IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
msan doesn't understand sscanf with %ms, so it falsely reports unitialized
memory. Using sscanf with %ms is quite convenient in
socket_address_parse_netlink(), so let's just not run the fuzzer for
ListenNetlink= at all for now. If msan is fixed, we can remove this.
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6884
The orignal reproducer from oss-fuzz depends on the hostname (via %H and %c).
The hostname needs a dash for msan to report this, so a simpler case from
@evverx with the dash hardcoded is also added.
The issue is a false positive from msan, which does not instruct stpncpy
(https://github.com/google/sanitizers/issues/926). Let's add a work-around
until this is fixed.
We have only three bits of space, i.e. 8 possible classes. Immediately reject
anything outside of that range. Add the fuzzer test case and an additional
unit test.
oss-fuzz #6908.
We probably should allow very deep calls of our recursive functions. Let's add
a limit to avoid resource exhaustion. 240 is 10 per hour (if somebody is using
this for time based triggers...), so it should be more than enough for most use
cases, and is conveniently below the 250 stack limit in msan.
oss-fuzz #6917.
Also fix one case where the presence of a newline was used to generate
an invalid environment assignment.
Tested: with mkosi, which builds the local tree and run ninja tests.
gmtime_r() will return NULL in that case, and we would crash.
I committed the reproducer case in fuzz-regressions/, even though we don't have
ubsan hooked up yet. Let's add it anyway in case it is useful in the future. We
actually crash anyway when compiled with asserts, so this can be easily
reproduced without ubsan.
oss-fuzz #6886.
This seems to be a false positive in msan:
https://github.com/google/sanitizers/issues/767.
I don't see anything wrong with the code either, and valgrind does not see the
issue. Anyway, let's add the test case.
We don't have msan hooked up yet, but hopefully we'll in the future.
oss-fuzz #6884.
We currently have just one sanitizer for tests, asan, but we may add more in
the future. So let's keep the loop over the sanitizers in meson.build, but
just enable all regression cases under all sanitizers. If it fails under one
of them, it might fail under a different one.
In subsequent commits I'll add test cases which might not fail under asan,
but it's good to commit them for future use.
The test names are made more verbose:
256/257 fuzz-dns-packet:oss-fuzz-5465:address OK 0.04 s
257/257 fuzz-dns-packet:issue-7888:address OK 0.03 s
The unit files for test-execute are named like
`exec-(setting-name-in-lower-character)-(optional-text).service`.
However, test units for AmbientCapabilities= are not following this.
So, let's rename them for the consistency.
This does not change anything in the functionality of the test.
This PR implements the first part of RFE #8046. I.e. this allows to
write:
```
u username -:300
```
Where the uid is chosen automatically but the gid is fixed.
The nobody user/group may not synthesized by systemd.
To run tests the functionalities in such situation, this adds tests
by user/group by daemon, as it is expected to exists all environments.
A runaway string should still be returned by the code that splits on
commas, so add a '?' to the regex so that the last '"?' in a string
still produces a valid block for the split code.
Tested:
ACTION=="remove\"GOTO=""
Which then produced:
$ test/rule-syntax-check.py src/login/70-uaccess.rules
# looking at src/login/70-uaccess.rules
Invalid line src/login/70-uaccess.rules:10: ACTION=="remove\"GOTO=""
clause: ACTION=="remove\"GOTO=""
Using a regex to match the groups is smarter than the split(',') that
would break in those cases.
Tested:
SUBSYSTEM=="usb", ENV{ID_USB_INTERFACES}=="*:060101:*,*:070202:*", TAG+="uaccess"
Rule checker doesn't break there after this commit.
Add support to backslash-escaped double quote inside a string.
Tested by modifying src/login/70-uaccess.rules to include:
ACTION=="remove" it", GOTO="uaccess_end"
And had the rule checker complain about it:
$ test/rule-syntax-check.py src/login/70-uaccess.rules
# looking at src/login/70-uaccess.rules
Invalid line src/login/70-uaccess.rules:10: ACTION=="remove" it", GOTO="uaccess_end"
clause: ACTION=="remove" it"
This is true since commit 7e760b79ad.
