From 450442cf93375af58161c1a9b973e3dfba60cba0 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Sat, 6 Aug 2016 00:32:46 +0200 Subject: add a new tool for creating transient mount and automount units MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This adds "systemd-mount" which is for transient mount and automount units what "systemd-run" is for transient service, scope and timer units. The tool allows establishing mounts and automounts during runtime. It is very similar to the usual /bin/mount commands, but can pull in additional dependenices on access (for example, it pulls in fsck automatically), an take benefit of the automount logic. This tool is particularly useful for mount removable file systems (such as USB sticks), as the automount logic (together with automatic unmount-on-idle), as well as automatic fsck on first access ensure that the removable file system has a high chance to remain in a fully clean state even when it is unplugged abruptly, and returns to a clean state on the next re-plug. This is a follow-up for #2471, as it adds a simple client-side for the transient automount logic added in that PR. In later work it might make sense to invoke this tool automatically from udev rules in order to implement a simpler and safer version of removable media management á la udisks. --- Makefile.am | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'Makefile.am') diff --git a/Makefile.am b/Makefile.am index d4e3e9a013..336f12880c 100644 --- a/Makefile.am +++ b/Makefile.am @@ -384,6 +384,7 @@ bin_PROGRAMS = \ systemd-delta \ systemd-analyze \ systemd-run \ + systemd-mount \ systemd-stdio-bridge \ systemd-path @@ -3132,6 +3133,13 @@ systemd_run_SOURCES = \ systemd_run_LDADD = \ libsystemd-shared.la +# ------------------------------------------------------------------------------ +systemd_mount_SOURCES = \ + src/mount/mount-tool.c + +systemd_mount_LDADD = \ + libsystemd-shared.la + # ------------------------------------------------------------------------------ systemd_stdio_bridge_SOURCES = \ src/stdio-bridge/stdio-bridge.c -- cgit v1.2.3-54-g00ecf From de78fa9ba0be55b01066ca5a716c6673d76b817b Mon Sep 17 00:00:00 2001 From: Zbigniew Jędrzejewski-Szmek Date: Sat, 13 Aug 2016 10:09:11 -0400 Subject: units: install user units as real files, not symlinks to ../system/ MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This was causing preset-all --global to create symlinks: $ systemctl preset-all --global --root=/var/tmp/inst1 Created symlink /var/tmp/inst1/etc/systemd/user/shutdown.target → /usr/lib/systemd/user/../system/shutdown.target. Created symlink /var/tmp/inst1/etc/systemd/user/sockets.target → /usr/lib/systemd/user/../system/sockets.target. Created symlink /var/tmp/inst1/etc/systemd/user/timers.target → /usr/lib/systemd/user/../system/timers.target. Created symlink /var/tmp/inst1/etc/systemd/user/paths.target → /usr/lib/systemd/user/../system/paths.target. Created symlink /var/tmp/inst1/etc/systemd/user/bluetooth.target → /usr/lib/systemd/user/../system/bluetooth.target. Created symlink /var/tmp/inst1/etc/systemd/user/printer.target → /usr/lib/systemd/user/../system/printer.target. Created symlink /var/tmp/inst1/etc/systemd/user/sound.target → /usr/lib/systemd/user/../system/sound.target. Created symlink /var/tmp/inst1/etc/systemd/user/smartcard.target → /usr/lib/systemd/user/../system/smartcard.target. Created symlink /var/tmp/inst1/etc/systemd/user/busnames.target → /usr/lib/systemd/user/../system/busnames.target. It is better to create units in a state that completely matches the presets, i.e. preset-all should do nothing when invoked immediately after installation. I'm sure it was confusing to users too, suggesting that system and user units may somehow alias each other. --- Makefile.am | 24 ++++++++++-------------- units/user/bluetooth.target | 1 + units/user/busnames.target | 1 + units/user/paths.target | 1 + units/user/printer.target | 1 + units/user/shutdown.target | 1 + units/user/smartcard.target | 1 + units/user/sockets.target | 1 + units/user/sound.target | 1 + units/user/timers.target | 1 + 10 files changed, 19 insertions(+), 14 deletions(-) create mode 120000 units/user/bluetooth.target create mode 120000 units/user/busnames.target create mode 120000 units/user/paths.target create mode 120000 units/user/printer.target create mode 120000 units/user/shutdown.target create mode 120000 units/user/smartcard.target create mode 120000 units/user/sockets.target create mode 120000 units/user/sound.target create mode 120000 units/user/timers.target (limited to 'Makefile.am') diff --git a/Makefile.am b/Makefile.am index bc615bdc3b..a1bb21e4fc 100644 --- a/Makefile.am +++ b/Makefile.am @@ -575,7 +575,16 @@ dist_userunit_DATA = \ units/user/default.target \ units/user/exit.target \ units/user/graphical-session.target \ - units/user/graphical-session-pre.target + units/user/graphical-session-pre.target \ + units/user/bluetooth.target \ + units/user/busnames.target \ + units/user/paths.target \ + units/user/printer.target \ + units/user/shutdown.target \ + units/user/smartcard.target \ + units/user/sockets.target \ + units/user/sound.target \ + units/user/timers.target nodist_userunit_DATA = \ units/user/systemd-exit.service @@ -6296,19 +6305,6 @@ SYSTEM_UNIT_ALIASES += \ reboot.target ctrl-alt-del.target \ getty@.service autovt@.service -USER_UNIT_ALIASES += \ - $(systemunitdir)/shutdown.target shutdown.target \ - $(systemunitdir)/sockets.target sockets.target \ - $(systemunitdir)/timers.target timers.target \ - $(systemunitdir)/paths.target paths.target \ - $(systemunitdir)/bluetooth.target bluetooth.target \ - $(systemunitdir)/printer.target printer.target \ - $(systemunitdir)/sound.target sound.target \ - $(systemunitdir)/smartcard.target smartcard.target - -USER_UNIT_ALIASES += \ - $(systemunitdir)/busnames.target busnames.target - GENERAL_ALIASES += \ $(systemunitdir)/remote-fs.target $(pkgsysconfdir)/system/multi-user.target.wants/remote-fs.target \ $(systemunitdir)/getty@.service $(pkgsysconfdir)/system/getty.target.wants/getty@tty1.service \ diff --git a/units/user/bluetooth.target b/units/user/bluetooth.target new file mode 120000 index 0000000000..72e74be0a1 --- /dev/null +++ b/units/user/bluetooth.target @@ -0,0 +1 @@ +../bluetooth.target \ No newline at end of file diff --git a/units/user/busnames.target b/units/user/busnames.target new file mode 120000 index 0000000000..04f4ba1345 --- /dev/null +++ b/units/user/busnames.target @@ -0,0 +1 @@ +../busnames.target \ No newline at end of file diff --git a/units/user/paths.target b/units/user/paths.target new file mode 120000 index 0000000000..33545d24f3 --- /dev/null +++ b/units/user/paths.target @@ -0,0 +1 @@ +../paths.target \ No newline at end of file diff --git a/units/user/printer.target b/units/user/printer.target new file mode 120000 index 0000000000..8b8d5511cd --- /dev/null +++ b/units/user/printer.target @@ -0,0 +1 @@ +../printer.target \ No newline at end of file diff --git a/units/user/shutdown.target b/units/user/shutdown.target new file mode 120000 index 0000000000..a9de83782f --- /dev/null +++ b/units/user/shutdown.target @@ -0,0 +1 @@ +../shutdown.target \ No newline at end of file diff --git a/units/user/smartcard.target b/units/user/smartcard.target new file mode 120000 index 0000000000..f7a23b6b6d --- /dev/null +++ b/units/user/smartcard.target @@ -0,0 +1 @@ +../smartcard.target \ No newline at end of file diff --git a/units/user/sockets.target b/units/user/sockets.target new file mode 120000 index 0000000000..a9e4b97184 --- /dev/null +++ b/units/user/sockets.target @@ -0,0 +1 @@ +../sockets.target \ No newline at end of file diff --git a/units/user/sound.target b/units/user/sound.target new file mode 120000 index 0000000000..17c8e9d6e1 --- /dev/null +++ b/units/user/sound.target @@ -0,0 +1 @@ +../sound.target \ No newline at end of file diff --git a/units/user/timers.target b/units/user/timers.target new file mode 120000 index 0000000000..f98b68a84d --- /dev/null +++ b/units/user/timers.target @@ -0,0 +1 @@ +../timers.target \ No newline at end of file -- cgit v1.2.3-54-g00ecf From 70cb8b7b16d2f1c63b21d90a493d895018fe8f67 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 22 Aug 2016 16:13:19 +0200 Subject: sd-bus: add a small test case for sd_bus_track This tests in particular that disconnecting results in the tracking object's handlers to be called. --- .gitignore | 1 + Makefile.am | 11 ++++ src/libsystemd/sd-bus/test-bus-track.c | 113 +++++++++++++++++++++++++++++++++ 3 files changed, 125 insertions(+) create mode 100644 src/libsystemd/sd-bus/test-bus-track.c (limited to 'Makefile.am') diff --git a/.gitignore b/.gitignore index 6caa8218bd..565a3a3839 100644 --- a/.gitignore +++ b/.gitignore @@ -152,6 +152,7 @@ /test-bus-policy /test-bus-server /test-bus-signature +/test-bus-track /test-bus-zero-copy /test-calendarspec /test-cap-list diff --git a/Makefile.am b/Makefile.am index 431975de8b..3a617560e0 100644 --- a/Makefile.am +++ b/Makefile.am @@ -3323,6 +3323,7 @@ tests += \ test-bus-error \ test-bus-creds \ test-bus-gvariant \ + test-bus-track \ test-event \ test-netlink \ test-local-addresses \ @@ -3366,6 +3367,16 @@ test_bus_cleanup_CFLAGS = \ test_bus_cleanup_LDADD = \ libsystemd-shared.la +test_bus_track_SOURCES = \ + src/libsystemd/sd-bus/test-bus-track.c + +test_bus_track_CFLAGS = \ + $(AM_CFLAGS) \ + $(SECCOMP_CFLAGS) + +test_bus_track_LDADD = \ + libsystemd-shared.la + test_bus_server_SOURCES = \ src/libsystemd/sd-bus/test-bus-server.c diff --git a/src/libsystemd/sd-bus/test-bus-track.c b/src/libsystemd/sd-bus/test-bus-track.c new file mode 100644 index 0000000000..4beb61f05a --- /dev/null +++ b/src/libsystemd/sd-bus/test-bus-track.c @@ -0,0 +1,113 @@ +/*** + This file is part of systemd. + + Copyright 2016 Lennart Poettering + + systemd is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as published by + the Free Software Foundation; either version 2.1 of the License, or + (at your option) any later version. + + systemd is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with systemd; If not, see . +***/ + +#include + +#include "macro.h" + +static bool track_cb_called_x = false; +static bool track_cb_called_y = false; + +static int track_cb_x(sd_bus_track *t, void *userdata) { + + log_error("TRACK CB X"); + + assert_se(!track_cb_called_x); + track_cb_called_x = true; + + /* This means b's name disappeared. Let's now disconnect, to make sure the track handling on disconnect works + * as it should. */ + + assert_se(shutdown(sd_bus_get_fd(sd_bus_track_get_bus(t)), SHUT_RDWR) >= 0); + return 1; +} + +static int track_cb_y(sd_bus_track *t, void *userdata) { + int r; + + log_error("TRACK CB Y"); + + assert_se(!track_cb_called_y); + track_cb_called_y = true; + + /* We got disconnected, let's close everything */ + + r = sd_event_exit(sd_bus_get_event(sd_bus_track_get_bus(t)), EXIT_SUCCESS); + assert_se(r >= 0); + + return 0; +} + +int main(int argc, char *argv[]) { + _cleanup_(sd_event_unrefp) sd_event *event = NULL; + _cleanup_(sd_bus_track_unrefp) sd_bus_track *x = NULL, *y = NULL; + _cleanup_(sd_bus_unrefp) sd_bus *a = NULL, *b = NULL; + const char *unique; + int r; + + r = sd_event_default(&event); + assert_se(r >= 0); + + r = sd_bus_open_system(&a); + if (IN_SET(r, -ECONNREFUSED, -ENOENT)) { + log_info("Failed to connect to bus, skipping tests."); + return EXIT_TEST_SKIP; + } + assert_se(r >= 0); + + r = sd_bus_attach_event(a, event, SD_EVENT_PRIORITY_NORMAL); + assert_se(r >= 0); + + r = sd_bus_open_system(&b); + assert_se(r >= 0); + + r = sd_bus_attach_event(b, event, SD_EVENT_PRIORITY_NORMAL); + assert_se(r >= 0); + + /* Watch b's name from a */ + r = sd_bus_track_new(a, &x, track_cb_x, NULL); + assert_se(r >= 0); + + r = sd_bus_get_unique_name(b, &unique); + assert_se(r >= 0); + + r = sd_bus_track_add_name(x, unique); + assert_se(r >= 0); + + /* Watch's a's own name from a */ + r = sd_bus_track_new(a, &y, track_cb_y, NULL); + assert_se(r >= 0); + + r = sd_bus_get_unique_name(a, &unique); + assert_se(r >= 0); + + r = sd_bus_track_add_name(y, unique); + assert_se(r >= 0); + + /* Now make b's name disappear */ + sd_bus_close(b); + + r = sd_event_loop(event); + assert_se(r >= 0); + + assert_se(track_cb_called_x); + assert_se(track_cb_called_y); + + return 0; +} -- cgit v1.2.3-54-g00ecf From 92c918b06d970cd4ce2e7e529e6093ffc46a9cfa Mon Sep 17 00:00:00 2001 From: Susant Sahani Date: Wed, 14 Sep 2016 21:45:16 +0530 Subject: networkd: add support to configure virtual CAN device (#4139) 1. add support for kind vcan 2. fixup indention netlink-types.c, networkd-netdev.c --- Makefile.am | 2 + man/systemd.netdev.xml | 6 ++- src/libsystemd/sd-netlink/netlink-types.c | 74 +++++++++++++++---------------- src/libsystemd/sd-netlink/netlink-types.h | 1 + src/network/networkd-link.c | 38 ++++++++++++++++ src/network/networkd-netdev-vcan.c | 25 +++++++++++ src/network/networkd-netdev-vcan.h | 34 ++++++++++++++ src/network/networkd-netdev.c | 4 +- src/network/networkd-netdev.h | 1 + src/network/networkd-network.c | 1 + src/network/networkd.h | 1 + 11 files changed, 147 insertions(+), 40 deletions(-) create mode 100644 src/network/networkd-netdev-vcan.c create mode 100644 src/network/networkd-netdev-vcan.h (limited to 'Makefile.am') diff --git a/Makefile.am b/Makefile.am index 3a617560e0..946af196f3 100644 --- a/Makefile.am +++ b/Makefile.am @@ -5650,6 +5650,8 @@ libnetworkd_core_la_SOURCES = \ src/network/networkd-netdev-bond.c \ src/network/networkd-netdev-bridge.h \ src/network/networkd-netdev-bridge.c \ + src/network/networkd-netdev-vcan.h \ + src/network/networkd-netdev-vcan.c \ src/network/networkd-link-bus.c \ src/network/networkd-ipv4ll.c \ src/network/networkd-dhcp4.c \ diff --git a/man/systemd.netdev.xml b/man/systemd.netdev.xml index 1f9f071b94..78f0e25a6f 100644 --- a/man/systemd.netdev.xml +++ b/man/systemd.netdev.xml @@ -163,7 +163,11 @@ A virtual extensible LAN (vxlan), for connecting Cloud computing deployments. vrf - A Virtual Routing and Forwarding (VRF) interface to create separate routing and forwarding domains. + A Virtual Routing and Forwarding (VRF) interface to create separate routing and forwarding domains. + + vcan + The virtual CAN driver (vcan). Similar to the network loopback devices, + vcan offers a virtual local CAN interface. diff --git a/src/libsystemd/sd-netlink/netlink-types.c b/src/libsystemd/sd-netlink/netlink-types.c index 566a050432..1c10dd55a7 100644 --- a/src/libsystemd/sd-netlink/netlink-types.c +++ b/src/libsystemd/sd-netlink/netlink-types.c @@ -21,6 +21,7 @@ #include #include #include +#include #include #include #include @@ -303,49 +304,48 @@ static const char* const nl_union_link_info_data_table[] = { [NL_UNION_LINK_INFO_DATA_VTI6_TUNNEL] = "vti6", [NL_UNION_LINK_INFO_DATA_IP6TNL_TUNNEL] = "ip6tnl", [NL_UNION_LINK_INFO_DATA_VRF] = "vrf", + [NL_UNION_LINK_INFO_DATA_VCAN] = "vcan", }; DEFINE_STRING_TABLE_LOOKUP(nl_union_link_info_data, NLUnionLinkInfoData); static const NLTypeSystem rtnl_link_info_data_type_systems[] = { - [NL_UNION_LINK_INFO_DATA_BOND] = { .count = ELEMENTSOF(rtnl_link_info_data_bond_types), - .types = rtnl_link_info_data_bond_types }, - [NL_UNION_LINK_INFO_DATA_BRIDGE] = { .count = ELEMENTSOF(rtnl_link_info_data_bridge_types), - .types = rtnl_link_info_data_bridge_types }, - [NL_UNION_LINK_INFO_DATA_VLAN] = { .count = ELEMENTSOF(rtnl_link_info_data_vlan_types), - .types = rtnl_link_info_data_vlan_types }, - [NL_UNION_LINK_INFO_DATA_VETH] = { .count = ELEMENTSOF(rtnl_link_info_data_veth_types), - .types = rtnl_link_info_data_veth_types }, - [NL_UNION_LINK_INFO_DATA_MACVLAN] = { .count = ELEMENTSOF(rtnl_link_info_data_macvlan_types), - .types = rtnl_link_info_data_macvlan_types }, - [NL_UNION_LINK_INFO_DATA_MACVTAP] = { .count = ELEMENTSOF(rtnl_link_info_data_macvlan_types), - .types = rtnl_link_info_data_macvlan_types }, - [NL_UNION_LINK_INFO_DATA_IPVLAN] = { .count = ELEMENTSOF(rtnl_link_info_data_ipvlan_types), - .types = rtnl_link_info_data_ipvlan_types }, - [NL_UNION_LINK_INFO_DATA_VXLAN] = { .count = ELEMENTSOF(rtnl_link_info_data_vxlan_types), - .types = rtnl_link_info_data_vxlan_types }, - [NL_UNION_LINK_INFO_DATA_IPIP_TUNNEL] = { .count = ELEMENTSOF(rtnl_link_info_data_iptun_types), - .types = rtnl_link_info_data_iptun_types }, - [NL_UNION_LINK_INFO_DATA_IPGRE_TUNNEL] = { .count = ELEMENTSOF(rtnl_link_info_data_ipgre_types), - .types = rtnl_link_info_data_ipgre_types }, + [NL_UNION_LINK_INFO_DATA_BOND] = { .count = ELEMENTSOF(rtnl_link_info_data_bond_types), + .types = rtnl_link_info_data_bond_types }, + [NL_UNION_LINK_INFO_DATA_BRIDGE] = { .count = ELEMENTSOF(rtnl_link_info_data_bridge_types), + .types = rtnl_link_info_data_bridge_types }, + [NL_UNION_LINK_INFO_DATA_VLAN] = { .count = ELEMENTSOF(rtnl_link_info_data_vlan_types), + .types = rtnl_link_info_data_vlan_types }, + [NL_UNION_LINK_INFO_DATA_VETH] = { .count = ELEMENTSOF(rtnl_link_info_data_veth_types), + .types = rtnl_link_info_data_veth_types }, + [NL_UNION_LINK_INFO_DATA_MACVLAN] = { .count = ELEMENTSOF(rtnl_link_info_data_macvlan_types), + .types = rtnl_link_info_data_macvlan_types }, + [NL_UNION_LINK_INFO_DATA_MACVTAP] = { .count = ELEMENTSOF(rtnl_link_info_data_macvlan_types), + .types = rtnl_link_info_data_macvlan_types }, + [NL_UNION_LINK_INFO_DATA_IPVLAN] = { .count = ELEMENTSOF(rtnl_link_info_data_ipvlan_types), + .types = rtnl_link_info_data_ipvlan_types }, + [NL_UNION_LINK_INFO_DATA_VXLAN] = { .count = ELEMENTSOF(rtnl_link_info_data_vxlan_types), + .types = rtnl_link_info_data_vxlan_types }, + [NL_UNION_LINK_INFO_DATA_IPIP_TUNNEL] = { .count = ELEMENTSOF(rtnl_link_info_data_iptun_types), + .types = rtnl_link_info_data_iptun_types }, + [NL_UNION_LINK_INFO_DATA_IPGRE_TUNNEL] = { .count = ELEMENTSOF(rtnl_link_info_data_ipgre_types), + .types = rtnl_link_info_data_ipgre_types }, [NL_UNION_LINK_INFO_DATA_IPGRETAP_TUNNEL] = { .count = ELEMENTSOF(rtnl_link_info_data_ipgre_types), - .types = rtnl_link_info_data_ipgre_types }, - [NL_UNION_LINK_INFO_DATA_IP6GRE_TUNNEL] = { .count = ELEMENTSOF(rtnl_link_info_data_ipgre_types), - .types = rtnl_link_info_data_ipgre_types }, - [NL_UNION_LINK_INFO_DATA_IP6GRETAP_TUNNEL] = { .count = ELEMENTSOF(rtnl_link_info_data_ipgre_types), - .types = rtnl_link_info_data_ipgre_types }, - [NL_UNION_LINK_INFO_DATA_SIT_TUNNEL] = { .count = ELEMENTSOF(rtnl_link_info_data_iptun_types), - .types = rtnl_link_info_data_iptun_types }, - [NL_UNION_LINK_INFO_DATA_VTI_TUNNEL] = { .count = ELEMENTSOF(rtnl_link_info_data_ipvti_types), - .types = rtnl_link_info_data_ipvti_types }, - [NL_UNION_LINK_INFO_DATA_VTI6_TUNNEL] = { .count = ELEMENTSOF(rtnl_link_info_data_ipvti_types), - .types = rtnl_link_info_data_ipvti_types }, - [NL_UNION_LINK_INFO_DATA_IP6TNL_TUNNEL] = { .count = ELEMENTSOF(rtnl_link_info_data_ip6tnl_types), - .types = rtnl_link_info_data_ip6tnl_types }, - - [NL_UNION_LINK_INFO_DATA_VRF] = { .count = ELEMENTSOF(rtnl_link_info_data_vrf_types), - .types = rtnl_link_info_data_vrf_types }, - + .types = rtnl_link_info_data_ipgre_types }, + [NL_UNION_LINK_INFO_DATA_IP6GRE_TUNNEL] = { .count = ELEMENTSOF(rtnl_link_info_data_ipgre_types), + .types = rtnl_link_info_data_ipgre_types }, + [NL_UNION_LINK_INFO_DATA_IP6GRETAP_TUNNEL] = { .count = ELEMENTSOF(rtnl_link_info_data_ipgre_types), + .types = rtnl_link_info_data_ipgre_types }, + [NL_UNION_LINK_INFO_DATA_SIT_TUNNEL] = { .count = ELEMENTSOF(rtnl_link_info_data_iptun_types), + .types = rtnl_link_info_data_iptun_types }, + [NL_UNION_LINK_INFO_DATA_VTI_TUNNEL] = { .count = ELEMENTSOF(rtnl_link_info_data_ipvti_types), + .types = rtnl_link_info_data_ipvti_types }, + [NL_UNION_LINK_INFO_DATA_VTI6_TUNNEL] = { .count = ELEMENTSOF(rtnl_link_info_data_ipvti_types), + .types = rtnl_link_info_data_ipvti_types }, + [NL_UNION_LINK_INFO_DATA_IP6TNL_TUNNEL] = { .count = ELEMENTSOF(rtnl_link_info_data_ip6tnl_types), + .types = rtnl_link_info_data_ip6tnl_types }, + [NL_UNION_LINK_INFO_DATA_VRF] = { .count = ELEMENTSOF(rtnl_link_info_data_vrf_types), + .types = rtnl_link_info_data_vrf_types }, }; static const NLTypeSystemUnion rtnl_link_info_data_type_system_union = { diff --git a/src/libsystemd/sd-netlink/netlink-types.h b/src/libsystemd/sd-netlink/netlink-types.h index 7c0e598b26..42e96173de 100644 --- a/src/libsystemd/sd-netlink/netlink-types.h +++ b/src/libsystemd/sd-netlink/netlink-types.h @@ -87,6 +87,7 @@ typedef enum NLUnionLinkInfoData { NL_UNION_LINK_INFO_DATA_VTI6_TUNNEL, NL_UNION_LINK_INFO_DATA_IP6TNL_TUNNEL, NL_UNION_LINK_INFO_DATA_VRF, + NL_UNION_LINK_INFO_DATA_VCAN, _NL_UNION_LINK_INFO_DATA_MAX, _NL_UNION_LINK_INFO_DATA_INVALID = -1 } NLUnionLinkInfoData; diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c index aab40a0eb1..1687d9bf31 100644 --- a/src/network/networkd-link.c +++ b/src/network/networkd-link.c @@ -1787,6 +1787,31 @@ static int link_down(Link *link) { return 0; } +static int link_up_can(Link *link) { + _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL; + int r; + + assert(link); + + log_link_debug(link, "Bringing CAN link up"); + + r = sd_rtnl_message_new_link(link->manager->rtnl, &req, RTM_SETLINK, link->ifindex); + if (r < 0) + return log_link_error_errno(link, r, "Could not allocate RTM_SETLINK message: %m"); + + r = sd_rtnl_message_link_set_flags(req, IFF_UP, IFF_UP); + if (r < 0) + return log_link_error_errno(link, r, "Could not set link flags: %m"); + + r = sd_netlink_call_async(link->manager->rtnl, req, link_up_handler, link, 0, NULL); + if (r < 0) + return log_link_error_errno(link, r, "Could not send rtnetlink message: %m"); + + link_ref(link); + + return 0; +} + static int link_handle_bound_to_list(Link *link) { Link *l; Iterator i; @@ -2431,6 +2456,19 @@ static int link_configure(Link *link) { assert(link->network); assert(link->state == LINK_STATE_PENDING); + if (streq_ptr(link->kind, "vcan")) { + + if (!(link->flags & IFF_UP)) { + r = link_up_can(link); + if (r < 0) { + link_enter_failed(link); + return r; + } + } + + return 0; + } + /* Drop foreign config, but ignore loopback or critical devices. * We do not want to remove loopback address or addresses used for root NFS. */ if (!(link->flags & IFF_LOOPBACK) && !(link->network->dhcp_critical)) { diff --git a/src/network/networkd-netdev-vcan.c b/src/network/networkd-netdev-vcan.c new file mode 100644 index 0000000000..bfce6e1962 --- /dev/null +++ b/src/network/networkd-netdev-vcan.c @@ -0,0 +1,25 @@ +/*** + This file is part of systemd. + + Copyright 2016 Susant Sahani + + systemd is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as published by + the Free Software Foundation; either version 2.1 of the License, or + (at your option) any later version. + + systemd is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with systemd; If not, see . +***/ + +#include "networkd-netdev-vcan.h" + +const NetDevVTable vcan_vtable = { + .object_size = sizeof(VCan), + .create_type = NETDEV_CREATE_INDEPENDENT, +}; diff --git a/src/network/networkd-netdev-vcan.h b/src/network/networkd-netdev-vcan.h new file mode 100644 index 0000000000..6ba47fd70e --- /dev/null +++ b/src/network/networkd-netdev-vcan.h @@ -0,0 +1,34 @@ +#pragma once + +/*** + This file is part of systemd. + + Copyright 2016 Susant Sahani + + systemd is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as published by + the Free Software Foundation; either version 2.1 of the License, or + (at your option) any later version. + + systemd is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with systemd; If not, see . +***/ + +typedef struct VCan VCan; + +#include + +#include "networkd-netdev.h" + +struct VCan { + NetDev meta; +}; + +DEFINE_NETDEV_CAST(VCAN, VCan); + +extern const NetDevVTable vcan_vtable; diff --git a/src/network/networkd-netdev.c b/src/network/networkd-netdev.c index e7edc366af..583389c8dd 100644 --- a/src/network/networkd-netdev.c +++ b/src/network/networkd-netdev.c @@ -56,7 +56,7 @@ const NetDevVTable * const netdev_vtable[_NETDEV_KIND_MAX] = { [NETDEV_KIND_TAP] = &tap_vtable, [NETDEV_KIND_IP6TNL] = &ip6tnl_vtable, [NETDEV_KIND_VRF] = &vrf_vtable, - + [NETDEV_KIND_VCAN] = &vcan_vtable, }; static