summaryrefslogtreecommitdiffstats
path: root/src/test/test-execute.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* test-execute: check for s390x first and duplicate testLuca Boccassi2024-04-081-0/+3
| | | | | | s390x will define both s390x and s390, so exec-personality-s390.service is ran in both cases but fails on s390x, as the personality returned is s390x. Split the test and check specifically for s390x.
* test: improve debug-ability of test-executeFrantisek Sumsal2024-04-061-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since e56a8790a0 debugging test-execute fails has been a royal PITA, since we ditch all potentially useful output from the test units (that, for the most part, run `sh -x ...`). Let's improve the situation a bit by setting EXEC_OUTPUT_NULL only when running the single test case that needs it, and inheriting stdout otherwise. For example, with a purposefully introduced error we get this output with this patch: exec-personality-x86-64.service: About to execute: sh -x -c "c=\$\$(uname -m); test \"\$\$c\" = \"foo_bar\"" Serializing sd-executor-state to memfd. ... Personality: x86-64 LockPersonality: no SystemCallErrorNumber: kill ++ uname -m + c=x86_64 + test x86_64 = foo_bar Received SIGCHLD from PID 1520588 (sh). Child 1520588 (sh) died (code=exited, status=1/FAILURE) exec-personality-x86-64.service: Child 1520588 belongs to exec-personality-x86-64.service. exec-personality-x86-64.service: Main process exited, code=exited, status=1/FAILURE exec-personality-x86-64.service: Failed with result 'exit-code'. ... Exit Status: 1 src/test/test-execute.c:456:test_exec_personality: exec-personality-x86-64.service: can_unshare=yes: exit status 1, expected 0 (test-execute-root) terminated by signal ABRT. Assertion 'r >= 0' failed at src/test/test-execute.c:1433, function prepare_ns(). Aborting. Aborted But without it, we'd miss the most important part: exec-personality-x86-64.service: About to execute: sh -x -c "c=\$\$(uname -m); test \"\$\$c\" = \"foo_bar\"" Serializing sd-executor-state to memfd. ... Personality: x86-64 LockPersonality: no SystemCallErrorNumber: kill Received SIGCHLD from PID 1521365 (sh). Child 1521365 (sh) died (code=exited, status=1/FAILURE) exec-personality-x86-64.service: Child 1521365 belongs to exec-personality-x86-64.service. exec-personality-x86-64.service: Main process exited, code=exited, status=1/FAILURE exec-personality-x86-64.service: Failed with result 'exit-code'. ... Exit Status: 1 src/test/test-execute.c:456:test_exec_personality: exec-personality-x86-64.service: can_unshare=yes: exit status 1, expected 0 (test-execute-root) terminated by signal ABRT. Assertion 'r >= 0' failed at src/test/test-execute.c:1433, function prepare_ns(). Aborting. Aborted
* test: account for build dir being under one of the tmpfs-ed directoriesFrantisek Sumsal2024-04-051-1/+30
| | | | | | | | | | If we're running test-execute from the build directory which is under one of the tmpfs-ed directories (i.e. /root or /tmp), test-execute might behave strangely, since in that case manager_new() pins the system systemd-executor binary instead of the build dir one, which may lead to a very confusing test fails (if there's enough difference between the system and built sd-executor binary). Let's account for that and bind-mount the build dir under the tmpfs-ed directory if necessary.
* test: bump the timeout for test-execute subtests if running w/ QEMUFrantisek Sumsal2024-03-051-0/+5
| | | | | | | | | Bump the timeout for test-execute subtests if running with plain QEMU (as part of TEST-02-UNITTESTS), since we might start hitting the default 2m timeout with some more involved subtests, especially when the AWS region we're running in is under heavy load. I see this regularly in the CentOS Stream 9 nightly cron job with exec-dynamicuser-statedir.service which has a lot of ExecStart's.
* test: check for kernel.apparmor_restrict_unprivileged_usernsNick Rosbrook2024-03-051-0/+21
| | | | | | | Some tests in test-execute are already skipped if we do not have unprivileged user namespaces. Extend this check to look for an apparmor specific sysctl indicating that unprivileged userns creation is restricted.
