test: drop unneeded journal socket bind mounts

(where BindJournalSockets=yes is implied)
author: Mike Yuan <me@yhndnzj.com> 2024-04-26 10:54:25 +0200
committer: Mike Yuan <me@yhndnzj.com> 2024-09-03 21:04:52 +0200
commit: e2e6c23fdba62dbb6ae32842b3aa89563eab11aa (patch)
tree: 9ce20af869c43c2f84f7cd6f5f39feac127dc26e /test
parent: portable/profile: use BindJournalSockets= (diff)
download: systemd-e2e6c23fdba62dbb6ae32842b3aa89563eab11aa.tar.xz
systemd-e2e6c23fdba62dbb6ae32842b3aa89563eab11aa.zip
2 files changed, 3 insertions, 56 deletions
diff --git a/test/units/TEST-50-DISSECT.dissect.sh b/test/units/TEST-50-DISSECT.dissect.sh
index 9a05899cab..53ff198d16 100755
--- a/test/units/TEST-50-DISSECT.dissect.sh
+++ b/test/units/TEST-50-DISSECT.dissect.sh
@@ -9,12 +9,6 @@ set -o pipefail
 # shellcheck source=test/units/util.sh
 . "$(dirname "$0")"/util.sh
 
-BIND_LOG_SOCKETS=(
-    --property BindReadOnlyPaths=/dev/log
-    --property BindReadOnlyPaths=/run/systemd/journal/socket
-    --property BindReadOnlyPaths=/run/systemd/journal/stdout
-)
-
 systemd-dissect --json=short "$MINIMAL_IMAGE.raw" | \
     grep -q -F '{"rw":"ro","designator":"root","partition_uuid":null,"partition_label":null,"fstype":"squashfs","architecture":null,"verity":"external"'
 systemd-dissect "$MINIMAL_IMAGE.raw" | grep -q -F "MARKER=1"
@@ -80,21 +74,19 @@ fi
 systemd-dissect --umount "$IMAGE_DIR/mount"
 systemd-dissect --umount "$IMAGE_DIR/mount2"
 