const char* const netdev_kind_table[_NETDEV_KIND_MAX] = { @@ -81,7 +81,7 @@ static const char* const netdev_kind_table[_NETDEV_KIND_MAX] = { [NETDEV_KIND_TAP] = "tap", [NETDEV_KIND_IP6TNL] = "ip6tnl", [NETDEV_KIND_VRF] = "vrf", - + [NETDEV_KIND_VCAN] = "vcan", }; DEFINE_STRING_TABLE_LOOKUP(netdev_kind, NetDevKind); diff --git a/src/network/networkd-netdev.h b/src/network/networkd-netdev.h index 09863e72b4..31b55e2791 100644 --- a/src/network/networkd-netdev.h +++ b/src/network/networkd-netdev.h @@ -56,6 +56,7 @@ typedef enum NetDevKind { NETDEV_KIND_TUN, NETDEV_KIND_TAP, NETDEV_KIND_VRF, + NETDEV_KIND_VCAN, _NETDEV_KIND_MAX, _NETDEV_KIND_INVALID = -1 } NetDevKind; diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c index 49faba5b12..9865c8a5c0 100644 --- a/src/network/networkd-network.c +++ b/src/network/networkd-network.c @@ -479,6 +479,7 @@ int config_parse_netdev(const char *unit, case NETDEV_KIND_MACVTAP: case NETDEV_KIND_IPVLAN: case NETDEV_KIND_VXLAN: + case NETDEV_KIND_VCAN: r = hashmap_put(network->stacked_netdevs, netdev->ifname, netdev); if (r < 0) { log_syntax(unit, LOG_ERR, filename, line, r, "Can not add VLAN '%s' to network: %m", rvalue); diff --git a/src/network/networkd.h b/src/network/networkd.h index c4bd712147..cb1b73145e 100644 --- a/src/network/networkd.h +++ b/src/network/networkd.h @@ -43,6 +43,7 @@ #include "networkd-netdev-vlan.h" #include "networkd-netdev-vrf.h" #include "networkd-netdev-vxlan.h" +#include "networkd-netdev-vcan.h" #include "networkd-network.h" #include "networkd-util.h" -- cgit v1.2.3-54-g00ecf From af0a10bfa1a4f73195575681c215ff43183ae4b4 Mon Sep 17 00:00:00 2001 From: Maciek Borzecki Date: Tue, 20 Sep 2016 21:24:45 +0200 Subject: nss: install nss modules to ${rootlibdir} NSS modules (libnss_*.so.*) need to be installed into ${rootlibdir} (typically /lib) in order to be used. Previously, the modules were installed into ${libdir}, thus usually ending up in /usr/lib, even on systems where split usr is enabled, or ${libdir} is passed explicitly. Signed-off-by: Maciek Borzecki --- Makefile.am | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'Makefile.am') diff --git a/Makefile.am b/Makefile.am index 946af196f3..ed14610893 100644 --- a/Makefile.am +++ b/Makefile.am @@ -157,6 +157,7 @@ nodist_zshcompletion_DATA = $(nodist_zshcompletion_data) endif udevlibexec_PROGRAMS = gperf_gperf_sources = +rootlib_LTLIBRARIES = in_files = $(filter %.in,$(EXTRA_DIST)) in_in_files = $(filter %.in.in, $(in_files)) @@ -5056,7 +5057,7 @@ libnss_systemd_la_LIBADD = \ libsystemd-internal.la \ libbasic.la -lib_LTLIBRARIES += \ +rootlib_LTLIBRARIES += \ libnss_systemd.la # ------------------------------------------------------------------------------ @@ -5078,7 +5079,7 @@ libnss_myhostname_la_LIBADD = \ libsystemd-internal.la \ libbasic.la -lib_LTLIBRARIES += \ +rootlib_LTLIBRARIES += \ libnss_myhostname.la endif @@ -5177,7 +5178,7 @@ libnss_mymachines_la_LIBADD = \ libsystemd-internal.la \ libbasic.la -lib_LTLIBRARIES += \ +rootlib_LTLIBRARIES += \ libnss_mymachines.la endif @@ -5476,7 +5477,7 @@ libnss_resolve_la_LIBADD = \ libbasic.la \ -ldl -lib_LTLIBRARIES += \ +rootlib_LTLIBRARIES += \ libnss_resolve.la systemd_resolve_SOURCES = \ -- cgit v1.2.3-54-g00ecf From 082210c7a837063fd8b520b18c221b42059d7eff Mon Sep 17 00:00:00 2001 From: Maciek Borzecki Date: Sat, 24 Sep 2016 14:17:30 +0200 Subject: build-sys: get rid of move-to-rootlibdir Replace move-to-rootlibdir calls in post-install hooks with explicitly used ${rootlibdir} where needed. Signed-off-by: Maciek Borzecki --- Makefile.am | 33 ++------------------------------- 1 file changed, 2 insertions(+), 31 deletions(-) (limited to 'Makefile.am') diff --git a/Makefile.am b/Makefile.am index ed14610893..e823a5c515 100644 --- a/Makefile.am +++ b/Makefile.am @@ -251,16 +251,6 @@ AM_CFLAGS = $(OUR_CFLAGS) AM_LDFLAGS = $(OUR_LDFLAGS) # ------------------------------------------------------------------------------ -define move-to-rootlibdir - if test "$(libdir)" != "$(rootlibdir)"; then \ - $(MKDIR_P) $(DESTDIR)$(rootlibdir) && \ - so_img_name=$$(readlink $(DESTDIR)$(libdir)/$$libname) && \ - rm -f $(DESTDIR)$(libdir)/$$libname && \ - $(LN_S) --relative -f $(DESTDIR)$(rootlibdir)/$$so_img_name $(DESTDIR)$(libdir)/$$libname && \ - mv $(DESTDIR)$(libdir)/$$libname.* $(DESTDIR)$(rootlibdir); \ - fi -endef - INSTALL_DIRS = SHUTDOWN_TARGET_WANTS = @@ -3284,15 +3274,6 @@ libsystemd_la_LIBADD = \ libbasic.la \ libsystemd-journal-internal.la -libsystemd-install-hook: - libname=libsystemd.so && $(move-to-rootlibdir) - -libsystemd-uninstall-hook: - rm -f $(DESTDIR)$(rootlibdir)/libsystemd.so* - -INSTALL_EXEC_HOOKS += libsystemd-install-hook -UNINSTALL_EXEC_HOOKS += libsystemd-uninstall-hook - pkgconfiglib_DATA += \ src/libsystemd/libsystemd.pc @@ -3305,7 +3286,7 @@ pkginclude_HEADERS += \ src/systemd/sd-id128.h \ src/systemd/sd-daemon.h -lib_LTLIBRARIES += \ +rootlib_LTLIBRARIES += \ libsystemd.la tests += \ @@ -3637,7 +3618,7 @@ tests += \ include_HEADERS += \ src/libudev/libudev.h -lib_LTLIBRARIES += \ +rootlib_LTLIBRARIES += \ libudev.la libudev_la_SOURCES =\ @@ -3669,16 +3650,6 @@ pkgconfiglib_DATA += \ EXTRA_DIST += \ src/libudev/libudev.pc.in -# move lib from $(libdir) to $(rootlibdir) and update devel link, if needed -libudev-install-hook: - libname=libudev.so && $(move-to-rootlibdir) - -libudev-uninstall-hook: - rm -f $(DESTDIR)$(rootlibdir)/libudev.so* - -INSTALL_EXEC_HOOKS += libudev-install-hook -UNINSTALL_EXEC_HOOKS += libudev-uninstall-hook - # ------------------------------------------------------------------------------ noinst_LTLIBRARIES += \ libudev-internal.la -- cgit v1.2.3-54-g00ecf From 615a1f4b26f3c7d10ad9ea638341a6920a6bc435 Mon Sep 17 00:00:00 2001 From: Djalal Harouni Date: Sun, 25 Sep 2016 13:04:30 +0200 Subject: test: add CAP_MKNOD tests for PrivateDevices= --- Makefile.am | 2 ++ src/test/test-execute.c | 10 ++++++++++ .../exec-privatedevices-no-capability-mknod.service | 7 +++++++ .../exec-privatedevices-yes-capability-mknod.service | 7 +++++++ 4 files changed, 26 insertions(+) create mode 100644 test/test-execute/exec-privatedevices-no-capability-mknod.service create mode 100644 test/test-execute/exec-privatedevices-yes-capability-mknod.service (limited to 'Makefile.am') diff --git a/Makefile.am b/Makefile.am index e823a5c515..66dbbeca0e 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1639,6 +1639,8 @@ EXTRA_DIST += \ test/test-execute/exec-personality-aarch64.service \ test/test-execute/exec-privatedevices-no.service \ test/test-execute/exec-privatedevices-yes.service \ + test/test-execute/exec-privatedevices-no-capability-mknod.service \ + test/test-execute/exec-privatedevices-yes-capability-mknod.service \ test/test-execute/exec-privatetmp-no.service \ test/test-execute/exec-privatetmp-yes.service \ test/test-execute/exec-spec-interpolation.service \ diff --git a/src/test/test-execute.c b/src/test/test-execute.c index 25489cefbc..2bc1854485 100644 --- a/src/test/test-execute.c +++ b/src/test/test-execute.c @@ -133,6 +133,15 @@ static void test_exec_privatedevices(Manager *m) { test(m, "exec-privatedevices-no.service", 0, CLD_EXITED); } +static void test_exec_privatedevices_capabilities(Manager *m) { + if (detect_container() > 0) { + log_notice("testing in container, skipping private device tests"); + return; + } + test(m, "exec-privatedevices-yes-capability-mknod.service", 0, CLD_EXITED); + test(m, "exec-privatedevices-no-capability-mknod.service", 0, CLD_EXITED); +} + static void test_exec_systemcallfilter(Manager *m) { #ifdef HAVE_SECCOMP if (!is_seccomp_available()) @@ -345,6 +354,7 @@ int main(int argc, char *argv[]) { test_exec_ignoresigpipe, test_exec_privatetmp, test_exec_privatedevices, + test_exec_privatedevices_capabilities, test_exec_privatenetwork, test_exec_systemcallfilter, test_exec_systemcallerrornumber, diff --git a/test/test-execute/exec-privatedevices-no-capability-mknod.service b/test/test-execute/exec-privatedevices-no-capability-mknod.service new file mode 100644 index 0000000000..6d39469da8 --- /dev/null +++ b/test/test-execute/exec-privatedevices-no-capability-mknod.service @@ -0,0 +1,7 @@ +[Unit] +Description=Test CAP_MKNOD capability for PrivateDevices=no + +[Service] +PrivateDevices=no +ExecStart=/bin/sh -x -c 'capsh --print | grep cap_mknod' +Type=oneshot diff --git a/test/test-execute/exec-privatedevices-yes-capability-mknod.service b/test/test-execute/exec-privatedevices-yes-capability-mknod.service new file mode 100644 index 0000000000..fb1fc2875a --- /dev/null +++ b/test/test-execute/exec-privatedevices-yes-capability-mknod.service @@ -0,0 +1,7 @@ +[Unit] +Description=Test CAP_MKNOD capability for PrivateDevices=yes + +[Service] +PrivateDevices=yes +ExecStart=/bin/sh -x -c '! capsh --print | grep cap_mknod' +Type=oneshot -- cgit v1.2.3-54-g00ecf From f78b36f016b5f3e6ce1dfbdfcb78ba227ff8ccac Mon Sep 17 00:00:00 2001 From: Djalal Harouni Date: Sun, 25 Sep 2016 19:24:25 +0200 Subject: test: add tests for simple ReadOnlyPaths= case --- Makefile.am | 1 + src/test/test-execute.c | 5 +++++ test/test-execute/exec-readonlypaths.service | 7 +++++++ 3 files changed, 13 insertions(+) create mode 100644 test/test-execute/exec-readonlypaths.service (limited to 'Makefile.am') diff --git a/Makefile.am b/Makefile.am index 66dbbeca0e..0417a0511f 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1643,6 +1643,7 @@ EXTRA_DIST += \ test/test-execute/exec-privatedevices-yes-capability-mknod.service \ test/test-execute/exec-privatetmp-no.service \ test/test-execute/exec-privatetmp-yes.service \ + test/test-execute/exec-readonlypaths.service \ test/test-execute/exec-spec-interpolation.service \ test/test-execute/exec-systemcallerrornumber.service \ test/test-execute/exec-systemcallfilter-failing2.service \ diff --git a/src/test/test-execute.c b/src/test/test-execute.c index 2bc1854485..aa8544e21a 100644 --- a/src/test/test-execute.c +++ b/src/test/test-execute.c @@ -142,6 +142,10 @@ static void test_exec_privatedevices_capabilities(Manager *m) { test(m, "exec-privatedevices-no-capability-mknod.service", 0, CLD_EXITED); } +static void test_exec_readonlypaths(Manager *m) { + test(m, "exec-readonlypaths.service", 0, CLD_EXITED); +} + static void test_exec_systemcallfilter(Manager *m) { #ifdef HAVE_SECCOMP if (!is_seccomp_available()) @@ -355,6 +359,7 @@ int main(int argc, char *argv[]) { test_exec_privatetmp, test_exec_privatedevices, test_exec_privatedevices_capabilities, + test_exec_readonlypaths, test_exec_privatenetwork, test_exec_systemcallfilter, test_exec_systemcallerrornumber, diff --git a/test/test-execute/exec-readonlypaths.service b/test/test-execute/exec-readonlypaths.service new file mode 100644 index 0000000000..6866fdc700 --- /dev/null +++ b/test/test-execute/exec-readonlypaths.service @@ -0,0 +1,7 @@ +[Unit] +Description=Test for ReadOnlyPaths= + +[Service] +ReadOnlyPaths=/etc -/i-dont-exist /usr +ExecStart=/bin/sh -x -c 'test ! -w /etc && test ! -w /usr && test ! -e /i-dont-exist && test -w /var' +Type=oneshot -- cgit v1.2.3-54-g00ecf From cdfbd1fb26eb75fe6beca47dce7e5e348b077d97 Mon Sep 17 00:00:00 2001 From: Djalal Harouni Date: Sun, 25 Sep 2016 19:50:25 +0200 Subject: test: make sure that {readonly|inaccessible|readwrite}paths disconnect mount propagation Better safe. --- Makefile.am | 3 +++ src/test/test-execute.c | 11 +++++++++++ .../exec-inaccessiblepaths-mount-propagation.service | 7 +++++++ .../test-execute/exec-readonlypaths-mount-propagation.service | 7 +++++++ .../exec-readwritepaths-mount-propagation.service | 7 +++++++ 5 files changed, 35 insertions(+) create mode 100644 test/test-execute/exec-inaccessiblepaths-mount-propagation.service create mode 100644 test/test-execute/exec-readonlypaths-mount-propagation.service create mode 100644 test/test-execute/exec-readwritepaths-mount-propagation.service (limited to 'Makefile.am') diff --git a/Makefile.am b/Makefile.am index 