1
0
mirror of https://github.com/systemd/systemd.git synced 2025-01-12 13:18:14 +03:00
systemd/test
Lennart Poettering 4e67759960 core: be more lenient when checking whether sandboxing is necessary
In some containers unshare() is made unavailable entirely. Let's deal
with this that more gracefully and disable our sandboxing of services
then, so that we work in a container, under the assumption the container
manager is then responsible for sandboxing if we can't do it ourselves.

Previously, we'd insist on sandboxing as soon as any form of BindPath=
is used. With this change we only insist on it if we have a setting like
that where source and destination differ, i.e. there's a mapping
established that actually rearranges things, and thus would result in
systematically different behaviour if skipped (as opposed to mappings
that just make stuff read-only/writable that otherwise arent').

(Let's also update a test that intended to test for this behaviour with
a more specific configuration that still triggers the behaviour with
this change in place)

Fixes: #13955

(For testing purposes unshare() can easily be blocked with
systemd-nspawn --system-call-filter=~unshare.)
2019-11-20 12:30:04 +01:00
..
fuzz network: rename SendRawOption= to SendOption= 2019-11-18 23:35:48 +09:00
hwdb.d Rename udev's hwdb/ to hwdb.d/ 2019-10-10 00:53:09 +01:00
journal-data test-journal-importer: add a test case with broken input 2017-02-15 00:31:55 -05:00
loopy.service.d
mocks
TEST-01-BASIC test: add create_empty_image_rootdir() to simplify testcase setup 2019-07-16 18:05:15 -04:00
TEST-02-CRYPTSETUP test: add function to reduce copied setup boilerplate 2019-10-08 09:10:12 +02:00
TEST-03-JOBS Merge pull request #13423 from pwithnall/12035-session-time-limits 2019-10-28 14:57:00 +01:00
TEST-04-JOURNAL journal: refresh cached credentials of stdout streams 2019-11-05 10:41:03 +01:00
TEST-05-RLIMITS test: add function to reduce copied setup boilerplate 2019-10-08 09:10:12 +02:00
TEST-06-SELINUX test: add function to reduce copied setup boilerplate 2019-10-08 09:10:12 +02:00
TEST-07-ISSUE-1981 test: drop duplicated 's' 2019-10-24 08:39:31 +02:00
TEST-08-ISSUE-2730 test: add function to reduce copied setup boilerplate 2019-10-08 09:10:12 +02:00
TEST-09-ISSUE-2691 test: add function to reduce copied setup boilerplate 2019-10-08 09:10:12 +02:00
TEST-10-ISSUE-2467 test: add function to reduce copied setup boilerplate 2019-10-08 09:10:12 +02:00
TEST-11-ISSUE-3166 test: add function to reduce copied setup boilerplate 2019-10-08 09:10:12 +02:00
TEST-12-ISSUE-3171 test: add function to reduce copied setup boilerplate 2019-10-08 09:10:12 +02:00
TEST-13-NSPAWN-SMOKE test: add function to reduce copied setup boilerplate 2019-10-08 09:10:12 +02:00
TEST-14-MACHINE-ID test: add function to reduce copied setup boilerplate 2019-10-08 09:10:12 +02:00
TEST-15-DROPIN core: change top-level drop-in from -.service.d to service.d 2019-11-07 08:34:53 +01:00
TEST-16-EXTEND-TIMEOUT test: add function to reduce copied setup boilerplate 2019-10-08 09:10:12 +02:00
TEST-17-UDEV-WANTS test: add function to reduce copied setup boilerplate 2019-10-08 09:10:12 +02:00
TEST-18-FAILUREACTION test: add function to reduce copied setup boilerplate 2019-10-08 09:10:12 +02:00
TEST-19-DELEGATE test: add function to reduce copied setup boilerplate 2019-10-08 09:10:12 +02:00
TEST-20-MAINPIDGAMES test: make sure our tests get exclusive TTY access 2019-11-20 09:39:54 +01:00