-systemd-run -P -p RootImage="$MINIMAL_IMAGE.raw" "${BIND_LOG_SOCKETS[@]}" cat /usr/lib/os-release | grep -q -F "MARKER=1"
+systemd-run -P -p RootImage="$MINIMAL_IMAGE.raw" cat /usr/lib/os-release | grep -q -F "MARKER=1"
 mv "$MINIMAL_IMAGE.verity" "$MINIMAL_IMAGE.fooverity"
 mv "$MINIMAL_IMAGE.roothash" "$MINIMAL_IMAGE.foohash"
 systemd-run -P \
             -p RootImage="$MINIMAL_IMAGE.raw" \
             -p RootHash="$MINIMAL_IMAGE.foohash" \
             -p RootVerity="$MINIMAL_IMAGE.fooverity" \
-            "${BIND_LOG_SOCKETS[@]}" \
             cat /usr/lib/os-release | grep -q -F "MARKER=1"
 # Let's use the long option name just here as a test
 systemd-run -P \
             --property RootImage="$MINIMAL_IMAGE.raw" \
             --property RootHash="$MINIMAL_IMAGE_ROOTHASH" \
             --property RootVerity="$MINIMAL_IMAGE.fooverity" \
-            "${BIND_LOG_SOCKETS[@]}" \
             cat /usr/lib/os-release | grep -q -F "MARKER=1"
 mv "$MINIMAL_IMAGE.fooverity" "$MINIMAL_IMAGE.verity"
 mv "$MINIMAL_IMAGE.foohash" "$MINIMAL_IMAGE.roothash"
@@ -142,56 +134,48 @@ systemd-run --wait -P \
             -p RootImage="$MINIMAL_IMAGE.gpt" \
             -p RootHash="$MINIMAL_IMAGE_ROOTHASH" \
             -p MountAPIVFS=yes \
-            "${BIND_LOG_SOCKETS[@]}" \
             cat /usr/lib/os-release | grep -q -F "MARKER=1"
 systemd-run --wait -P \
             -p RootImage="$MINIMAL_IMAGE.gpt" \
             -p RootHash="$MINIMAL_IMAGE_ROOTHASH" \
             -p RootImagePolicy='*' \
             -p MountAPIVFS=yes \
-            "${BIND_LOG_SOCKETS[@]}" \
             cat /usr/lib/os-release | grep -q -F "MARKER=1"
 (! systemd-run --wait -P \
                -p RootImage="$MINIMAL_IMAGE.gpt" \
                -p RootHash="$MINIMAL_IMAGE_ROOTHASH" \
                -p RootImagePolicy='~' \
                -p MountAPIVFS=yes \
-               "${BIND_LOG_SOCKETS[@]}" \
                cat /usr/lib/os-release | grep -q -F "MARKER=1")
 (! systemd-run --wait -P \
                -p RootImage="$MINIMAL_IMAGE.gpt" \
                -p RootHash="$MINIMAL_IMAGE_ROOTHASH" \
                -p RootImagePolicy='-' \
                -p MountAPIVFS=yes \
-               "${BIND_LOG_SOCKETS[@]}" \
                cat /usr/lib/os-release | grep -q -F "MARKER=1")
 (! systemd-run --wait -P \
                -p RootImage="$MINIMAL_IMAGE.gpt" \
                -p RootHash="$MINIMAL_IMAGE_ROOTHASH" \
                -p RootImagePolicy='root=absent' \
                -p MountAPIVFS=yes \
-               "${BIND_LOG_SOCKETS[@]}" \
                cat /usr/lib/os-release | grep -q -F "MARKER=1")
 systemd-run --wait -P \
             -p RootImage="$MINIMAL_IMAGE.gpt" \
             -p RootHash="$MINIMAL_IMAGE_ROOTHASH" \
             -p RootImagePolicy='root=verity' \
             -p MountAPIVFS=yes \
-            "${BIND_LOG_SOCKETS[@]}" \
             cat /usr/lib/os-release | grep -q -F "MARKER=1"
 systemd-run --wait -P \
             -p RootImage="$MINIMAL_IMAGE.gpt" \
             -p RootHash="$MINIMAL_IMAGE_ROOTHASH" \
             -p RootImagePolicy='root=signed' \
             -p MountAPIVFS=yes \
-            "${BIND_LOG_SOCKETS[@]}" \
             cat /usr/lib/os-release | grep -q -F "MARKER=1"
 (! systemd-run --wait -P \
                -p RootImage="$MINIMAL_IMAGE.gpt" \
                -p RootHash="$MINIMAL_IMAGE_ROOTHASH" \
                -p RootImagePolicy='root=encrypted' \
                -p MountAPIVFS=yes \
-               "${BIND_LOG_SOCKETS[@]}" \
                cat /usr/lib/os-release | grep -q -F "MARKER=1")
 
 systemd-dissect --root-hash "$MINIMAL_IMAGE_ROOTHASH" --mount "$MINIMAL_IMAGE.gpt" "$IMAGE_DIR/mount"
@@ -211,17 +195,14 @@ systemd-run -P \
             -p RootImage="$MINIMAL_IMAGE.gpt" \
             -p RootHash="$MINIMAL_IMAGE_ROOTHASH" \
             -p MountAPIVFS=yes \
-            "${BIND_LOG_SOCKETS[@]}" \
             cat /usr/lib/os-release | grep -q -F "MARKER=1"
 systemd-run -P \
             -p RootImage="$MINIMAL_IMAGE.raw" \
             -p RootImageOptions="root:nosuid,dev home:ro,dev ro,noatime" \
-            "${BIND_LOG_SOCKETS[@]}" \
             mount | grep -F "squashfs" | grep -q -F "nosuid"
 systemd-run -P \
             -p RootImage="$MINIMAL_IMAGE.gpt" \
             -p RootImageOptions="root:ro,noatime root:ro,dev" \
-            "${BIND_LOG_SOCKETS[@]}" \
             mount | grep -F "squashfs" | grep -q -F "noatime"
 