Note that the changes in the regex expressions relies on the fact that the
script assumes that the comma separator is mandatory.
Add a comment in the script to clarify this.
In udev man page, "PROGRAM" key is part of the keys which are used for
matching purposes so it should only be used with the compare operator "==".
Actually it doesn't really make sense to assign it a value.
udev code allows both "=" and "==" for PROGRAM and both are handled the same
way but for consistencies it's better to have only the compare operator allowed
by the rule syntax checker.
No rules shipped by systemd use PROGRAM key so nothing need to be changed in
our rule files.
`nobody` is a special user, whose credentials should be extracted with
`get_user_creds`. `getpwnam` called in `test-udev.pl` is a bit different,
which causes the test to fail with the following error:
```
device '/devices/pci0000:00/0000:00:1f.2/host0/target0:0:0/0:0:0:0/block/sda' expecting node/link 'node'
expected permissions are: nobody::0600
created permissions are : 65534:0:0600
permissions: error
add: ok
remove: ok
```
The ideal fix would probably be to implement `get_user_creds` in Perl, but in this
PR the issue is simply got around by using `daemon` instead of `nobody`.
Closes https://github.com/systemd/systemd/issues/8196.
Followed PEP8 and PEP3101 rules (#8079)
Imports re-ordered by Alphabetical Standarts for following PEP8
Old type string formattings (" example %s " % exampleVar ) re-writed as new type string
formattings ( " example {} ".format(exampleVar) ) for following PEP3101
On Debian/Ubuntu systems the default passwd/group files use a
slightly strange mapping. E.g. in passwd:
```
man❌6:12::/var/cache/man:/sbin/nologin
```
and in group:
```
disk❌6:
man❌12:
```
This is not supported in systemd-sysusers right now because
sysusers will not re-use an existing uid/gid in its normal
mode of operation. Unfortunately this reuse is needed to
replicate the default Debian/Ubuntu users/groups.
This commit enforces reuse when the "uid:gid" syntax is used
to fix this.
I also added a test that replicates the Debian base-passwd
passwd/group file to ensure things are ok.
This is a bit painful because a separate build of systemd is necessary. The
tests are guarded by tests!=false and slow-tests==true. Running them is not
slow, but compilation certainly is. If this proves unwieldy, we can add a
separate option controlling those builds later.
The build for each sanitizer has its own directory, and we build all fuzzer
tests there, and then pull them out one-by-one by linking into the target
position as necessary. It would be nicer to just build the desired fuzzer, but
we need to build the whole nested build as one unit.
[I also tried making systemd and nested meson subproject. This would work
nicely, but meson does not allow that because the nested target names are the
same as the outer project names. If that is ever fixed, that would be the way
to go.]
v2:
- make sure things still work if memory sanitizer is not available
v3:
- switch to syntax which works with meson 0.42.1 found in Ubuntu
This test tests the systemd-sysuser binary via the --root=$TESTDIR
option and ensures that for the given inputs the expected passwd
and group files will be generated.
Let's be more restrictive when validating PID files and MAINPID=
messages: don't accept PIDs that make no sense, and if the configuration
source is not trusted, don't accept out-of-cgroup PIDs. A configuratin
source is considered trusted when the PID file is owned by root, or the
message was received from root.
This should lock things down a bit, in case service authors write out
PID files from unprivileged code or use NotifyAccess=all with
unprivileged code. Note that doing so was always problematic, just now
it's a bit less problematic.
When we open the PID file we'll now use the CHASE_SAFE chase_symlinks()
logic, to ensure that we won't follow an unpriviled-owned symlink to a
privileged-owned file thinking this was a valid privileged PID file,
even though it really isn't.
Fixes: #6632
same motivation as in #5816:
- distributions have scripts to rewrite shebangs on installation and
they know what locations to rely on.
- For tests/compilation we should rather rely on the user to have setup
there PATH correctly.
We need to specify a full path to the "ip" binary and busybox "ip" has a
slightly different output than the normal ip, and won't show "DOWN".
hence instead ensure that at lest not "UP" is in there.
