Age | Commit message (Collapse) | Author |
|
@evverx brought up that test-execute runs under MANAGER_USER which
forwards all its environment variables to the services. It turns out it
only forwards those that were in the environment at the time of manager
creation, so this test was still working.
It was still possible to attack it by running something like:
$ sudo VAR1=a VAR2=b VAR3=c ./test-execute
Prevent that attack by unsetting the three variables explicitly before
creating the manager for the test case.
Also add comments explaining the interactions with MANAGER_USER and,
while it has some caveats, this tests are still valid in that context.
Tested by checking that the test running with the variables set from the
external environment will still pass.
|
|
Check the base case, plus erasing the list, listing the same variable
name more than once and when variables are absent from the manager
execution environment.
Confirmed that `sudo ./test-execute` passes and that modifying the test
cases (or the values of the set variables in test-execute.c) is enough
to make the test cases fail.
|
|
To avoid polluting test/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Introduce personality support for Linux on z Systems to run
particular services with a 64-bit or 31-bit personality.
|
|
When Group is set in the unit, the runtime directories are owned by
this group and not the default group of the user (same for cgroup paths
and standard outputs)
Fix #1231
|
|
|
|
It's primarily just a property of the Manager object after all, and we
try to refer to PID 1 as "manager" instead of "systemd", hence let's to
stick to this here too.
|
|
|
|
- Move to its own file rm-rf.c
- Change parameters into a single flags parameter
- Remove "honour sticky" logic, it's unused these days
|
|
This patch removes includes that are not used. The removals were found with
include-what-you-use which checks if any of the symbols from a header is
in use.
|
|
This reverts commit 68e68ca8106e7cd874682ae425843b48579c6539. We *need*
root access to create cgroups. The only exception is if it is run from
within a cgroup with "Delegate=yes". However, this is not always true and
we really shouldn't rely on this.
If your terminal runs from within a systemd --user instance, you're fine.
Everyone else is not (like running from ssh, VTs, and so on..).
|
|
Only 5 tests cannot be executed if we are not root, so just skip them
but not the whole set.
|
|
|
|
|
|
add tests for the following directives:
- WorkingDirectory
- Personality
- IgnoreSIGPIPE
- PrivateTmp
- SystemCallFilter: It makes test/TEST-04-SECCOMP obsolete, so it has
been removed.
- SystemCallErrorNumber
- User
- Group
- Environment
|