1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-30 14:55:37 +03:00
Commit Graph

3063 Commits

Author SHA1 Message Date
Frantisek Sumsal
0de5f18e2e test: actually set SYSTEMD_DISSECT_VERITY_TIMEOUT_SEC=30
Without the section header the assignments were effectively ignored.

Follow-up to 9fff8e1fdd.
2022-09-04 03:28:49 +09:00
Yu Watanabe
69a34a4fd4 fuzz: add a test case for fuzz-bootspec
This adds a testcase for the issue oss-fuzz#50949
(https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50949).
2022-09-03 23:32:54 +09:00
Luca Boccassi
2b970ccee6
Merge pull request #24538 from mrc0mmand/TEST-13-tweaks
test: forward nspawn logs to journal
2022-09-03 00:16:36 +01:00
Frantisek Sumsal
729292d9dd test: suppress not-found errors for selinuxenabled
if the binary is not available.
2022-09-02 22:09:29 +02:00
Frantisek Sumsal
d1f6c3857e test: forward nspawn logs to journal
Dumping everything to console slows the test quite considerably on
slower machines, so let's forward nspawn logs to the journal to still
have them available in case something goes south.

This should, hopefully, help with TEST-13 timeouts in Ubuntu CI and
maybe with CPU soft lockups in CentOS CI.
2022-09-02 22:09:29 +02:00
Frantisek Sumsal
fda00958bb test: make pylint happy 2022-09-02 20:19:38 +02:00
Frantisek Sumsal
4aa84ef9a3 test: check for the output file in a loop
This should make the test faster on fast machines and more reliable on
slower/under-load machines, where the 4 sec sleep wasn't sometimes enough.

Spotted on C8S machines under load:

```
test_added_after (__main__.ExecutionResumeTest) ... FAIL
test_added_before (__main__.ExecutionResumeTest) ... ok
test_interleaved (__main__.ExecutionResumeTest) ... ok
test_issue_6533 (__main__.ExecutionResumeTest) ... ok
test_no_change (__main__.ExecutionResumeTest) ... ok
test_removal (__main__.ExecutionResumeTest) ... ok
test_swapped (__main__.ExecutionResumeTest) ... ok

======================================================================
FAIL: test_added_after (__main__.ExecutionResumeTest)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "./test/test-exec-deserialization.py", line 101, in check_output
    with open(self.output_file, 'r') as log:
FileNotFoundError: [Errno 2] No such file or directory: '/tmp/tmpjnec1dj4'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "./test/test-exec-deserialization.py", line 150, in test_added_after
    self.check_output(expected_output)
  File "./test/test-exec-deserialization.py", line 104, in check_output
    self.fail()
AssertionError: None

----------------------------------------------------------------------
Ran 7 tests in 44.270s
```
2022-09-02 20:06:12 +02:00
Yu Watanabe
39fdc6f82d test-29-portable: enable debugging logs of udevd 2022-08-31 23:33:13 +09:00
Yu Watanabe
9fff8e1fdd test-29-portable: extend timeout for slower environment 2022-08-31 23:32:57 +09:00
Yu Watanabe
7078299658
Merge pull request #24471 from yuwata/udevadm-wait-periodic-timer
udevadm-wait: introduce periodic timer for checking devices
2022-08-30 07:31:05 +09:00
Yu Watanabe
69a20cc3e4
Merge pull request #23888 from topimiettinen/networkd-netlabel-v2
network: NetLabel integration
2022-08-30 07:30:49 +09:00
Frantisek Sumsal
b0c9fd8103
Merge pull request #24466 from mrc0mmand/TEST-75-tweaks
test: fix delv trust anchors location on Ubuntu
2022-08-29 15:35:07 +00:00
Topi Miettinen
a4640bed74 test: testing for networkd NetLabel feature 2022-08-29 14:23:17 +09:00
Topi Miettinen
4b3590c324 network: NetLabel integration
New directive `NetLabel=` provides a method for integrating static and dynamic
network configuration into Linux NetLabel subsystem rules, used by Linux
Security Modules (LSMs) for network access control. The label, with suitable
LSM rules, can be used to control connectivity of (for example) a service with
peers in the local network. At least with SELinux, only the ingress can be
controlled but not egress. The benefit of using this setting is that it may be
possible to apply interface independent part of NetLabel configuration at very
early stage of system boot sequence, at the time when the network interfaces
are not available yet, with netlabelctl(8), and the per-interface configuration
with systemd-networkd once the interfaces appear later.  Currently this feature
is only implemented for SELinux.

The option expects a single NetLabel label. The label must conform to lexical
restrictions of LSM labels. When an interface is configured with IP addresses,
the addresses and subnetwork masks will be appended to the NetLabel Fallback
Peer Labeling rules. They will be removed when the interface is
deconfigured. Failures to manage the labels will be ignored.