0417a0511f..9185bae7b7 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1644,6 +1644,9 @@ EXTRA_DIST += \ test/test-execute/exec-privatetmp-no.service \ test/test-execute/exec-privatetmp-yes.service \ test/test-execute/exec-readonlypaths.service \ + test/test-execute/exec-readonlypaths-mount-propagation.service \ + test/test-execute/exec-readwritepaths-mount-propagation.service \ + test/test-execute/exec-inaccessiblepaths-mount-propagation.service \ test/test-execute/exec-spec-interpolation.service \ test/test-execute/exec-systemcallerrornumber.service \ test/test-execute/exec-systemcallfilter-failing2.service \ diff --git a/src/test/test-execute.c b/src/test/test-execute.c index aa8544e21a..8b4ff22495 100644 --- a/src/test/test-execute.c +++ b/src/test/test-execute.c @@ -144,6 +144,15 @@ static void test_exec_privatedevices_capabilities(Manager *m) { static void test_exec_readonlypaths(Manager *m) { test(m, "exec-readonlypaths.service", 0, CLD_EXITED); + test(m, "exec-readonlypaths-mount-propagation.service", 0, CLD_EXITED); +} + +static void test_exec_readwritepaths(Manager *m) { + test(m, "exec-readwritepaths-mount-propagation.service", 0, CLD_EXITED); +} + +static void test_exec_inaccessiblepaths(Manager *m) { + test(m, "exec-inaccessiblepaths-mount-propagation.service", 0, CLD_EXITED); } static void test_exec_systemcallfilter(Manager *m) { @@ -360,6 +369,8 @@ int main(int argc, char *argv[]) { test_exec_privatedevices, test_exec_privatedevices_capabilities, test_exec_readonlypaths, + test_exec_readwritepaths, + test_exec_inaccessiblepaths, test_exec_privatenetwork, test_exec_systemcallfilter, test_exec_systemcallerrornumber, diff --git a/test/test-execute/exec-inaccessiblepaths-mount-propagation.service b/test/test-execute/exec-inaccessiblepaths-mount-propagation.service new file mode 100644 index 0000000000..23c6ff3f93 --- /dev/null +++ b/test/test-execute/exec-inaccessiblepaths-mount-propagation.service @@ -0,0 +1,7 @@ +[Unit] +Description=Test to make sure that InaccessiblePaths= disconnect mount propagation + +[Service] +InaccessiblePaths=-/i-dont-exist +ExecStart=/bin/sh -x -c 'mkdir -p /TEST; mount -t tmpfs tmpfs /TEST; grep TEST /proc/self/mountinfo && ! grep TEST /proc/$${PPID}/mountinfo && ! grep TEST /proc/1/mountinfo' +Type=oneshot diff --git a/test/test-execute/exec-readonlypaths-mount-propagation.service b/test/test-execute/exec-readonlypaths-mount-propagation.service new file mode 100644 index 0000000000..237cbb2efb --- /dev/null +++ b/test/test-execute/exec-readonlypaths-mount-propagation.service @@ -0,0 +1,7 @@ +[Unit] +Description=Test to make sure that passing ReadOnlyPaths= disconnect mount propagation + +[Service] +ReadOnlyPaths=-/i-dont-exist +ExecStart=/bin/sh -x -c 'mkdir -p /TEST; mount -t tmpfs tmpfs /TEST; grep TEST /proc/self/mountinfo && ! grep TEST /proc/$${PPID}/mountinfo && ! grep TEST /proc/1/mountinfo' +Type=oneshot diff --git a/test/test-execute/exec-readwritepaths-mount-propagation.service b/test/test-execute/exec-readwritepaths-mount-propagation.service new file mode 100644 index 0000000000..466ce6c747 --- /dev/null +++ b/test/test-execute/exec-readwritepaths-mount-propagation.service @@ -0,0 +1,7 @@ +[Unit] +Description=Test to make sure that passing ReadWritePaths= disconnect mount propagation + +[Service] +ReadWritePaths=-/i-dont-exist +ExecStart=/bin/sh -x -c 'mkdir -p /TEST; mount -t tmpfs tmpfs /TEST; grep TEST /proc/self/mountinfo && ! grep TEST /proc/$${PPID}/mountinfo && ! grep TEST /proc/1/mountinfo' +Type=oneshot -- cgit v1.2.3-54-g00ecf From 1ef11fb628ed4e23bca5a2be1734e03f89bb678a Mon Sep 17 00:00:00 2001 From: Zbigniew Jędrzejewski-Szmek Date: Sun, 2 Oct 2016 14:52:52 +0200 Subject: build-sys: use non-breaking spaces in contributor list I think it's easier to read peoples' names with this change. --- Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Makefile.am') diff --git a/Makefile.am b/Makefile.am index 9185bae7b7..f7ae9ff7aa 100644 --- a/Makefile.am +++ b/Makefile.am @@ -6556,7 +6556,7 @@ print-%: @echo $($*) git-contrib: - @git shortlog -s `git describe --abbrev=0`.. | cut -c8- | awk '{ print $$0 "," }' | sort -u + @git shortlog -s `git describe --abbrev=0`.. | cut -c8- | sed 's/ / /g' | awk '{ print $$0 "," }' | sort -u EXTRA_DIST += \ tools/gdb-sd_dump_hashmaps.py -- cgit v1.2.3-54-g00ecf From 84a69ca9ba49a516c741582c4b2f69b0feb0f020 Mon Sep 17 00:00:00 2001 From: Franck Bui Date: Mon, 10 Oct 2016 12:06:26 +0200 Subject: unit: drop console-shell.service (#4298) (#4325) console-shell.service was supposed to be useful for normal clean boots (i.e. multi-user.target or so), as a replacement for logind/getty@.service for simpler use cases. But due to the lack of documentation and sanity check one can easily be confused and enable this service in // with getty@.service. In this case we end up with both services sharing the same tty which ends up in strange results. Even worse, console-shell.service might be failing while getty@.service tries to acquire the terminal which ends up in the system to poweroff since console-shell.service uses: "ExecStopPost=-/usr/bin/systemctl poweroff". Another issue: this service doesn't work well if plymouth is also used since it lets the splash screen program run and mess the tty (at least a "plymouth quit" is missing). So let's kill it for now. --- Makefile.am | 2 -- system-preset/90-systemd.preset | 1 - units/.gitignore | 2 -- units/console-shell.service.m4.in | 31 ------------------------------- 4 files changed, 36 deletions(-) delete mode 100644 units/console-shell.service.m4.in (limited to 'Makefile.am') diff --git a/Makefile.am b/Makefile.am index f7ae9ff7aa..b09b0cf167 100644 --- a/Makefile.am +++ b/Makefile.am @@ -524,7 +524,6 @@ dist_systemunit_DATA_busnames += \ nodist_systemunit_DATA = \ units/getty@.service \ units/serial-getty@.service \ - units/console-shell.service \ units/console-getty.service \ units/container-getty@.service \ units/systemd-initctl.service \ @@ -587,7 +586,6 @@ dist_systempreset_DATA = \ EXTRA_DIST += \ units/getty@.service.m4 \ units/serial-getty@.service.m4 \ - units/console-shell.service.m4.in \ units/console-getty.service.m4.in \ units/container-getty@.service.m4.in \ units/rescue.service.in \ diff --git a/system-preset/90-systemd.preset b/system-preset/90-systemd.preset index 0f494b7552..6b5349dc8d 100644 --- a/system-preset/90-systemd.preset +++ b/system-preset/90-systemd.preset @@ -18,7 +18,6 @@ enable systemd-resolved.service enable systemd-networkd-wait-online.service disable console-getty.service -disable console-shell.service disable debug-shell.service disable halt.target diff --git a/units/.gitignore b/units/.gitignore index 47e99154ee..8f4949258e 100644 --- a/units/.gitignore +++ b/units/.gitignore @@ -1,8 +1,6 @@ /user@.service.m4 /console-getty.service /console-getty.service.m4 -/console-shell.service -/console-shell.service.m4 /container-getty@.service /container-getty@.service.m4 /debug-shell.service diff --git a/units/console-shell.service.m4.in b/units/console-shell.service.m4.in deleted file mode 100644 index a345ec25d4..0000000000 --- a/units/console-shell.service.m4.in +++ /dev/null @@ -1,31 +0,0 @@ -# This file is part of systemd. -# -# systemd is free software; you can redistribute it and/or modify it -# under the terms of the GNU Lesser General Public License as published by -# the Free Software Foundation; either version 2.1 of the License, or -# (at your option) any later version. - -[Unit] -Description=Console Shell -Documentation=man:sulogin(8) -After=systemd-user-sessions.service plymouth-quit-wait.service -m4_ifdef(`HAVE_SYSV_COMPAT', -After=rc-local.service -)m4_dnl -Before=getty.target - -[Service] -Environment=HOME=/root -WorkingDirectory=-/root -ExecStart=-@SULOGIN@ -ExecStopPost=-@SYSTEMCTL@ poweroff -Type=idle -StandardInput=tty-force -StandardOutput=inherit -StandardError=inherit -KillMode=process -IgnoreSIGPIPE=no -SendSIGHUP=yes - -[Install] -WantedBy=getty.target -- cgit v1.2.3-54-g00ecf From 3ae33295f00be5e2836f009bf1991b0caddf80b7 Mon Sep 17 00:00:00 2001 From: Djalal Harouni Date: Fri, 7 Oct 2016 19:17:34 +0200 Subject: test: add capability tests for ProtectKernelModules= This just adds capabilities test. --- Makefile.am | 2 ++ src/test/test-execute.c | 11 +++++++++++ .../exec-protectkernelmodules-no-capabilities.service | 7 +++++++ .../exec-protectkernelmodules-yes-capabilities.service | 7 +++++++ 4 files changed, 27 insertions(+) create mode 100644 test/test-execute/exec-protectkernelmodules-no-capabilities.service create mode 100644 test/test-execute/exec-protectkernelmodules-yes-capabilities.service (limited to 'Makefile.am') diff --git a/Makefile.am b/Makefile.am index b09b0cf167..1ea25bb688 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1639,6 +1639,8 @@ EXTRA_DIST += \ test/test-execute/exec-privatedevices-yes.service \ test/test-execute/exec-privatedevices-no-capability-mknod.service \ test/test-execute/exec-privatedevices-yes-capability-mknod.service \ + test/test-execute/exec-protectkernelmodules-no-capabilities.service \ + test/test-execute/exec-protectkernelmodules-yes-capabilities.service \ test/test-execute/exec-privatetmp-no.service \ test/test-execute/exec-privatetmp-yes.service \ test/test-execute/exec-readonlypaths.service \ diff --git a/src/test/test-execute.c b/src/test/test-execute.c index 8b4ff22495..f7d38fb0f3 100644 --- a/src/test/test-execute.c +++ b/src/test/test-execute.c @@ -142,6 +142,16 @@ static void test_exec_privatedevices_capabilities(Manager *m) { test(m, "exec-privatedevices-no-capability-mknod.service", 0, CLD_EXITED); } +static void test_exec_protectkernelmodules_capabilities(Manager *m) { + if (detect_container() > 0) { + log_notice("testing in container, skipping protectkernelmodules tests"); + return; + } + + test(m, "exec-protectkernelmodules-no-capabilities.service", 0, CLD_EXITED); + test(m, "exec-protectkernelmodules-yes-capabilities.service", 0, CLD_EXITED); +} + static void test_exec_readonlypaths(Manager *m) { test(m, "exec-readonlypaths.service", 0, CLD_EXITED); test(m, "exec-readonlypaths-mount-propagation.service", 0, CLD_EXITED); @@ -368,6 +378,7 @@ int main(int argc, char *argv[]) { test_exec_privatetmp, test_exec_privatedevices, test_exec_privatedevices_capabilities, + test_exec_protectkernelmodules_capabilities, test_exec_readonlypaths, test_exec_readwritepaths, test_exec_inaccessiblepaths, diff --git a/test/test-execute/exec-protectkernelmodules-no-capabilities.service b/test/test-execute/exec-protectkernelmodules-no-capabilities.service new file mode 100644 index 0000000000..b2f2cd6b8a --- /dev/null +++ b/test/test-execute/exec-protectkernelmodules-no-capabilities.service @@ -0,0 +1,7 @@ +[Unit] +Description=Test CAP_SYS_MODULE ProtectKernelModules=no + +[Service] +ProtectKernelModules=no +ExecStart=/bin/sh -x -c 'capsh --print | grep cap_sys_module' +Type=oneshot diff --git a/test/test-execute/exec-protectkernelmodules-yes-capabilities.service b/test/test-execute/exec-protectkernelmodules-yes-capabilities.service new file mode 100644 index 0000000000..84bf39be56 --- /dev/null +++ b/test/test-execute/exec-protectkernelmodules-yes-capabilities.service @@ -0,0 +1,7 @@ +[Unit] +Description=Test CAP_SYS_MODULE for ProtectKernelModules=yes + +[Service] +ProtectKernelModules=yes +ExecStart=/bin/sh -x -c '! capsh --print | grep cap_sys_module' +Type=oneshot -- cgit v1.2.3-54-g00ecf From 4982dbcc300d4599aa6ac143e922d6fbee31a860 Mon Sep 17 00:00:00 2001 From: Djalal Harouni Date: Sun, 9 Oct 2016 12:38:45 +0200 Subject: test: add test to make sure that ProtectKernelModules=yes disconnect mount propagation --- Makefile.am | 1 + src/test/test-execute.c | 5 +++-- .../exec-protectkernelmodules-yes-mount-propagation.service | 7 +++++++ 3 files changed, 11 insertions(+), 2 deletions(-) create mode 100644 test/test-execute/exec-protectkernelmodules-yes-mount-propagation.service (limited to 'Makefile.am') diff --git a/Makefile.am b/Makefile.am index 1ea25bb688..4a69236090 