mirror of
https://github.com/systemd/systemd.git
synced 2024-12-23 21:35:11 +03:00
db256aab13
Let's be more restrictive when validating PID files and MAINPID= messages: don't accept PIDs that make no sense, and if the configuration source is not trusted, don't accept out-of-cgroup PIDs. A configuratin source is considered trusted when the PID file is owned by root, or the message was received from root. This should lock things down a bit, in case service authors write out PID files from unprivileged code or use NotifyAccess=all with unprivileged code. Note that doing so was always problematic, just now it's a bit less problematic. When we open the PID file we'll now use the CHASE_SAFE chase_symlinks() logic, to ensure that we won't follow an unpriviled-owned symlink to a privileged-owned file thinking this was a valid privileged PID file, even though it really isn't. Fixes: #6632 |
||
---|---|---|
.. | ||
hwdb | ||
journal-data | ||
loopy.service.d | ||
mocks | ||
TEST-01-BASIC | ||
TEST-02-CRYPTSETUP | ||
TEST-03-JOBS | ||
TEST-04-JOURNAL | ||
TEST-05-RLIMITS | ||
TEST-06-SELINUX | ||
TEST-07-ISSUE-1981 | ||
TEST-08-ISSUE-2730 | ||
TEST-09-ISSUE-2691 | ||
TEST-10-ISSUE-2467 | ||
TEST-11-ISSUE-3166 | ||
TEST-12-ISSUE-3171 | ||
TEST-13-NSPAWN-SMOKE | ||
TEST-14-MACHINE-ID | ||
TEST-15-DROPIN | ||
TEST-16-EXTEND-TIMEOUT | ||
TEST-17-UDEV-WANTS | ||
TEST-18-FAILUREACTION | ||
TEST-19-DELEGATE | ||
TEST-20-MAINPIDGAMES | ||
test-execute | ||
test-path | ||
test-resolve | ||
.gitignore | ||
a.service | ||
b.service | ||
basic.target | ||
c.service | ||
create-sys-script.py | ||
d.service | ||
daughter.service | ||
e.service | ||
end.service | ||
f.service | ||
g.service | ||
grandchild.service | ||
h.service | ||
hello-after-sleep.target | ||
hello.service | ||
hwdb-test.sh | ||
loopy2.service | ||
loopy3.service | ||
loopy4.service | ||
loopy.service | ||
meson.build | ||
networkd-test.py | ||
parent-deep.slice | ||
parent.slice | ||
README.testsuite | ||
rule-syntax-check.py | ||
run-integration-tests.sh | ||
sched_idle_bad.service | ||
sched_idle_ok.service | ||
sched_rr_bad.service | ||
sched_rr_change.service | ||
sched_rr_ok.service | ||
shutdown.target | ||
sleep.service | ||
sockets.target | ||
son.service | ||
splash.bmp | ||
sys-script.py | ||
sysinit.target | ||
sysv-generator-test.py | ||
test-efi-create-disk.sh | ||
test-exec-deserialization.py | ||
test-functions | ||
testsuite.target | ||
timers.target | ||
udev-test.pl | ||
unstoppable.service |
The extended testsuite only works with uid=0. It contains of several subdirectories named "test/TEST-??-*", which are run one by one. To run the extended testsuite do the following: $ make all # Avoid the "sudo make" below building anything as root $ cd test $ sudo make clean check ... make[1]: Entering directory `/mnt/data/harald/git/systemd/test/TEST-01-BASIC' Making all in . Making all in po TEST: Basic systemd setup [OK] make[1]: Leaving directory `/mnt/data/harald/git/systemd/test/TEST-01-BASIC' ... If one of the tests fails, then $subdir/test.log contains the log file of the test. To debug a special testcase of the testsuite do: $ make all $ cd test/TEST-01-BASIC $ sudo make clean setup run QEMU ==== If you want to log in the testsuite virtual machine, you can specify additional kernel command line parameter with $KERNEL_APPEND. $ sudo make KERNEL_APPEND="systemd.unit=multi-user.target" clean setup run you can even skip the "clean" and "setup" if you want to run the machine again. $ sudo make KERNEL_APPEND="systemd.unit=multi-user.target" run You can specify a different kernel and initramfs with $KERNEL_BIN and $INITRD. (Fedora's or Debian's default kernel path and initramfs are used by default) $ sudo make KERNEL_BIN=/boot/vmlinuz-foo INITRD=/boot/initramfs-bar clean check A script will try to find your QEMU binary. If you want to specify a different one you can use $QEMU_BIN. $ sudo make QEMU_BIN=/path/to/qemu/qemu-kvm clean check