Example:
```
[DHCPv4]
NetLabel=system_u:object_r:localnet_peer_t:s0
```

With the above rules for interface `eth0`, when the interface is configured with
an IPv4 address of 10.0.0.123/8, `systemd-networkd` performs the equivalent of
`netlabelctl` operation

```
$ sudo netlabelctl unlbl add interface eth0 address:10.0.0.0/8 label:system_u:object_r:localnet_peer_t:s0
```

Result:
```
$ sudo netlabelctl -p unlbl list
...
 interface: eth0
   address: 10.0.0.0/8
    label: "system_u:object_r:localnet_peer_t:s0"
...
```
2022-08-29 14:23:17 +09:00
Yu Watanabe
ba44a5c77c test-50-dissect: wait for and lock loop block partition devices 2022-08-29 13:44:42 +09:00
Yu Watanabe
23902d1c84 Revert "test: wait for loop device to be removed"
This reverts commit 1a0e065e9f.

This does not work as expected.

After `losetup --detach`, the kernel lazily removes the loop device.
But, systemd-dissect should gracefully handle that. If it does not, then
it is a bug in systemd-dissect.
Let's not hide the real issue in systemd-dissect.
2022-08-29 13:44:42 +09:00
Yu Watanabe
0bfe2aa378 test-64: run one more subtest on non-KVM environment with relaxed condition 2022-08-28 09:18:18 +00:00
Yu Watanabe
8d2a55025b test-network: add missing online check 2022-08-28 08:07:25 +00:00
Yu Watanabe
a1bed4e41d test-64: relax number of partitions used in testcase_simultaneous_events() to speed up non-KVM environment 2022-08-28 07:48:14 +00:00
Yu Watanabe
d5ef8d1b08 test-64: extend timeout for slower env e.g. non-kvm 2022-08-28 09:03:14 +09:00
Frantisek Sumsal
9c524a07f6 test: reload knotd after committing all zone changes
Otherwise, on Ubuntu, the DS RRs sometimes won't get propagated
correctly to parent zones for some reason, ending in a loop:

```
knotd[70]: info: [test.] DS check, outgoing, remote 10.0.0.1@53, KSK submission check: negative
knotd[70]: info: [signed.test.] DS check, outgoing, remote 10.0.0.1@53, KSK submission check: negative
knotd[70]: info: [test.] DS check, outgoing, remote 10.0.0.1@53, KSK submission check: negative
knotd[70]: info: [signed.test.] DS check, outgoing, remote 10.0.0.1@53, KSK submission check: negative
knotd[70]: info: [test.] DS check, outgoing, remote 10.0.0.1@53, KSK submission check: negative
knotd[70]: info: [signed.test.] DS check, outgoing, remote 10.0.0.1@53, KSK submission check: negative
knotd[70]: info: [test.] DS check, outgoing, remote 10.0.0.1@53, KSK submission check: negative
knotd[70]: info: [signed.test.] DS check, outgoing, remote 10.0.0.1@53, KSK submission check: negative
knotd[70]: info: [test.] DS check, outgoing, remote 10.0.0.1@53, KSK submission check: negative
knotd[70]: info: [signed.test.] DS check, outgoing, remote 10.0.0.1@53, KSK submission check: negative
knotd[70]: info: [test.] DS check, outgoing, remote 10.0.0.1@53, KSK submission check: negative
knotd[70]: info: [signed.test.] DS check, outgoing, remote 10.0.0.1@53, KSK submission check: negative
knotd[70]: info: [test.] DS check, outgoing, remote 10.0.0.1@53, KSK submission check: negative
knotd[70]: info: [signed.test.] DS check, outgoing, remote 10.0.0.1@53, KSK submission check: negative
knotd[70]: info: [test.] DS check, outgoing, remote 10.0.0.1@53, KSK submission check: negative
knotd[70]: info: [signed.test.] DS check, outgoing, remote 10.0.0.1@53, KSK submission check: negative
...
```

causing DNSSEC verification fails. I'm not sure why that happens (yet)...
2022-08-27 11:27:04 +02:00
Frantisek Sumsal
fa17101b8e test: fix delv trust anchors location on Ubuntu
delv on Ubuntu defaults to /etc/bind/bind.keys instead of /etc/bind.keys
when reading trust anchors, so let's create a symlink to make the test
work there as well.