TEST-21-SYSUSERS meson: make nologin path build time configurable 2019-07-18 12:46:35 +02:00
TEST-22-TMPFILES test: make sure our tests get exclusive TTY access 2019-11-20 09:39:54 +01:00
TEST-23-TYPE-EXEC test: add function to reduce copied setup boilerplate 2019-10-08 09:10:12 +02:00
TEST-24-UNIT-TESTS test: add temporarily blacklisted tests 2019-10-03 11:01:10 -04:00
TEST-25-IMPORT Merge pull request #13568 from ddstreet/ubuntu-ci-blacklists 2019-10-09 12:04:42 +02:00
TEST-26-SETENV test: drop redirection to tty in integration tests 2019-10-08 08:48:48 +02:00
TEST-27-STDOUTFILE test: add function to reduce copied setup boilerplate 2019-10-08 09:10:12 +02:00
TEST-28-PERCENTJ-WANTEDBY test: add function to reduce copied setup boilerplate 2019-10-08 09:10:12 +02:00
TEST-29-UDEV-ID_RENAMING test: add function to reduce copied setup boilerplate 2019-10-08 09:10:12 +02:00
TEST-30-ONCLOCKCHANGE Merge pull request #13568 from ddstreet/ubuntu-ci-blacklists 2019-10-09 12:04:42 +02:00
TEST-31-DEVICE-ENUMERATION test/TEST-31-DEVICE-ENUMERATION: do not use -x to avoid grep loop 2019-10-08 11:11:49 +02:00
TEST-32-OOMPOLICY test: add function to reduce copied setup boilerplate 2019-10-08 09:10:12 +02:00
TEST-33-CLEAN-UNIT test: add function to reduce copied setup boilerplate 2019-10-08 09:10:12 +02:00
TEST-34-DYNAMICUSERMIGRATE test: add function to reduce copied setup boilerplate 2019-10-08 09:10:12 +02:00
TEST-35-NETWORK-GENERATOR network-generator: rename generated unit files 2019-07-30 02:30:09 +09:00
TEST-36-NUMAPOLICY Merge pull request #13568 from ddstreet/ubuntu-ci-blacklists 2019-10-09 12:04:42 +02:00
TEST-37-RUNTIMEDIRECTORYPRESERVE test: add function to reduce copied setup boilerplate 2019-10-08 09:10:12 +02:00
TEST-39-EXECRELOAD test: add function to reduce copied setup boilerplate 2019-10-08 09:10:12 +02:00
TEST-40-EXEC-COMMAND-EX Merge pull request #13568 from ddstreet/ubuntu-ci-blacklists 2019-10-09 12:04:42 +02:00
TEST-41-ONESHOT-RESTART test: correct TEST-41 StartLimitBurst test 2019-10-18 15:51:43 -04:00
TEST-42-EXECSTOPPOST test: make sure our tests get exclusive TTY access 2019-11-20 09:39:54 +01:00
test-execute core: be more lenient when checking whether sandboxing is necessary 2019-11-20 12:30:04 +01:00
test-network test-network: Remove/replace non-capturing group regex 2019-11-01 12:32:49 -04:00
test-path
test-resolve test: move resolved test data into test/ 2017-02-13 22:23:48 +01:00
test-umount test-umount: add a simple test for swap_list_get() 2018-03-16 10:12:50 +01:00
unit-.service.d test: add test for prefix unit loading 2018-04-13 11:34:48 +02:00
unit-with-.service.d test: add test for prefix unit loading 2018-04-13 11:34:48 +02:00
unit-with-multiple-.service.d test: add test for prefix unit loading 2018-04-13 11:34:48 +02:00
unit-with-multiple-dashes.service.d test: add test for prefix unit loading 2018-04-13 11:34:48 +02:00
.gitignore
a-conj.service tests: Check trivial loop between two jobs 2019-06-26 23:16:31 +02:00
a.service
b.service
basic.target
c.service
create-sys-script.py tree-wide: use proper unicode © instead of (C) where we can 2018-06-14 10:20:20 +02:00
d.service
daughter.service cgroup v2: Don't require CPU controller for CPU accounting in 4.15+ 2018-11-18 12:21:41 +00:00
dml-discard-empty.service cgroup: Implement default propagation of MemoryLow with DefaultMemoryLow 2019-04-12 17:23:58 +02:00
dml-discard-set-ml.service cgroup: Implement default propagation of MemoryLow with DefaultMemoryLow 2019-04-12 17:23:58 +02:00
