for following PEP8
Old type string formattings (" example %s " % exampleVar ) re-writed as new type string
formattings ( " example {} ".format(exampleVar) ) for following PEP3101
2018-02-05 07:28:53 +01:00
Zbigniew Jędrzejewski-Szmek
4e9fe38dc0 test/TEST-21-SYSUSERS: add tests for new functionality 2018-02-02 10:40:24 +01:00
Michael Vogt
b9ee05c266 sysusers: allow force reusing existing user/group IDs (#8037)
On Debian/Ubuntu systems the default passwd/group files use a
slightly strange mapping. E.g. in passwd:
```
man6:12::/var/cache/man:/sbin/nologin
```
and in group:
```
disk6:
man12:
```

This is not supported in systemd-sysusers right now because
sysusers will not re-use an existing uid/gid in its normal
mode of operation. Unfortunately this reuse is needed to
replicate the default Debian/Ubuntu users/groups.

This commit enforces reuse when the "uid:gid" syntax is used
to fix this.

I also added a test that replicates the Debian base-passwd
passwd/group file to ensure things are ok.
2018-02-01 13:47:50 +09:00
Evgeny Vereshchagin
4c0d481095
Merge pull request #7933 from keszybz/fuzz-regression
test: add fuzzer regression testing
2018-01-27 12:56:42 +03:00
Zbigniew Jędrzejewski-Szmek
b68dfb9e83 Hook up oss-fuzz test cases as tests
This is a bit painful because a separate build of systemd is necessary. The
tests are guarded by tests!=false and slow-tests==true. Running them is not
slow, but compilation certainly is. If this proves unwieldy, we can add a
separate option controlling those builds later.

The build for each sanitizer has its own directory, and we build all fuzzer
tests there, and then pull them out one-by-one by linking into the target
position as necessary. It would be nicer to just build the desired fuzzer, but
we need to build the whole nested build as one unit.

[I also tried making systemd and nested meson subproject. This would work
nicely, but meson does not allow that because the nested target names are the
same as the outer project names. If that is ever fixed, that would be the way
to go.]

v2:
- make sure things still work if memory sanitizer is not available
v3:
- switch to syntax which works with meson 0.42.1 found in Ubuntu
2018-01-27 09:03:46 +01:00
Michael Vogt
28e7fad73f sysusers: ensure GID in uid:gid syntax exists
Ensure that the GID already exists or is created when the new
"uid:gid" syntax is used. This ensures the behaviour is always
predictable.
2018-01-25 17:43:08 +01:00
Michael Vogt
e2c2060f7b sysusers: make ADD_GROUP always create a group
Do not merge group creation with user creation because with the
new uid:gid syntax this can result in confusing (and unwanted)
behavior.
2018-01-25 12:51:06 +01:00
Michael Vogt
1e589ed264 test: add TEST-21-SYSUSERS test
This test tests the systemd-sysuser binary via the --root=$TESTDIR
option and ensures that for the given inputs the expected passwd
and group files will be generated.
2018-01-25 12:51:00 +01:00
Jonathan Rudenberg
2bd37c5be2 fuzz: add DHCP server fuzzer 2018-01-19 21:48:14 -05:00
Jonathan Rudenberg
8137e92dbe test: add regression test for oss-fuzz issue 5465
Fixed in #7923
2018-01-20 09:07:24 +11:00
Jonathan Rudenberg
118452ade6 test: add regression test for #7888 2018-01-20 09:07:14 +11:00
Lennart Poettering
db256aab13 core: be stricter when handling PID files and MAINPID sd_notify() messages
Let's be more restrictive when validating PID files and MAINPID=
messages: don't accept PIDs that make no sense, and if the configuration
source is not trusted, don't accept out-of-cgroup PIDs. A configuratin
source is considered trusted when the PID file is owned by root, or the
message was received from root.

This should lock things down a bit, in case service authors write out
PID files from unprivileged code or use NotifyAccess=all with
unprivileged code. Note that doing so was always problematic, just now
it's a bit less problematic.

When we open the PID file we'll now use the CHASE_SAFE chase_symlinks()
logic, to ensure that we won't follow an unpriviled-owned symlink to a
privileged-owned file thinking this was a valid privileged PID file,
even though it really isn't.

