From b718b86e1b8477f58461f3c456c944abb1428c0f Mon Sep 17 00:00:00 2001 From: Mike Yuan Date: Mon, 18 Nov 2024 19:41:07 +0100 Subject: core/exec-invoke: suppress placeholder home only in build_environment() Currently, get_fixed_user() employs USER_CREDS_SUPPRESS_PLACEHOLDER, meaning home path is set to NULL if it's empty or root. However, the path is also used for applying WorkingDirectory=~, and we'd spuriously use the invoking user's home as fallback even if User= is changed in that case. Let's instead delegate such suppression to build_environment(), so that home is proper initialized for usage at other steps. shell doesn't actually suffer from such problem, but it's changed too for consistency. Alternative to #34789 --- test/units/TEST-07-PID1.working-directory.sh | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100755 test/units/TEST-07-PID1.working-directory.sh (limited to 'test') diff --git a/test/units/TEST-07-PID1.working-directory.sh b/test/units/TEST-07-PID1.working-directory.sh new file mode 100755 index 0000000000..1cff3e0602 --- /dev/null +++ b/test/units/TEST-07-PID1.working-directory.sh @@ -0,0 +1,20 @@ +#!/usr/bin/env bash +# SPDX-License-Identifier: LGPL-2.1-or-later + +set -eux +set -o pipefail + +# shellcheck source=test/units/util.sh +. "$(dirname "$0")"/util.sh + +(! systemd-run --wait -p DynamicUser=yes \ + -p EnvironmentFile=-/usr/lib/systemd/systemd-asan-env \ + -p WorkingDirectory='~' true) + +assert_eq "$(systemd-run --pipe --uid=root -p WorkingDirectory='~' pwd)" "/root" +assert_eq "$(systemd-run --pipe --uid=nobody -p WorkingDirectory='~' pwd)" "/" +assert_eq "$(systemd-run --pipe --uid=testuser -p WorkingDirectory='~' pwd)" "/home/testuser" + +(! systemd-run --wait -p DynamicUser=yes -p User=testuser \ + -p EnvironmentFile=-/usr/lib/systemd/systemd-asan-env \ + -p WorkingDirectory='~' true) -- cgit v1.2.3