summaryrefslogtreecommitdiff
path: root/src/test
AgeCommit message (Collapse)Author
2016-12-01util-lib: rename CHASE_NON_EXISTING → CHASE_NONEXISTENTLennart Poettering
As suggested by @keszybz
2016-12-01fs-util: add new CHASE_NON_EXISTING flag to chase_symlinks()Lennart Poettering
This new flag controls whether to consider a problem if the referenced path doesn't actually exist. If specified it's OK if the final file doesn't exist. Note that this permits one or more final components of the path not to exist, but these must not contain "../" for safety reasons (or, to be extra safe, neither "./" and a couple of others, i.e. what path_is_safe() permits). This new flag is useful when resolving paths before issuing an mkdir() or open(O_CREAT) on a path, as it permits that the file or directory is created later. The return code of chase_symlinks() is changed to return 1 if the file exists, and 0 if it doesn't. The latter is only returned in case CHASE_NON_EXISTING is set.
2016-12-01fs-util: add flags parameter to chase_symlinks()Lennart Poettering
Let's remove chase_symlinks_prefix() and instead introduce a flags parameter to chase_symlinks(), with a flag CHASE_PREFIX_ROOT that exposes the behaviour of chase_symlinks_prefix().
2016-12-01fs-util: change chase_symlinks() behaviour in regards to escaping the root dirLennart Poettering
Previously, we'd generate an EINVAL error if it is attempted to escape a root directory with relative ".." symlinks. With this commit this is changed so that ".." from the root directory is a NOP, following the kernel's own behaviour where /.. is equivalent to /. As suggested by @keszybz.
2016-12-01test-fs-util: add a test case with repeated ".." parts that would escape the ↵Zbigniew Jędrzejewski-Szmek
root
2016-12-01tree-wide: stop using canonicalize_file_name(), use chase_symlinks() insteadLennart Poettering
Let's use chase_symlinks() everywhere, and stop using GNU canonicalize_file_name() everywhere. For most cases this should not change behaviour, however increase exposure of our function to get better tested. Most importantly in a few cases (most notably nspawn) it can take the correct root directory into account when chasing symlinks.
2016-11-24calendarspec: make specifications with ranges reversibleDouglas Christman
"*-*-01..03" is now formatted as "*-*-01..03" instead of "*-*-01,02,03"
2016-11-24calendarspec: allow whole second rangesDouglas Christman
Previously a string like "00:00:01..03" would fail to parse due to the ambiguity between a decimal point and the start of a range.
2016-11-24calendarspec: make specifications with seconds wildcard reversibleDouglas Christman
"*:*:*" is now formatted as "*:*:*" instead of "*:*:00/1"
2016-11-24calendarspec: reject strings with spurious spaces and signsDouglas Christman
strtoul() parses leading whitespace and an optional sign; check that the first character is a digit to prevent odd specifications like "00: 00: 00" and "-00:+00/-1".
2016-11-24calendarspec: reject open weekday rangesDouglas Christman
Forbid open ranges like "Tue.."; trailing commas are still OK.
2016-11-24calendarspec: reject strings that only contain a timezoneDouglas Christman
This makes " UTC" an illegal date specification.
2016-11-24calendarspec: always interpret a missing time as 00:00:00Douglas Christman
"*-*-*" is now equivalent to "*-*-* 00:00:00" (daily) rather than "*-*-* *:*:*" (every second).
2016-11-23calendarspec: add support for scheduling timers at the end of the monthDouglas Christman
"*-*~1" => The last day of every month "*-02~3..5" => The third, fourth, and fifth last days in February "Mon 05~07/1" => The last Monday in May Resolves #3861
2016-11-23calendarspec: add upper bound on yearDouglas Christman
Stop looking for matches after MAX_YEAR so impossible dates like "*-02-30" and "*-04-31" don't cause an infinite loop.
