summaryrefslogtreecommitdiffstats
path: root/src/test/test-execute.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* tree-wide: unsetenv cannot failZbigniew Jędrzejewski-Szmek2020-11-101-5/+5
| | | | | | ... when called with a valid environment variable name. This means that any time we call it with a fixed string, it is guaranteed to return 0. (Also when the variable is not present in the environment block.)
* license: LGPL-2.1+ -> LGPL-2.1-or-laterYu Watanabe2020-11-091-1/+1
|
* tests: add helper function to autodetect CI environmentsZbigniew Jędrzejewski-Szmek2020-10-221-6/+1
| | | | | Sadly there is no standarized way to check if we're running in some CI environment. So let's try to gather the heuristics in one helper function.
* Rename find_binary to find_executableZbigniew Jędrzejewski-Szmek2020-09-181-6/+6
| | | | "executable" is more correct than "binary", since scripts are OK too.
* test-execute: include test location in error outputZbigniew Jędrzejewski-Szmek2020-09-181-136/+146
| | | | | | test-execute is quite long and even with the test name it takes a moment to find the relevant spot when something fails. Let's make things easier by printing the exact location.
* test: add test cases for RuntimeDirectoryPreserve=yesYu Watanabe2020-09-181-0/+4
|
* test-execute: kill Waldo and QuuxTopi Miettinen2020-09-161-0/+4
| | | | Retire /var/lib{,/private}/{quux,waldo} after they have served their purpose.
* exec: Add kill action to system call filtersTopi Miettinen2020-09-151-0/+2
| | | | | | | | | | | | | | | | | Define explicit action "kill" for SystemCallErrorNumber=. In addition to errno code, allow specifying "kill" as action for SystemCallFilter=. --- v7: seccomp_parse_errno_or_action() returns -EINVAL if !HAVE_SECCOMP v6: use streq_ptr(), let errno_to_name() handle bad values, kill processes, init syscall_errno v5: actually use seccomp_errno_or_action_to_string(), don't fail bus unit parsing without seccomp v4: fix build without seccomp v3: drop log action v2: action -> number
* test-execute: check if private directories have bad permissions before ↵Zbigniew Jędrzejewski-Szmek2020-09-041-0/+22
| | | | | | | | | | | | running test_exec_dynamicuser() If the directory (/var/lib/private is most likely) has borked permissions, the test will fail with a cryptic message and EXIT_STATE_DIRECTORY or similar. The message from the child with more details gets lost somewhere. Let's avoid running the test in that case and provide a simple error message instead. E.g. systemd-238-12.git07f8cd5.fc28.ppc64 (which I encountered on a test machine) has /var/lib/private with 0755.
* test-execute: simplify conditionZbigniew Jędrzejewski-Szmek2020-09-041-2/+1
| | | | tests is always a static array, it cannot be NULL.
* tree-wide: avoid some loaded termsLennart Poettering2020-06-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | https://tools.ietf.org/html/draft-knodel-terminology-02 https://lwn.net/Articles/823224/ This gets rid of most but not occasions of these loaded terms: 1. scsi_id and friends are something that is supposed to be removed from our tree (see #7594) 2. The test suite defines an API used by the ubuntu CI. We can remove this too later, but this needs to be done in sync with the ubuntu CI. 3. In some cases the terms are part of APIs we call or where we expose concepts the kernel names the way it names them. (In particular all remaining uses of the word "slave" in our codebase are like this, it's used by the POSIX PTY layer, by the network subsystem, the mount API and the block device subsystem). Getting rid of the term in these contexts would mean doing some major fixes of the kernel ABI first. Regarding the replacements: when whitelist/blacklist is used as noun we replace with with allow list/deny list, and when used as verb with allow-list/deny-list.
* tests: various small fixes for strict systemsTopi Miettinen2020-04-261-0/+1
| | | | | | | | | | | | | | | | | | | | | | Don't assume that 4MB can be allocated from stack since there could be smaller DefaultLimitSTACK= in force, so let's use malloc(). NUL terminate the huge strings by hand, also ensure termination in test_lz4_decompress_partial() and optimize the memset() for the string. Some items in /proc and /etc may not be accessible to poor unprivileged users due to e.g. SELinux, BOFH or both, so check for EACCES and EPERM. /var/tmp may be a symlink to /tmp and then path_compare() will always fail, so let's stick to /tmp like elsewhere. /tmp may be mounted with noexec option and then trying to execute scripts from there would fail. Detect and warn if seccomp is already in use, which could make seccomp test fail if the syscalls are already blocked. Unset $TMPDIR so it will not break specifier tests where %T is assumed to be /tmp and %V /var/tmp.