Resolves: #24453
2022-08-27 11:27:04 +02:00
Frantisek Sumsal
57063a4ab2 test: fix typo 2022-08-27 11:27:04 +02:00
Frantisek Sumsal
ad3d0c8a30 test: drop old DS records if present
This makes the test re-runnable without having to go through the cleanup
and setup phases again.
2022-08-27 11:27:02 +02:00
Yu Watanabe
20d4b3ccd1 test-50-dissect: generate debugging logs of udevd 2022-08-27 15:14:19 +09:00
Yu Watanabe
e867b0163b test-58-repart: use udevadm control instead of creating service drop-in 2022-08-27 15:14:19 +09:00
Frantisek Sumsal
12ee072db5 test: make the virt detection quiet
Follow-up to cde09b07df.
2022-08-26 19:18:20 +02:00
Frantisek Sumsal
cd15f7f6d1 test: set the default QEMU and nspawn timeouts to 30 minutes
Set both timeouts to some reasonable values instead of just `infinity`
to provide some form of a safe-net in case the test goes haywire and the
environment didn't set the timeouts itself (like our CIs do).
2022-08-26 19:16:45 +02:00
Frantisek Sumsal
3c833171bd test: respect the global $QEMU_TIMEOUT
CIs set QEMU and nspawn timeouts by themselves which reflect their needs
and possibilities, so let's respect that value, instead of using one
pre-set value which might or might not work for all of them.

Both Ubuntu CI and CentOS CI set these values themselves.
2022-08-26 19:16:45 +02:00
Frantisek Sumsal
10d7ed12c9 test: use a unique machine name for each nspawn test
to avoid scope clashing in case some previous test crashed and/or didn't
clean up properly. Currently all test machines are called `root`, since
the name is automagically derived from the container path (in this case
`/var/tmp/systemd-test.XXXXXX/root`).

E.g. (from Ubuntu CI):
```
[23:10:12] --x-- Running TEST-71-HOSTNAME --x--
make: Entering directory '/tmp/autopkgtest.5LjnBV/build.0mE/systemd/test/TEST-71-HOSTNAME'
+ make -C TEST-71-HOSTNAME setup run
TEST-71-HOSTNAME SETUP: test hostnamed
Reusing existing cached image /tmp/autopkgtest.5LjnBV/build.0mE/systemd/test/TEST-71-HOSTNAME/../default.img → /tmp/autopkgtest.5LjnBV/build.0mE/systemd/test/default.img
'/var/tmp/systemd-test.1yy2SS/default.img' -> '/tmp/autopkgtest.5LjnBV/build.0mE/systemd/test/default.img'
I: Masking supporting services
'/var/tmp/systemd-test.1yy2SS/root/etc/systemd/system/systemd-hwdb-update.service' -> '/dev/null'
'/var/tmp/systemd-test.1yy2SS/root/etc/systemd/system/systemd-journal-catalog-update.service' -> '/dev/null'
'/var/tmp/systemd-test.1yy2SS/root/etc/systemd/system/systemd-networkd.service' -> '/dev/null'
'/var/tmp/systemd-test.1yy2SS/root/etc/systemd/system/systemd-networkd.socket' -> '/dev/null'
'/var/tmp/systemd-test.1yy2SS/root/etc/systemd/system/systemd-resolved.service' -> '/dev/null'
TEST-71-HOSTNAME RUN: test hostnamed
+ env --unset=UNIFIED_CGROUP_HIERARCHY --unset=SYSTEMD_NSPAWN_UNIFIED_HIERARCHY timeout --foreground 1200 /bin/systemd-nspawn --register=no --kill-signal=SIGKILL --directory=/var/tmp/systemd-test.1yy2SS/root --setenv=SYSTEMD_UNIT_PATH=/usr/lib/systemd/tests/testdata/testsuite-71.units:/usr/lib/systemd/tests/testdata/units: /lib/systemd/systemd systemd.unit=testsuite.target systemd.wants=testsuite-71.service systemd.wants=end.service
Spawning container root on /var/tmp/systemd-test.1yy2SS/root.
Press ^] three times within 1s to kill container.
Failed to allocate scope: Unit root.scope already exists.
E: nspawn failed with exit code 1
```
2022-08-26 19:16:45 +02:00
Frantisek Sumsal
6ef1262d63 test: bump the reboot timeout to 60 seconds
As the reboot might take a bit on oversaturated hypervisors (spotted in
Ubuntu CI).
2022-08-26 19:16:45 +02:00
Frantisek Sumsal
528ba54bbe
Merge pull request #24440 from mrc0mmand/TEST-64-tweaks
A couple of TEST-64 tweaks to make it usable without KVM
2022-08-26 17:16:24 +00:00
Luca Boccassi
34f166d601
Merge pull request #24456 from yuwata/network-tcp-congctl
network: introduce TCPCongestionControlAlgorithm=
2022-08-26 18:04:51 +01:00
Frantisek Sumsal
9def084861 test: temporarily (?) disable TEST-64 in Ubuntu CI
The machines are still way too slow for the test to work properly
without accel.
2022-08-26 15:40:34 +02:00
Frantisek Sumsal
6a9c497768 test: bump the base VM memory to 768M
as with 512M some tests occasionally trip off OOM-killer (e.g.
TEST-64 + multipath).
2022-08-26 15:40:34 +02:00
Frantisek Sumsal
b307c22757 test: lower the # of iterations with plain QEMU 2022-08-26 15:40:34 +02:00
Frantisek Sumsal
092499b9f6 test: require KVM only for specific sub-tests
since other sub-tests run relatively fine with TCG as well.
2022-08-26 15:40:34 +02:00
Frantisek Sumsal
cde09b07df test: check for other hypervisors as well
EC2 machines run on Xen, so account for that as well when checking KVM
availability.
2022-08-26 15:40:34 +02:00
Frantisek Sumsal
1678bd2f81 test: lower the # of mpath devices to 16
to make the test suitable for slower machines.
2022-08-26 15:40:34 +02:00
Yu Watanabe
93e898d624 test-network: add test for TCPCongestionControlAlgorithm= 2022-08-26 19:47:27 +09:00
Yu Watanabe
dc7c21f001 network: introduce TCPCongestionControlAlgorithm=
Closes #24432.
2022-08-26 19:47:23 +09:00
Lennart Poettering
ce610af143 tmpfiles: in C lines, make missing source graceful error
I don't see where it would ever be a good thing that file copies done
via tmpfiles.d/ C lines cause the tmpfiles operation to fail if their
source happens to be missing. It's a problem if we can't set up the
destination properly (which is the job of systemd-tmpfiles after all),
but if the source is simply missing (NB: setting up the source is the job of
of the rules writer) this shouldn't be a problem.