* signal-util: imply sentinel -1 in sigprocmask_many() + sigset_add_many() ↵Lennart Poettering2024-02-231-1/+1
| | | | args list
* test-execute: skip tests that are broken without unprivileged usernsNick Rosbrook2024-01-231-17/+90
| | | | | | | | | | | | | With newer versions of AppArmor, unprivileged user namespace creation may be restricted by default, in which case user manager instances will not be able to apply PrivateUsers=yes (or the settings which require it). Additionally, if a kernel has the kernel.unprivileged_userns_clone sysctl patch, and that sysctl is 0, then unprivileged userns creation will always fail. If a test unit is going to be run in a user manager, and that unit requires PrivateUsers=yes (explicitly or implicitly), then skip it if we do not have user namespace privileges.
* test: skip test_exec_networknamespacepath if netns setup failsNick Rosbrook2024-01-101-2/+6
| | | | | | | | | | | | | | | In some environments, such as a LXD container, the netns setup might fail because ip netns exec fails trying to mount /sys: $ systemd-detect-virt lxc $ ip link add dummy-test-exec type dummy $ ip netns add test-execute-netns $ ip netns exec test-execute-netns ip link add dummy-test-ns type dummy mount of /sys failed: Operation not permitted If this setup fails, test_exec_networknamespacepath will fail, so check the exit codes for these setup calls and skip the test if necessary.
* test: fix check for device in test-executeLuca Boccassi2023-12-221-1/+1
| | | | | | The unit actually uses /dev/kmsg, not /dev/kvm Follow-up for ae7482b994e6a9bc8e
* core: do not make private /dev/ read-only too soonLuca Boccassi2023-12-081-0/+2
| | | | | | | | The read-only bit is flipped after setting up all the mounts, so that bind mounts can be added. Remove the early config, and add a unit test. Fixes https://github.com/systemd/systemd/issues/30372
* core: do not drop CAP_SETUID if it is in AmbientCapabilities=Luca Boccassi2023-12-011-0/+3
| | | | Follow-up for 24832d10b604848cf46624bb439c7fac27f3ce3f
* test-execute: add no_new_privs tests for SystemCallFilterIago López Galeiras2023-11-071-0/+12
| | | | | | | | | When starting a service with a non-root user and a SystemCallFilter and other settings (like ProtectClock), the no_new_privs flag should not be set. Also, test that CapabilityBoundingSet behaves correctly, since we need to preserve some capabilities to do the seccomp filter and restore the ones set by the service before executing.
* process-util: add new FORK_DEATHSIG_SIGKILL flag, rename FORK_DEATHSIG → ↵Lennart Poettering2023-11-021-2/+2
| | | | | | | | | | | | | | | | | | FORK_DEATHSIG_SIGTERM Sometimes it makes sense to hard kill a client if we die. Let's hence add a third FORK_DEATHSIG flag for this purpose: FORK_DEATHSIG_SIGKILL. To make things less confusing this also renames FORK_DEATHSIG to FORK_DEATHSIG_SIGTERM to make clear it sends SIGTERM. We already had FORK_DEATHSIG_SIGINT, hence this makes things nicely symmetric. A bunch of users are switched over for FORK_DEATHSIG_SIGKILL where we know it's safe to abort things abruptly. This should make some kernel cases more robust, since we cannot get confused by signal masks or such. While we are at it, also fix a bunch of bugs where we didn't take FORK_DEATHSIG_SIGINT into account in safe_fork()
* fd-uitl: rename PIPE_EBADF → EBADF_PAIR, and add EBADF_TRIPLETLennart Poettering2023-10-261-1/+1
| | | | | | | | We use it for more than just pipe() arrays. For example also for socketpair(). Hence let's give it a generic name. Also add EBADF_TRIPLET to mirror this for things like stdin/stdout/stderr arrays, which we use a bunch of times.