With Type=notify services, EXTEND_TIMEOUT_USEC= messages will delay any startup/
runtime/shutdown timeouts.
A service that hasn't timed out, i.e, start time < TimeStartSec,
runtime < RuntimeMaxSec and stop time < TimeoutStopSec, may by sending
EXTEND_TIMEOUT_USEC=, allow the service to continue beyond the limit for
the execution phase (i.e TimeStartSec, RunTimeMaxSec and TimeoutStopSec).
EXTEND_TIMEOUT_USEC= must continue to be sent (in the same way as
WATCHDOG=1) within the time interval specified to continue to reprevent
the timeout from occuring.
Watchdog timeouts are also extended if a EXTEND_TIMEOUT_USEC is greater
than the remaining time on the watchdog counter.
Fixes#5868.
Since the new option `--network-namespace-path=` of systemd-nspawn
cannot be used together with other network-related options, we need
to add more smoke tests for checking these conditions of options.
Ignore mkosi.builddir. In the future we can also add other patterns
if necessary.
run-intergration-tests.sh is updated to use the new script, and modified
to work from arbitrary directory.
Follow-up for #7494.
We currently look for "nobody" and "nfsnobody" when testing groups, both
of which do not exist on Ubuntu, our main testing environment. Let's
extend the tests slightly to also use "nogroup" if it exists.
Apparently there are a myriad of netcat implementations around, and they
all behave slightly differently. The one I have on my Fedora 27
installation will cause a failure when invoked as "nc -U" on an AF_UNIX
socket whose connections are immediately disconnected, thus causing the
test to fail.
Let's avoid all ambiguities in this regard, and drop usage of netcat
altoegther. Instead let's use a FIFO in the file system, which we can
connect to with only shell commands, and is hence much simpler and
more reliable to test with.
The actual test is supposed to validate that PID 1 doesn't hang when
activation of a socket-activated service fails, hence which transport
mechanism is used ultimately doesn't matter, as long as we activate the
service, and we do here...
These tests check the stderr. So, if the systemd.log_level=debug
is set in the kernel command line, then these tests fail.
This set log_level to info in hwdb-test.sh and meson-check-help.sh,
the kernel command line not to change the output of the target
programs.
Fixes#7362.
This test runs on the unified hierarchy, and ensures that cgroup
delegation works properly, i.e. writ access is granted and the requested
controllers are enabled.
So far I avoided adding license headers to meson files, but they are pretty
big and important and should carry license headers like everything else.
I added my own copyright, even though other people modified those files too.
But this is mostly symbolic, so I hope that's OK.
This option allows restricting the shown fields in the output modes that
would normally show all fields. It allows clients that are only
interested in a subset of the fields to access those more efficiently.
Also, it makes the resulting size of the output more predictable.
It has no effect on the various `short` output modes, because those
already only show a subset of the fields.
The configuration option was called -Dresolve, but the internal define
was …RESOLVED. This options governs more than just resolved itself, so
let's settle on the version without "d".
The advantage is that is the name is mispellt, cpp will warn us.
$ git grep -Ee "conf.set\('(HAVE|ENABLE)_" -l|xargs sed -r -i "s/conf.set\('(HAVE|ENABLE)_/conf.set10('\1_/"
$ git grep -Ee '#ifn?def (HAVE|ENABLE)' -l|xargs sed -r -i 's/#ifdef (HAVE|ENABLE)/#if \1/; s/#ifndef (HAVE|ENABLE)/#if ! \1/;'
$ git grep -Ee 'if.*defined\(HAVE' -l|xargs sed -i -r 's/defined\((HAVE_[A-Z0-9_]*)\)/\1/g'
$ git grep -Ee 'if.*defined\(ENABLE' -l|xargs sed -i -r 's/defined\((ENABLE_[A-Z0-9_]*)\)/\1/g'
+ manual changes to meson.build
squash! build-sys: use #if Y instead of #ifdef Y everywhere
v2:
- fix incorrect setting of HAVE_LIBIDN2
Also, tests for DynamicUser= should really run for system mode, as we
allocate from a system resource.
