1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-22 17:35:35 +03:00
Commit Graph

2056 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek
ffa328f060 tests: make inverted tests actually count
"! test ..." does not cause the script to fail, even with set -e.
IIUC, bash treats this command as part of an expression line, as it
would if 'test ... && ...' was used. Failing expression lines do not
terminate the script.

This fixes the obvious cases by changing '! test' → 'test !'.
Then the inversion happens internally in test and bash will propagate
the failure.
2021-04-08 11:45:59 +02:00
Zbigniew Jędrzejewski-Szmek
1672be8602 TEST-22-TMPFILES: add reproducer for bug with X 2021-04-08 11:01:29 +02:00
Zbigniew Jędrzejewski-Szmek
71d1e58309 core: fix memleak of ipc_namespace_path
Fixup for a70581ffb5.
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32991
2021-04-07 22:12:50 +01:00
Frantisek Sumsal
34fde9f898 test: check if the unit file fuzzer corpora is up to date
This follows a similar pattern we already have in place for
networkd-related directives.
2021-04-05 14:41:05 +01:00
Frantisek Sumsal
080a602771 fuzzer: add a test case for #19178 2021-04-03 10:38:06 +01:00
Luca Boccassi
907952bbc9 portabled: add --extension parameter for layered images support
Add an --extension parameter to portablectl, and new DBUS methods
to attach/detach/reattach/inspect.
Allows to append separate images on top of the root directory (os-release
will be searched in there) and mount the images using an overlay-like
setup (unit files will be searched in there) using the new ExtensionImages
service option.
2021-03-31 09:56:44 +01:00
Zbigniew Jędrzejewski-Szmek
a2dc3adef2
Merge pull request #18990 from yuwata/network-dhcpv6-use-domains
network: also introduce UseDomains= for [DHCPv6] section
2021-03-31 10:38:37 +02:00
Zbigniew Jędrzejewski-Szmek
b880ac2c15
Merge pull request #18958 from poettering/dissect-no-root
dissect-image: support images without rootfs but with /usr partition + support simple partition versioning via strverscmp() on part label
2021-03-31 10:31:32 +02:00
Henri Chain
cb0e818f7c Introduce ExitType 2021-03-31 10:26:07 +02:00
Zbigniew Jędrzejewski-Szmek
129cb6e249 shared/calendarspec: when mktime() moves us backwards, jump forward
When trying to calculate the next firing of 'Sun *-*-* 01:00:00', we'd fall
into an infinite loop, because mktime() moves us "backwards":

Before this patch:
tm_within_bounds: good=0 2021-03-29 01:00:00 → 2021-03-29 00:00:00
tm_within_bounds: good=0 2021-03-29 01:00:00 → 2021-03-29 00:00:00
tm_within_bounds: good=0 2021-03-29 01:00:00 → 2021-03-29 00:00:00
...

We rely on mktime() normalizing the time. The man page does not say that it'll
move the time forward, but our algorithm relies on this. So let's catch this
case explicitly.

With this patch:
$ TZ=Europe/Dublin faketime 2021-03-21 build/systemd-analyze calendar --iterations=5 'Sun *-*-* 01:00:00'
Normalized form: Sun *-*-* 01:00:00
    Next elapse: Sun 2021-03-21 01:00:00 GMT
       (in UTC): Sun 2021-03-21 01:00:00 UTC
       From now: 59min left
       Iter. #2: Sun 2021-04-04 01:00:00 IST
       (in UTC): Sun 2021-04-04 00:00:00 UTC
       From now: 1 weeks 6 days left           <---- note the 2 week jump here
       Iter. #3: Sun 2021-04-11 01:00:00 IST
       (in UTC): Sun 2021-04-11 00:00:00 UTC
       From now: 2 weeks 6 days left
       Iter. #4: Sun 2021-04-18 01:00:00 IST
       (in UTC): Sun 2021-04-18 00:00:00 UTC
       From now: 3 weeks 6 days left
       Iter. #5: Sun 2021-04-25 01:00:00 IST
       (in UTC): Sun 2021-04-25 00:00:00 UTC
       From now: 1 months 4 days left