dml-discard.slice cgroup: Implement default propagation of MemoryLow with DefaultMemoryLow 2019-04-12 17:23:58 +02:00
dml-override-empty.service cgroup: Implement default propagation of MemoryLow with DefaultMemoryLow 2019-04-12 17:23:58 +02:00
dml-override.slice cgroup: Implement default propagation of MemoryLow with DefaultMemoryLow 2019-04-12 17:23:58 +02:00
dml-passthrough-empty.service cgroup: Implement default propagation of MemoryLow with DefaultMemoryLow 2019-04-12 17:23:58 +02:00
dml-passthrough-set-dml.service cgroup: Implement default propagation of MemoryLow with DefaultMemoryLow 2019-04-12 17:23:58 +02:00
dml-passthrough-set-ml.service cgroup: Test that it's possible to set memory protection to 0 again 2019-05-08 12:06:32 +01:00
dml-passthrough.slice cgroup: Implement default propagation of MemoryLow with DefaultMemoryLow 2019-04-12 17:23:58 +02:00
dml.slice cgroup: Implement default propagation of MemoryLow with DefaultMemoryLow 2019-04-12 17:23:58 +02:00
e.service
end.service
f.service
g.service
grandchild.service
h.service
hello-after-sleep.target
hello.service
hwdb-test.sh Rename udev's hwdb/ to hwdb.d/ 2019-10-10 00:53:09 +01:00
i.service tests: Check job ordering on execution cycles 2019-06-26 23:16:31 +02:00
loopy2.service
loopy3.service
loopy4.service
loopy.service
meson.build tests: Add capability tests for ProtectKernelLogs 2019-11-11 12:12:02 -08:00
mkosi.build.networkd-test networkd-test: add mkosi snippet for building and running networkd-tets.py in a network namespaced container 2018-12-07 12:25:24 +01:00
mkosi.default.networkd-test codespell: fix spelling errors 2019-04-29 16:47:18 +02:00
mkosi.nspawn.networkd-test networkd-test: add mkosi snippet for building and running networkd-tets.py in a network namespaced container 2018-12-07 12:25:24 +01:00
networkd-test.py test: print an error when networkctl returns an unexpected EC 2019-07-31 16:33:12 +02:00
nomem.slice cgroup: Add DisableControllers= directive to disable controller in subtree 2018-12-03 15:40:31 +00:00
nomemleaf.service cgroup: Add DisableControllers= directive to disable controller in subtree 2018-12-03 15:40:31 +00:00
parent-deep.slice
parent.slice core: translate between IO and BlockIO settings to ease transition 2016-05-18 17:35:12 -07:00
README.testsuite test/README.testsuite: add section for Ubuntu CI blacklist files 2019-10-03 11:01:23 -04:00
rule-syntax-check.py rule-syntax-check: add CONST 2019-10-18 10:02:35 +09:00
run-integration-tests.sh scripts: use 4 space indentation 2019-04-12 08:30:31 +02:00
run-unit-tests.py run-unit-tests: add option to run unsafe tests too 2018-09-24 15:42:50 +02:00
sched_idle_bad.service
sched_idle_ok.service
sched_rr_bad.service
sched_rr_change.service
sched_rr_ok.service
shutdown.target
sleep.service
sockets.target
son.service
splash.bmp
sys-script.py tree-wide: use proper unicode © instead of (C) where we can 2018-06-14 10:20:20 +02:00
sysinit.target
sysv-generator-test.py codespell: fix spelling errors 2019-04-29 16:47:18 +02:00
test-efi-create-disk.sh scripts: use 4 space indentation 2019-04-12 08:30:31 +02:00
test-exec-deserialization.py tree-wide: beautify remaining copyright statements 2018-06-14 10:20:21 +02:00
test-functions test: Disable LUKS devices from initramfs in QEMU tests 2019-11-13 19:55:18 -08:00
testsuite.target
timers.target
udev-test.pl test: add test cases for empty string match 2019-09-11 09:06:15 +09:00
unit-with-multiple-dashes.service test: add test for prefix unit loading 2018-04-13 11:34:48 +02:00
unstoppable.service