2016-11-21shared: add new API to validate a string as hostname or IP addressLennart Poettering
2016-11-17test-ipcrm: skip test if nfsnobody is missingZbigniew Jędrzejewski-Szmek
2016-11-17test-process-util: bind mount fails under selinux, skip testZbigniew Jędrzejewski-Szmek
2016-11-15test: add tests for RestrictNamespaces=Djalal Harouni
2016-11-11test-nss: allow the module and names/addresses to be specified (#4258)Zbigniew Jędrzejewski-Szmek
Useful for testing a single module. If nothing is specified, behaviour is the same as before. $ ./test-nss myhostname 192.168.0.14 localhost ======== myhostname ======== _nss_myhostname_gethostbyname4_r("localhost") → status=NSS_STATUS_SUCCESS pat=buffer+0x38 errno=0/--- h_errno=0/Resolver Error 0 (no error) ttl=0 "localhost" AF_INET 127.0.0.1 %lo "localhost" AF_INET6 ::1 %lo _nss_myhostname_gethostbyname3_r("localhost", AF_INET) → status=NSS_STATUS_SUCCESS errno=0/--- h_errno=0/Resolver Error 0 (no error) ttl=0 "localhost" AF_INET 127.0.0.1 canonical: "localhost" _nss_myhostname_gethostbyname3_r("localhost", AF_INET6) → status=NSS_STATUS_SUCCESS errno=0/--- h_errno=0/Resolver Error 0 (no error) ttl=0 "localhost" AF_INET6 ::1 canonical: "localhost" _nss_myhostname_gethostbyname3_r("localhost", *) → status=NSS_STATUS_SUCCESS errno=0/--- h_errno=0/Resolver Error 0 (no error) ttl=0 "localhost" AF_INET 127.0.0.1 canonical: "localhost" _nss_myhostname_gethostbyname3_r("localhost", AF_UNIX) → status=NSS_STATUS_UNAVAIL errno=97/EAFNOSUPPORT h_errno=4/No address associated with name ttl=2147483647 _nss_myhostname_gethostbyname2_r("localhost", AF_INET) → status=NSS_STATUS_SUCCESS errno=0/--- h_errno=0/Resolver Error 0 (no error) "localhost" AF_INET 127.0.0.1 _nss_myhostname_gethostbyname2_r("localhost", AF_INET6) → status=NSS_STATUS_SUCCESS errno=0/--- h_errno=0/Resolver Error 0 (no error) "localhost" AF_INET6 ::1 _nss_myhostname_gethostbyname2_r("localhost", *) → status=NSS_STATUS_SUCCESS errno=0/--- h_errno=0/Resolver Error 0 (no error) "localhost" AF_INET 127.0.0.1 _nss_myhostname_gethostbyname2_r("localhost", AF_UNIX) → status=NSS_STATUS_UNAVAIL errno=97/EAFNOSUPPORT h_errno=4/No address associated with name _nss_myhostname_gethostbyname_r("localhost") → status=NSS_STATUS_SUCCESS errno=0/--- h_errno=0/Resolver Error 0 (no error) "localhost" AF_INET 127.0.0.1 _nss_myhostname_gethostbyaddr2_r("192.168.0.14") → status=NSS_STATUS_SUCCESS errno=0/--- h_errno=0/Resolver Error 0 (no error) ttl=0 "laptop" AF_INET 192.168.0.14 AF_INET 192.168.122.1 AF_INET 169.254.209.76 _nss_myhostname_gethostbyaddr_r("192.168.0.14") → status=NSS_STATUS_SUCCESS errno=0/--- h_errno=0/Resolver Error 0 (no error) "laptop" AF_INET 192.168.0.14 AF_INET 192.168.122.1 AF_INET 169.254.209.76
2016-11-08Merge pull request #4536 from poettering/seccomp-namespacesZbigniew Jędrzejewski-Szmek
core: add new RestrictNamespaces= unit file setting Merging, not rebasing, because this touches many files and there were tree-wide cleanups in the mean time.
2016-11-08Merge pull request #4612 from keszybz/format-stringsZbigniew Jędrzejewski-Szmek
Format string tweaks (and a small fix on 32bit)
2016-11-07Rename formats-util.h to format-util.hZbigniew Jędrzejewski-Szmek
We don't have plural in the name of any other -util files and this inconsistency trips me up every time I try to type this file name from memory. "formats-util" is even hard to pronounce.
