1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-23 21:35:11 +03:00
systemd/test
Lennart Poettering db256aab13 core: be stricter when handling PID files and MAINPID sd_notify() messages
Let's be more restrictive when validating PID files and MAINPID=
messages: don't accept PIDs that make no sense, and if the configuration
source is not trusted, don't accept out-of-cgroup PIDs. A configuratin
source is considered trusted when the PID file is owned by root, or the
message was received from root.

This should lock things down a bit, in case service authors write out
PID files from unprivileged code or use NotifyAccess=all with
unprivileged code. Note that doing so was always problematic, just now
it's a bit less problematic.

When we open the PID file we'll now use the CHASE_SAFE chase_symlinks()
logic, to ensure that we won't follow an unpriviled-owned symlink to a
privileged-owned file thinking this was a valid privileged PID file,
even though it really isn't.

Fixes: #6632
2018-01-11 15:12:16 +01:00
..
hwdb hwdb: improve and test syntax error messages 2016-12-01 11:56:50 -05:00
journal-data test-journal-importer: add a test case with broken input 2017-02-15 00:31:55 -05:00
loopy.service.d core: do not add dependencies to self 2014-08-07 20:42:58 -04:00
mocks Add mock fsck process 2015-02-18 16:33:46 +01:00
TEST-01-BASIC test: make sure "make" in the test directories works again 2017-12-15 19:48:08 +01:00
TEST-02-CRYPTSETUP test: switch to using ext4 instead of ext3 as default fallback fs (#7265) 2017-11-07 17:51:30 +03:00
TEST-03-JOBS test: Run qemu/nspawn tests with "set -e" 2017-08-10 08:43:13 +02:00
TEST-04-JOURNAL journalctl: add --output-fields= (#7181) 2017-10-27 12:10:47 +09:00
TEST-05-RLIMITS test: Run qemu/nspawn tests with "set -e" 2017-08-10 08:43:13 +02:00
TEST-06-SELINUX test: Run qemu/nspawn tests with "set -e" 2017-08-10 08:43:13 +02:00
TEST-07-ISSUE-1981 test: Run qemu/nspawn tests with "set -e" 2017-08-10 08:43:13 +02:00
TEST-08-ISSUE-2730 test: Run qemu/nspawn tests with "set -e" 2017-08-10 08:43:13 +02:00
TEST-09-ISSUE-2691 test: Run qemu/nspawn tests with "set -e" 2017-08-10 08:43:13 +02:00
TEST-10-ISSUE-2467 tests: don't use "netcat" for testing TEST-10-ISSUE-2467 2017-12-05 13:49:13 +01:00
TEST-11-ISSUE-3166 test: Run qemu/nspawn tests with "set -e" 2017-08-10 08:43:13 +02:00
TEST-12-ISSUE-3171 test: Run qemu/nspawn tests with "set -e" 2017-08-10 08:43:13 +02:00
TEST-13-NSPAWN-SMOKE test: fix TEST-13-NSPAWN-SMOKE 2017-12-15 20:51:55 +01:00
TEST-14-MACHINE-ID tests: fix description of TEST-14-MACHINE-ID 2017-11-29 12:34:12 +01:00
TEST-15-DROPIN test: Run qemu/nspawn tests with "set -e" 2017-08-10 08:43:13 +02:00
TEST-16-EXTEND-TIMEOUT core: add EXTEND_TIMEOUT_USEC={usec} - prevent timeouts in startup/runtime/shutdown (#7214) 2017-12-14 12:17:43 +01:00
TEST-17-UDEV-WANTS test: make sure "make" in the test directories works again 2017-12-15 19:48:08 +01:00
TEST-18-FAILUREACTION test: make sure "make" in the test directories works again 2017-12-15 19:48:08 +01:00
TEST-19-DELEGATE test: make sure "make" in the test directories works again 2017-12-15 19:48:08 +01:00
TEST-20-MAINPIDGAMES core: be stricter when handling PID files and MAINPID sd_notify() messages 2018-01-11 15:12:16 +01:00
test-execute test-execute: use the "nogroup" group if it exists for testing 2017-12-06 13:40:50 +01:00
test-path test-path: move all related test files to a specific directory 2015-10-31 15:07:19 +01:00
test-resolve test: move resolved test data into test/ 2017-02-13 22:23:48 +01:00
.gitignore update .gitignore 2013-01-28 03:54:49 +01:00
a.service test: rename test directory 2011-12-31 18:06:56 +01:00
b.service test: rename test directory 2011-12-31 18:06:56 +01:00
basic.target test-engine: fix access to unit load path 2014-07-20 19:48:16 -04:00
c.service test: rename test directory 2011-12-31 18:06:56 +01:00
create-sys-script.py Add SPDX license headers to python scripts 2017-11-19 19:08:15 +01:00
d.service test: rename test directory 2011-12-31 18:06:56 +01:00
daughter.service cgroups: Cache controller masks and optimize queues. 2013-11-22 11:22:47 +10:00
e.service test: rename test directory 2011-12-31 18:06:56 +01:00
end.service tests: various fixes 2015-11-10 18:01:15 +00:00
f.service test: rename test directory 2011-12-31 18:06:56 +01:00
g.service test: rename test directory 2011-12-31 18:06:56 +01:00
grandchild.service test: add missing test units 2014-02-18 23:55:41 +01:00
h.service test: rename test directory 2011-12-31 18:06:56 +01:00
hello-after-sleep.target test: add test for jobs 2013-01-25 22:29:56 +01:00
hello.service test: add test for jobs 2013-01-25 22:29:56 +01:00
hwdb-test.sh test: set log_level to info in test-hwdb and check-help-* 2017-11-26 00:01:55 +09:00
loopy2.service core: do not add dependencies to self 2014-08-07 20:42:58 -04:00
loopy3.service core: warn when merged units have conflicting dependencies 2014-08-07 20:46:49 -04:00
loopy4.service core: warn when merged units have conflicting dependencies 2014-08-07 20:46:49 -04:00
loopy.service core: do not add dependencies to self 2014-08-07 20:42:58 -04:00
meson.build test-execute: use the "nogroup" group if it exists for testing 2017-12-06 13:40:50 +01:00
networkd-test.py separate flags from shebang 2017-12-25 19:48:49 +01:00
parent-deep.slice test: add missing test units 2014-02-18 23:55:41 +01:00
parent.slice core: translate between IO and BlockIO settings to ease transition 2016-05-18 17:35:12 -07:00
README.testsuite test: explain why we explicitly make all despite test/Makefile's check target calling it (#5830) 2017-04-29 08:23:13 +02:00
rule-syntax-check.py meson: re-attach rule-syntax-check.py test 2017-11-22 12:46:08 +01:00
run-integration-tests.sh run-integration-test: allow argument to be overriden 2017-12-06 15:16:55 +01:00
sched_idle_bad.service sched: Only setting CPUSchedulingPriority=rr doesn't work 2012-11-15 16:16:45 +01:00
sched_idle_ok.service sched: Only setting CPUSchedulingPriority=rr doesn't work 2012-11-15 16:16:45 +01:00
sched_rr_bad.service sched: Only setting CPUSchedulingPriority=rr doesn't work 2012-11-15 16:16:45 +01:00
sched_rr_change.service sched: Only setting CPUSchedulingPriority=rr doesn't work 2012-11-15 16:16:45 +01:00
sched_rr_ok.service sched: Only setting CPUSchedulingPriority=rr doesn't work 2012-11-15 16:16:45 +01:00
shutdown.target test-engine: fix access to unit load path 2014-07-20 19:48:16 -04:00
sleep.service test: add test for jobs 2013-01-25 22:29:56 +01:00
sockets.target test-engine: fix access to unit load path 2014-07-20 19:48:16 -04:00
son.service cgroups: Cache controller masks and optimize queues. 2013-11-22 11:22:47 +10:00
splash.bmp sd-boot: add EFI boot manager and stub loader 2015-02-17 14:36:59 +01:00
sys-script.py Add SPDX license headers to python scripts 2017-11-19 19:08:15 +01:00
sysinit.target test-engine: fix access to unit load path 2014-07-20 19:48:16 -04:00
sysv-generator-test.py Add SPDX license headers to python scripts 2017-11-19 19:08:15 +01:00
test-efi-create-disk.sh meson: also indent scripts with 8 spaces 2017-04-25 08:49:16 -04:00
test-exec-deserialization.py Add SPDX license headers to python scripts 2017-11-19 19:08:15 +01:00
test-functions core: be stricter when handling PID files and MAINPID sd_notify() messages 2018-01-11 15:12:16 +01:00
testsuite.target test: factor out testsuite.target, end.service 2013-01-25 22:29:56 +01:00
timers.target test-engine: fix access to unit load path 2014-07-20 19:48:16 -04:00
udev-test.pl more portable perl shebangs (#7701) 2017-12-19 11:13:34 +01:00
unstoppable.service tests: fix unstoppable service 2015-11-12 03:24:10 +00:00