(This also increases the test timeout to 2min. If one of our tests
really hangs then waiting for 2min longer doesn't hurt either. The old
2s is really short, given that we run in potentially slow VM
environments for this test. This becomes noticable when the slow "find"
command this adds is triggered)
The script wasn't apparently used since the switch to meson, because
it required the sys subdirectory to be present in the same subdirectory
where the output script is located.
Let's use f-strings to make the whole thing more readable. Add some
extra checks.
This is primarly useful to support escaped double quotes in PROGRAM or
IMPORT{program} directives.
The only possibilty before this patch was to use an external shell script but
this seems too cumbersome for trivial logics such as
PROGRAM=="/bin/sh -c 'FOO=\"%s{model}\"; echo ${FOO:0:4}'"
or any similar shell constructs that needs to deals with patterns including
whitespaces.
As it's the case for single quote and for directives running a program, words
within escaped double quotes will be considered as a single argument.
Fixes: #6835
This variable is not set by meson, so let's not try to use it.
We could use some more elaborate scheme (e.g. based on $MESON_BUILD_ROOT and
$MESON_SUBDIR) to find the path to systemd-sysv-generator, but it seems
that plain ./systemd-sysv-generator works just as well and has the advantage
that it's easy to invoke the test by hand (as long as one cd's to the
meson build dir).
This commit fixes crash described in
https://github.com/systemd/systemd/issues/6533
Multiple ExecStart lines are allowed only for oneshot services
anyway so it doesn't make sense to call service_run_next_main() with
services of type other than SERVICE_ONESHOT.
Referring back to reproducer from the issue, previously we didn't observe
this problem because s->main_command was reset after daemon-reload hence
we never reached the assert statement in service_run_next_main().
Fixes#6533
This catches errors like "ninja not found", missing programs etc. early,
instead of silently ignoring them and trying to boot a broken VM.
In install_config_files(), allow some distro specific files to be absent
(such as /etc/sysconfig/init).
All test/TEST* but TEST-02-CRYPTSETUP share the same check_result_qemu()
and test_cleanup(), so move them into test_functions and only override
them in TEST-02-CRYPTSETUP.
Also provide a common test_run() which by default assumes that both QEMU
and nspawn tests are run. Particular tests which don't support either
need to explicitly opt out by setting $TEST_NO_{QEMU,NSPAWN}. Do it this
way around to avoid accidentally forgetting to opt in, and to encourage
test authors to at least always support nspawn.
Automatic rebuilding is removed: it doesn't play well with ninja, because
ninja always writes logs, and even if nothing needs to be built, it will
make the log file owned by root. So let's just remove this, and say that
the user must always do the build first.
I'm also keeping make for the tests, because ninja doesn't play well with
sudo.
Since the build directory is arbitrary, it needs to be specified, e.g.
sudo make BUILD_DIR=/home/zbyszek/src/systemd/build1 -C test/TEST-01-BASIC/
In networkd-test.py, don't assert that the router state is "routable".
While it should eventually become that, we don't wait for it, and thus
at that point it often is "carrier" or "degrated" still. It is also not
really relevant as this only tests the "client" side interface.
generator_add_symlink() is extended to ignore EEXIST. This should be fine
for all existing callers.
There's a small difference in behaviour when adding symlinks in sysv-generator:
the message is more generic and does not include ", ignored". But creation of
symlinks shouldn't ever fail except if things are very wrong, so in practice
this shouldn't matter.
Test needed updating: os.path.exists(os.readlink(link)) only works if the link
is absolute (or if we are in the right directory). Let's just use
os.path.exists(link), which properly tests that the symlink target exists.
Using conf.set() with a boolean argument does the right thing:
either #ifdef or #undef. This means that conf.set can be used unconditionally.
Previously I used '1' as the placeholder value, and that needs to be changed to
'true' for consistency (under meson 1 cannot be used in boolean context). All
checks need to be adjusted.
This is useful on systems like NixOS, where python3 is not in
/usr/bin/python3 as well as for people using alternative ways to
install python such as virtualenv/pyenv.
The indentation for emacs'es meson-mode is added .dir-locals.
All files are reindented automatically, using the lasest meson-mode from git.
Indentation should now be fairly consistent.