2016-11-05Drop FOREACH_WORD_QUOTEDZbigniew Jędrzejewski-Szmek
2016-11-04core: add new RestrictNamespaces= unit file settingLennart Poettering
This new setting permits restricting whether namespaces may be created and managed by processes started by a unit. It installs a seccomp filter blocking certain invocations of unshare(), clone() and setns(). RestrictNamespaces=no is the default, and does not restrict namespaces in any way. RestrictNamespaces=yes takes away the ability to create or manage any kind of namspace. "RestrictNamespaces=mnt ipc" restricts the creation of namespaces so that only mount and IPC namespaces may be created/managed, but no other kind of namespaces. This setting should be improve security quite a bit as in particular user namespacing was a major source of CVEs in the kernel in the past, and is accessible to unprivileged processes. With this setting the entire attack surface may be removed for system services that do not make use of namespaces.
2016-11-03Merge pull request #4510 from keszybz/tree-wide-cleanupsLennart Poettering
Tree wide cleanups
2016-11-03test: test DynamicUser= with SupplementaryGroups=Djalal Harouni
2016-11-03test: test DynamicUser= with a fixed userDjalal Harouni
2016-11-02tests: make sure tests pass when invoked in "sudo"Lennart Poettering
This is a follow-up for 6309e51ea32d64524431ee65c49eecd44390da8f and makes sure we compare test results with the right user identifier.
2016-11-01seccomp: allow specifying arm64, mips, ppc (#4491)Zbigniew Jędrzejewski-Szmek
"Secondary arch" table for mips is entirely speculative…
2016-10-30tests: clarify test_path_startswith return value (#4508)Zbigniew Jędrzejewski-Szmek
A pendant for #4481.
2016-10-27Merge pull request #4442 from keszybz/detect-virt-usernsEvgeny Vereshchagin
detect-virt: add --private-users switch to check if a userns is active; add Condition=private-users
2016-10-26test-tables: test ConditionVirtualizationZbigniew Jędrzejewski-Szmek
2016-10-26shared/condition: add ConditionVirtualization=[!]private-usersZbigniew Jędrzejewski-Szmek
This can be useful to silence warnings about units which fail in userns container.
2016-10-25test: skip exec tests when inaccessible dir is unavailableDongsu Park
In case of running test-execute on systems with systemd < v232, several tests like privatedevices or protectkernelmodules fail because /run/systemd/inaccessible/ doesn't exist. In these cases, we should skip tests to avoid unnecessary errors. See also https://github.com/systemd/systemd/pull/4243#issuecomment-253665566
2016-10-24seccomp: add test-seccomp test toolLennart Poettering
This validates the system call set table and many of our seccomp-util.c APIs.
2016-10-24Merge pull request #4459 from keszybz/commandline-parsingLennart Poettering
Commandline parsing simplification and udev fix
2016-10-24Merge pull request #4469 from endocode/djalal/groups-testDjalal Harouni
test: lets add more tests to cover SupplementaryGroups= cases.
2016-10-24test: lets add more tests to cover SupplementaryGroups= cases.Djalal Harouni
2016-10-24install: introduce UnitFileFlagsJan Synacek
Introduce a new enum to get rid of some boolean arguments of unit_file_* functions. It unifies the code, makes it a bit cleaner and extensible.
2016-10-23test: add more tests for SupplementaryGroups=Djalal Harouni
2016-10-23test: Add simple test for supplementary groupsDjalal Harouni
2016-10-23test-copy: wrap assignments in function call in parenthesesZbigniew Jędrzejewski-Szmek
2016-10-23tree-wide: drop NULL sentinel from strjoinZbigniew Jędrzejewski-Szmek
This makes strjoin and strjoina more similar and avoids the useless final argument. spatch -I . -I ./src -I ./src/basic -I ./src/basic -I ./src/shared -I ./src/shared -I ./src/network -I ./src/locale -I ./src/login -I ./src/journal -I ./src/journal -I ./src/timedate -I ./src/timesync -I ./src/nspawn -I ./src/resolve -I ./src/resolve -I ./src/systemd -I ./src/core -I ./src/core -I ./src/libudev -I ./src/udev -I ./src/udev/net -I ./src/udev -I ./src/libsystemd/sd-bus -I ./src/libsystemd/sd-event -I ./src/libsystemd/sd-login -I ./src/libsystemd/sd-netlink -I ./src/libsystemd/sd-network -I ./src/libsystemd/sd-hwdb -I ./src/libsystemd/sd-device -I ./src/libsystemd/sd-id128 -I ./src/libsystemd-network --sp-file coccinelle/strjoin.cocci --in-place $(git ls-files src/*.c) git grep -e '\bstrjoin\b.*NULL' -l|xargs sed -i -r 's/strjoin\((.*), NULL\)/strjoin(\1)/' This might have missed a few cases (spatch has a really hard time dealing with _cleanup_ macros), but that's no big issue, they can always be fixed later.