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1941335.
2021-03-23 00:35:02 +01:00
Lennart Poettering
1474d7ac2d dissect: show partition label in table
We nowadays pick up the partition label while dissecting, let's show it
if we have it.
2021-03-16 14:57:53 +01:00
Yu Watanabe
f225a338c3 network: also introduce UseDomains= for [DHCPv6] section
When we split [DHCP] section into [DHCPv4] and [DHCPv6], UseDomains=
setting was forgot to be introduced in [DHCPv6] section.
2021-03-14 00:28:19 +09:00
Frantisek Sumsal
5acfe54e98 test: fix permissions of the ASan udev workaround
otherwise udev complains about the file being world-writable:
systemd-udevd[228]: Configuration file /etc/udev/rules.d/00-set-LD_PRELOAD.rules is marked world-writable. Please remove world writability permission bits. Proceeding anyway.

Fixes: systemd/systemd-centos-ci#354
2021-03-11 00:28:13 +09:00
Frantisek Sumsal
4b252eaa31 test: disable nss-systemd for TEST-22 under ASan
When running TEST-22 under ASan, there's a chain of events which causes
`stat` to output an extraneous ASan error message, causing following
fail:

```
+ test -d /tmp/d/1
++ stat -c %U:%G:%a /tmp/d/1
==82==ASan runtime does not come first in initial library list; you should either link runtime to your application or manually preload it with LD_PRELOAD.
+ test = daemon:daemon:755
.//usr/lib/systemd/tests/testdata/units/testsuite-22.02.sh: line 24: test: =: unary operator expected
```

This is caused by `stat` calling nss which in Arch's configuration calls
the nss-systemd module, that pulls in libasan which causes the $LD_PRELOAD
error message, since `stat` is an uninstrumented binary.

The $LD_PRELOAD variable is explicitly unset for all testsuite-* services
since it causes various issues when calling uninstrumented libraries, so
setting it globally is not an option. Another option would be to set
$LD_PRELOAD for each `stat` call, but that would unnecessarily clutter
the test code.
2021-03-10 11:59:43 +01:00
Lennart Poettering
b9dec21409
Merge pull request #18921 from yuwata/seccomp-syscallfilter-18916
seccomp: fix issue in system call filter with errno
2021-03-08 17:01:23 +01:00
Frantisek Sumsal
c335b7c3f8 test: fix the last subtest of TEST-50-DISSECT under sanitizers
Follow-up to 9f6235e1b4.
2021-03-08 14:38:49 +01:00
Yu Watanabe
a62f651b32 test: add one more test for system call filter with errno 2021-03-08 21:28:42 +09:00
Luca Boccassi
e08c40417e
Merge pull request #18911 from keszybz/coverity-inspired-fixes
Coverity inspired fixes
2021-03-07 15:12:08 +00:00
Zbigniew Jędrzejewski-Szmek
b903f16c2d TEST-15-DROPINS: improve check
https://github.com/systemd/systemd/pull/18579#discussion_r588983813
2021-03-07 12:27:55 +01:00
Frantisek Sumsal
9f6235e1b4 test: fix TEST-50-DISSECT under sanitizers
This test would normally get stuck when trying to mount the verity image
due to:

systemd-udevd[299]: dm-0: '/usr/sbin/dmsetup udevflags 6293812'(err) '==371==ASan runtime does not come first in initial library list; you should either link runtime to your application or manually preload it with LD_PRELOAD.'
systemd-udevd[299]: dm-0: Process '/usr/sbin/dmsetup udevflags 6293812' failed with exit code 1
...
systemd-udevd[299]: dm-0: '/usr/sbin/dmsetup udevcomplete 6293812'(err) '==372==ASan runtime does not come first in initial library list; you should either link runtime to your application or manually preload it with LD_PRELOAD.'
systemd-udevd[299]: dm-0: Process '/usr/sbin/dmsetup udevcomplete 6293812' failed with exit code 1.
systemd-udevd[299]: dm-0: Command "/usr/sbin/dmsetup udevcomplete 6293812" returned 1 (error), ignoring.

so let's add a simple udev rule which sets $LD_PRELOAD for the block
subsystem.