Fixes: #6632
2018-01-11 15:12:16 +01:00
bleep_blop
7629744a3d separate flags from shebang 2017-12-25 19:48:49 +01:00
Jörg Thalheim
2a5fcfae02 more portable perl shebangs (#7701)
same motivation as in #5816:

- distributions have scripts to rewrite shebangs on installation and
  they know what locations to rely on.
- For tests/compilation we should rather rely on the user to have setup
  there PATH correctly.
2017-12-19 11:13:34 +01:00
Lennart Poettering
c4b0c4599d test: fix TEST-13-NSPAWN-SMOKE
We need to specify a full path to the "ip" binary and busybox "ip" has a
slightly different output than the normal ip, and won't show "DOWN".
hence instead ensure that at lest not "UP" is in there.
2017-12-15 20:51:55 +01:00
Lennart Poettering
3d710b0440 test: make sure "make" in the test directories works again
Fixes: #7648
2017-12-15 19:48:08 +01:00
Zbigniew Jędrzejewski-Szmek
bdd2bbc445
Merge pull request #7469 from kinvolk/dongsu/nspawn-netns
nspawn: introduce an option for specifying network namespace path
2017-12-14 22:47:57 +01:00
Iago López Galeiras
f3d33947ea test: add smoke tests for --network-namespace-path
We create net ns with `ip netns`, pass the created ns to nspawn and
check the loopback interface is DOWN.
2017-12-14 17:34:26 +01:00
Daniel Black
a327431bd1 core: add EXTEND_TIMEOUT_USEC={usec} - prevent timeouts in startup/runtime/shutdown (#7214)
With Type=notify services, EXTEND_TIMEOUT_USEC= messages will delay any startup/
runtime/shutdown timeouts.

A service that hasn't timed out, i.e, start time < TimeStartSec,
runtime < RuntimeMaxSec and stop time < TimeoutStopSec, may by sending
EXTEND_TIMEOUT_USEC=, allow the service to continue beyond the limit for
the execution phase (i.e TimeStartSec, RunTimeMaxSec and TimeoutStopSec).

EXTEND_TIMEOUT_USEC= must continue to be sent (in the same way as
WATCHDOG=1) within the time interval specified to continue to reprevent
the timeout from occuring.

Watchdog timeouts are also extended if a EXTEND_TIMEOUT_USEC is greater
than the remaining time on the watchdog counter.

Fixes #5868.
2017-12-14 12:17:43 +01:00
Dongsu Park
25fd814316 test: add CLI smoke tests for --network-namespace-path of nspawn
Since the new option `--network-namespace-path=` of systemd-nspawn
cannot be used together with other network-related options, we need
to add more smoke tests for checking these conditions of options.
2017-12-13 10:21:06 +00:00
Lennart Poettering
ea781d0dd8
Merge pull request #7554 from keszybz/autodetect-build
Autodetect build directory ignoring mkosi artefacts
2017-12-07 09:07:40 +01:00
Zbigniew Jędrzejewski-Szmek
2535f23dd8 run-integration-test: allow argument to be overriden
This is useful for "sudo test/run-integration-tests.sh clean".
2017-12-06 15:16:55 +01:00
Zbigniew Jędrzejewski-Szmek
ded65775a2 tests: try to autodetect directory better
Ignore mkosi.builddir. In the future we can also add other patterns
if necessary.

run-intergration-tests.sh is updated to use the new script, and modified
to work from arbitrary directory.

Follow-up for #7494.
2017-12-06 15:16:35 +01:00
Lennart Poettering
66d73cc728 test-execute: use the "nogroup" group if it exists for testing
We currently look for "nobody" and "nfsnobody" when testing groups, both
of which do not exist on Ubuntu, our main testing environment. Let's
extend the tests slightly to also use "nogroup" if it exists.
2017-12-06 13:40:50 +01:00
Yu Watanabe
4e79aeaa65 test-execute: add tests for CPUAffinity= 2017-12-06 10:44:20 +09:00
Zbigniew Jędrzejewski-Szmek
11d0f6cb67
Merge pull request #7532 from yuwata/test-execute
test-execute: add test for that DynamicUser= migrates StateDirectory=
2017-12-05 21:43:14 +01:00