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1641,6 +1641,7 @@ EXTRA_DIST += \ test/test-execute/exec-privatedevices-yes-capability-mknod.service \ test/test-execute/exec-protectkernelmodules-no-capabilities.service \ test/test-execute/exec-protectkernelmodules-yes-capabilities.service \ + test/test-execute/exec-protectkernelmodules-yes-mount-propagation.service \ test/test-execute/exec-privatetmp-no.service \ test/test-execute/exec-privatetmp-yes.service \ test/test-execute/exec-readonlypaths.service \ diff --git a/src/test/test-execute.c b/src/test/test-execute.c index 1eade98ed3..e8ff02adaf 100644 --- a/src/test/test-execute.c +++ b/src/test/test-execute.c @@ -144,7 +144,7 @@ static void test_exec_privatedevices_capabilities(Manager *m) { test(m, "exec-privatedevices-no-capability-sys-rawio.service", 0, CLD_EXITED); } -static void test_exec_protectkernelmodules_capabilities(Manager *m) { +static void test_exec_protectkernelmodules(Manager *m) { if (detect_container() > 0) { log_notice("testing in container, skipping protectkernelmodules tests"); return; @@ -152,6 +152,7 @@ static void test_exec_protectkernelmodules_capabilities(Manager *m) { test(m, "exec-protectkernelmodules-no-capabilities.service", 0, CLD_EXITED); test(m, "exec-protectkernelmodules-yes-capabilities.service", 0, CLD_EXITED); + test(m, "exec-protectkernelmodules-yes-mount-propagation.service", 0, CLD_EXITED); } static void test_exec_readonlypaths(Manager *m) { @@ -380,7 +381,7 @@ int main(int argc, char *argv[]) { test_exec_privatetmp, test_exec_privatedevices, test_exec_privatedevices_capabilities, - test_exec_protectkernelmodules_capabilities, + test_exec_protectkernelmodules, test_exec_readonlypaths, test_exec_readwritepaths, test_exec_inaccessiblepaths, diff --git a/test/test-execute/exec-protectkernelmodules-yes-mount-propagation.service b/test/test-execute/exec-protectkernelmodules-yes-mount-propagation.service new file mode 100644 index 0000000000..e438783df3 --- /dev/null +++ b/test/test-execute/exec-protectkernelmodules-yes-mount-propagation.service @@ -0,0 +1,7 @@ +[Unit] +Description=Test to make sure that passing ProtectKernelModules=yes disconnect mount propagation + +[Service] +ProtectKernelModules=yes +ExecStart=/bin/sh -x -c 'mkdir -p /TEST; mount -t tmpfs tmpfs /TEST; grep TEST /proc/self/mountinfo && ! grep TEST /proc/$${PPID}/mountinfo && ! grep TEST /proc/1/mountinfo' +Type=oneshot -- cgit v1.2.3-54-g00ecf From 651742d8ecd62d718080329fbba805bf364e6c25 Mon Sep 17 00:00:00 2001 From: Felipe Sateler Date: Wed, 12 Oct 2016 11:56:27 -0300 Subject: build-sys: Allow disabling installation of pam config snippet --- DISTRO_PORTING | 3 +++ Makefile.am | 2 ++ configure.ac | 3 ++- 3 files changed, 7 insertions(+), 1 deletion(-) (limited to 'Makefile.am') diff --git a/DISTRO_PORTING b/DISTRO_PORTING index 9f61bd6de6..51a244389d 100644 --- a/DISTRO_PORTING +++ b/DISTRO_PORTING @@ -48,6 +48,9 @@ PAM: /etc/security/limits.conf will not be read unless you load pam_limits. Make sure you add modules your distro expects from user services. + Pass --with-pamconfdir=no to ./configure to avoid installing this file + and instead install your own. + CONTRIBUTING UPSTREAM: We generally do no longer accept distribution-specific diff --git a/Makefile.am b/Makefile.am index b09b0cf167..e740512f98 100644 --- a/Makefile.am +++ b/Makefile.am @@ -5902,8 +5902,10 @@ pam_systemd_la_LIBADD = \ pamlib_LTLIBRARIES = \ pam_systemd.la +if ENABLE_PAM_CONFIG dist_pamconf_DATA = \ src/login/systemd-user +endif EXTRA_DIST += \ src/login/systemd-user.m4 diff --git a/configure.ac b/configure.ac index ccd212ef13..0e87adc38f 100644 --- a/configure.ac +++ b/configure.ac @@ -1507,9 +1507,10 @@ AC_ARG_WITH([pamlibdir], AX_NORMALIZE_PATH([with_pamlibdir]) AC_ARG_WITH([pamconfdir], - AS_HELP_STRING([--with-pamconfdir=DIR], [Directory for PAM configuration]), + AS_HELP_STRING([--with-pamconfdir=DIR], [Directory for PAM configuration (pass no to disable installing)]), [], [with_pamconfdir=${sysconfdir}/pam.d]) +AM_CONDITIONAL(ENABLE_PAM_CONFIG, [test "$with_pamconfdir" != "no"]) AX_NORMALIZE_PATH([with_pamconfdir]) AC_ARG_ENABLE([split-usr], -- cgit v1.2.3-54-g00ecf From c7934185fec8e7746f0660df71b3c03d48a0b132 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Fri, 14 Oct 2016 18:42:46 +0000 Subject: tests: add smoke test for systemd-nspawn Basically, this test runs: ``` systemd-nspawn --register=no -D "$_root" -b systemd-nspawn --register=no -D "$_root" --private-network -b systemd-nspawn --register=no -D "$_root" -U -b systemd-nspawn --register=no -D "$_root" --private-network -U -b ``` and exports the `UNIFIED_CGROUP_HIERARCHY=[yes|no]`, `SYSTEMD_NSPAWN_USE_CGNS=[yes|no]` Inspired by * systemd#3589 (comment) * systemd#4372 (comment) * systemd#4223 (comment) * systemd#1555 and so on :-) --- Makefile.am | 4 + test/TEST-13-NSPAWN-SMOKE/Makefile | 11 ++ test/TEST-13-NSPAWN-SMOKE/create-busybox-container | 53 ++++++++ test/TEST-13-NSPAWN-SMOKE/has-overflow.c | 143 +++++++++++++++++++++ test/TEST-13-NSPAWN-SMOKE/test.sh | 138 ++++++++++++++++++++ 5 files changed, 349 insertions(+) create mode 100644 test/TEST-13-NSPAWN-SMOKE/Makefile create mode 100755 test/TEST-13-NSPAWN-SMOKE/create-busybox-container create mode 100644 test/TEST-13-NSPAWN-SMOKE/has-overflow.c create mode 100755 test/TEST-13-NSPAWN-SMOKE/test.sh (limited to 'Makefile.am') diff --git a/Makefile.am b/Makefile.am index a0c17db179..00124a29f8 100644 --- a/Makefile.am +++ b/Makefile.am @@ -6030,6 +6030,10 @@ EXTRA_DIST += \ test/TEST-11-ISSUE-3166/test.sh \ test/TEST-12-ISSUE-3171/Makefile \ test/TEST-12-ISSUE-3171/test.sh \ + test/TEST-13-NSPAWN-SMOKE/Makefile \ + test/TEST-13-NSPAWN-SMOKE/has-overflow.c \ + test/TEST-13-NSPAWN-SMOKE/create-busybox-container \ + test/TEST-13-NSPAWN-SMOKE/test.sh \ test/test-functions EXTRA_DIST += \ diff --git a/test/TEST-13-NSPAWN-SMOKE/Makefile b/test/TEST-13-NSPAWN-SMOKE/Makefile new file mode 100644 index 0000000000..2ca5b12cf3 --- /dev/null +++ b/test/TEST-13-NSPAWN-SMOKE/Makefile @@ -0,0 +1,11 @@ +all: has-overflow + @make -s --no-print-directory -C ../.. all + @basedir=../.. TEST_BASE_DIR=../ ./test.sh --all +setup: has-overflow + @make --no-print-directory -C ../.. all + @basedir=../.. TEST_BASE_DIR=../ ./test.sh --setup +clean: + @basedir=../.. TEST_BASE_DIR=../ ./test.sh --clean + @rm -f has-overflow +run: + @basedir=../.. TEST_BASE_DIR=../ ./test.sh --run diff --git a/test/TEST-13-NSPAWN-SMOKE/create-busybox-container b/test/TEST-13-NSPAWN-SMOKE/create-busybox-container new file mode 100755 index 0000000000..868dfd852a --- /dev/null +++ b/test/TEST-13-NSPAWN-SMOKE/create-busybox-container @@ -0,0 +1,53 @@ +#!/bin/bash + +set -e +set -u +set -o pipefail + +root="${1:?Usage $0 container-root}" +mkdir -p "$root" +mkdir "$root/bin" +cp $(type -P busybox) "$root/bin" + +mkdir -p "$root/usr/lib" +touch "$root/usr/lib/os-release" + +ln -s busybox "$root/bin/sh" +ln -s busybox "$root/bin/cat" +ln -s busybox "$root/bin/tr" +ln -s busybox "$root/bin/ps" +ln -s busybox "$root/bin/ip" + +mkdir -p "$root/sbin" +cat <<'EOF' >"$root/sbin/init" +#!/bin/sh + +printf "ps aufx:\n" +ps aufx + +printf "/proc/1/cmdline:\n" +printf "%s\n\n" "$(tr '\0' ' ' +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define errExit(msg) do { perror(msg); exit(EXIT_FAILURE); } while (0) + +struct child_args { + int pipe_fd[2]; /* Pipe used to synchronize parent and child */ +}; + +static void usage(char *pname) { + fprintf(stderr, "Options can be:\n"); + fprintf(stderr, "\t-M uid_map Specify UID map for user namespace\n"); + fprintf(stderr, "\t-G gid_map Specify GID map for user namespace\n"); + + exit(EXIT_FAILURE); +} + +static void update_map(char *mapping, char *map_file) { + int fd, j; + size_t map_len; + + map_len = strlen(mapping); + + fd = open(map_file, O_RDWR); + if (fd == -1) { + fprintf(stderr, "ERROR: open %s: %s\n", map_file, strerror(errno)); + exit(EXIT_FAILURE); + } + + if (write(fd, mapping, map_len) != map_len) { + fprintf(stderr, "ERROR: write %s: %s\n", map_file, strerror(errno)); + exit(EXIT_FAILURE); + } + + close(fd); +} + +static void proc_setgroups_write(pid_t child_pid, char *str) { + char setgroups_path[PATH_MAX]; + int fd; + + snprintf(setgroups_path, PATH_MAX, "/proc/%ld/setgroups", (long) child_pid); + + fd = open(setgroups_path, O_RDWR); + if (fd == -1) { + if (errno != ENOENT) + fprintf(stderr, "ERROR: open %s: %s\n", setgroups_path, strerror(errno)); + return; + } + + if (write(fd, str, strlen(str)) == -1) + fprintf(stderr, "ERROR: write %s: %s\n", setgroups_path, strerror(errno)); + + close(fd); +} + +static int child_func(void *arg) { + struct child_args *args = (struct child_args *) arg; + char ch; + + close(args->pipe_fd[1]); + if (read(args->pipe_fd[0], &ch, 1) != 0) { + fprintf(stderr, "Failure in child: read from pipe returned != 0\n"); + exit(EXIT_FAILURE); + } + + mount("tmpfs", "/tmp", "tmpfs", MS_MGC_VAL, "mode=777,uid=0,gid=0"); + if (mkdir("/tmp/hey", 0777) < 0) + exit(EXIT_FAILURE); + + exit(EXIT_SUCCESS); +} + +#define STACK_SIZE (1024 * 1024) + +static char child_stack[STACK_SIZE]; + +int main(int argc, char *argv[]) { + int flags, opt; + pid_t child_pid; + struct child_args args; + char *uid_map, *gid_map; + const int MAP_BUF_SIZE = 100; + char map_buf[MAP_BUF_SIZE]; + char map_path[PATH_MAX]; + int status; + + flags = 0; + gid_map = NULL; + uid_map = NULL; + while ((opt = getopt(argc, argv, "+M:G:")) != -1) { + switch (opt) { + case 'M': + uid_map = optarg; + break; + case 'G': + gid_map = optarg; + break; + default: + usage(argv[0]); + } + } + + if (!uid_map || !gid_map) + usage(argv[0]); + + flags |= CLONE_NEWNS; + flags |= CLONE_NEWUSER; + + if (pipe(args.pipe_fd) == -1) + errExit("pipe"); + + child_pid = clone(child_func, child_stack + STACK_SIZE, flags | SIGCHLD, &args); + if (child_pid == -1) + errExit("clone"); + + snprintf(map_path, PATH_MAX, "/proc/%ld/uid_map", (long) child_pid); + update_map(uid_map, map_path); + + proc_setgroups_write(child_pid, "allow"); + snprintf(map_path, PATH_MAX, "/proc/%ld/gid_map", (long) child_pid); + update_map(gid_map, map_path); + + close(args.pipe_fd[1]); + + if (waitpid(child_pid, &status, 0) == -1) + errExit("waitpid"); + + exit(WIFEXITED(status) && WEXITSTATUS(status) == EXIT_SUCCESS ? EXIT_FAILURE : EXIT_SUCCESS); +} diff --git a/test/TEST-13-NSPAWN-SMOKE/test.sh b/test/TEST-13-NSPAWN-SMOKE/test.sh new file mode 100755 index 0000000000..dfc437c0ee --- /dev/null +++ b/test/TEST-13-NSPAWN-SMOKE/test.sh @@ -0,0 +1,138 @@ +#!/bin/bash +# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- +# ex: ts=8 sw=4 sts=4 et filetype=sh +TEST_DESCRIPTION="systemd-nspawn smoke test" +SKIP_INITRD=yes +. $TEST_BASE_DIR/test-functions + +check_result_qemu() { + ret=1 + mkdir -p $TESTDIR/root + mount ${LOOPDEV}p1 $TESTDIR/root + [[ -e $TESTDIR/root/testok ]] && ret=0 + [[ -f $TESTDIR/root/failed ]] && cp -a $TESTDIR/root/failed $TESTDIR + cp -a $TESTDIR/root/var/log/journal $TESTDIR + umount $TESTDIR/root + [[ -f $TESTDIR/failed ]] && cat $TESTDIR/failed + ls -l $TESTDIR/journal/*/*.journal + test -s $TESTDIR/failed && ret=$(($ret+1)) + return $ret +} + +test_run() { + if run_qemu; then + check_result_qemu || return 1 + else + dwarn "can't run QEMU, skipping" + fi + return 0 +} + +test_setup() { + create_empty_image + mkdir -p $TESTDIR/root + mount ${LOOPDEV}p1 $TESTDIR/root + + # Create what will eventually be our root filesystem onto an overlay + ( + LOG_LEVEL=5 + eval $(udevadm info --export --query=env --name=${LOOPDEV}p2) + + setup_basic_environment + dracut_install busybox chmod rmdir + dracut_install ./has-overflow + + cp create-busybox-container $initdir/ + + # setup the testsuite service + cat >$initdir/etc/systemd/system/testsuite.service <$initdir/test-nspawn.sh <<'EOF' +#!