Also, install the ASan library along with necessary dependencies into
the verity minimal image, to get rid of the annoying (yet harmless)
errors about missing library from $LD_LIBRARY.
2021-03-06 22:44:00 +01:00
Frantisek Sumsal
648fd18924 test: tidy up the ASan-related stuff 2021-03-06 22:43:58 +01:00
Zbigniew Jędrzejewski-Szmek
f92d8e4446 fuzz-bus-match: add example from bugzilla#1935084
The fuzzer seems to have no trouble with this sample. It seems that the
problem reported in the bug is not caused by the match parsing code. But
let's add the sample just in case.

https://bugzilla.redhat.com/show_bug.cgi?id=1935084
2021-03-06 09:32:18 +01:00
Zbigniew Jędrzejewski-Szmek
84f11eda20 fuzz-bus-match: new fuzzer
This fuzzer is based on test-bus-match. Even the initial corpus is
derived entirely from it.

https://bugzilla.redhat.com/show_bug.cgi?id=1935084 shows an crash
in bus_match_parse(). I checked the coverage stats on oss-fuzz, and
sadly existing fuzzing did not cover this code at all.
2021-03-06 09:32:18 +01:00
Frantisek Sumsal
3b5fc147d6 test: disable at_exit LSan check for dbus.service
When running integration tests under sanitizers D-Bus fails to
shutdown cleanly, causing unnecessary noise in the logs:

```
dbus-daemon[272]: ==272==LeakSanitizer has encountered a fatal error.
dbus-daemon[272]: ==272==HINT: For debugging, try setting environment variable LSAN_OPTIONS=verbosity=1:log_threads=1
dbus-daemon[272]: ==272==HINT: LeakSanitizer does not work under ptrace (strace, gdb, etc)
```

Since we're not "sanitizing" D-Bus anyway let's disable LSan's at_exit
check for the dbus.service to get rid of this error.
2021-03-06 11:27:04 +09:00
Yu Watanabe
3509c7874b test: add test for IMPORT{program}= udev rule 2021-03-05 18:39:38 +09:00
Yu Watanabe
1ebcf47296 test: merge udev tests 2021-03-05 18:36:04 +09:00
Xℹ Ruoyao
a70581ffb5
New directives PrivateIPC and IPCNamespacePath 2021-03-04 00:04:36 +08:00
Xℹ Ruoyao
a959cd2812
fuzz: add NetworkNamespacePath= into directives.service 2021-03-04 00:04:35 +08:00
Dan Streetman
ad60f58e6e Skip TEST-50 on ubuntu ci
This test is flaky, and requires updates to the kernel to fix, so
disable it for now.

https://github.com/systemd/systemd/issues/17469
2021-03-01 11:18:57 +01:00
Zbigniew Jędrzejewski-Szmek
155d626bc6
Merge pull request #18018 from bluca/mount_images_overlay
Add ExtensionImages directive to form overlays
2021-02-25 11:31:14 +01:00
Annika Wickert
c0267a592a network: Implement B.A.T.M.A.N. Advanced interface type 2021-02-25 01:57:29 +09:00
Luca Boccassi
04153c4509 test: skip TEST-56-OOMD if systemd-oomd is not installed
Fixes #18775
2021-02-24 15:02:07 +01:00
Luca Boccassi
93f597013a Add ExtensionImages directive to form overlays
Add support for overlaying images for services on top of their
root fs, using a read-only overlay.
2021-02-23 15:34:46 +00:00
Yu Watanabe
9947c7bad1 test-network: add tests for dropping unnecessary nexthops 2021-02-23 22:48:12 +09:00
Yu Watanabe
69a91c704e test-network: add tests for Blackhole= setting in [NextHop] section 2021-02-23 02:21:35 +09:00
Yu Watanabe
30f1083709 network: nexthop: add Blackhole= setting in [NextHop] section
As similar to unreachable type routes, blackhole nexthops do not have
NHA_OID attribute, so they are managed by Manager.
2021-02-23 02:21:17 +09:00
Zbigniew Jędrzejewski-Szmek
5735ab0979 fuzz-systemctl-parse-argv: add "telinit" to the argv[0] list 2021-02-22 14:22:07 +00:00
Yu Watanabe
84d32bf59b test-network: test wireguard peer in drop-in config
Closes #18241.
2021-02-22 21:33:36 +09:00
Yu Watanabe
e2d9bc5cfd test-network: add a test for OnLink= in [NextHop] section 2021-02-21 05:16:27 +09:00
Yu Watanabe
2ddd52d1e2 network: nexthop: add OnLink= setting 2021-02-21 05:16:23 +09:00
Yu Watanabe
045db4fa0d test-network: add tests for Broadcast= with boolean settings 2021-02-20 14:23:07 +09:00
Yu Watanabe
7f37ecf7e5
Merge pull request #18699 from yuwata/network-route-add-nexthop-setting
network: add NextHop= setting in [Route] section
2021-02-20 14:17:17 +09:00
Zbigniew Jędrzejewski-Szmek
5800f0fc68 basic/alloc-util: also reset the cleaned-up variable in freep()
freep() has it's own definition, so I missed it in fd421c4adc.

