diff options
| author | Frantisek Sumsal <frantisek@sumsal.cz> | 2023-12-04 21:33:15 +0100 |
|---|---|---|
| committer | Frantisek Sumsal <frantisek@sumsal.cz> | 2023-12-05 09:07:14 +0100 |
| commit | 52c1fb6885e40ffa9fa65f7798608cf651e05c3a (patch) | |
| tree | ccdf5953acfc091d9b24c28f332f7d438ad1c320 /test | |
| parent | Revert "sysusers.d: create the user for systemd-journal-upload.service" (diff) | |
| download | systemd-52c1fb6885e40ffa9fa65f7798608cf651e05c3a.tar.xz systemd-52c1fb6885e40ffa9fa65f7798608cf651e05c3a.zip | |
test: set correct group for systemd-journal-upload tests
We can't use the systemd-journal-upload user here, since it's created
dynamically by DynamicUser=yes. However, we can use the group specified
in SupplementaryGroups=, so do exactly that.
Diffstat (limited to 'test')
| -rw-r--r-- | test/test-functions | 5 | ||||
| -rwxr-xr-x | test/units/testsuite-04.journal-remote.sh | 7 |
2 files changed, 7 insertions, 5 deletions
diff --git a/test/test-functions b/test/test-functions index 556346d7d5..42b0038789 100644 --- a/test/test-functions +++ b/test/test-functions @@ -157,6 +157,7 @@ BASICTOOLS=( bash capsh cat + chgrp chmod chown chroot @@ -2870,14 +2871,14 @@ inst_binary() { # Same as above, but we need to wrap certain libraries unconditionally # - # chown, getent, login, setfacl, su, useradd, userdel + # chgrp, chown, getent, login, setfacl, su, useradd, userdel # - dlopen() (not only) systemd's PAM modules # ls, mkfs.*, mksquashfs, mkswap, setpriv, stat # - pull in nss_systemd with certain options (like ls -l) when # nsswitch.conf uses [SUCCESS=merge] (like on Arch Linux) # delv, dig - pull in nss_resolve if `resolve` is in nsswitch.conf # tar - called by machinectl in TEST-25 - bin_rx='/(agetty|chown|curl|delv|dig|getfacl|getent|id|login|ls|mkfs\.[a-z0-9]+|mksquashfs|mkswap|setfacl|setpriv|stat|su|tar|useradd|userdel)$' + bin_rx='/(agetty|chgrp|chown|curl|delv|dig|getfacl|getent|id|login|ls|mkfs\.[a-z0-9]+|mksquashfs|mkswap|setfacl|setpriv|stat|su|tar|useradd|userdel)$' if get_bool "$IS_BUILT_WITH_ASAN" && [[ "$bin" =~ $bin_rx ]]; then wrap_binary=1 # Ugh, so we want to disable LSan in most cases for the wrapped binaries, since diff --git a/test/units/testsuite-04.journal-remote.sh b/test/units/testsuite-04.journal-remote.sh index c543129da9..b7d9cbd81b 100755 --- a/test/units/testsuite-04.journal-remote.sh +++ b/test/units/testsuite-04.journal-remote.sh @@ -161,8 +161,8 @@ openssl x509 -req -days 7 \ -CA /run/systemd/remote-pki/ca.crt \ -CAkey /run/systemd/remote-pki/ca.key \ -out /run/systemd/remote-pki/server.crt -setfacl -R -m "u:systemd-journal-remote:rwX" /run/systemd/remote-pki -setfacl -R -m "u:systemd-journal-upload:rwX" /run/systemd/remote-pki +chown -R systemd-journal-remote:systemd-journal /run/systemd/remote-pki +chmod -R g+rwX /run/systemd/remote-pki # Reconfigure journal-upload/journal remote with the new keys cat >/run/systemd/journal-remote.conf.d/99-test.conf <<EOF @@ -215,7 +215,8 @@ cat >/run/systemd/system/systemd-journal-upload.service.d/99-test.conf <<EOF Restart=no EOF systemctl daemon-reload -setfacl -R -m "u:systemd-journal-upload:rwX" /run/systemd/journal-remote-tls +chgrp -R systemd-journal /run/systemd/journal-remote-tls +chmod -R g+rwX /run/systemd/journal-remote-tls systemctl restart systemd-journal-upload timeout 10 bash -xec 'while [[ "$(systemctl show -P ActiveState systemd-journal-upload)" != failed ]]; do sleep 1; done' |