* test/test-execute: skip PrivateNetwork tests if kernel has no dummy ↵Max Kellermann2023-10-021-6/+18
| | | | netdevice support
* manager: move various fields that declare unit defaults into a new structure ↵Lennart Poettering2023-09-081-1/+1
| | | | | | | | | | | | | | | | UnitDefaults This adds a new structure UnitDefaults which embedds the various default settings for units we maintain. We so far maintained two sets of variables for this, one in main.c as static variables and one in the Manager structure. This moves them into a common structure. This is most just search/replace, i.e. very dumb refactoring. The fact that we now use a common structure for this allows us further refactorings later. Inspired by the discussions on #27890
* Revert "core: do not leak mount for credentials directory if mount namespace ↵Yu Watanabe2023-09-061-4/+0
| | | | | | | | | | | | | | | | | | | | | | | | is enabled" This reverts commits - 9ae3624889b98f75efa6fd0c5f4b4de3eaf328d4 "test-execute: add tests for credentials directory with mount namespace"↲ - 94fe4cf2557d1f70f20ee02d32f4c2ae6bc1fb3f "core: do not leak mount for credentials directory if mount namespace is enabled", - 7241b9cd72d6e6079d5140cf24c34e78d3cf43cc "core/credential: make setup_credentials() return path to credentials directory", - fbaf3b23ae4aa79110ebd37aada70ce6a044c692 "core: set $CREDENTIALS_DIRECTORY only when we set up credentials" Before the commits, credentials directory set up on ExecStart= was kept on e.g. ExecStop=. But, with the changes, if a service requests a private mount namespace, the credentials directory is discarded after ExecStart= is finished. Let's revert the change, and find better way later. Addresses the post-merge comment https://github.com/systemd/systemd/pull/28787#issuecomment-1690614202.
* test-execute: add tests for credentials directory with mount namespaceYu Watanabe2023-08-221-0/+4
| | | | | This also adds cases that open_tree() and move_mount() are filtered, to emulate old kernel behavior.
* tree-wide: don't ifdef seccomp-util.h, drop seccomp.h inclusion everywhereLennart Poettering2023-08-211-2/+0
| | | | | | | | | | seccomp-util.h doesn't need ifdeffing, hence don't. It has worked since quite a while with HAVE_SECCOMP is off, hence use it everywhere. Also drop explicit seccomp.h inclusion everywhere (which needs HAVE_SECCOMP ifdeffery everywhere). seccomp-util.h includes it anyway, automatically, which we can just rely on, and it deals with HAVE_SECCOMP at one central place.
* LoongArch: Replace __loongarch64 with __loongarch_lp64Xiaotian Wu2023-08-091-1/+1
| | | | | | `__loongarch64` is no longer used for historical reasons and should be replaced by `__loongarch_lp64` in new code. https://loongson.github.io/LoongArch-Documentation/LoongArch-toolchain-conventions-EN.html#_cc_preprocessor_built_in_macro_definitions
* test-execute: count and log the number of individual tests actually executedLuca Boccassi2023-07-281-1/+6
|
* test-execute: measure and log time elapsed while running testsLuca Boccassi2023-07-281-0/+12
| | | | | | | In order to get a good approximation of latencies when starting services, timestamp before/after running the test cases and print the difference. This allows to measure while ignoring the setup/shutdown time for the test harness.
* test: copy out the necessary test data before we start overmounting stuffFrantisek Sumsal2023-07-121-4/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Otherwise the get_testdata_dir() call fails if the source tree is under /root (which is usually the case in CIs). I got bitten by this after leaving the source tree under /root but moving the $BUILD_DIR elsewhere. This used to work by accident, as load_testdata_env() would try to read $BUILD_DIR/systemd-runtest.env, but would fail if the $BUILD_DIR is also under /root and fall back to SYSTEMD_TEST_DATA (/lib/systemd/tests/testdata), which usually exist as we install the just built revision. However, if the $BUILD_DIR is outside of /root we'd read $BUILD_DIR/systemd-runtest.env which contains SYSTEMD_TEST_DATA=/path/to/source/tree/test and that source tree is not visible once we overmount /root with tmpfs making the test fail: /* test_run_tests_unprivileged */ Successfully forked off '(test-execute-unprivileged)' as PID 10672. Changing mount flags / (MS_REMOUNT|MS_BIND "")... Changing mount propagation / (MS_REC|MS_SHARED "") Mounting tmpfs (tmpfs) on /dev/shm (MS_NOSUID|MS_NODEV "")... Mounting tmpfs (tmpfs) on /root (MS_NOSUID|MS_NODEV "")... Mounting tmpfs (tmpfs) on /tmp (MS_NOSUID|MS_NODEV "")... Mounting tmpfs (tmpfs) on /var/tmp (MS_NOSUID|MS_NODEV "")... Mounting tmpfs (tmpfs) on /var/lib (MS_NOSUID|MS_NODEV "")... Mounting tmpfs (tmpfs) on /run/test-execute-unit-dir (MS_NOSUID|MS_NODEV "")... ERROR: $SYSTEMD_TEST_DATA directory [/root/systemd/test] not accessible: No such file or directory Assertion 'get_testdata_dir("test-execute/", &unit_dir) >= 0' failed at src/test/test-execute.c:1306, function prepare_ns(). Aborting. (test-execute-unprivileged) terminated by signal ABRT.