 mkdir -p "$IMAGE_DIR/result"
@@ -234,7 +215,6 @@ TemporaryFileSystem=/run
 RootImage=$MINIMAL_IMAGE.raw
 RootImageOptions=root:ro,noatime home:ro,dev relatime,dev
 RootImageOptions=nosuid,dev
-BindReadOnlyPaths=/dev/log /run/systemd/journal/socket /run/systemd/journal/stdout
 EOF
 systemctl start testservice-50a.service
 grep -F "squashfs" "$IMAGE_DIR/result/a" | grep -q -F "noatime"
@@ -251,7 +231,6 @@ RootImageOptions=root:ro,noatime,nosuid home:ro,dev nosuid,dev
 RootImageOptions=home:ro,dev nosuid,dev,%%foo
 # this is the default, but let's specify once to test the parser
 MountAPIVFS=yes
-BindReadOnlyPaths=/dev/log /run/systemd/journal/socket /run/systemd/journal/stdout
 EOF
 systemctl start testservice-50b.service
 grep -F "squashfs" "$IMAGE_DIR/result/b" | grep -q -F "noatime"
@@ -284,27 +263,23 @@ systemd-run -P \
             -p TemporaryFileSystem=/run \
             -p RootImage="$MINIMAL_IMAGE.raw" \
             -p MountImages="$MINIMAL_IMAGE.gpt:/run/img1 $MINIMAL_IMAGE.raw:/run/img2" \
-            "${BIND_LOG_SOCKETS[@]}" \
             cat /usr/lib/os-release | grep -q -F "MARKER=1"
 systemd-run -P \
             -p TemporaryFileSystem=/run \
             -p RootImage="$MINIMAL_IMAGE.raw" \
             -p MountImages="$MINIMAL_IMAGE.gpt:/run/img1 $MINIMAL_IMAGE.raw:/run/img2" \
-            "${BIND_LOG_SOCKETS[@]}" \
             cat /run/img1/usr/lib/os-release | grep -q -F "MARKER=1"
 systemd-run -P \
             -p TemporaryFileSystem=/run \
             -p RootImage="$MINIMAL_IMAGE.gpt" \
             -p RootHash="$MINIMAL_IMAGE_ROOTHASH" \
             -p MountImages="$MINIMAL_IMAGE.gpt:/run/img1 $MINIMAL_IMAGE.raw:/run/img2" \
-            "${BIND_LOG_SOCKETS[@]}" \
             cat /run/img2/usr/lib/os-release | grep -q -F "MARKER=1"
 cat >/run/systemd/system/testservice-50c.service <<EOF
 [Service]
 MountAPIVFS=yes
 TemporaryFileSystem=/run
 RootImage=$MINIMAL_IMAGE.raw
-BindReadOnlyPaths=/dev/log /run/systemd/journal/socket /run/systemd/journal/stdout
 MountImages=$MINIMAL_IMAGE.gpt:/run/img1:root:noatime:home:relatime
 MountImages=$MINIMAL_IMAGE.raw:/run/img2\:3:nosuid
 ExecStart=bash -c "cat /run/img1/usr/lib/os-release >/run/result/c"
@@ -352,42 +327,34 @@ systemctl is-active testservice-50d.service
 systemd-run -P \
             --property ExtensionImages=/tmp/app0.raw \
             --property RootImage="$MINIMAL_IMAGE.raw" \
-            "${BIND_LOG_SOCKETS[@]}" \
             cat /opt/script0.sh | grep -q -F "extension-release.app0"
 systemd-run -P \
             --property ExtensionImages=/tmp/app0.raw \
             --property RootImage="$MINIMAL_IMAGE.raw" \
-            "${BIND_LOG_SOCKETS[@]}" \
             cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1"
 systemd-run -P \
             --property ExtensionImages="/tmp/app0.raw /tmp/app1.raw" \
             --property RootImage="$MINIMAL_IMAGE.raw" \
-            "${BIND_LOG_SOCKETS[@]}" \
             cat /opt/script0.sh | grep -q -F "extension-release.app0"
 systemd-run -P \
             --property ExtensionImages="/tmp/app0.raw /tmp/app1.raw" \
             --property RootImage="$MINIMAL_IMAGE.raw" \
-            "${BIND_LOG_SOCKETS[@]}" \
             cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1"
 systemd-run -P \
             --property ExtensionImages="/tmp/app0.raw /tmp/app1.raw" \
             --property RootImage="$MINIMAL_IMAGE.raw" \
-            "${BIND_LOG_SOCKETS[@]}" \
             cat /opt/script1.sh | grep -q -F "extension-release.app2"
 systemd-run -P \
             --property ExtensionImages="/tmp/app0.raw /tmp/app1.raw" \
             --property RootImage="$MINIMAL_IMAGE.raw" \
-            "${BIND_LOG_SOCKETS[@]}" \
             cat /usr/lib/systemd/system/other_file | grep -q -F "MARKER=1"
 systemd-run -P \
             --property ExtensionImages=/tmp/app-nodistro.raw \
             --property RootImage="$MINIMAL_IMAGE.raw" \
-            "${BIND_LOG_SOCKETS[@]}" \
             cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1"
 systemd-run -P \
             --property ExtensionImages=/etc/service-scoped-test.raw \
             --property RootImage="$MINIMAL_IMAGE.raw" \
-            "${BIND_LOG_SOCKETS[@]}" \
             cat /etc/systemd/system/some_file | grep -q -F "MARKER_CONFEXT_123"
 