Again, there is a small growth, but the compiler should be able to optimize it away:
-Dbuildtype=debug:

-rwxrwxr-x 1 zbyszek zbyszek 4106816 Feb 19 12:52 build/libsystemd.so.0.30.0
-rwxrwxr-x 1 zbyszek zbyszek 7492952 Feb 19 12:52 build/src/shared/libsystemd-shared-247.so
-rwxrwxr-x 1 zbyszek zbyszek 4472624 Feb 19 12:53 build/systemd

-rwxrwxr-x 1 zbyszek zbyszek 4107056 Feb 19 13:03 build/libsystemd.so.0.30.0
-rwxrwxr-x 1 zbyszek zbyszek 7493480 Feb 19 13:03 build/src/shared/libsystemd-shared-247.so
-rwxrwxr-x 1 zbyszek zbyszek 4472760 Feb 19 13:03 build/systemd

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31055.
2021-02-19 15:25:16 +01:00
Yu Watanabe
cee0f719d8 test-network: add tests for NextHop= setting in [Route] 2021-02-19 22:42:39 +09:00
Yu Watanabe
324e342219 network: add NextHop= setting in [Route] section 2021-02-19 22:42:39 +09:00
Yu Watanabe
38ba3da0a1 network: rename UseFQDN= -> UseHostname=
Prompted by
https://github.com/systemd/systemd/pull/18543#issuecomment-780798451.
2021-02-18 21:47:37 +01:00
Lennart Poettering
489344f24b networkd-test: reenable dnssec while testing
We need to list the synthesized domains as NTAs, otherwise the DNSSEC
validation of course cannot succeed.

Fixes: #10487 #5029
2021-02-18 14:12:42 +00:00
Susant Sahani
d75bf6cfe2 network: Add "route_localnet" sysctl support 2021-02-18 21:04:17 +09:00
Lennart Poettering
dc288ffeab
Merge pull request #18596 from keszybz/systemctl-quiet-legend
systemctl: hide legends with --quiet, allow overriding
2021-02-17 23:40:04 +01:00
Zbigniew Jędrzejewski-Szmek
6906da2692 systemctl: hide legends with --quiet, allow overriding
--no-legend is replaced by --legend=no.

--quiet now implies --legend=no, but --legend=yes may be used to override that.
--quiet controls hints and warnings and such, and --legend controls just the
legends. I think it makes sense to allow both to controlled independently, in
particular --quiet --legend makes sense when using systemctl in a script to
provide some user-visible output.

Fixes #18560.
2021-02-17 21:09:14 +01:00
Luca Boccassi
0761da386a test: avoid leaking open loop devices
When a subshell is used ('make' or 'make all') the LOOPDEV environment
variable, which is used to store the opened loop device, is lost.
So the cleanup on trap/exit doesn't do anything, and the loop
device used to mount the test image is left around.

Avoid using a subshell to fix the issue.
2021-02-17 18:55:05 +01:00
Yu Watanabe
6cd8f9b5f2 test-network: add tests for Family= in [NextHop] 2021-02-17 15:55:37 +09:00
Yu Watanabe
f1923efccb network: nexthop: introduce Family= setting in [NextHop] section
This is an alias of `Gateway=0.0.0.0` or `Gateway=::`.
2021-02-17 15:55:37 +09:00
Zbigniew Jędrzejewski-Szmek
425ac7a253 fuzz-systemctl-parse-argv: call static destuctors
With all the preparatory work in previous PRs, we can now call static destructors
repeatedly without issue. We need to do it here so that global variables allocated
during parsing are properly freed.
2021-02-16 17:15:11 +01:00
Lennart Poettering
83ce3b1944
Merge pull request #18579 from keszybz/fix-fragment-id-crash
Fix fragment id crash
2021-02-15 23:35:25 +01:00
Luca Boccassi
79dbbb261d
Merge pull request #18593 from keszybz/fuzz-more-systemctl-paths
Fuzz more systemctl paths
2021-02-15 19:13:58 +00:00
Luca Boccassi
7eba0c50f5 test: install binaries from local d/control file
The source package in the apt cache might be older than the
packaging from salsa.debian.org/systemd-team/systemd so it might not
list all the current binary packages.
This is currently the case for systemd-timesyncd, so TEST-30 fails.

