tests: various small fixes for strict systems

Don't assume that 4MB can be allocated from stack since there could be smaller
DefaultLimitSTACK= in force, so let's use malloc(). NUL terminate the huge
strings by hand, also ensure termination in test_lz4_decompress_partial() and
optimize the memset() for the string.

Some items in /proc and /etc may not be accessible to poor unprivileged users
due to e.g. SELinux, BOFH or both, so check for EACCES and EPERM.

/var/tmp may be a symlink to /tmp and then path_compare() will always fail, so
let's stick to /tmp like elsewhere.

/tmp may be mounted with noexec option and then trying to execute scripts from
there would fail.

Detect and warn if seccomp is already in use, which could make seccomp test
fail if the syscalls are already blocked.

Unset $TMPDIR so it will not break specifier tests where %T is assumed to be
/tmp and %V /var/tmp.

1 files changed, 4 insertions, 1 deletions

diff --git a/src/test/test-capability.c b/src/test/test-capability.c
index 74b27379ea..f8766256e2 100644
--- a/src/test/test-capability.c
+++ b/src/test/test-capability.c
@@ -9,6 +9,7 @@
 
 #include "alloc-util.h"
 #include "capability-util.h"
+#include "errno-util.h"
 #include "fd-util.h"
 #include "fileio.h"
 #include "macro.h"
@@ -35,6 +36,8 @@ static void test_last_cap_file(void) {
         int r;
 
         r = read_one_line_file("/proc/sys/kernel/cap_last_cap", &content);
+        if (r == -ENOENT || ERRNO_IS_PRIVILEGE(r)) /* kernel pre 3.2 or no access */
+                return;
         assert_se(r >= 0);
 
         r = safe_atolu(content, &val);
@@ -230,7 +233,7 @@ static void test_ensure_cap_64bit(void) {
         int r;
 
         r = read_one_line_file("/proc/sys/kernel/cap_last_cap", &content);
-        if (r == -ENOENT) /* kernel pre 3.2 */
+        if (r == -ENOENT || ERRNO_IS_PRIVILEGE(r)) /* kernel pre 3.2 or no access */
                 return;
         assert_se(r >= 0);