 # Check that two identical verity images at different paths do not fail with -ELOOP from OverlayFS
@@ -412,7 +379,6 @@ ln -fs /tmp/symlink-test/app-nodistro-v1.raw /tmp/symlink-test/app-nodistro.raw
 systemd-run -P \
             --property ExtensionImages=/tmp/symlink-test/app-nodistro.raw \
             --property RootImage="$MINIMAL_IMAGE.raw" \
-            "${BIND_LOG_SOCKETS[@]}" \
             cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1"
 
 # Symlink check again but for confext
@@ -422,20 +388,17 @@ ln -fs /etc/symlink-test/service-scoped-test-v1.raw /etc/symlink-test/service-sc
 systemd-run -P \
             --property ExtensionImages=/etc/symlink-test/service-scoped-test.raw \
             --property RootImage="$MINIMAL_IMAGE.raw" \
-            "${BIND_LOG_SOCKETS[@]}" \
             cat /etc/systemd/system/some_file | grep -q -F "MARKER_CONFEXT_123"
 # And again mixing sysext and confext
 systemd-run -P \
     --property ExtensionImages=/tmp/symlink-test/app-nodistro.raw \
     --property ExtensionImages=/etc/symlink-test/service-scoped-test.raw \
     --property RootImage="$MINIMAL_IMAGE.raw" \
-    "${BIND_LOG_SOCKETS[@]}" \
     cat /etc/systemd/system/some_file | grep -q -F "MARKER_CONFEXT_123"
 systemd-run -P \
     --property ExtensionImages=/tmp/symlink-test/app-nodistro.raw \
     --property ExtensionImages=/etc/symlink-test/service-scoped-test.raw \
     --property RootImage="$MINIMAL_IMAGE.raw" \
-    "${BIND_LOG_SOCKETS[@]}" \
     cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1"
 