Simply grep the control file rather than using apt-cache when iterating
over the packages contents.
2021-02-15 10:17:39 +01:00
Zbigniew Jędrzejewski-Szmek
860f154fa3 fuzz-systemctl-parse-argv: add argv[0] values to corpus 2021-02-15 10:01:38 +01:00
Zbigniew Jędrzejewski-Szmek
3b5ab02119 TEST-15-DROPINS: add test for linked units 2021-02-14 15:08:49 +01:00
Zbigniew Jędrzejewski-Szmek
b3c57df0f5
Merge pull request #18401 from anitazha/oomdxattr
oomd: implement avoid/omit support for cgroups
2021-02-13 10:00:31 +01:00
Anita Zhang
4e806bfa9f oom: add unit file settings for oomd avoid/omit xattrs 2021-02-12 12:45:36 -08:00
Yu Watanabe
4a70450104 test-network: merge test_address_static and test_address_preferred_lifetime_zero_ipv6 2021-02-12 23:09:21 +09:00
Vinnie Magro
f963f8953d networkd: add UseFQDN option for DHCPv6
Similar to DHCPv4's UseHostname option, add a UseFQDN config option in
[DHCPv6] to set the system's transient hostname if the FQDN option is
set in the DHCPv6 response from the server.
2021-02-11 13:30:04 +09:00
Luca Boccassi
e26fe5f911 portable: add 'reattach' verb and DBUS interface
Add 'reattach' verb to portablectl, and corresponding DBUS interface
to systemd-portabled.
Takes the same parameters as 'attach', but it will do a 'detach' (and
it will refuse to proceed if it cannot be done) first, matching on
the unversioned prefix of the new image. Eg:

portablectl reattach /tmp/foo_2.raw

will cause foo_1.raw to be detached, and foo_2.raw to be attached.

The key difference with a manual 'detach old' plus 'attach new' is that
the running units are not disturbed until after the attach completed,
and if --now is passed they are then restarted.
A 'detach' is not allowed normally if the units are running.

By using a restart-after-deploy method, 'reattach' allows for minimal
interruption of service and also for features that only work on restart
(eg: file descriptor store) to work as intended.

The DBUS interface returns two lists: first the removals from the detach
that were not immediately re-added in the attach, so that the caller
can stop the relevant units, and then the list of additions that are
either new or updates, so that the caller can restart/enable the
relevant units. portablectl already implements this with the existing
--now/--enable switches.
2021-02-10 19:07:36 +00:00
Luca Boccassi
8b535f3aac test: setup var/tmp in the test image as well 2021-02-10 18:54:12 +00:00
Luca Boccassi
e763342091 test: add empty /etc/resolv.conf in test image
Portable services have a BindPath pointing to it, so it needs to
be available in the image
2021-02-10 18:54:12 +00:00
Luca Boccassi
9785c44dd8 test-50-dissect: move minimal image setup to common setup function
So that it can be re-used for other tests by simply setting
TEST_INSTALL_VERITY_MINIMAL=1 in test.sh, without having to
replicate the setup commands.
2021-02-10 18:54:12 +00:00
Frantisek Sumsal
2de908aead test: count call instructions as well
Binaries on the latest Arch Linux use `call` instructions instead of
`callq`, which breaks the ASan detection and eventually the image
building process (due to insufficient space).
2021-02-10 20:20:31 +03:00
Yu Watanabe
9a67c080b0
Merge pull request #18506 from keszybz/fuzz-systemctl-parse-argv
Fuzzer for systemctl argline parsing
2021-02-11 00:29:22 +09:00
Zbigniew Jędrzejewski-Szmek
5fd8782328 fuzz-systemctl-parse-argv: a new fuzzer
Does what the name suggests. Obviously inspired by sudoers, but note that
our tools are not supposed to be installed suid, so there is no privilege
boundary to cross here.
2021-02-09 14:11:42 +01:00
Yu Watanabe
beb75dd31d test-network: support protocol and linkdown flag for ff00::/8 route
Fixes #18507.
2021-02-09 12:25:27 +01:00
Anita Zhang
59331b8e29 oom: implement avoid/omit xattr support
There may be situations where a cgroup should be protected from killing
or deprioritized as a candidate. In FB oomd xattrs are used to bias oomd
away from supervisor cgroups and towards worker cgroups in container
tasks. On desktops this can be used to protect important units with
unpredictable resource consumption.