This is useful for copying stuff into place if it happens to exist. For
example, if systemd-stub passes additional data into the initrd's
/.extra/ directory, we can copy it into a better place (e.g. /run/) with
this, where it will survive the initrd→host transition.

This mirrors behaviour of the recently added "^" line modifier which may
be used source "w" lines from credentials – there two the behaviour is
to simply skip the line if the source is missing.
2022-08-26 11:11:48 +02:00
Yu Watanabe
1a0e065e9f test: wait for loop device to be removed
Follow-up for bca762ce1a.

Fixes #24450.
2022-08-26 07:38:38 +00:00
Zbigniew Jędrzejewski-Szmek
4ccde410a3 tree-wide: change --kill-who to --kill-whom
getopt allows non-ambiguous abbreviations, so backwards-compat is maintained, and
people can use --kill-who (or even shorter abbreviations). English is flexible,
so in common speach people would use both forms, even if "whom" is technically
more correct. The advantage of using the longer form in the code is that we
effectively allow both forms, so we stop punishing people who DTGCT¹, but still
allow people to use the spoken form if they prefer.

1. Do the gramatically correct thing
2022-08-26 11:15:44 +09:00
Frantisek Sumsal
0f1f562974 test: make TEST-63 more reliable on slower machines
Otherwise we might never hit the trigger limit and wait indefinitely.

Found when trying to run the test on an EC2 xen machine without a nested
virt in CentOS CI (in preparations for some ... unforseseen consequences).
2022-08-25 16:21:39 +00:00
Lennart Poettering
5b9ae04c65
Merge pull request #24242 from msekletar/terminate-idle-sessions
Add option to stop idle sessions after specified timeout
2022-08-25 11:39:42 +02:00
Luca Boccassi
298b3de6d4
Merge pull request #24370 from keszybz/sysusers-equivs
Use /bin/bash for root shell and suppress some warnings from sysusers
2022-08-24 21:35:28 +01:00
Michal Sekletar
5aa633db22 tests: add test for StopIdleSessionSec= option 2022-08-24 14:50:52 +02:00
Zbigniew Jędrzejewski-Szmek
8a7adccbdb various: try to use DEFAULT_USER_SHELL for root too
/bin/sh as a shell is punishing. There is no good reason to make
the occasional root login unpleasant.

Since /bin/sh is usually /bin/bash in compat mode, i.e. if one is
available, the other will be too, /bin/bash is almost as good as a default.
But to avoid a regression in the situation where /bin/bash (or
DEFAULT_USER_SHELL) is not installed, we check with access() and fall back
to /bin/sh. This should make this change in behaviour less risky.

(FWIW, e.g. Fedora/RHEL use /bin/bash as default for root.)

This is a follow-up of sorts for 53350c7bba,
which added the default-user-shell option, but most likely with the idea
of using /bin/bash less ;)

Fixes #24369.
2022-08-24 10:02:46 +02:00
Luca Boccassi
c8bc7519c8 service: set TRIGGER_UNIT= and TRIGGER_TIMER_REALTIME_USEC/MONOTONIC_USEC on activation by timer unit
Same as path unit, best effort.
2022-08-23 21:19:54 +01:00