Age | Commit message (Collapse) | Author |
|
Basically, this test runs:
```
systemd-nspawn --register=no -D "$_root" -b
systemd-nspawn --register=no -D "$_root" --private-network -b
systemd-nspawn --register=no -D "$_root" -U -b
systemd-nspawn --register=no -D "$_root" --private-network -U -b
```
and exports the `UNIFIED_CGROUP_HIERARCHY=[yes|no]`, `SYSTEMD_NSPAWN_USE_CGNS=[yes|no]`
Inspired by
* systemd#3589 (comment)
* systemd#4372 (comment)
* systemd#4223 (comment)
* systemd#1555
and so on :-)
|
|
propagation
|
|
|
|
This just adds capabilities test.
|
|
Fixes #3830
|
|
DNS servers which have route-only domains should only be used for
the specified domains. Routing queries about other domains there is a privacy
violation, prone to fail (as that DNS server was not meant to be used for other
domains), and puts unnecessary load onto that server.
Introduce a new helper function dns_server_limited_domains() that checks if the
DNS server should only be used for some selected domains, i. e. has some
route-only domains without "~.". Use that when determining whether to query it
in the scope, and when writing resolv.conf.
Extend the test_route_only_dns() case to ensure that the DNS server limited to
~company does not appear in resolv.conf. Add test_route_only_dns_all_domains()
to ensure that a server that also has ~. does appear in resolv.conf as global
name server. These reproduce #3420.
Add a new test_resolved_domain_restricted_dns() test case that verifies that
domain-limited DNS servers are only being used for those domains. This
reproduces #3421.
Clarify what a "routing domain" is in the manpage.
Fixes #3420
Fixes #3421
|
|
propagation
Better safe.
|
|
|
|
|
|
Fixes #3655.
[zj: Fix the tests.]
|
|
|
|
Fixes:
$ sudo make run QEMU_BIN=/usr/bin/qemu-system-x86_64 KERNEL_APPEND=systemd.unit=multi-user.target SKIP_INITRD=yes
TEST RUN: Basic systemd setup
+ /usr/bin/qemu-system-x86_64 -smp 1 -net none -m 512M -nographic -kernel /boot/vmlinuz-4.6.7-200.fc23.x86_64 -drive format=raw,cache=unsafe,file=/var/tmp/systemd-test.izx99J/rootdisk.img -append 'root=/dev/sda1 raid=noautodetect loglevel=2 init=/usr/lib/systemd/systemd-under-valgrind rw console=ttyS0 selinux=0 systemd.unified_cgroup_hierarchy=no systemd.unit=multi-user.target '
valgrind: warning (non-fatal): readlink("/proc/self/exe") failed.
valgrind: continuing, however --trace-children=yes will not work.
--1:0: aspacem Valgrind: FATAL: can't open /proc/self/maps
--1:0: aspacem Exiting now.
[ 3.152367] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000100
[ 3.152367]
[ 3.152367] CPU: 0 PID: 1 Comm: memcheck-amd64- Not tainted 4.6.7-200.fc23.x86_64 #1
[ 3.152367] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.8.2-20150714_191134- 04/01/2014
[ 3.152367] 0000000000000086 0000000047ca1666 ffff88001ea43e00 ffffffff813d954e
[ 3.152367] ffffffff81a205a0 ffff88001ea43e98 ffff88001ea43e88 ffffffff811b5557
[ 3.152367] ffffffff00000010 ffff88001ea43e98 ffff88001ea43e30 0000000047ca1666
[ 3.152367] Call Trace:
[ 3.152367] [<ffffffff813d954e>] dump_stack+0x63/0x85
[ 3.152367] [<ffffffff811b5557>] panic+0xde/0x220
[ 3.152367] [<ffffffff810ab9c3>] do_exit+0xb43/0xb50
[ 3.152367] [<ffffffff810aba57>] do_group_exit+0x47/0xb0
[ 3.152367] [<ffffffff810abad4>] SyS_exit_group+0x14/0x20
[ 3.152367] [<ffffffff817dae72>] entry_SYSCALL_64_fastpath+0x1a/0xa4
[ 3.152367] Kernel Offset: disabled
[ 3.152367] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000100
[ 3.152367]
QEMU: Terminated
|
|
|
|
|
|
|
|
|
|
If the ESP is not mounted with "iocharset=ascii", but with "iocharset=utf8"
(which is for example the default in Debian), the file system becomes case
sensitive. This means that a file created as "FooBarBaz" cannot be accessed as
"foobarbaz" since those are then considered different files.