 cat >/run/systemd/system/testservice-50e.service <<EOF
@@ -445,7 +408,6 @@ TemporaryFileSystem=/run /var/lib
 StateDirectory=app0
 RootImage=$MINIMAL_IMAGE.raw
 ExtensionImages=/tmp/app0.raw /tmp/app1.raw:nosuid
-BindReadOnlyPaths=/dev/log /run/systemd/journal/socket /run/systemd/journal/stdout
 # Relevant only for sanitizer runs
 UnsetEnvironment=LD_PRELOAD
 ExecStart=bash -c '/opt/script0.sh | grep ID'
@@ -473,12 +435,10 @@ mkdir -p "$IMAGE_DIR/app0" "$IMAGE_DIR/app1" "$IMAGE_DIR/app-nodistro" "$IMAGE_D
 (! systemd-run -P \
                --property ExtensionDirectories="$IMAGE_DIR/nonexistent" \
                --property RootImage="$MINIMAL_IMAGE.raw" \
-               "${BIND_LOG_SOCKETS[@]}" \
                cat /opt/script0.sh)
 (! systemd-run -P \
                --property ExtensionDirectories="$IMAGE_DIR/app0" \
                --property RootImage="$MINIMAL_IMAGE.raw" \
-               "${BIND_LOG_SOCKETS[@]}" \
                cat /opt/script0.sh)
 systemd-dissect --mount /tmp/app0.raw "$IMAGE_DIR/app0"
 systemd-dissect --mount /tmp/app1.raw "$IMAGE_DIR/app1"
@@ -487,42 +447,34 @@ systemd-dissect --mount /etc/service-scoped-test.raw "$IMAGE_DIR/service-scoped-
 systemd-run -P \
             --property ExtensionDirectories="$IMAGE_DIR/app0" \
             --property RootImage="$MINIMAL_IMAGE.raw" \
-            "${BIND_LOG_SOCKETS[@]}" \
             cat /opt/script0.sh | grep -q -F "extension-release.app0"
 systemd-run -P \
             --property ExtensionDirectories="$IMAGE_DIR/app0" \
             --property RootImage="$MINIMAL_IMAGE.raw" \
-            "${BIND_LOG_SOCKETS[@]}" \
             cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1"
 systemd-run -P \
             --property ExtensionDirectories="$IMAGE_DIR/app0 $IMAGE_DIR/app1" \
             --property RootImage="$MINIMAL_IMAGE.raw" \
-            "${BIND_LOG_SOCKETS[@]}" \
             cat /opt/script0.sh | grep -q -F "extension-release.app0"
 systemd-run -P \
             --property ExtensionDirectories="$IMAGE_DIR/app0 $IMAGE_DIR/app1" \
             --property RootImage="$MINIMAL_IMAGE.raw" \
-            "${BIND_LOG_SOCKETS[@]}" \
             cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1"
 systemd-run -P \
             --property ExtensionDirectories="$IMAGE_DIR/app0 $IMAGE_DIR/app1" \
             --property RootImage="$MINIMAL_IMAGE.raw" \
-            "${BIND_LOG_SOCKETS[@]}" \
             cat /opt/script1.sh | grep -q -F "extension-release.app2"
 systemd-run -P \
             --property ExtensionDirectories="$IMAGE_DIR/app0 $IMAGE_DIR/app1" \
             --property RootImage="$MINIMAL_IMAGE.raw" \
-            "${BIND_LOG_SOCKETS[@]}" \
             cat /usr/lib/systemd/system/other_file | grep -q -F "MARKER=1"
 systemd-run -P \
             --property ExtensionDirectories="$IMAGE_DIR/app-nodistro" \
             --property RootImage="$MINIMAL_IMAGE.raw" \
-            "${BIND_LOG_SOCKETS[@]}" \
             cat /usr/lib/systemd/system/some_file | grep -q -F "MARKER=1"
 systemd-run -P \
             --property ExtensionDirectories="$IMAGE_DIR/service-scoped-test" \
             --property RootImage="$MINIMAL_IMAGE.raw" \
-            "${BIND_LOG_SOCKETS[@]}" \
             cat /etc/systemd/system/some_file | grep -q -F "MARKER_CONFEXT_123"
 cat >/run/systemd/system/testservice-50f.service <<EOF
 [Service]
@@ -530,7 +482,6 @@ MountAPIVFS=yes
 TemporaryFileSystem=/run /var/lib
 StateDirectory=app0
 RootImage=$MINIMAL_IMAGE.raw
-BindReadOnlyPaths=/dev/log /run/systemd/journal/socket /run/systemd/journal/stdout
 ExtensionDirectories=$IMAGE_DIR/app0 $IMAGE_DIR/app1
 # Relevant only for sanitizer runs
 UnsetEnvironment=LD_PRELOAD
@@ -600,7 +551,7 @@ ln -s "$MINIMAL_IMAGE.raw" "$VDIR/${VBASE}_33.raw"
 ln -s "$MINIMAL_IMAGE.raw" "$VDIR/${VBASE}_34.raw"
 ln -s "$MINIMAL_IMAGE.raw" "$VDIR/${VBASE}_35.raw"
 
