| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
On Fedora the sshd-session binary is under /usr/libexec/openssh/ so
cover this path as well in the old framework.
Follow-up for aaa7b36bd15ca3a96a1e11a557482b0bc59c769f.
|
| | |
|
| |\
| |
| | |
core: Add support for renaming credentials with ImportCredential=
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This allows for "per-instance" credentials for units. The use case
is best explained with an example. Currently all our getty units
have the following stanzas in their unit file:
"""
ImportCredential=agetty.*
ImportCredential=login.*
"""
This means that setting agetty.autologin=root as a system credential
will make every instance of our all our getty units autologin as the
root user. This prevents us from doing autologin on /dev/hvc0 while
still requiring manual login on all other ttys.
To solve the issue, we introduce support for renaming credentials with
ImportCredential=. This will allow us to add the following to e.g.
serial-getty@.service:
"""
ImportCredential=tty.serial.%I.agetty.*:agetty.
ImportCredential=tty.serial.%I.login.*:login.
"""
which for serial-getty@hvc0.service will make the service manager read
all credentials of the form "tty.serial.hvc0.agetty.xxx" and pass them
to the service in the form "agetty.xxx" (same goes for login). We can
apply the same to each of the getty units to allow setting agetty and
login credentials for individual ttys instead of globally.
|
| | |
| |
| |
| |
| | |
We document that when multiple credentials of the same name are found,
we use the first one found so let's actually implement that behavior.
|
| |/ |
|
| |
|
|
| |
For issue #31950.
|
| |\
| |
| | |
Two small improvements
|
| | | |
|
| |\ \
| | |
| | | |
Delegate/cgroup test refactor
|
| | | |
| | |
| | |
| | |
| | |
| | | |
It means: a) user cannot be created, something's wrong in the
test environment -> fail the test; b) user already exists, we shall not
continue and delete (foreign) user.
|
| | |/
| |
| |
| |
| |
| | |
There are multiple subtests, just move them around into functions
(leveraging the testcase_* convention) to make space for new related
subtests.
|
| |\ \
| | |
| | | |
Two fixes
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
TEST-46-HOMED fails on ext4 because the filesystem is deemed to small
for activation by cryptsetup. Let's bump the minimal filesystem size for
ext4 a bit to be in the same ballpark as ext4 and btrfs to avoid weird
errors due to impossibly small filesystems.
Also use U64_MB while we're touching this.
|
| | |/
| |
| |
| |
| | |
This allows mkosi to combine fstab.extra with its own fstab.extra so
that it doesn't override the one we pass for the test.
|
| |\ \
| | |
| | | |
test: fix D-Bus policy override for TEST-73-LOCALE
|
| | |/
| |
| |
| |
| |
| |
| | |
We don't need to allow non-root, and the policy needs to specify destination
and interface too, to narrow it down
Follow-up for 7b5c38a91def6cf236605010a0a93a1cd4c137e9
|
| |\ \
| |/
|/| |
analyze: capability: add support for decoding capability masks
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds support in `systemd-analyze capability` for decoding
capability masks (sets), e.g.:
```console
$ systemd-analyze capability --mask 0000000000003c00
NAME NUMBER
cap_net_bind_service 10
cap_net_broadcast 11
cap_net_admin 12
cap_net_raw 13
```
This is intended as a convenience tool for pretty-printing capability
values as found in e.g. `/proc/$PID/status`.
|
| | |
| |
| |
| |
| |
| |
| | |
Add a test for the new bridge netlink attributes IFLA_BR_FDB_N_LEARNED and
IFLA_BR_FDB_MAX_LEARNED.
Signed-off-by: Gregor Herburger <gregor.herburger@ew.tq-group.com>
|
| | |
| |
| |
| | |
See #32583
|
| | |
| |
| |
| |
| | |
On Debian and derivatives writing calls to localed are blocked as other
tools are used to change settings, override that policy for the tests
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Let's document in detail how to build the integration test image and run
the integration tests without building systemd. To streamline the process,
we stop automatically using binaries from build/ when invoking mkosi directly
and don't automatically use a tools tree anymore if systemd on the host is too
old. Instead, we document these options in HACKING.md and change the mkosi meson
target to automatically use the current build directory as an extra binary search
path for mkosi.
|
| |\ \
| | |
| | | |
Two mkosi improvements
|
| | | |
| | |
| | |
| | |
| | |
| | | |
We already have selinux=0 in the default kernel command line so
enforcing=0 is redundant. Instead, pass in enforcing=0 when we
enable selinux in TEST-06-SELINUX.
|
| |/ /
| |
| |
| |
| |
| |
| | |
As per DPS the UUID for /var/ should be keyed by the local machine-id,
which is non-trivial to do in a script. Enhance 'systemd-id128' to
take 'var-partition-uuid' as a verb, and if so perform the
calculation.
|
| |\ \
| | |
| | | |
mkosi: Add CI for CentOS Stream 10
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Let's make sure we don't load libnss_systemd.so from bash as the
necessary environment variables aren't set to make that work when
we're running with sanitizers enabled.