This allow test-efi-disk.img to be created under meson.
The invocation of qemu is not converted yet, in particular because the
command-line used in Makefile.am is outdated.
Allow setting bridge port priority in the Bridge section of the network file,
similar to e.g. port path cost setting.
Set the default to an invalid value of 128, and only set the port priority when
it's not 128. Unlike e.g. path cost, zero is a valid priority value.
Add a networkd-test.py to check that bridge port priority is correctly set.
Incidently, fix bridge port cost type and document valid ranges.
On Ubuntu 17.04 (zesty zapus) netcat-openbsd was upgraded from 1.105-7ubuntu1
to 1.130-3, at the same time the defaults got changed from -q0 to -q-1
(infinity) the net result is that `echo A | nc -U' call now hangs, preventing
the testcase to complete. One could use the old default of -q0, but that option
is not available in some netcat implementations. Thus settle to specify -w1
instead to mitigate the testcase hang.
Only one test case is added, but it is enough to check basic sanity of the
code (single-line and binary fields and trusted fields, allocation and freeing).
Moe test-resolve's test data from src/resolve/test-data to
test/test-resolve/ to be consistent with test/test-{execute,path}/. This
will make it easier to make the tests relocatable.
ReadOnlyPaths=, ProtectHome=, InaccessiblePaths= and ProtectSystem= are
about restricting access and little more, hence they should be disabled
if PermissionsStartOnly= is used or ExecStart= lines are prefixed with a
"+". Do that.
(Note that we will still create namespaces and stuff, since that's about
a lot more than just permissions. We'll simply disable the effect of
the four options mentioned above, but nothing else mount related.)
This also adds a test for this, to ensure this works as intended.
No documentation updates, as the documentation are already vague enough
to support the new behaviour ("If true, the permission-related execution
options…"). We could clarify this further, but I think we might want to
extend the switches' behaviour a bit more in future, hence leave it at
this for now.
Fixes: #5308
The script contains the contents of all sys/ test files, and creates
all dirs/links/files when run. This replaces the sys.tar.xz tarball
that contained sys/, so changes to sys files only require a simple
commit in git, instead of checking in an entire new tarball for each
sys/ change.
Instead of keeping all sys/ nodes in a tarball, use a script
"sys-script.py" to create all the sys/ entries.
This adds a script to create that initial "sys-script.py" script, using
an existing sys/ directory, created from the sys.tar.xz contents.
The "sys-script.py" can then be edited or recreated later, when any sys/
files are added or modified; the change will be only a patch to the
"sys-script.py" script in git, instead of forcing git to store a new
binary tarball.
[zj: tests assertions adjusted to the different logic in which masking
of a dependency through one name, does not forbid the dependency
being added through another name.]
add udev-test.pl tests for whitespace in a substituted variable,
to verify the variable whitespace is replaced with underscores.
Tests for the change made by commit 0a10235ed4 ("udev-rules:
perform whitespace replacement for symlink subst values")
/dev/mem isn't necessarily available. Recently, I've encountered arm64
systems that didn't provide raw memory access via /dev/mem. Instead,
let's use /dev/kmsg since we don't support systems w/o it anyway.
In test_resolved_domain_restricted_dns(), add dot domain separator to
negative .lab/.company tests, so that we don't catch these as part of
the host name (like "lxc-labjfr").
Caught in PR #4962
Fix wrong condition test in manager_etc_hosts_lookup(), which caused it to
return an IPv4 answer when an IPv6 question was asked, and vice versa.
Also only return success if we actually found any A or AAAA record.
In systemd-resolved.service(8), point out that /etc/hosts mappings only
affect address-type lookups, not other types.
The test case currently disables DNSSEC in resolved, as there is a bug
where "-t MX" fails due to "DNSSEC validation failed" even after
"downgrading to non-DNSSEC mode". This should be dropped once that bug
gets fixed.
Fixes#4801
Since syntax error are non-fatal, downgrade them to warnings.
Use log_syntax to have uniform formatting including the line number.
State machine states like DATA and MATCH are internal, user-facing
messages should use the names from hwdb(7): match, property, record.