-systemd-run -P -p RootImage="$VDIR" "${BIND_LOG_SOCKETS[@]}" cat /usr/lib/os-release | grep -q -F "MARKER=1"
+systemd-run -P -p RootImage="$VDIR" cat /usr/lib/os-release | grep -q -F "MARKER=1"
 
 rm "$VDIR/${VBASE}_33.raw" "$VDIR/${VBASE}_34.raw" "$VDIR/${VBASE}_35.raw"
 rmdir "$VDIR"
@@ -678,7 +629,6 @@ systemd-run --unit=test-root-ephemeral \
     -p RootDirectory=/tmp/img \
     -p RootEphemeral=yes \
     -p Type=exec \
-    "${BIND_LOG_SOCKETS[@]}" \
     bash -c "touch /abc && sleep infinity"
 test -n "$(ls -A /var/lib/systemd/ephemeral-trees)"
 systemctl stop test-root-ephemeral
@@ -728,7 +678,7 @@ grep -q -F "MARKER_CONFEXT_123" /etc/testfile
 systemd-confext unmerge
 rm -rf /run/confexts/ testjob/
 
-systemd-run -P -p RootImage="$MINIMAL_IMAGE.raw" "${BIND_LOG_SOCKETS[@]}" cat /run/host/os-release | cmp "$OS_RELEASE"
+systemd-run -P -p RootImage="$MINIMAL_IMAGE.raw" cat /run/host/os-release | cmp "$OS_RELEASE"
 
 # Test that systemd-sysext reloads the daemon.
 mkdir -p /var/lib/extensions/
diff --git a/test/units/TEST-82-SOFTREBOOT.sh b/test/units/TEST-82-SOFTREBOOT.sh
index eb6fb37561..57c6431ffc 100755
--- a/test/units/TEST-82-SOFTREBOOT.sh
+++ b/test/units/TEST-82-SOFTREBOOT.sh
@@ -242,9 +242,6 @@ EOF
     systemd-run --service-type=exec --unit=TEST-82-SOFTREBOOT-survive.service \
         --property TemporaryFileSystem="/run /tmp /var" \
         --property RootImage=/tmp/minimal_0.raw \
-        --property BindReadOnlyPaths=/dev/log \
-        --property BindReadOnlyPaths=/run/systemd/journal/socket \
-        --property BindReadOnlyPaths=/run/systemd/journal/stdout \
         --property SurviveFinalKillSignal=yes \
         --property IgnoreOnIsolate=yes \
         --property DefaultDependencies=no \
author	Mike Yuan <me@yhndnzj.com>	2024-04-26 10:54:25 +0200
committer	Mike Yuan <me@yhndnzj.com>	2024-09-03 21:04:52 +0200
commit	e2e6c23fdba62dbb6ae32842b3aa89563eab11aa (patch)
tree	9ce20af869c43c2f84f7cd6f5f39feac127dc26e /test
parent	portable/profile: use BindJournalSockets= (diff)
download	systemd-e2e6c23fdba62dbb6ae32842b3aa89563eab11aa.tar.xz systemd-e2e6c23fdba62dbb6ae32842b3aa89563eab11aa.zip