IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Many sandboxing options add implicit DeviceAllow rules, which might be confusing
for users running systemd-analyze security and not expecting it.
Print the list.
Fixes https://github.com/systemd/systemd/issues/23185
1449b0f8a96b27 fixed seccomp arch check for the offline case,
but broke it for the normal case, as when coming from D-Bus the
list of seccomp architectures is already converted to string.
Fixes https://github.com/systemd/systemd/issues/23224
Follow-up for 2362fdde1b
When --machine is specified with --ephemeral, no random suffix is added, so
the recently added assert would fail.
Add a top-level variable with the expected file name for nspawn files, and
compute it when the rest of the names are computed.
When --ephemeral is used, a random 16 characters suffix is added to the image
name, so matching on .nspawn files based on the image name no longer works.
Fixes https://github.com/systemd/systemd/issues/13297
There are some file systems mounted below /sys/ that are not actually
sysfs, i.e. are not arranged in a sysfs/kobject style. Let's refuse
those early. (Example, /sys/fs/cgroup/ and similar.)
(Also, let's add an env var for this, so that it can be turned off for
test cases.)
In Semaphore CI, for some reason, /run/systemd/resolve is busy so the umount
fails at the end of the test run:
Verify link states with Unmanaged= settings, cold-plug. ... umount: /run/systemd/resolve: target is busy.14:57
ok14:57
ERROR14:57
======================================================================14:57
ERROR: tearDownModule (__main__)14:57
----------------------------------------------------------------------14:57
Traceback (most recent call last):14:57
File /tmp/autopkgtest-lxc.6islza9t/downtmp/build.A9b/src/test/networkd-test.py, line 94, in tearDownModule14:57
subprocess.check_call([umount, d])14:57
File /usr/lib/python3.9/subprocess.py, line 373, in check_call14:57
raise CalledProcessError(retcode, cmd)14:57
subprocess.CalledProcessError: Command '['umount', '/run/systemd/resolve']' returned non-zero exit status 32.14:57
----------------------------------------------------------------------14:58
Ran 35 tests in 138.868s14:58
FAILED (errors=1, skipped=2)
Use lazy umount to avoid erroring out.
The implementation of MountImageUnit()/systemctl mount-image was
changed to use a /proc/self/fd path as the source, but that causes
the dm-verity files autodiscovery to fail, as it looks for files
in the same directory as the image.
Use the original file path when setting up dm-verity.
Since c6552ad we now try to collect coverage even in situations where
it's basically impossible (like in test-mount-util where the whole / is
mounted as read-only). As dealing with this is not worth the trouble,
let's ignore the missing coverage errors thrown by gcov in such cases.
The original workaround didn't work, as `systemd-repart` kept failing
even when the `/dev/loopX` device was present:
```
[ 13.959419] H testsuite-58.sh[280]: + LOOP=/dev/loop1
[ 13.959636] H testsuite-58.sh[280]: + :
[ 13.959764] H testsuite-58.sh[280]: + test -e /dev/loop1
[ 13.959895] H testsuite-58.sh[280]: + break
[ 13.960023] H testsuite-58.sh[280]: + systemd-repart --pretty=yes --definitions=/tmp/testsuite-58-sector/ --seed=750b6cd5c4ae4012a15e7be3c29e6a47 --empty=require --dry-run=no /dev/loop1
[ 13.970538] H testsuite-58.sh[363]: Device '/dev/loop1' has no dm-crypt/dm-verity device, no need to look for underlying block device.
[ 13.970538] H testsuite-58.sh[363]: Failed to determine canonical path for '/dev/loop1': No such file or directory
[ 13.970538] H testsuite-58.sh[363]: Failed to open file or determine backing device of /dev/loop1: No such file or directory
```
On arm, we'd fail with:
target@v:5.16.8-200.fc35.armv7hl+lpae.socket: not a valid unit name "target@v:5.16.8-200.fc35.armv7hl+lpae.socket": Invalid argument
Inspired by 7910ec3bcde2ee0086b3e49f8aaa2a9f13f58d97.
'! true' passes, because it's a conditional expression.
But '( ! true )' fails, because '( … )' creates a subshell, i.e. a separate
program, and '! true' becomes the return value of that program, and the whole
thing apparently is not a conditional expression for the outer shell.
This is shorter, so let's just do this.
We would only accept "identical" links, but having e.g. a symlink
/usr/lib/systemd/system/foo-alias.service → /usr/lib/systemd/system/foo.service
when we're trying to create /usr/lib/systemd/system/foo-alias.service →
./foo.service is OK. This fixes an issue found in ubuntuautopkg package
installation, where we'd fail when enabling systemd-resolved.service, because
the existing alias was absolute, and (with the recent patches) we were trying
to create a relative one.
A test is added.
(For .wants/.requires symlinks we were already doing OK. A test is also
added, to verify.)
When we have a symlink that goes outside of our search path, we should just
ignore the target file name. But we were verifying it, and rejecting in
the case where a symlink was created manually.