The patch allows systemd-oomd to understand 2 xattrs:
"user.oomd_avoid" and "user.oomd_omit". If systemd-oomd sees these
xattrs set to 1 on a candidate cgroup (i.e. while attempting to kill something)
AND the cgroup is owned by root, it will either deprioritize the cgroup as
a candidate (avoid) or remove it completely as a candidate (omit).

Usage is restricted to root owned cgroups to prevent situations where an
unprivileged user can set their own cgroups lower in the kill priority than
another user's (and prevent them from omitting their units from
systemd-oomd killing).
2021-02-09 02:27:40 -08:00
Frantisek Sumsal
01da74243d test: add a custom SELinux file context
Since the test suite overhaul, the test units are now under
/usr/lib/systemd/tests/testdata/tetsuite-06.units with
system_u:object_r:lib_t context. This causes an AVC denial, since the
systemd unit files are expected to have the
system_u:object_r:systemd_unit_file_t context. Let's fix this by using a
custom file context definition.
2021-02-05 17:08:58 +01:00
Frantisek Sumsal
cd2d8fea14 test: clean the module build dir before compiling it
otherwise the module won't compile & load after autorelabel reboot,
since the target is already built.
2021-02-05 16:57:30 +01:00
Zbigniew Jędrzejewski-Szmek
3d0112878f
Merge pull request #18444 from anitazha/proprename
oom: parse properties with 1/10000 precision instead of 1/100
2021-02-04 12:53:10 +01:00
Yu Watanabe
0fb613000d test-network: disable NDISC on veth-peer
This should speed the tests up.
2021-02-03 22:09:07 +00:00
Yu Watanabe
face9fcc16 network,udev: move TransmitQueues=/ReceiveQueues= from .network to .link
As the settings are mostly hardware setup, and merely see from network
layer.

See also discussions in
https://github.com/systemd/systemd/pull/18170#issuecomment-758807497
https://github.com/orgs/systemd/teams/systemd/discussions/1
2021-02-03 14:44:51 +09:00
Yu Watanabe
1f8dc96c06 udev: rename TxQueueLength= -> TransmitQueueLength=
As we usually (unfortunately not always though) do not use abbreviations.

Tx may be standard abbreviation, but we already have e.g.
TransmitChecksumOffload=. So, let's use Transmit instead of Tx.

Follow-up for ef4a91a7e8.
2021-02-03 14:43:49 +09:00
Anita Zhang
0a9f93443b oom: rework *MemoryPressureLimit= properties to have 1/10000 precision
Requested in
https://github.com/systemd/systemd/pull/15206#discussion_r505506657,
preserve the full granularity for memory pressure limits (permyriad)
instead of capping out at percent.
2021-02-02 17:52:48 -08:00
Zbigniew Jędrzejewski-Szmek
0c3c9a4096
Merge pull request #18395 from bluca/make_docs_img_clean
Add Python 3.7 compat in update-dbus-docs and fix regression in integration tests 'make clean'
2021-01-29 14:07:54 +01:00
Topi Miettinen
ddc155b2fd New directives NoExecPaths= ExecPaths=
Implement directives `NoExecPaths=` and `ExecPaths=` to control `MS_NOEXEC`
mount flag for the file system tree. This can be used to implement file system
W^X policies, and for example with allow-listing mode (NoExecPaths=/) a
compromised service would not be able to execute a shell, if that was not
explicitly allowed.