* test: actually mount / read-onlyFrantisek Sumsal2023-07-121-1/+1
|
* tree-wide: explicitly ignore return value in a couple more placesFrantisek Sumsal2023-07-021-1/+1
| | | | | | | | | | Resolves: - CID#1490777 - CID#1498366 - CID#1508639 - CID#1509084 - CID#1509086 - CID#1509087
* test: skip if ldd command not foundYu Watanabe2023-06-261-0/+5
| | | | Prompted by #28015.
* execute: fix the condition of private mounts for user namespacingHaochen Tong2023-06-151-5/+5
| | | | Follow-up for: 6ef721cbc7dadee4ae878ecf0076d87e57233908
* copy: Merge copy_directory() and copy_directory_fd() into copy_directory_at()Daan De Meyer2023-06-061-1/+1
| | | | | Let's merge these two into a single function that can handle both variants and more.
* Fix failing testRichard Phibel2023-05-301-0/+14
| | | | | | | | In test-execute, only the unit was started, not the slice. Because of that the slice cgroup was pruned even if it was still needed. From what I can tell, this is because, in the test, we don't have all the mechanics that starts the slice for a service. To fix the issue the slice is started manually.
* user units: implicitly enable PrivateUsers= when sandboxing options are setLuca Boccassi2023-04-131-30/+29
| | | | | | | | | | | | | | | Enabling these options when not running as root requires a user namespace, so implicitly enable PrivateUsers=. This has a side effect as it changes which users are visible to the unit. However until now these options did not work at all for user units, and in practice just a handful of user units in Fedora, Debian and Ubuntu mistakenly used them (and they have been all fixed since). This fixes the long-standing confusing issue that the user and system units take the same options but the behaviour is wildly (and sometimes silently) different depending on which is which, with user units requiring manually specifiying PrivateUsers= in order for sandboxing options to actually work and not be silently ignored.
* copy: Move chattr arguments to full function signaturesDaan De Meyer2023-03-211-1/+1
| | | | | These are almost never used, so let's move them to the _full() functions signatures.
* Merge pull request #26662 from yuwata/test-execute-network-namespace-pathDaan De Meyer2023-03-141-0/+19
|\ | | | | test-execute: add tests for NetworkNamespacePath=
| * test-execute: add test for NetworkNamespacePath=Yu Watanabe2023-03-031-0/+19
| | | | | | | | Prompted by https://github.com/systemd/systemd/issues/26422#issuecomment-1435772839.
* | basic: add RuntimeScope enumLennart Poettering2023-03-101-5/+5
|/ | | | | | | | | | | | In various tools and services we have a per-system and per-user concept. So far we sometimes used a boolean indicating whether we are in system mode, or a reversed boolean indicating whether we are in user mode, or the LookupScope enum used by the lookup path logic. Let's address that, in introduce a common enum for this, we can use all across the board. This is mostly just search/replace, no actual code changes.