The extended testsuite only works with UID=0. It contains of several
subdirectories named "test/TEST-??-*", which are run one by one.

To run the extended testsuite do the following:

$ ninja -C build  # Avoid building anything as root later
$ sudo test/run-integration-tests.sh
ninja: Entering directory `/home/zbyszek/src/systemd/build'
ninja: no work to do.
--x-- Running TEST-01-BASIC --x--
+ make -C TEST-01-BASIC BUILD_DIR=/home/zbyszek/src/systemd/build clean setup run
make: Entering directory '/home/zbyszek/src/systemd/test/TEST-01-BASIC'
TEST CLEANUP: Basic systemd setup
TEST SETUP: Basic systemd setup
...
TEST RUN: Basic systemd setup [OK]
make: Leaving directory '/home/zbyszek/src/systemd/test/TEST-01-BASIC'
--x-- Result of TEST-01-BASIC: 0 --x--
--x-- Running TEST-02-CRYPTSETUP --x--
+ make -C TEST-02-CRYPTSETUP BUILD_DIR=/home/zbyszek/src/systemd/build clean setup run

If one of the tests fails, then $subdir/test.log contains the log file of
the test.

To run just one of the cases:

$ sudo make -C test/TEST-01-BASIC clean setup run

Specifying the build directory
==============================

If the build directory is not detected automatically, it can be specified
with BUILD_DIR=:

$ sudo BUILD_DIR=some-other-build/ test/run-integration-tests

or

$ sudo make -C test/TEST-01-BASIC BUILD_DIR=../../some-other-build/ ...

Note that in the second case, the path is relative to the test case directory.
An absolute path may also be used in both cases.

Configuration variables
=======================

TEST_NO_QEMU=1
    Don't run tests under QEMU

TEST_NO_NSPAWN=1
    Don't run tests under systemd-nspawn

TEST_NO_KVM=1
    Disable QEMU KVM autodetection (may be necessary when you're trying to run the
    *vanilla* QEMU and have both qemu and qemu-kvm installed)

TEST_NESTED_KVM=1
    Allow tests to run with nested KVM. By default, the testsuite disables
    nested KVM if the host machine already runs under KVM. Setting this
    variable disables such checks

QEMU_MEM=512M
    Configure amount of memory for QEMU VMs (defaults to 512M)

QEMU_SMP=1
    Configure number of CPUs for QEMU VMs (defaults to 1)

KERNEL_APPEND='...'
    Append additional parameters to the kernel command line

NSPAWN_ARGUMENTS='...'
    Specify additional arguments for systemd-nspawn

QEMU_TIMEOUT=infinity
    Set a timeout for tests under QEMU (defaults to infinity)

NSPAWN_TIMEOUT=infinity
    Set a timeout for tests under systemd-nspawn (defaults to infinity)

INTERACTIVE_DEBUG=1
    Configure the machine to be more *user-friendly* for interactive debuggung
    (e.g. by setting a usable default terminal, suppressing the shutdown after
    the test, etc.)

The kernel and initramfs can be specified with $KERNEL_BIN and $INITRD.
(Fedora's or Debian's default kernel path and initramfs are used by default)

A script will try to find your QEMU binary. If you want to specify a different
one with $QEMU_BIN.

Debugging the qemu image
========================

If you want to log in the testsuite virtual machine, you can specify additional
kernel command line parameter with $KERNEL_APPEND and then log in as root.

$ sudo make -C test/TEST-01-BASIC KERNEL_APPEND="systemd.unit=multi-user.target" run

Root password is empty.

Ubuntu CI
=========

New PR submitted to the project are run through regression tests, and one set
of those is the 'autopkgtest' runs for several different architectures, called
'Ubuntu CI'.  Part of that testing is to run all these tests.  Sometimes these
tests are temporarily blacklisted from running in the 'autopkgtest' tests while
debugging a flaky test; that is done by creating a file in the test directory
named 'blacklist-ubuntu-ci', for example to prevent the TEST-01-BASIC test from
running in the 'autopkgtest' runs, create the file
'TEST-01-BASIC/blacklist-ubuntu-ci'.

The tests may be disabled only for specific archs, by creating a blacklist file
with the arch name at the end, e.g.
'TEST-01-BASIC/blacklist-ubuntu-ci-arm64' to disable the TEST-01-BASIC test
only on test runs for the 'arm64' architecture.

Note the arch naming is not from 'uname -m', it is Debian arch names:
https://wiki.debian.org/ArchitectureSpecificsMemo

For PRs that fix a currently blacklisted test, the PR should include removal
of the blacklist file.