Example:
[Service]
NoExecPaths=/
ExecPaths=/usr/bin/daemon /usr/lib64 /usr/lib

Closes: #17942.
2021-01-29 12:40:52 +00:00
Luca Boccassi
21be71eefb test: fix 'make clean' not removing shared image 2021-01-29 09:56:45 +00:00
Zbigniew Jędrzejewski-Szmek
e798ffef82
Merge pull request #18340 from ddstreet/integration-tests-no-build
allow test/run-integration-tests.sh to work without a local build
2021-01-27 08:23:38 +01:00
Yu Watanabe
37baf8db56
Merge pull request #18380 from yuwata/test-network-ipv6-proxy-ndp
test-network: add tests for IPv6ProxyNDPAddress=
2021-01-27 10:47:36 +09:00
Dan Streetman
59b8cb3c45 test/TEST-01-BASIC: also install testsuite.target
This test doesn't require the tests to be installed, so it must manually
install required test services and targets itself, including the default
target of testsuite.target

Also use $TEST_UNITS_DIR which is set by test-functions instead of
calculating the path
2021-01-26 17:38:23 -05:00
Dan Streetman
b3e4340664 test/run-integration-tests.sh: adjust arg processing
The script currently parses either 'clean' or 'clean-again' as wanting
to clean both before and after running tests. This fixes that to split
the action up; clean runs before tests, clean-again after; and also
verifies the parameter(s) before passing them to make.
2021-01-26 17:36:53 -05:00
Dan Streetman
232add5c47 test: allow run-integration-tests.sh to run without build 2021-01-26 17:09:48 -05:00
Dan Streetman
8fa038085e test/test-functions: allow installing systemd files from local system
Add NO_BUILD var to allow testing with no local build, by installing
local systemd files into the image.

This only works for debian-like distros currently, that use the
tools 'apt' and 'dpkg' for package management.
2021-01-26 17:09:48 -05:00
Dan Streetman
12d31e4ea5 test: find $BUILD_DIR in test-functions, remove from other scripts
The $BUILD_DIR is only used in test-functions, and doesn't need to
be specified in any other scripts. Additionally, to be able to allow
the integration test suite to be run against locally installed binaries,
instead of built binaries, moving BUILD_DIR logic completely into
test-functions allows later patches to be simpler.
2021-01-26 17:09:48 -05:00
Dan Streetman
42f3b48c97 test/test-functions: add variables for several dir locations 2021-01-26 17:09:39 -05:00
Dan Streetman
1918406900 test/test-functions: move var assignment
This makes no code change, only moves a small block of vars higher in the
file. This makes the next commit a bit easier to read.
2021-01-26 16:05:49 -05:00
Dan Streetman
4326586be2 test: remove unused 'basedir' var from integration test makefiles 2021-01-26 16:05:49 -05:00
Yu Watanabe
f0d87798ea test-network: retry several times if expected LLDP info is not obtained
As LLDP thing does not get involved in the link status, `networkctl lldp`
may not provide an expected information even if the link is in
'configured' state.

Fixes #17360.
2021-01-26 18:48:44 +01:00
Yu Watanabe
cff0cadcac test-network: add tests for IPv6ProxyNDPAddress= 2021-01-27 01:28:28 +09:00
Zbigniew Jędrzejewski-Szmek
6dcf299d9b
Merge pull request #18363 from bluca/test_image_reuse
tests: build the image once and then copy/extend it
2021-01-25 09:25:56 +01:00
Luca Boccassi
d9e606e89f tests: build the image once and then copy/extend it
Building custom images for each test takes a lot of time.
Build the default one, and if the test needs incompatible changes
just copy it and extend it instead.
2021-01-24 13:07:39 +00:00
Luca Boccassi
74eec54d66 test: note where the bionic-* CI tool/integration lives 2021-01-24 12:03:53 +00:00
Anita Zhang
2e744a2cd8 oom: update extended test to remove swap gating 2021-01-24 02:03:59 -08:00
Anita Zhang
c20aa7b171 oom: make memory pressure duration configurable through oomd.conf 2021-01-24 01:59:03 -08:00
Luca Boccassi
95457dc13c
Merge pull request #18302 from bluca/mount_image_runtime
systemctl/core: add DBUS method to mount images without service restart
2021-01-22 17:49:11 +00:00