Moreover, a file created as "FooBar" can then also not be accessed as "foobar",
and it also prevents such a file from being created, as both would use the same
8.3 short name "FOOBAR".
Even though the UEFI specification [0] does give the canonical spelling for
the files mentioned above, not all implementations completely conform to that,
so it's possible that those files would already exist, but with a different
spelling, causing subtle bugs when scanning or modifying the ESP.
While the proper fix would of course be that everybody conformed to the
standard, we can work around this problem by just referencing the files by
their 8.3 short names, i.e. using upper case.
Fixes: #3740
[0] <http://www.uefi.org/specifications>, version 2.6, section 3.5.1.1
|
|
|
|
Fixes #3630
|
|
* test: check resolved generated resolv.conf in networkd-test
Directly verify the contents of /run/systemd/resolve/resolv.conf instead of
/etc/resolv.conf. The latter might be a plain file or a symlink to something
else (like Debian's resolvconf output), and in these cases we cannot make
strong assumptions about the contents.
Drop the "/etc/resolv.conf is a symlink" conditions and the "resolv.conf can
have at most three nameservers" alternatives, as we know that resolved always
adds all nameservers.
Explicitly start resolved at the start of a test to ensure that it is running.
* test: get along with existing system search domains in resolv.conf
The previous change has uncovered a bug in the tests: Existing search domains
can exist in resolv.conf which test_search_domains{,_too_long} didn't take into account.
As existing domains take some of the "max 6 domains" and "max 255 chars" limit,
don't expect that the last items from our test data actually appears in the
output, just the first few.
|
|
With commit 6f7da49d00 route-only domains do not get put into resolv.conf's
"search" list any more. Add a comment about the tri-state, to clarify its
semantics and why we are passing a bool parameter into an int type. Also add a
test case for it.
|
|
This makes nspawn tests symmetric with run_qemu() which also exits with 1 if
QEMU is not available.
|
|
If run_qemu() exits with non-zero, this either meant that QEMU was not
available (which should be a SKIP) or that QEMU timed out if $QEMU_TIMEOUT was
set (which then should be a FAIL).
Limit the exit code of run_qemu() to QEMU availability only, and track timeouts
separately through the new $TIMED_OUT variable, which is then checked in
check_result_qemu().
Do the same for $NSPAWN_TIMEOUT and run_nspawn() so that nspawn and QEMU work
similarly.
|
|
The result of check_nspawn does not mean much, and this forgot to ask
check_nspawn() whether nspawn can be used at all. This brings
TEST-12-ISSUE-3171 in line with other nspawn tests.
|
|
Fix TEST-{08,09,10,11} to properly skip the test if QEMU is not available
instead of failing, like in the other tests.
|
|
selinux=1 is not sufficient when running on a kernel which also has another LSM
(such as AppArmor) enabled and defaults to that.
|
|
The long name is just too hard to type. We generally should avoid using
acronyms too liberally, if they aren't established enough, but it appears that
"RA" is known well enough. Internally we call the option "ipv6_accept_ra"
anyway, and the kernel also exposes it under this name. Hence, let's rename the
IPv6AcceptRouterAdvertisements= setting and the
[IPv6AcceptRouterAdvertisements] section to IPv6AcceptRA= and [IPv6AcceptRA].
The old setting IPv6AcceptRouterAdvertisements= is kept for compatibility with
older configuration. (However the section [IPv6AcceptRouterAdvertisements] is
not, as it was never available in a published version of systemd.
|
|
There are many cgroups-related changes (thanks, @htejun!)
This commit will simplify testing a bit.
Use:
make run UNIFIED_CGROUP_HIERARCHY=yes to enable cgroup-v2
make run UNIFIED_CGROUP_HIERARCHY=no to enable cgroup-v1
|
|
Write comments about "too many search domains" and "Total length of all search
domains is too long" just once. Also put it on a separate line, as
resolv.conf(5) only specifies comments in a line by themselves.
This is ugly to do if write_resolv_conf_search() gets called once for every
search domain. So change it to receive the complete OrderedSet instead and do
the iteration by itself.
