| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
This reverts commit aef13ad0294b403993e19b424b26535fb65749f4.
|
| |
|
|
| |
This reverts commit 639403f9a86869984b155edda2521741950f5417.
|
| |\
| |
| | |
mkosi: Sanitizers
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Let's set the environment on the kernel command line so it applies
to initrd and main system.
- Let's add the necessary wrappers that are also added in test-functions.
Unlike test-functions we don't use gcc/clang to get the library path as
that requires installing gcc/clang in the initrd.
- Let's drop the hack to get journald writing to the console and have
it write to kmsg instead. We'll get the output either way.
- Stop removing libstdc++ and sanitizer libraries from Arch Linux
initrds and other images as it's required by the sanitizer libraries.
- Add a workaround for specifying extra meson options for opensuse
- Add a leak sanitizer suppression file as a workaround for a false
positive leak in verify_selinuxmnt() in libselinux. We do a soname match
because the stacktrace can't be properly symbolized on Debian.
|
| | |
| |
| |
| | |
Let's not fail if directories already exist in cp_r().
|
| | |
| |
| |
| |
| |
| |
| | |
When DynamicUser= is enabled, we need LD_PRELOAD to be configured
correctly as the tests will load systemd's nss module which will complain
when built with sanitizers if the sanitizer libraries were not loaded
first.
|
| | |
| |
| |
| |
| | |
System call filtering is incompatible with sanitizers so let's skip
these tests when we're built with sanitizers.
|
| | |
| |
| |
| |
| |
| | |
The test fails when running under sanitizers due to missing sanitizer
libraries. For now, let's skip the test until we can make the necessary
changes to run it under sanitizers.
|
| | |
| |
| |
| |
| | |
Some tests (e.g. test-udev.py) might trigger one of our NSS modules
which means LD_PRELOAD has to be configured properly.
|
| | |
| |
| |
| | |
Required since we run with DynamicUser=1.
|
| | |
| |
| |
| |
| |
| | |
The test does not work under sanitizers as strace is used. Until the
test is fixed to not use strace let's skip it when running with
sanitizers.
|
| | | |
|
| | |
| |
| |
| |
| | |
When running with sanitizers we need more memory otherwise the unit
gets OOM killed.
|
| | |
| |
| |
| |
| |
| |
| | |
dbus-broker and dbus-daemon have not been made interchangable on
OpenSUSE so we currently end up with dbus-broker used for the system
bus and dbus-daemon for the session bus. Let's stick to dbus-daemon
on OpenSUSE until they switch to dbus-broker.
|
| | | |
|
| | |
| |
| |
| |
| | |
Otherwise we won't detect we're running in Github Actions and will
show the wrong command to fetch the journal.
|
| |\ \
| | |
| | | |
efi-api: tighten check for TPM2 systems
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
If we are looking at a TPM1.2 event log the first log record will not be
the "EfiSpecIdEvent" but something else. Let's improve the log messages
about this, and say explicitly that this is likely not a TPM2.0 event
log.
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If the ceck for the ACPI TPM2 table did not work we currently check if
the EFI TPM table exists to check if the firmware supports TPM2.
Specifically we check if
/sys/kernel/security/tpm0/binary_bios_measurements exists. But that's
not enough, since that also exists on TPM1.2 systems. Hence, let's also
check /sys/class/tpm/tpm0/tpm_version_major which should exist under
similar conditions and tells us the kernel's idea of the TPM version in
use.
I originally intended to read the signature of the
/sys/kernel/security/tpm0/binary_bios_measurements contents for this,
but this is not ideal since that file has tight access mode, and our TPM
availability check would thus not work anymore if invoked unpriv.
