| Age | Commit message (Collapse) | Author |
|---|
|
core: set NoNewPrivileges for seccomp if we don't have CAP_SYS_ADMIN
|
|
selinux: use *_raw API from libselinux
|
|
Very handy for early-boot debugging
See https://github.com/systemd/systemd/pull/2781#discussion_r54782628
|
|
|
|
|
|
The manpage of seccomp specify that using seccomp with
SECCOMP_SET_MODE_FILTER will return EACCES if the caller do not have
CAP_SYS_ADMIN set, or if the no_new_privileges bit is not set. Hence,
without NoNewPrivilege set, it is impossible to use a SystemCall*
directive with a User directive set in system mode.
Now, NoNewPrivileges is set if we are in user mode, or if we are in
system mode and we don't have CAP_SYS_ADMIN, and SystemCall*
directives are used.
|
|
It's useful when trying to see what the tests are doing.
I hardcoded '-efile' as the option to strace, but in the future
it might be useful to make this configurable.
|
|
+ perl -e 'exit(!(qq{0} eq qq{\x25U}))'
exec-spec-interpolation.service: Main process exited, code=exited, status=1/FAILURE
exec-spec-interpolation.service: Unit entered failed state.
exec-spec-interpolation.service: Failed with result 'exit-code'.
PID: 11270
Start Timestamp: Wed 2016-02-17 22:21:31 UTC
Exit Timestamp: Wed 2016-02-17 22:21:31 UTC
Exit Code: exited
Exit Status: 1
Assertion 'service->main_exec_status.status == status_expected' failed at src/test/test-execute.c:65, function check(). Aborting.
|
|
|
|
test: remove exit 0 at the end
|
|
There are some limits on XFS:
major_max=511
minor_max=262143
see https://github.com/torvalds/linux/blob/master/fs/xfs/xfs_iops.c
if (S_ISCHR(mode) || S_ISBLK(mode)) {
if (unlikely(!sysv_valid_dev(rdev) || MAJOR(rdev) & ~0x1ff))
return -EINVAL;
|
|
We don't need that at the end, as it will always exit with 0 if
everything is okey.
|
|
|
|
* pam_unix depends on unix_chkpwd
* selinux=1 -> pam_unix runs unix_chkpwd for root too
https://git.fedorahosted.org/cgit/linux-pam.git/tree/modules/pam_unix/passverify.c?id=e89d4c97385ff8180e6e81e84c5aa745daf28a79#n202
|
|
|
|
If there is a lot of initscripts and dependencies between them we might
end generating After= (and similar) lines which are longer then LINE_MAX
and thus rejected by parser in systemd.
Fixes #2099
|
|
We need a beautiful stacktraces sometimes
For example https://github.com/systemd/systemd/pull/2328
|
|
We have
JOB UNIT TYPE STATE
1 testsuite.target start waiting
81 end.service start waiting
187 sleep.service start waiting
136 hello.service start waiting
82 testsuite.service start running
135 hello-after-sleep.target start waiting
sometimes
|
|
we don't run nspawn in TEST-02-CRYPTSETUP
|
|
|
|
systemd-fsck depends on /sbin/fsck*
|
|
* Use $ROOTLIBDIR/systemd always
* Don't pass $ROOTLIBDIR/systemd as the first argument:
$ cat /proc/1/cmdline
/lib/systemd/systemd/lib/systemd/systemd...
|
|
I used it for d9814c7 and bffd87b
|
|
I used it for d9814c76ec35e53a6b6448c0
Very handy:)
|
|
This is a followup for 1d40ddb
|
|
The ambient capability tests are only run if the kernel has support for
ambient capabilities.
|
|
See https://github.com/systemd/systemd/issues/2236
|
|
Expose soft limits on the bus
|
|
tests: add networkd integration test
|
|
|
|
flush doesn't sync a journal -> tests sometimes fail
|
|
This is a follow-up commit for
https://github.com/systemd/systemd/pull/1937
See https://github.com/systemd/systemd/pull/2030
|
|
Fix stdout stream parsing
|
|
This uses temporary configuration in /run and temporary veth devices, and does
not write anything on disk or change any system configuration; but it assumes
(and checks at the beginning) that networkd is not currently running.
This can be run on a normal installation, in QEMU, nspawn, or LXC.
As this requires root privileges, this is not integrated into "make check".
|
|
|
|
A unified hierarchy obsoletes this checking
|
|
Fixes backward/forward incompatibility errors on spawning.
For example:
$ sudo make run
...
Failed to register machine: Cannot set property TasksMax, or unknown
property.
$ ../../systemd-nspawn --version
systemd 228
$ systemd-nspawn --version
systemd 225
|
|
test: make QEMU tests work on Semaphore
|
|
|
|
|
|
Sempaphore containers are not booted with systemd, so machined is not
available, which makes nspawn bail. Just skip nspawn tests in such
environments.
[ -d /run/systemd/system ] is esentially what sd_booted(3) is doing,
but on Ubuntu 15.05, without 'systemd-container' installed, we also
need to check for the presence of the systemd-machined binary.
|
|
don't lose logs from the test machine too
|
|
If we're running in a KVM virtualized environment (such as Semaphore's
Docker enabled platform), pass '-cpu host' to QEMU.
|
|
It turns out the full OS tree which is assembled into the loop-dev
mount point is bigger than 300MB. Increase the size.
|
|
|
|
|
|
Fixes:
systemd-testsuite systemd[34]: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
systemd-testsuite systemd[34]: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
systemd-testsuite systemd[34]: user@0.service: Failed at step PAM spawning /lib/systemd/systemd: Operation not permitted
...
on Debian, Ubuntu
|
|
Fixes:
systemd-testsuite login[31]: cannot open login definitions /etc/login.defs [No such file or directory]
systemd-testsuite systemd[1]: Received SIGCHLD from PID 31 (login).
systemd-testsuite systemd[1]: Child 31 (login) died (code=exited, status=1/FAILURE)
systemd-testsuite systemd[1]: console-getty.service: Child 31 belongs to console-getty.service
systemd-testsuite systemd[1]: console-getty.service: Main process exited, code=exited, status=1/FAILURE
systemd-testsuite systemd[1]: console-getty.service: Changed running -> dead
on Debian/Ubuntu
Useful on other distros
|
|
libpam_modules installs modules into /lib/$(dpkg-architecture -qDEB_HOST_MULTIARCH)/security
on Debian
Fixes:
systemd-testsuite login[36]: PAM unable to dlopen(pam_group.so): /lib/security/pam_group.so: cannot open shared object file: No such file or directory
systemd-testsuite login[36]: PAM adding faulty module: pam_group.so
systemd-testsuite login[36]: PAM unable to dlopen(pam_limits.so): /lib/security/pam_limits.so: cannot open shared object file: No such file or directory
systemd-testsuite login[36]: PAM adding faulty module: pam_limits.so
...
etc
|
|
Fixes:
systemd[39]: systemd-exit.service: Executing: /bin/kill -s 58 29
systemd[39]: systemd-exit.service: Failed at step EXEC spawning /bin/kill: No such file or directory
systemd[29]: Received SIGCHLD from PID 39 ((kill)).
systemd[29]: Child 39 ((kill)) died (code=exited, status=203/EXEC)
|