* tests: move unit files to units/ subdirectoryZbigniew Jędrzejewski-Szmek2020-03-191-3/+3
| | | | | We have a bazillion of those unit files, and keeping them all directly in tests/ has become rather unwieldy.
* test: add a test case for migrating DynamicUser=yes to noYu Watanabe2020-03-061-0/+1
|
* execute: Make '+' exec prefix ignore PrivateTmp=yesNate Jones2020-02-291-0/+1
| | | | | | | | The man pages state that the '+' prefix in Exec* directives should ignore filesystem namespacing options such as PrivateTmp. Now it does. This is very similar to #8842, just with PrivateTmp instead of PrivateDevices.
* test: add test for https://github.com/systemd/systemd/issues/14560Lennart Poettering2020-01-201-0/+2
|
* test: add test case for PrivateDevices=y and Group=daemonAnita Zhang2019-12-181-0/+1
| | | | | | For root, group enforcement needs to come after PrivateDevices=y set up according to 096424d1230e0a0339735c51b43949809e972430. Add a test to verify this is the case.
* tests: modify enter_cgroup_subroot() to return the new pathZbigniew Jędrzejewski-Szmek2019-11-111-1/+1
|
* tests: get rid of test-helper.[ch] completelyZbigniew Jędrzejewski-Szmek2019-11-111-1/+0
| | | | | I don't think there's any particular reason to keep those functions in a separate file.
* tests: make is_run_on_travis_ci() staticZbigniew Jędrzejewski-Szmek2019-11-111-0/+5
| | | | | This is a pretty specific hack, so let's just define it close to the one place where it is used.
* tests: make manager_skip_test() not a macro and move to tests.hZbigniew Jędrzejewski-Szmek2019-11-111-1/+1
| | | | There is nothing magic in it.
* tree-wide: drop pwd.h and grp.h when user-util.h is includedYu Watanabe2019-11-031-2/+0
|
* test-execute: skip test_exec_systemcallfilter_system under ASanFrantisek Sumsal2019-07-311-1/+6
| | | | | | | This particular test case keeps intermittently failing due to crashing LSan when running under clang+ASan. Generally, sanitizers don't like seccomp filters, so the best option here is to just switch this test off for this scenario.
* core: ExecCondition= for servicesAnita Zhang2019-07-171-2/+48
| | | | Closes #10596
* tree-wide: drop duplicated blank linesYu Watanabe2019-07-151-1/+0
| | | | | | | ``` $ for i in */*.[ch] */*/*.[ch]; do sed -e '/^$/ {N; s/\n$//g}' -i $i; done $ git checkout HEAD -- basic/linux shared/linux ```
* Merge pull request #12628 from keszybz/dbus-executeMichal Sekletar2019-05-301-7/+6
|\ | | | | Rework cpu affinity parsing
| * test-execute: use CPUSet tooZbigniew Jędrzejewski-Szmek2019-05-291-7/+6
| | | | | | | | | | | | cpu_set_malloc() was the last user. It doesn't seem useful to keep it just to save the allocation of a few hundred bytes in a test, so it is dropped and a fixed maximum is allocated (1024 bytes).
* | test-execute: let's ignore the difference between CLD_KILLED and CLD_DUMPEDLennart Poettering2019-05-241-1/+7
| | | | | | | | | | | | | | Depending on system configuration and whether SCMP_ACT_KILL_PROCESS or SCMP_ACT_KILL_THREAD is available/used processes might coredump on specific coredumps or are just plain killed. For our test case the difference doesn't really matter, hence let's hide it away.
* | test-execute: check exit code before exit statusLennart Poettering2019-05-241-6/+8
|/ | | | | The meaning of the status changes depending on the code, hence let's always compare the code first, status second.
* test-execute: skip flaky test when we can't unshare namespacesZbigniew Jędrzejewski-Szmek2019-03-261-1/+6
| | | | | | | | When running in Fedora "mock", / is a tmpfs and /home is not mounted. The test assumes that /home will be a tmpfs only and only if we can unshare. Obviously, this does not hold in this case, because unsharing is not possible, but /home is still a tmpfs. Let's just skip the test, since it's fully legitimate to mount either or both of / and /home as tmpfs.
* test-execute: provide custom failure messageZbigniew Jędrzejewski-Szmek2019-03-261-118/+128
| | | | | | | test_exec_ambientcapabilities: exec-ambientcapabilities-nobody.service: exit status 0, expected 1 Sometimes we get just the last line, for example from the failure summary, so make it as useful as possible.
* test-execute: block /sys not /procZbigniew Jędrzejewski-Szmek2019-03-151-1/+1
| | | | | As explained in the previous commit, blocking /proc can cause us to go into a long loop or fail the test.