Follow-up for 4b3391158197e9158cc754e56bbeaf94e2fd8395
Fixes: #33077
|
| | | |
|
| |\ \
| | |
| | | |
cgroup-util: Don't try to open pidfd for pids from cgroup.threads
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Opening pidfds for non thread group leaders only works from 6.9 onwards with PIDFD_THREAD. On
older kernels or without PIDFD_THREAD pidfd_open() fails with EINVAL. Since we might read non
thread group leader IDs from cgroup.threads, we introduce and set CGROUP_NO_PIDFD to avoid
trying open pidfd's for them and instead use the pid as is.
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Follow-up for aa6fe772e1886cdf759954bc2a4742e818ec84c5
Also, the 'partscan' sysattr has been backported to v6.6.
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| | |
IPv4Forwarding=/IPv6Forwarding=
It has been mentioned in IPv4Forwarding= and IPv6Forwarding=,
but let's also explain in the settings who imply these settings.
Follow-up for 3976c430927e1bfefa0413f80ebac84ab9a64350 and
485f5148b3a3e5ebc7e14acef78494a98435c4b9.
|
| |\ \
| | |
| | | |
watchdog: don't disarm on shutdown
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
watchdog resources
Otherwise we'll close the device disarming it as side-effect of
watchdog_free_device(), which is not intended. Hence, let's close the fd
first explicitly leaving it armed.
Fixes: #33075
|
| | | |
| | |
| | |
| | |
| | |
| | | |
When we open a watchdog fresh we have never pinged it, hence reset the
ping timestamp explicitly, so that it is not only reset the first time
we open the device, but all times.
|
| | |/
| |
| |
| |
| | |
Let's put the "watchdog" always as prefix in the name, and not as suffix
or the middle. Just for reasons of naming hygiene
|
| |\ \
| |/
|/| |
various fixes to generator execution
|
| | |
| |
| |
| |
| | |
We should really have set O_CLOEXEC for all our fds, but better be safe
than sorry.
|
| | | |
|
| | | |
|
| |\ \
| | |
| | | |
mkosi: Switch back to cloud/KVM kernel packages
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Now that we don't need megasas2 anymore, let's switch back to the
KVM/cloud kernel images to save on image size, build times and boot
times.
|
| | | |
| | |
| | |
| | |
| | | |
Otherwise qemu defaults to ide for which the module isn't always
available (e.g. it's missing in the debian linux cloud images).
|
| |/ /
| |
| |
| |
| |
| |
| | |
The virtio-scsi driver is available in the KVM/cloud kernel
packages provided by distributions whereas the megasas2 driver is
not. Let's switch to virtio-scsi so we can switch back to the KVM/cloud
kernel packages.
|
| |\ \
| |/
|/| |
test: Run tests that don't need a vm in systemd-nspawn
|
| | |
| |
| |
| |
| | |
This allows running integration tests that support it in nspawn
instead of qemu. This both gives extra coverage and speeds things up.
|
| | |
| |
| |
| |
| | |
If we're not running the test as root, stick to using a virtual
machine, as mkosi can't do rootless nspawn yet.
|
| | |
| |
| |
| |
| | |
We'll always start these on demand in integration tests that need
them. No need to start them by default.
|
| | |
| |
| |
| |
| |
| | |
Mounting multiple btrfs filesystems with the same fsid only works
properly from kernel 6.7 onwards. Let's switch to ext4 for now which
does support this.
|
| |/ |
|
| |
|
|
|
| |
The opensuse spec doesn't unconditionally set FORTIFY_SOURCE=2 anymore
so let's drop our workaround.
|
| |\
| |
| | |
Revert "TEST-19-CGROUP: Skip on opensuse"
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit 60d064d3fdfc21d9209d81ed8b29fe0d90891ebf.
The logged test failure was because of missing memory controller in
testing cgroup. With the test fixed in previous commit, memory
attributes are delegated as expected.
Ref: #32439
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When the test used to be run on distro that doesn't enable memory
accounting by default (such as openSUSE TW), there is no guarantee that
testing unit has memory.* cgroup attributes and delegation test would
fail if they are missing.
Require memory controller explicitly inside the unit so that test can
work in any environment.
|