* test-execute: add test for PrivateNetwork= with/without mount namespacingYu Watanabe2023-02-231-2/+4
|
* tree-wide: use FORK_REARRANGE_STDIO and FORK_CLOSE_ALL_FDSYu Watanabe2023-02-201-6/+4
|
* pid1: add a new D-Bus method for enquing POSIX signals with values to unit ↵Lennart Poettering2023-02-171-1/+1
| | | | | | | | | | | processes This augments the existing KillUnit() + Kill() methods with QueueSignalUnit() + QueueSignal(), which are what sigqueue() is to kill(). This is useful for sending our new SIGRTMIN+18 control signals to system services.
* test-execute: also mount tmpfs on /dev/shmYu Watanabe2023-02-171-1/+1
| | | | | | | | | | | | | | Otherwise, if /dev/shm has a directory that cannot be accessible by unprivileged user, then we cannot pick a dynamic user, and test service may fail with unexpected error code: --- Failed to enter shared memory directory /dev/shm/systemd-watch-bind-BqAGlN: Permission denied exec-dynamicuser-supplementarygroups.service: Failed to update dynamic user credentials: Device or resource busy exec-dynamicuser-supplementarygroups.service: Failed at step USER spawning /bin/sh: Device or resource busy src/test/test-execute.c:885:test_exec_dynamicuser: exec-dynamicuser-supplementarygroups.service: can_unshare=no: exit status 217, expected 216 --- Follow-up for 4e032f654b94c2544ccf937209303766dfa66c24.
* test-execute: add basic tests for LoadCredential= and SetCredential=Yu Watanabe2023-02-151-1/+9
|
* test-execute: drop capabilities when testing with user managerYu Watanabe2023-02-151-126/+225
| | | | | | | | | | | Before this, tests are split into two categories, system and user, but both are running in fully privileged environment. Hence, unprivileged user scope was mostly not covered by the test. Let's run all tests in both system and user scopes, and drop capabilities when Manager is running in user scope. This also makes the host environment protected more from the test run.
* test-execute: Skip when /sys is read-onlyDaan De Meyer2023-01-251-0/+3
| | | | | The test depends on /sys being writable, so let's skip it when /sys is read-only.
* tree-wide: use -EBADF moreYu Watanabe2022-12-201-1/+1
|
* tree-wide: introduce PIPE_EBADF macroYu Watanabe2022-12-201-1/+1
|
* basic: rename util.h to logarithm.hZbigniew Jędrzejewski-Szmek2022-11-081-1/+0
| | | | | util.h is now about logarithms only, so we can rename it. Many files included util.h for no apparent reason… Those includes are dropped.
* core: add basic infrastructure to record unit activation informationLuca Boccassi2022-08-231-2/+2
| | | | | | | Not wired in by any unit type yet, just the basic to allocate, ref, deref and plug in to other unit types. Includes recording the trigger unit name and passing it to the triggered unit as TRIGGER_UNIT= env var.
* test-execute: skip one more test when PID1 is not systemdYu Watanabe2022-05-171-0/+6
| | | | Fixes #23332.
* Rename UnitFileScope to LookupScopeZbigniew Jędrzejewski-Szmek2022-03-291-5/+5
| | | | | | | | | As suggested in https://github.com/systemd/systemd/pull/22649/commits/8b3ad3983f5440eef812b34e5ed862ca59fdf7f7#r837345892 The define is generalized and moved to path-lookup.h, where it seems to fit better. This allows a recursive include to be removed and in general makes things simpler.
* strv: declare iterator of FOREACH_STRING() in the loopZbigniew Jędrzejewski-Szmek2022-03-231-10/+6
| | | | | | | | | | | Same idea as 03677889f0ef42cdc534bf3b31265a054b20a354. No functional change intended. The type of the iterator is generally changed to be 'const char*' instead of 'char*'. Despite the type commonly used, modifying the string was not allowed. I adjusted the naming of some short variables for clarity and reduced the scope of some variable declarations in code that was being touched anyway.
* strv: make iterator in STRV_FOREACH() declaread in the loopYu Watanabe2022-03-191-2/+0
| | | | This also avoids multiple evaluations in STRV_FOREACH_BACKWARDS()
* core: add %d specifier for the $CREDENTIALS_DIRECTORYFrantisek Sumsal2022-03-171-0/+1
| | | | Resolves: #22549