2016-10-22tree-wide: make parse_proc_cmdline() strip "rd." prefix automaticallyZbigniew Jędrzejewski-Szmek
This stripping is contolled by a new boolean parameter. When the parameter is true, it means that the caller does not care about the distinction between initrd and real root, and wants to act on both rd-dot-prefixed and unprefixed parameters in the initramfs, and only on the unprefixed parameters in real root. If the parameter is false, behaviour is the same as before. Changes by caller: log.c (systemd.log_*): changed to accept rd-dot-prefix params pid1: no change, custom logic cryptsetup-generator: no change, still accepts rd-dot-prefix params debug-generator: no change, does not accept rd-dot-prefix params fsck: changed to accept rd-dot-prefix params fstab-generator: no change, custom logic gpt-auto-generator: no change, custom logic hibernate-resume-generator: no change, does not accept rd-dot-prefix params journald: changed to accept rd-dot-prefix params modules-load: no change, still accepts rd-dot-prefix params quote-check: no change, does not accept rd-dot-prefix params udevd: no change, still accepts rd-dot-prefix params I added support for "rd." params in the three cases where I think it's useful: logging, fsck options, journald forwarding options.
2016-10-22tree-wide: allow state to be passed through to parse_proc_cmdline_itemZbigniew Jędrzejewski-Szmek
No functional change.
2016-10-21failure-action: generalize failure action to emergency actionLukas Nykryn
2016-10-20tests: fix memleak in test-calendarspec (#4424)Evgeny Vereshchagin
Fixes: ``` ==10750== ==10750== HEAP SUMMARY: ==10750== in use at exit: 96 bytes in 3 blocks ==10750== total heap usage: 1,711 allocs, 1,708 frees, 854,545 bytes allocated ==10750== ==10750== 96 (64 direct, 32 indirect) bytes in 1 blocks are definitely lost in loss record 3 of 3 ==10750== at 0x4C2DA60: calloc (vg_replace_malloc.c:711) ==10750== by 0x4EB3BDA: calendar_spec_from_string (calendarspec.c:771) ==10750== by 0x109675: test_hourly_bug_4031 (test-calendarspec.c:118) ==10750== by 0x10A00E: main (test-calendarspec.c:202) ==10750== ==10750== LEAK SUMMARY: ==10750== definitely lost: 64 bytes in 1 blocks ==10750== indirectly lost: 32 bytes in 2 blocks ==10750== possibly lost: 0 bytes in 0 blocks ==10750== still reachable: 0 bytes in 0 blocks ==10750== suppressed: 0 bytes in 0 blocks ==10750== ==10750== For counts of detected and suppressed errors, rerun with: -v ==10750== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0) ```
2016-10-19Merge pull request #4390 from keszybz/install-specifiersLennart Poettering
Various install-related tweaks
2016-10-18shared/install: report invalid unit files slightly betterZbigniew Jędrzejewski-Szmek
When a unit file is invalid, we'd return an error without any details: $ systemctl --root=/ enable testing@instance.service Failed to enable: Invalid argument. Fix things to at least print the offending file name: $ systemctl enable testing@instance.service Failed to enable unit: File testing@instance.service: Invalid argument $ systemctl --root=/ enable testing@instance.service Failed to enable unit, file testing@instance.service: Invalid argument. A real fix would be to pass back a proper error message from conf-parser. But this would require major surgery, since conf-parser functions now simply print log errors, but we would need to return them over the bus. So let's just print the file name, to indicate where the error is. (Incomplete) fix for #4210.