We can't add a sanitizer wrapper for bash as the wrapper runs using
bash so you end up in a loop.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
dhcpd is not available on CentOS Stream 10
See https://github.com/systemd/systemd/issues/33717
|
| | | |
| | |
| | |
| | | |
Required to make TEST-55-OOMD pass on OpenSUSE.
|
| | | |
| | |
| | |
| | | |
Fixes a deprecation warning from qemu.
|
| | |/
| |
| |
| |
| | |
This is only possible since a recent kernel version, and fails otherwise,
like on CentOS 9
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Follow-up for 19a44dfe4525ab01caf593a9c2beada4b412910d
If a drop-in is set from upper level, e.g. global unit_type.d/,
even if a unit is masked, its dropin_paths would still be partially
populated. However, unit_need_daemon_reload() would always
compare u->dropin_paths with empty strv in case of masked units,
resulting in it always returning true. Instead, let's ignore
dropins entirely here.
Fixes #33672
|
| |/ |
|
| |\
| |
| | |
Various integration test improvements
|
| | |
| |
| |
| |
| |
| |
| |
| | |
- Stop installing the policy in the initramfs as it's not really
supported anyway (https://github.com/fedora-selinux/selinux-policy/issues/2221)
- Stop relabeling on first boot and prefer to do it at image build time
- Disable mkosi relabeling by default but enable it in CI
- Build image as root in CI so the SELinux relabeling works properly
|
| | |
| |
| |
| | |
ncat is available in CentOS Stream 9 without having to enable EPEL.
|
| | |
| |
| |
| |
| | |
stress-ng is available in OpenSUSE and in CentOS Stream without needing
EPEL so let's switch to it instead of stress.
|
| | |
| |
| |
| | |
Let's expose the diskseq a bit more prominently.
|
| |/
|
|
| |
Let's add a JSON output mode, like we have it for so many of our tools.
|
| |
|
|
|
| |
Archlinux split out one ssh binary, install it in the legacy test
setup if present for the tests that need ssh
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In https://github.com/systemd/mkosi/pull/2847, the '@' specifier is
removed, CLI arguments take priority over configuration files again
and the "main" image is defined at the top level instead of in
mkosi.images/. Additionally, not every setting from the top level
configuration is inherited by the images in mkosi.images/ anymore,
only settings which make sense to be inherited are inherited.
This commit gets rid of all the usages of '@', moves the "main" image
configuration from mkosi.images/system to the top level and gets rid
of various hacks we had in place to deal with quirks of the old
configuration parsing logic.
We also remove usages of Images= and --append as these options are
removed by the mentioned PR.
|
| |
|
|
|
|
| |
I don't know why yet, but TEST-73-LOCALE can take more than 10
minutes. Until we figure out why, let's give it a higher priority
so it doesn't bottleneck the test run.
|
| |
|
|
|
|
| |
Otherwise fixfiles will try to relabel it which could potentially
lead to disaster. We also change the recommendation in HACKING.md
to set the default so that TEST-06-SELINUX can override it.
|
| |
|
|
| |
Otherwise meson will try to rebuild all targets.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
If the io.systemd.DynamicUser or io.systemd.Machine files exist,
but nothing is listening on them, the nss-systemd module returns
ECONNREFUSED and systemd-sysusers fails to creat the user/group.
This is problematic when ran by packaging scripts, as the package
assumes that after this has run, the user/group exist and can
be used. adduser does not fail in the same situation.
Change sysusers to print a loud warning but otherwise continue
when NSS returns an error.
|
| |
|
|
|
|
|
|
|
|
| |
The previous commit tries to extract a substring from the
extension-release suffix, but that is not right, it's only the
images that need to be versioned and extracted, use the extension-release
suffix as-is. Otherwise if it happens to contain a prefix that
matches the wrong image, it will be taken into account.
Follow-up for 37543971aff79f3a37646ffc2bb5845c9394797b
|
| |
|
|
|
| |
There is a regression in the login package, skip the test until
it is fixed. https://bugs.debian.org/1075733
|
| |\
| |
| | |
Testsuite tweaks for v256 on suse
|
| | | |
|