The extended testsuite only works with uid=0. It contains of several
subdirectories named "test/TEST-??-*", which are run one by one.

To run the extended testsuite do the following:

$ make all  # Avoid the "sudo make" below building anything as root
$ cd test
$ sudo make clean check
...
make[1]: Entering directory `/mnt/data/harald/git/systemd/test/TEST-01-BASIC'
Making all in .
Making all in po
TEST: Basic systemd setup [OK]
make[1]: Leaving directory `/mnt/data/harald/git/systemd/test/TEST-01-BASIC'
...

If one of the tests fails, then $subdir/test.log contains the log file of
the test.

To debug a special testcase of the testsuite do:

$ make all
$ cd test/TEST-01-BASIC
$ sudo make clean setup run

QEMU
====

If you want to log in the testsuite virtual machine, you can specify
additional kernel command line parameter with $KERNEL_APPEND.

$ sudo make KERNEL_APPEND="systemd.unit=multi-user.target" clean setup run

you can even skip the "clean" and "setup" if you want to run the machine again.

$ sudo make KERNEL_APPEND="systemd.unit=multi-user.target" run

You can specify a different kernel and initramfs with $KERNEL_BIN and $INITRD.
(Fedora's or Debian's default kernel path and initramfs are used by default)

$ sudo make KERNEL_BIN=/boot/vmlinuz-foo INITRD=/boot/initramfs-bar clean check

A script will try to find your QEMU binary. If you want to specify a different
one you can use $QEMU_BIN.

$ sudo make QEMU_BIN=/path/to/qemu/qemu-kvm clean check