Also change "key/value" to "key-value", since there's no alternative
here, both parts must be present.
[/tmp/tmp.KFwEhm74n4/etc/udev/hwdb.d/10-bad.hwdb:2] Property expected, ignoring record with no properties
[/tmp/tmp.KFwEhm74n4/etc/udev/hwdb.d/10-bad.hwdb:5] Property expected, ignoring record with no properties
[/tmp/tmp.KFwEhm74n4/etc/udev/hwdb.d/10-bad.hwdb:9] Property expected, ignoring record with no properties
[/tmp/tmp.KFwEhm74n4/etc/udev/hwdb.d/10-bad.hwdb:11] Key/value pair expected but got " NO_VALUE", ignoring
[/tmp/tmp.KFwEhm74n4/etc/udev/hwdb.d/10-bad.hwdb:18] Property or empty line expected, got "BAD:7:match at wrong place", ignoring record
[/tmp/tmp.KFwEhm74n4/etc/udev/hwdb.d/10-bad.hwdb:22] Property or empty line expected, got "BAD:8:match at wrong place", ignoring record
[/tmp/tmp.KFwEhm74n4/etc/udev/hwdb.d/10-bad.hwdb:23] Match expected but got indented property " Z=z", ignoring line
squash! hwdb: improve syntax error messages
Because -e was set, we'd exit immediately when systemd-hwdb failed and the
captured error output was never printed. We want to test two things:
that 0 is returned, and that nothing is printed to stderr (to catch
syntax errors in the hwdb).
v2: stop capturing stderr to a variable
v3: capture stderr to a variable and test both error types separately
Sometimes setting the transient hostname does not happen synchronously, so
retry up to five times. It is not yet clear whether this is legitimate
behaviour or an underlying bug, but this will at least show whether the wrong
transient hostname is just a race condition or permanently wrong.
Fixes#4753
This test fails sometimes but it is hard to reproduce, so we need more
information what happens. Set journal log level to "debug" for the entirety of
networkd-test.py, and show networkd's and hostnamed's journals and the DHCP
server log on failure of the two test_transient_hostname* tests. Also sync the
journal before querying it to get more precise output.
This should help with tracking down issue #4753.
systemd-networkd runs as user "systemd-network" and thus is not privileged to
set the timezone acquired from DHCP:
systemd-networkd[4167]: test_eth42: Could not set timezone: Interactive authentication required.
Similarly to commit e8c0de912, add a polkit rule to grant
org.freedesktop.timedate1.set-timezone to the "systemd-network" system user.
Move the polkit rules from src/hostname/ to src/network/ to avoid too many
small distributed policy snippets (there might be more in the future), as it's
easier to specify the privileges for a particular subject in this case.
Add NetworkdClientTest.test_dhcp_timezone() test case to verify this (for
all people except those in Pacific/Honolulu, there the test doesn't prove
anything -- sorry ☺ ).
systemd-networkd runs as user "systemd-network" and thus is not privileged to
set the transient hostname:
systemd-networkd[516]: ens3: Could not set hostname: Interactive authentication required.
Standard polkit *.policy files do not have a syntax for granting privileges to
a user, so ship a pklocalauthority (for polkit < 106) and a JavaScript rules
file (for polkit >= 106) that grants the "systemd-network" system user that
privilege.
Add DnsmasqClientTest.test_transient_hostname() test to networkd-test.py to
cover this. Make do_test() a bit more flexible by interpreting "coldplug==None"
as "test sets up the interface by itself". Change DnsmasqClientTest to set up
test_eth42 with a fixed MAC address so that we can configure dnsmasq to send a
special host name for that.
Fixes#4646
If the "systemctl start" happens at an "unlucky" time such as 1000.9 seconds
and then e. g. runs for 2.6 s (sleep 2 plus the overhead of starting the unit
and waiting for it) the END_SEC would be 1003.5s which would round to 1004,
making the difference 4. On busier testbeds the overhead apparently can take a
bit more than 0.5s. The main point is really that it doesn't wait that much
longer, so "-le 4" seems perfectly fine. We allow up to 1.5s in the subsequent
"wait5fail" test below too.
Fixes#4582