Add test cases to networkd-test.py.
https://launchpad.net/bugs/1588229
|
|
Due to the substantial interface changes in cgroup unified hierarchy, new IO
settings are introduced. Currently, IO settings apply only to unified
hierarchy and BlockIO to legacy. While the transition is necessary, it's
painful for users to have to provide configs for both. This patch implements
translation from one config set to another for configs which make sense.
* The translation takes place during application of the configs. Users won't
see IO or BlockIO settings appearing without being explicitly created.
* The translation takes place only if there is no config for the matching
cgroup hierarchy type at all.
While this doesn't provide comprehensive compatibility, it should considerably
ease transition to the new IO settings which are a superset of BlockIO
settings.
v2:
- Update test-cgroup-mask.c so that it accounts for the fact that
CGROUP_MASK_IO and CGROUP_MASK_BLKIO move together. Also, test/parent.slice
now sets IOWeight instead of BlockIOWeight.
|
|
In this test /etc/fstab is replaced by -.mount unit. This causes
systemd-remount-fs.service to not remount / rw, which in turn causes various
failures becuase /var is not writable. In particular
systemd-tmpfiles-setup.service reports many failures. This is something
to possibly fix on its own (see https://github.com/systemd/systemd/issues/791);
in the meanwhile let's fix this test so that it doesn't fail, since the
point of the test is to check aliases on mount units, and not a ro root.
|
|
systemd-udev generated an insane amount of log output at debug level.
It would break TEST-02-CRYPTSETUP by filling the overflowing the disk
(which seems to be a bug in itself!).
|
|
|
|
It has been replaced by --state=failed.
|
|
WARNING: Image format was not specified for
'/var/tmp/systemd-test.tGi3od/rootdisk.img' and probing guessed raw.
Automatically detecting the format is dangerous for raw images, write
operations on block 0 will be restricted. Specify the 'raw' format
explicitly to remove the restrictions.
Also use unsafe caching mode, we don't care about data integrity here.
|
|
|
|
|
|
|
|
|
|
~ suffix works fine, but looks to much like it the file is supposed to be
automatically cleaned up. For new versions of configuration files installers
might want to using something that looks more permanent like foobar.new.
So let's add treat ".old" and ".new" as special.
Update test to match.
|
|
Just for convenience.
|
|
Document the necessary dependencies and nspawn/lxd options to run
test/networkd-test.py.
|
|
Test for #2691.
|
|
(#3023)
Fixes:
$ cd test/TEST-07-ISSUE-1981/
$ sudo make clean setup run
...
timeout: failed to run command ‘systemd-nspawn’: No such file or directory
...
TEST RUN: https://github.com/systemd/systemd/issues/1981 [FAILED]
Makefile:10: recipe for target 'run' failed
make: *** [run] Error 1
|
|
Add two more tests:
- Add a single tag, match on it, don't match on another.
- Add 10.000 tags to a device, ensure that udev survives this.
(Reproduces crash fixed by commit 1d88a271a)
|
|
We expect test-udev to succeed. Verify that its exit code is zero, particularly
to spot crashes (e. g. a segfault would be error code 139).
|
|
* This reverts commit 646048b40a7b62c4e9bc59024ef6133613cda01b.
Let's test really big numbers again
* Don't be so brutal: use rmdir instead of rm -rf
As suggested https://github.com/systemd/systemd/pull/2966#issuecomment-205751680
|
|
Fixes: #457
|
|
* tests-functions: improve FSTYPE-support
make clean setup FSTYPE=reiserfs is working fine now :)
* basic: fallback to fstatat if entry->d_type is DT_UNKNOWN
Fixes localectl on reiserfs:
-bash-4.3# mkdir -p /usr/lib/locale
-bash-4.3# stat -f /usr/lib/locale/
File: "/usr/lib/locale/"
ID: bdb0322715b5366e Namelen: 255 Type: reiserfs
Block size: 4096
Blocks: Total: 99835 Free: 60262 Available: 60262
Inodes: Total: 0 Free: 0
-bash-4.3# mkdir /usr/lib/locale/HeyHo
-bash-4.3# localectl list-locales --no-pager
-bash-4.3# mount -t tmpfs tmpfs /usr/lib/locale
-bash-4.3# mkdir /usr/lib/locale/HeyHo
-bash-4.3# localectl list-locales --no-pager
HeyHo
|
|
core: set NoNewPrivileges for seccomp if we don't have CAP_SYS_ADMIN
|