* test-execute: allow filtering test cases by patternZbigniew Jędrzejewski-Szmek2019-03-151-49/+61
| | | | | | When debugging failure in one of the cases, it's annoying to have to wade through the output from all the other cases. Let's allow picking select cases.
* test: add a testcase for ProtectHome=tmpfs vs ProtectSystem=strictYu Watanabe2019-03-131-0/+5
|
* test-execute: avoid undefined variable warning when compiled w/o seccompZbigniew Jędrzejewski-Szmek2019-03-071-1/+1
|
* core: add ':' prefix to ExecXYZ= skip env var substitutionAnita Zhang2019-02-201-0/+1
|
* test-execute: unset $HOME before testingYu Watanabe2019-02-011-0/+1
| | | | | | Otherwise, test for %h specifier may fail. Fixes #11609.
* test,systemctl,nspawn: use "const char*" instead of "char*" as iterator for ↵Lennart Poettering2019-01-161-1/+1
| | | | | | | FOREACH_STRING() The macro iterates through literal strings (i.e. constant strings), hence it's more correct to have the iterator const too.
* capability: fix build without PR_CAP_AMBIENTFabrice Fontaine2019-01-111-0/+1
| | | | | | | | | | | | | systemd fails to build on kernel without PR_CAP_AMBIENT (< 4.3) since https://github.com/systemd/systemd/commit/2a03bb3e65327c73008f1db485ffc75c432dc6b2 To fix this error, include missing_prctl.h in all files using PR_CAP_AMBIENT Fixes: - http://autobuild.buildroot.org/results/699c078aa078240c6741da4dbd0871450ceeca92 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
* tree-wide: use new macro HAS_FEATURE_ADDRESS_SANITIZER everywhereLennart Poettering2018-12-031-1/+1
|
* tree-wide: rename path_join_many() to path_join()Zbigniew Jędrzejewski-Szmek2018-11-301-1/+1
| | | | | | $ git grep -e path_join_many -l|xargs sed -r -i 's/path_join_many/path_join/g' The two test functions are merged into one.
* tree-wide: replace path_join with path_join_manyZbigniew Jędrzejewski-Szmek2018-11-301-1/+1
|
* tests: skip test-execute on TravisCI under ASanEvgeny Vereshchagin2018-11-241-7/+7
| | | | | | | | | | Unfortunately, f5f9a580dd4a3cf487b didn't help much and now the next subtest gets stuck from time to time. Let's skip test-execute altogether so as not to bother anybody with spurious failures. https://github.com/systemd/systemd/issues/10696 is still open. Everybody is welcome to share ideas :-)
* tests: skip test_exec_ambientcapabilities on Travis CI under ASanEvgeny Vereshchagin2018-11-201-0/+7
| | | | | | Let's not bother contributors with spurious failures nobody can't seem to reproduce. There is an issue about that where we're trying to figure out what's going on: https://github.com/systemd/systemd/issues/10696.
* tests: always use the right vtable wrapper callsLennart Poettering2018-11-201-1/+1
| | | | Prompted by https://github.com/systemd/systemd/pull/10836#discussion_r234598868
* test-execute: fix killing of unit processesLennart Poettering2018-11-191-1/+1
| | | | | | | | | | | Let's use the correct wrapper for calling unit vtable functions. Let's make sure we always use the right wrappers, and never bypass them needlessly. Moreover use SIGKILL rather than "9" as signal name. Let's not be needlessly cryptic. Follow-up for: f7f8e8cbb953686c520969a66a9718675a972af5
* test: kill all processes launched by test-execute before exitingEvgeny Vereshchagin2018-11-191-0/+3
| | | | | | | | | As was shown in https://github.com/systemd/systemd/issues/10696#issuecomment-439613204, currently `meson` waits for 1080 seconds (which is three times the global timeout) for the test to fail completely even though it takes just two minutes for it to really fail. This happens because the test itself leaves the services it has launched behind, which, in turn, makes meson think that the test is still in progress. KILL_ALL with SIGKILL should make the issue go away.
* test: skip various tests if namespacing is not availableLennart Poettering2018-10-241-1/+3
| | | | | | | Apparently on Debian LXC/AppArmor doesn't allow namespacing to container payloads. Deal with it. Fixes: #9700
* test-execute: add a test for systemcall filter (#10273)Yu Watanabe2018-10-051-0/+1
| | | | This adds a test for issue #9939 which is fixed by a5404992cc7724ebf7572a0aa89d9fdb26ce0b62 (#9942).
* test-execute: also tests under the condition that unshare() is filteredYu Watanabe2018-10-031-29/+61
| | | | This is mainly for testing 1beab8b0d0ff2d7d1436b52d4a0c3d56dc908962.
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-02 11:09:48 +0100