/bin/bash +set -x +set -e +set -u +set -o pipefail + +export SYSTEMD_LOG_LEVEL=debug + +# check cgroup-v2 +is_v2_supported=no +mkdir -p /tmp/cgroup2 +if mount -t cgroup2 cgroup2 /tmp/cgroup2; then + is_v2_supported=yes + umount /tmp/cgroup2 +fi +rmdir /tmp/cgroup2 + +# check cgroup namespaces +is_cgns_supported=no +if [[ -f /proc/1/ns/cgroup ]]; then + is_cgns_supported=yes +fi + +function run { + if [[ "$1" = "yes" && "$is_v2_supported" = "no" ]]; then + printf "Unified cgroup hierarchy is not supported. Skipping.\n" >&2 + return 0 + fi + if [[ "$2" = "yes" && "$is_cgns_supported" = "no" ]]; then + printf "Cgroup namespaces are not supported. Skipping.\n" >&2 + return 0 + fi + + local _root="/var/lib/machines/unified-$1-cgns-$2" + /create-busybox-container "$_root" + UNIFIED_CGROUP_HIERARCHY="$1" SYSTEMD_NSPAWN_USE_CGNS="$2" systemd-nspawn --register=no -D "$_root" -b + UNIFIED_CGROUP_HIERARCHY="$1" SYSTEMD_NSPAWN_USE_CGNS="$2" systemd-nspawn --register=no -D "$_root" --private-network -b + + if ! UNIFIED_CGROUP_HIERARCHY="$1" SYSTEMD_NSPAWN_USE_CGNS="$2" systemd-nspawn --register=no -D "$_root" -U -b; then + if [[ "$1" = "no" && "$2" = "yes" ]] && /has-overflow -M '0 1073283072 65536' -G '0 1073283072 65536'; then + printf "Failure expected, ignoring (see https://github.com/systemd/systemd/issues/4352)\n" >&2 + else + return 1 + fi + fi + + if ! UNIFIED_CGROUP_HIERARCHY="$1" SYSTEMD_NSPAWN_USE_CGNS="$2" systemd-nspawn --register=no -D "$_root" --private-network -U -b; then + if [[ "$1" = "no" && "$2" = "yes" ]] && /has-overflow -M '0 1073283072 65536' -G '0 1073283072 65536'; then + printf "Failure expected, ignoring (see https://github.com/systemd/systemd/issues/4352)\n" >&2 + else + return 1 + fi + fi + + return 0 +} + +run no no +run yes no +run no yes +run yes yes + +touch /testok +EOF + + chmod 0755 $initdir/test-nspawn.sh + setup_testsuite + ) || return 1 + + ddebug "umount $TESTDIR/root" + umount $TESTDIR/root +} + +test_cleanup() { + umount $TESTDIR/root 2>/dev/null + [[ $LOOPDEV ]] && losetup -d $LOOPDEV + return 0 +} + +do_test "$@" -- cgit v1.2.3-54-g00ecf From 87a47f99bc8e576a63581ad2593c62eb10a53814 Mon Sep 17 00:00:00 2001 From: Lukas Nykryn Date: Thu, 20 Oct 2016 15:27:37 +0200 Subject: failure-action: generalize failure action to emergency action --- Makefile.am | 4 +- src/core/dbus-service.c | 6 +- src/core/dbus-unit.c | 6 +- src/core/emergency-action.c | 128 ++++++++++++++++++++++++++++++++++ src/core/emergency-action.h | 41 +++++++++++ src/core/failure-action.c | 127 --------------------------------- src/core/failure-action.h | 41 ----------- src/core/job.c | 2 +- src/core/load-fragment-gperf.gperf.m4 | 8 +-- src/core/load-fragment.c | 4 +- src/core/load-fragment.h | 2 +- src/core/service.c | 2 +- src/core/service.h | 2 +- src/core/unit.c | 6 +- src/core/unit.h | 6 +- src/test/test-tables.c | 2 +- 16 files changed, 194 insertions(+), 193 deletions(-) create mode 100644 src/core/emergency-action.c create mode 100644 src/core/emergency-action.h delete mode 100644 src/core/failure-action.c delete mode 100644 src/core/failure-action.h (limited to 'Makefile.am') diff --git a/Makefile.am b/Makefile.am index 00124a29f8..07acce347e 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1275,8 +1275,8 @@ libcore_la_SOURCES = \ src/core/audit-fd.h \ src/core/show-status.c \ src/core/show-status.h \ - src/core/failure-action.c \ - src/core/failure-action.h + src/core/emergency-action.c \ + src/core/emergency-action.h nodist_libcore_la_SOURCES = \ src/core/load-fragment-gperf.c \ diff --git a/src/core/dbus-service.c b/src/core/dbus-service.c index 3c55e0f7fe..61b83d2d62 100644 --- a/src/core/dbus-service.c +++ b/src/core/dbus-service.c @@ -36,7 +36,7 @@ static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_type, service_type, ServiceType static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_result, service_result, ServiceResult); static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_restart, service_restart, ServiceRestart); static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_notify_access, notify_access, NotifyAccess); -static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_failure_action, failure_action, FailureAction); +static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_emergency_action, emergency_action, EmergencyAction); const sd_bus_vtable bus_service_vtable[] = { SD_BUS_VTABLE_START(0), @@ -50,7 +50,7 @@ const sd_bus_vtable bus_service_vtable[] = { SD_BUS_PROPERTY("RuntimeMaxUSec", "t", bus_property_get_usec, offsetof(Service, runtime_max_usec), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("WatchdogUSec", "t", bus_property_get_usec, offsetof(Service, watchdog_usec), SD_BUS_VTABLE_PROPERTY_CONST), BUS_PROPERTY_DUAL_TIMESTAMP("WatchdogTimestamp", offsetof(Service, watchdog_timestamp), 0), - SD_BUS_PROPERTY("FailureAction", "s", property_get_failure_action, offsetof(Service, failure_action), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("FailureAction", "s", property_get_emergency_action, offsetof(Service, emergency_action), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("PermissionsStartOnly", "b", bus_property_get_bool, offsetof(Service, permissions_start_only), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("RootDirectoryStartOnly", "b", bus_property_get_bool, offsetof(Service, root_directory_start_only), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("RemainAfterExit", "b", bus_property_get_bool, offsetof(Service, remain_after_exit), SD_BUS_VTABLE_PROPERTY_CONST), @@ -79,7 +79,7 @@ const sd_bus_vtable bus_service_vtable[] = { /* The following four are obsolete, and thus marked hidden here. They moved into the Unit interface */ SD_BUS_PROPERTY("StartLimitInterval", "t", bus_property_get_usec, offsetof(Unit, start_limit.interval), SD_BUS_VTABLE_PROPERTY_CONST|SD_BUS_VTABLE_HIDDEN), SD_BUS_PROPERTY("StartLimitBurst", "u", bus_property_get_unsigned, offsetof(Unit, start_limit.burst), SD_BUS_VTABLE_PROPERTY_CONST|SD_BUS_VTABLE_HIDDEN), - SD_BUS_PROPERTY("StartLimitAction", "s", property_get_failure_action, offsetof(Unit, start_limit_action), SD_BUS_VTABLE_PROPERTY_CONST|SD_BUS_VTABLE_HIDDEN), + SD_BUS_PROPERTY("StartLimitAction", "s", property_get_emergency_action, offsetof(Unit, start_limit_action), SD_BUS_VTABLE_PROPERTY_CONST|SD_BUS_VTABLE_HIDDEN), SD_BUS_PROPERTY("RebootArgument", "s", NULL, offsetof(Unit, reboot_arg), SD_BUS_VTABLE_PROPERTY_CONST|SD_BUS_VTABLE_HIDDEN), SD_BUS_VTABLE_END }; diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c index 245912fc0f..8f34fa1a52 100644 --- a/src/core/dbus-unit.c +++ b/src/core/dbus-unit.c @@ -37,7 +37,7 @@ static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_load_state, unit_load_state, UnitLoadState); static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_job_mode, job_mode, JobMode); -static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_failure_action, failure_action, FailureAction); +static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_emergency_action, emergency_action, EmergencyAction); static int property_get_names( sd_bus *bus, @@ -750,7 +750,7 @@ const sd_bus_vtable bus_unit_vtable[] = { SD_BUS_PROPERTY("IgnoreOnIsolate", "b", bus_property_get_bool, offsetof(Unit, ignore_on_isolate), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("NeedDaemonReload", "b", property_get_need_daemon_reload, 0, SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("JobTimeoutUSec", "t", bus_property_get_usec, offsetof(Unit, job_timeout), SD_BUS_VTABLE_PROPERTY_CONST), - SD_BUS_PROPERTY("JobTimeoutAction", "s", property_get_failure_action, offsetof(Unit, job_timeout_action), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("JobTimeoutAction", "s", property_get_emergency_action, offsetof(Unit, job_timeout_action), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("JobTimeoutRebootArgument", "s", NULL, offsetof(Unit, job_timeout_reboot_arg), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("ConditionResult", "b", bus_property_get_bool, offsetof(Unit, condition_result), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE), SD_BUS_PROPERTY("AssertResult", "b", bus_property_get_bool, offsetof(Unit, assert_result), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE), @@ -762,7 +762,7 @@ const sd_bus_vtable bus_unit_vtable[] = { SD_BUS_PROPERTY("Transient", "b", bus_property_get_bool, offsetof(Unit, transient), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("StartLimitIntervalSec", "t", bus_property_get_usec, offsetof(Unit, start_limit.interval), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("StartLimitBurst", "u", bus_property_get_unsigned, offsetof(Unit, start_limit.burst), SD_BUS_VTABLE_PROPERTY_CONST), - SD_BUS_PROPERTY("StartLimitAction", "s", property_get_failure_action, offsetof(Unit, start_limit_action), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("StartLimitAction", "s", property_get_emergency_action, offsetof(Unit, start_limit_action), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("RebootArgument", "s", NULL, offsetof(Unit, reboot_arg), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("InvocationID", "ay", bus_property_get_id128, offsetof(Unit, invocation_id), 0), diff --git a/src/core/emergency-action.c b/src/core/emergency-action.c new file mode 100644 index 0000000000..90232bc57a --- /dev/null +++ b/src/core/emergency-action.c @@ -0,0 +1,128 @@ +/*** + This file is part of systemd. + + Copyright 2014 Lennart Poettering + Copyright 2012 Michael Olbrich + + systemd is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as published by + the Free Software Foundation; either version 2.1 of the License, or + (at your option) any later version. + + systemd is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with systemd; If not, see . +***/ + +#include +#include + +#include "bus-error.h" +#include "bus-util.h" +#include "emergency-action.h" +#include "special.h" +#include "string-table.h" +#include "terminal-util.h" + +static void log_and_status(Manager *m, const char *message, const char *reason) { + log_warning("%s: %s", message, reason); + manager_status_printf(m, STATUS_TYPE_EMERGENCY, + ANSI_HIGHLIGHT_RED " !! " ANSI_NORMAL, + "%s: %s", message, reason); +} + +int emergency_action( + Manager *m, + EmergencyAction action, + const char *reboot_arg, + const char *reason) { + + assert(m); + assert(action >= 0); + assert(action < _EMERGENCY_ACTION_MAX); + + if (action == EMERGENCY_ACTION_NONE) + return -ECANCELED; + + if (!MANAGER_IS_SYSTEM(m)) { + /* Downgrade all options to simply exiting if we run + * in user mode */ + + log_warning("Exiting: %s", reason); + m->exit_code = MANAGER_EXIT; + return -ECANCELED; + } + + switch (action) { + + case EMERGENCY_ACTION_REBOOT: + log_and_status(m, "Rebooting", reason); + + (void) update_reboot_parameter_and_warn(reboot_arg); + (void) manager_add_job_by_name_and_warn(m, JOB_START, SPECIAL_REBOOT_TARGET, JOB_REPLACE_IRREVERSIBLY, NULL); + + break; + + case EMERGENCY_ACTION_REBOOT_FORCE: + log_and_status(m, "Forcibly rebooting", reason); + + (void) update_reboot_parameter_and_warn(reboot_arg); + m->exit_code = MANAGER_REBOOT; + + break; + + case EMERGENCY_ACTION_REBOOT_IMMEDIATE: + log_and_status(m, "Rebooting immediately", reason); + + sync(); + + if (!isempty(reboot_arg)) { + log_info("Rebooting with argument '%s'.", reboot_arg); + syscall(SYS_reboot, LINUX_REBOOT_MAGIC1, LINUX_REBOOT_MAGIC2, LINUX_REBOOT_CMD_RESTART2, reboot_arg); + log_warning_errno(errno, "Failed to reboot with parameter, retrying without: %m"); + } + + log_info("Rebooting."); + reboot(RB_AUTOBOOT); + break; + + case EMERGENCY_ACTION_POWEROFF: + log_and_status(m, "Powering off", reason); + (void) manager_add_job_by_name_and_warn(m, JOB_START, SPECIAL_POWEROFF_TARGET, JOB_REPLACE_IRREVERSIBLY, NULL); + break; + + case EMERGENCY_ACTION_POWEROFF_FORCE: + log_and_status(m, "Forcibly powering off", reason); + m->exit_code = MANAGER_POWEROFF; + break; + + case EMERGENCY_ACTION_POWEROFF_IMMEDIATE: + log_and_status(m, "Powering off immediately", reason); + + sync(); + + log_info("Powering off."); + reboot(RB_POWER_OFF); + break; + + default: + assert_not_reached("Unknown emergency action"); + } + + return -ECANCELED; +} + +static const char* const emergency_action_table[_EMERGENCY_ACTION_MAX] = { + [EMERGENCY_ACTION_NONE] = "none", + [EMERGENCY_ACTION_REBOOT] = "reboot", + [EMERGENCY_ACTION_REBOOT_FORCE] = "reboot-force", + [EMERGENCY_ACTION_REBOOT_IMMEDIATE] = "reboot-immediate", + [EMERGENCY_ACTION_POWEROFF] = "poweroff", + [EMERGENCY_ACTION_POWEROFF_FORCE] = "poweroff-force", + [EMERGENCY_ACTION_POWEROFF_IMMEDIATE] = "poweroff-immediate" +}; +DEFINE_STRING_TABLE_LOOKUP(emergency_action, EmergencyAction); diff --git a/src/core/emergency-action.h b/src/core/emergency-action.h new file mode 100644 index 0000000000..8804b59752 --- /dev/null +++ b/src/core/emergency-action.h @@ -0,0 +1,41 @@ +#pragma once + +/*** + This file is part of systemd. + + Copyright 2014 Lennart Poettering + Copyright 2012 Michael Olbrich + + systemd is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as published by + the Free Software Foundation; either version 2.1 of the License, or + (at your option) any later version. + + systemd is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with systemd; If not, see . +***/ + +typedef enum EmergencyAction { + EMERGENCY_ACTION_NONE, + EMERGENCY_ACTION_REBOOT, + EMERGENCY_ACTION_REBOOT_FORCE, + EMERGENCY_ACTION_REBOOT_IMMEDIATE, + EMERGENCY_ACTION_POWEROFF, + EMERGENCY_ACTION_POWEROFF_FORCE, + EMERGENCY_ACTION_POWEROFF_IMMEDIATE, + _EMERGENCY_ACTION_MAX, + _EMERGENCY_ACTION_INVALID = -1 +} EmergencyAction; + +#include "macro.h" +#include "manager.h" + +int emergency_action(Manager *m, EmergencyAction action, const char *reboot_arg, const char *reason); + +const char* emergency_action_to_string(EmergencyAction i) _const_; +EmergencyAction emergency_action_from_string(const char *s) _pure_; diff --git a/src/core/failure-action.c b/src/core/failure-action.c deleted file mode 100644 index ddae46190f..0000000000 --- a/src/core/failure-action.c +++ /dev/null @@ -1,127 +0,0 @@ -/*** - This file is part of systemd. - - Copyright 2014 Lennart Poettering - Copyright 2012 Michael Olbrich - - systemd is free software; you can redistribute it and/or modify it - under the terms of the GNU Lesser General Public License as published by - the Free Software Foundation; either version 2.1 of the License, or - (at your option) any later version. - - systemd is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public License - along with systemd; If not, see . -***/ - -#include -#include - -#include "bus-error.h" -#include "bus-util.h" -#include "failure-action.h" -#include "special.h" -#include "string-table.h" -#include "terminal-util.h" - -static void log_and_status(Manager *m, const char *message) { - log_warning("%s", message); - manager_status_printf(m, STATUS_TYPE_EMERGENCY, - ANSI_HIGHLIGHT_RED " !! " ANSI_NORMAL, - "%s", message); -} - -int failure_action( - Manager *m, - FailureAction action, - const char *reboot_arg) { - - assert(m); - assert(action >= 0); - assert(action < _FAILURE_ACTION_MAX); - - if (action == FAILURE_ACTION_NONE) - return -ECANCELED; - - if (!MANAGER_IS_SYSTEM(m)) { - /* Downgrade all options to simply exiting if we run - * in user mode */ - - log_warning("Exiting as result of failure."); - m->exit_code = MANAGER_EXIT; - return -ECANCELED; - } - - switch (action) { - - case FAILURE_ACTION_REBOOT: - log_and_status(m, "Rebooting as result of failure."); - - (void) update_reboot_parameter_and_warn(reboot_arg); - (void) manager_add_job_by_name_and_warn(m, JOB_START, SPECIAL_REBOOT_TARGET, JOB_REPLACE_IRREVERSIBLY, NULL); - - break; - - case FAILURE_ACTION_REBOOT_FORCE: - log_and_status(m, "Forcibly rebooting as result of failure."); - - (void) update_reboot_parameter_and_warn(reboot_arg); - m->exit_code = MANAGER_REBOOT; - - break; - - case FAILURE_ACTION_REBOOT_IMMEDIATE: - log_and_status(m, "Rebooting immediately as result of failure."); - - sync(); - - if (!isempty(reboot_arg)) { - log_info("Rebooting with argument '%s'.", reboot_arg); - syscall(SYS_reboot, LINUX_REBOOT_MAGIC1, LINUX_REBOOT_MAGIC2, LINUX_REBOOT_CMD_RESTART2, reboot_arg); - log_warning_errno(errno, "Failed to reboot with parameter, retrying without: %m"); - } - - log_info("Rebooting."); - reboot(RB_AUTOBOOT); - break; - - case FAILURE_ACTION_POWEROFF: - log_and_status(m, "Powering off as result of failure."); - (void) manager_add_job_by_name_and_warn(m, JOB_START, SPECIAL_POWEROFF_TARGET, JOB_REPLACE_IRREVERSIBLY, NULL); - break; - - case FAILURE_ACTION_POWEROFF_FORCE: - log_and_status(m, "Forcibly powering off as result of failure."); - m->exit_code = MANAGER_POWEROFF; - break; - - case FAILURE_ACTION_POWEROFF_IMMEDIATE: - log_and_status(m, "Powering off immediately as result of failure."); - - sync(); - - log_info("Powering off."); - reboot(RB_POWER_OFF); - break; - - default: - assert_not_reached("Unknown failure action"); - } - - return -ECANCELED; -} - -static const char* const failure_action_table[_FAILURE_ACTION_MAX] = { - [FAILURE_ACTION_NONE] = "none", - [FAILURE_ACTION_REBOOT] = "reboot", - [FAILURE_ACTION_REBOOT_FORCE] = "reboot-force", - [FAILURE_ACTION_REBOOT_IMMEDIATE] = "reboot-immediate", - [FAILURE_ACTION_POWEROFF] = "poweroff", - [FAILURE_ACTION_POWEROFF_FORCE] = "poweroff-force", - [FAILURE_ACTION_POWEROFF_IMMEDIATE] = "poweroff-immediate" -}; -DEFINE_STRING_TABLE_LOOKUP(failure_action, FailureAction); diff --git a/src/core/failure-action.h b/src/core/failure-action.h deleted file mode 100644 index 1adac4ad5c..0000000000 --- a/src/core/failure-action.h +++ /dev/null @@ -1,41 +0,0 @@ -#pragma once - -/*** - This file is part of systemd. - - Copyright 2014 Lennart Poettering - Copyright 2012 Michael Olbrich - - systemd is free software; you can redistribute it and/or modify it - under the terms of the GNU Lesser General Public License as published by - the Free Software Foundation; either version 2.1 of the License, or - (at your option) any later version. - - systemd is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public License - along with systemd; If not, see . -***/ - -typedef enum FailureAction { - FAILURE_ACTION_NONE, - FAILURE_ACTION_REBOOT, - FAILURE_ACTION_REBOOT_FORCE, - FAILURE_ACTION_REBOOT_IMMEDIATE, - FAILURE_ACTION_POWEROFF, - FAILURE_ACTION_POWEROFF_FORCE, - FAILURE_ACTION_POWEROFF_IMMEDIATE, - _FAILURE_ACTION_MAX, - _FAILURE_ACTION_INVALID = -1 -} FailureAction; - -#include "macro.h" -#include "manager.h" - -int failure_action(Manager *m, FailureAction action, const char *reboot_arg); - -const char* failure_action_to_string(FailureAction i) _const_; -FailureAction failure_action_from_string(const char *s) _pure_; diff --git a/src/core/job.c b/src/core/job.c index 7faf2ef686..3ecc8a1a73 100644 --- a/src/core/job.c +++ b/src/core/job.c @@ -927,7 +927,7 @@ static int job_dispatch_timer(sd_event_source *s, uint64_t monotonic, void *user u = j->unit; job_finish_and_invalidate(j, JOB_TIMEOUT, true, false); - failure_action(u->manager, u->job_timeout_action, u->job_timeout_reboot_arg); + emergency_action(u->manager, u->job_timeout_action, u->job_timeout_reboot_arg, "job timed out"); return 0; } diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4 index 08c88b6b53..af2f9d960b 100644 --- a/src/core/load-fragment-gperf.gperf.m4 +++ b/src/core/load-fragment-gperf.gperf.m4 @@ -188,13 +188,13 @@ Unit.OnFailureIsolate, config_parse_job_mode_isolate, 0, Unit.IgnoreOnIsolate, config_parse_bool, 0, offsetof(Unit, ignore_on_isolate) Unit.IgnoreOnSnapshot, config_parse_warn_compat, DISABLED_LEGACY, 0 Unit.JobTimeoutSec, config_parse_sec_fix_0, 0, offsetof(Unit, job_timeout) -Unit.JobTimeoutAction, config_parse_failure_action, 0, offsetof(Unit, job_timeout_action) +Unit.JobTimeoutAction, config_parse_emergency_action, 0, offsetof(Unit, job_timeout_action) Unit.JobTimeoutRebootArgument, config_parse_string, 0, offsetof(Unit, job_timeout_reboot_arg) Unit.StartLimitIntervalSec, config_parse_sec, 0, offsetof(Unit, start_limit.interval) m4_dnl The following is a legacy alias name for compatibility Unit.StartLimitInterval, config_parse_sec, 0, offsetof(Unit, start_limit.interval) Unit.StartLimitBurst, config_parse_unsigned, 0, offsetof(Unit, start_limit.burst) -Unit.StartLimitAction, config_parse_failure_action, 0, offsetof(Unit, start_limit_action) +Unit.StartLimitAction, config_parse_emergency_action, 0, offsetof(Unit, start_limit_action) Unit.RebootArgument, config_parse_string, 0, offsetof(Unit, reboot_arg) Unit.ConditionPathExists, config_parse_unit_condition_path, CONDITION_PATH_EXISTS, offsetof(Unit, conditions) Unit.ConditionPathExistsGlob, config_parse_unit_condition_path, CONDITION_PATH_EXISTS_GLOB, offsetof(Unit, conditions) @@ -251,9 +251,9 @@ Service.WatchdogSec, config_parse_sec, 0, m4_dnl The following three only exist for compatibility, they moved into Unit, see above Service.StartLimitInterval, config_parse_sec, 0, offsetof(Unit, start_limit.interval) Service.StartLimitBurst, config_parse_unsigned, 0, offsetof(Unit, start_limit.burst) -Service.StartLimitAction, config_parse_failure_action, 0, offsetof(Unit, start_limit_action) +Service.StartLimitAction, config_parse_emergency_action, 0, offsetof(Unit, start_limit_action) Service.RebootArgument, config_parse_string, 0, offsetof(Unit, reboot_arg) -Service.FailureAction, config_parse_failure_action, 0, offsetof(Service, failure_action) +Service.FailureAction, config_parse_emergency_action, 0, offsetof(Service, emergency_action) Service.Type, config_parse_service_type, 0, offsetof(Service, type) Service.Restart, config_parse_service_restart, 0, offsetof(Service, restart) Service.PermissionsStartOnly, config_parse_bool, 0, offsetof(Service, permissions_start_only) diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c index a69f60097d..6f68e23340 100644 --- a/src/core/load-fragment.c +++ b/src/core/load-fragment.c @@ -2523,7 +2523,7 @@ int config_parse_unit_condition_null( } DEFINE_CONFIG_PARSE_ENUM(config_parse_notify_access, notify_access, NotifyAccess, "Failed to parse notify access specifier"); -DEFINE_CONFIG_PARSE_ENUM(config_parse_failure_action, failure_action, FailureAction, "Failed to parse failure action specifier"); +DEFINE_CONFIG_PARSE_ENUM(config_parse_emergency_action, emergency_action, EmergencyAction, "Failed to parse failure action specifier"); int config_parse_unit_requires_mounts_for( const char *unit, @@ -4315,7 +4315,7 @@ void unit_dump_config_items(FILE *f) { { config_parse_unit_slice, "SLICE" }, { config_parse_documentation, "URL" }, { config_parse_service_timeout, "SECONDS" }, - { config_parse_failure_action, "ACTION" }, + { config_parse_emergency_action, "ACTION" }, { config_parse_set_status, "STATUS" }, { config_parse_service_sockets, "SOCKETS" }, { config_parse_environ, "ENVIRON" }, diff --git a/src/core/load-fragment.h b/src/core/load-fragment.h index 6d1fe55bcd..c05f205c37 100644 --- a/src/core/load-fragment.h +++ b/src/core/load-fragment.h @@ -75,7 +75,7 @@ int config_parse_unit_condition_string(const char *unit, const char *filename, u int config_parse_unit_condition_null(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata); int config_parse_kill_mode(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata); int config_parse_notify_access(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata); -int config_parse_failure_action(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata); +int config_parse_emergency_action(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata); int config_parse_unit_requires_mounts_for(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata); int config_parse_syscall_filter(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata); int config_parse_syscall_archs(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata); diff --git a/src/core/service.c b/src/core/service.c index f9127d7509..5b92c901e3 100644 --- a/src/core/service.c +++ b/src/core/service.c @@ -1455,7 +1455,7 @@ static void service_enter_dead(Service *s, ServiceResult f, bool allow_restart) if (s->result != SERVICE_SUCCESS) { log_unit_warning(UNIT(s), "Failed with result '%s'.", service_result_to_string(s->result)); - failure_action(UNIT(s)->manager, s->failure_action, UNIT(s)->reboot_arg); + emergency_action(UNIT(s)->manager, s->emergency_action, UNIT(s)->reboot_arg, "service failed"); } if (allow_restart && service_shall_restart(s)) { diff --git a/src/core/service.h b/src/core/service.h index 888007cc0b..2869144fcb 100644 --- a/src/core/service.h +++ b/src/core/service.h @@ -178,7 +178,7 @@ struct Service { char *status_text; int status_errno; - FailureAction failure_action; + EmergencyAction emergency_action; UnitRef accept_socket; diff --git a/src/core/unit.c b/src/core/unit.c index 2fa397bd41..cabb1050a8 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -982,8 +982,8 @@ void unit_dump(Unit *u, FILE *f, const char *prefix) { if (u->job_timeout != USEC_INFINITY) fprintf(f, "%s\tJob Timeout: %s\n", prefix, format_timespan(timespan, sizeof(timespan), u->job_timeout, 0)); - if (u->job_timeout_action != FAILURE_ACTION_NONE) - fprintf(f, "%s\tJob Timeout Action: %s\n", prefix, failure_action_to_string(u->job_timeout_action)); + if (u->job_timeout_action != EMERGENCY_ACTION_NONE) + fprintf(f, "%s\tJob Timeout Action: %s\n", prefix, emergency_action_to_string(u->job_timeout_action)); if (u->job_timeout_reboot_arg) fprintf(f, "%s\tJob Timeout Reboot Argument: %s\n", prefix, u->job_timeout_reboot_arg); @@ -1490,7 +1490,7 @@ int unit_start_limit_test(Unit *u) { log_unit_warning(u, "Start request repeated too quickly."); u->start_limit_hit = true; - return failure_action(u->manager, u->start_limit_action, u->reboot_arg); + return emergency_action(u->manager, u->start_limit_action, u->reboot_arg, "unit failed"); } /* Errors: diff --git a/src/core/unit.h b/src/core/unit.h index a8dd3e602c..adcdee6db6 100644 --- a/src/core/unit.h +++ b/src/core/unit.h @@ -29,7 +29,7 @@ typedef struct UnitRef UnitRef; typedef struct UnitStatusMessageFormats UnitStatusMessageFormats; #include "condition.h" -#include "failure-action.h" +#include "emergency-action.h" #include "install.h" #include "list.h" #include "unit-name.h" @@ -114,7 +114,7 @@ struct Unit { /* Job timeout and action to take */ usec_t job_timeout; - FailureAction job_timeout_action; + EmergencyAction job_timeout_action; char *job_timeout_reboot_arg; /* References to this */ @@ -178,7 +178,7 @@ struct Unit { /* Put a ratelimit on unit starting */ RateLimit start_limit; - FailureAction start_limit_action; + EmergencyAction start_limit_action; char *reboot_arg; /* Make sure we never enter endless loops with the check unneeded logic, or the BindsTo= logic */ diff --git a/src/test/test-tables.c b/src/test/test-tables.c index 0be74921fc..8d4622694e 100644 --- a/src/test/test-tables.c +++ b/src/test/test-tables.c @@ -63,7 +63,7 @@ int main(int argc, char **argv) { test_table(device_state, DEVICE_STATE); test_table(exec_input, EXEC_INPUT); test_table(exec_output, EXEC_OUTPUT); - test_table(failure_action, FAILURE_ACTION); + test_table(emergency_action, EMERGENCY_ACTION); test_table(job_mode, JOB_MODE); test_table(job_result, JOB_RESULT); test_table(job_state, JOB_STATE); -- cgit v1.2.3-54-g00ecf From 86b838eaa36814f1a9c02f3289328cd0ec42d1ff Mon Sep 17 00:00:00 2001 From: Djalal Harouni Date: Fri, 14 Oct 2016 10:32:27 +0200 Subject: test: Add simple test for supplementary groups --- Makefile.am | 1 + src/test/test-execute.c | 5 +++++ test/test-execute/exec-supplementarygroups.service | 7 +++++++ 3 files changed, 13 insertions(+) create mode 100644 test/test-execute/exec-supplementarygroups.service (limited to 'Makefile.am') diff --git a/Makefile.am b/Makefile.am index 07acce347e..0debd38964 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1627,6 +1627,7 @@ EXTRA_DIST += \ test/test-execute/exec-passenvironment.service \ test/test-execute/exec-group.service \ test/test-execute/exec-group-nfsnobody.service \ + test/test-execute/exec-supplementarygroups.service \ test/test-execute/exec-ignoresigpipe-no.service \ test/test-execute/exec-ignoresigpipe-yes.service \ test/test-execute/exec-personality-x86-64.service \ diff --git a/src/test/test-execute.c b/src/test/test-execute.c index e8ff02adaf..cda035c6e7 100644 --- a/src/test/test-execute.c +++ b/src/test/test-execute.c @@ -218,6 +218,10 @@ static void test_exec_group(Manager *m) { log_error_errno(errno, "Skipping test_exec_group, could not find nobody/nfsnobody group: %m"); } +static void test_exec_supplementary_groups(Manager *m) { + test(m, "exec-supplementarygroups.service", 0, CLD_EXITED); +} + static void test_exec_environment(Manager *m) { test(m, "exec-environment.service", 0, CLD_EXITED); test(m, "exec-environment-multiple.service", 0, CLD_EXITED); @@ -390,6 +394,7 @@ int main(int argc, char *argv[]) { test_exec_systemcallerrornumber, test_exec_user, test_exec_group, + test_exec_supplementary_groups, test_exec_environment, test_exec_environmentfile, test_exec_passenvironment, diff --git a/test/test-execute/exec-supplementarygroups.service b/test/test-execute/exec-supplementarygroups.service new file mode 100644 index 0000000000..43a9a981f2 --- /dev/null +++ b/test/test-execute/exec-supplementarygroups.service @@ -0,0 +1,7 @@ +[Unit] +Description=Test for Supplementary Group + +[Service] +ExecStart=/bin/sh -x -c 'test "$$(id -G)" = "0 1"' +Type=oneshot +SupplementaryGroups=1 -- cgit v1.2.3-54-g00ecf From bf9ace96fc764fb6c795790a5febade4689f9aba Mon Sep 17 00:00:00 2001 From: Djalal Harouni Date: Mon, 17 Oct 2016 10:06:18 +0200 Subject: test: add more tests for SupplementaryGroups= --- Makefile.am | 2 ++ src/test/test-execute.c | 2 ++ .../exec-supplementarygroups-single-group-user.service | 9 +++++++++ test/test-execute/exec-supplementarygroups-single-group.service | 8 ++++++++ 4 files changed, 21 insertions(+) create mode 100644 test/test-execute/exec-supplementarygroups-single-group-user.service create mode 100644 test/test-execute/exec-supplementarygroups-single-group.service (limited to 'Makefile.am') diff --git a/Makefile.am b/Makefile.am index 0debd38964..c49edef7b2 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1628,6 +1628,8 @@ EXTRA_DIST += \ test/test-execute/exec-group.service \ test/test-execute/exec-group-nfsnobody.service \ test/test-execute/exec-supplementarygroups.service \ + test/test-execute/exec-supplementarygroups-single-group.service \ + test/test-execute/exec-supplementarygroups-single-group-user.service \ test/test-execute/exec-ignoresigpipe-no.service \ test/test-execute/exec-ignoresigpipe-yes.service \ test/test-execute/exec-personality-x86-64.service \ diff --git a/src/test/test-execute.c b/src/test/test-execute.c index cda035c6e7..1254ef8a05 100644 --- a/src/test/test-execute.c +++ b/src/test/test-execute.c @@ -220,6 +220,8 @@ static void test_exec_group(Manager *m) { static void test_exec_supplementary_groups(Manager *m) { test(m, "exec-supplementarygroups.service", 0, CLD_EXITED); + test(m, "exec-supplementarygroups-single-group.service", 0, CLD_EXITED); + test(m, "exec-supplementarygroups-single-group-user.service", 0, CLD_EXITED); } static void test_exec_environment(Manager *m) { diff --git a/test/test-execute/exec-supplementarygroups-single-group-user.service b/test/test-execute/exec-supplementarygroups-single-group-user.service new file mode 100644 index 0000000000..ed6276d303 --- /dev/null +++ b/test/test-execute/exec-supplementarygroups-single-group-user.service @@ -0,0 +1,9 @@ +[Unit] +Description=Test for Supplementary Group with only one group and uid 1 + +[Service] +ExecStart=/bin/sh -x -c 'test "$$(id -G)" = "1" && test "$$(id -g)" = "1" && test "$$(id -u)" = "1"' +Type=oneshot +User=1 +Group=1 +SupplementaryGroups=1 diff --git a/test/test-execute/exec-supplementarygroups-single-group.service b/test/test-execute/exec-supplementarygroups-single-group.service new file mode 100644 index 0000000000..ee502b3d37 --- /dev/null +++ b/test/test-execute/exec-supplementarygroups-single-group.service @@ -0,0 +1,8 @@ +[Unit] +Description=Test for Supplementary Group with only one group + +[Service] +ExecStart=/bin/sh -x -c 'test "$$(id -G)" = "1" && test "$$(id -g)" = "1" && test "$$(id -u)" = "0"' +Type=oneshot +Group=1 +SupplementaryGroups=1 -- cgit v1.2.3-54-g00ecf From 844da987ef8b8c98f837d3328eeb3ed481f43835 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Thu, 20 Oct 2016 09:16:23 +0000 Subject: tests/TEST-13-NSPAWN-SMOKE: remove an expected failure check https://github.com/systemd/systemd/issues/4352 has been fixed So, we don't need this workaround anymore --- Makefile.am | 1 - test/TEST-13-NSPAWN-SMOKE/Makefile | 4 +- test/TEST-13-NSPAWN-SMOKE/has-overflow.c | 143 ------------------------------- test/TEST-13-NSPAWN-SMOKE/test.sh | 19 +--- 4 files changed, 4 insertions(+), 163 deletions(-) delete mode 100644 test/TEST-13-NSPAWN-SMOKE/has-overflow.c (limited to 'Makefile.am') diff --git a/Makefile.am b/Makefile.am index 00124a29f8..b68f380e49 100644 --- a/Makefile.am +++ b/Makefile.am @@ -6031,7 +6031,6 @@ EXTRA_DIST += \ test/TEST-12-ISSUE-3171/Makefile \ test/TEST-12-ISSUE-3171/test.sh \ test/TEST-13-NSPAWN-SMOKE/Makefile \ - test/TEST-13-NSPAWN-SMOKE/has-overflow.c \ test/TEST-13-NSPAWN-SMOKE/create-busybox-container \ test/TEST-13-NSPAWN-SMOKE/test.sh \ test/test-functions diff --git a/test/TEST-13-NSPAWN-SMOKE/Makefile b/test/TEST-13-NSPAWN-SMOKE/Makefile index 2ca5b12cf3..ff1470f852 100644 --- a/test/TEST-13-NSPAWN-SMOKE/Makefile +++ b/test/TEST-13-NSPAWN-SMOKE/Makefile @@ -1,7 +1,7 @@ -all: has-overflow +all: @make -s --no-print-directory -C ../.. all @basedir=../.. TEST_BASE_DIR=../ ./test.sh --all -setup: has-overflow +setup: @make --no-print-directory -C ../.. all @basedir=../.. TEST_BASE_DIR=../ ./test.sh --setup clean: diff --git a/test/TEST-13-NSPAWN-SMOKE/has-overflow.c b/test/TEST-13-NSPAWN-SMOKE/has-overflow.c deleted file mode 100644 index 1b3331fad7..0000000000 --- a/test/TEST-13-NSPAWN-SMOKE/has-overflow.c +++ /dev/null @@ -1,143 +0,0 @@ -#define _GNU_SOURCE -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define errExit(msg) do { perror(msg); exit(EXIT_FAILURE); } while (0) - -struct child_args { - int pipe_fd[2]; /* Pipe used to synchronize parent and child */ -}; - -static void usage(char *pname) { - fprintf(stderr, "Options can be:\n"); - fprintf(stderr, "\t-M uid_map Specify UID map for user namespace\n"); - fprintf(stderr, "\t-G gid_map Specify GID map for user namespace\n"); - - exit(EXIT_FAILURE); -} - -static void update_map(char *mapping, char *map_file) { - int fd, j; - size_t map_len; - - map_len = strlen(mapping); - - fd = open(map_file, O_RDWR); - if (fd == -1) { - fprintf(stderr, "ERROR: open %s: %s\n", map_file, strerror(errno)); - exit(EXIT_FAILURE); - } - - if (write(fd, mapping, map_len) != map_len) { - fprintf(stderr, "ERROR: write %s: %s\n", map_file, strerror(errno)); - exit(EXIT_FAILURE); - } - - close(fd); -} - -static void proc_setgroups_write(pid_t child_pid, char *str) { - char setgroups_path[PATH_MAX]; - int fd; - - snprintf(setgroups_path, PATH_MAX, "/proc/%ld/setgroups", (long) child_pid); - - fd = open(setgroups_path, O_RDWR); - if (fd == -1) { - if (errno != ENOENT) - fprintf(stderr, "ERROR: open %s: %s\n", setgroups_path, strerror(errno)); - return; - } - - if (write(fd, str, strlen(str)) == -1) - fprintf(stderr, "ERROR: write %s: %s\n", setgroups_path, strerror(errno)); - - close(fd); -} - -static int child_func(void *arg) { - struct child_args *args = (struct child_args *) arg; - char ch; - - close(args->pipe_fd[1]); - if (read(args->pipe_fd[0], &ch, 1) != 0) { - fprintf(stderr, "Failure in child: read from pipe returned != 0\n"); - exit(EXIT_FAILURE); - } - - mount("tmpfs", "/tmp", "tmpfs", MS_MGC_VAL, "mode=777,uid=0,gid=0"); - if (mkdir("/tmp/hey", 0777) < 0) - exit(EXIT_FAILURE); - - exit(EXIT_SUCCESS); -} - -#define STACK_SIZE (1024 * 1024) - -static char child_stack[STACK_SIZE]; - -int main(int argc, char *argv[]) { - int flags, opt; - pid_t child_pid; - struct child_args args; - char *uid_map, *gid_map; - const int MAP_BUF_SIZE = 100; - char map_buf[MAP_BUF_SIZE]; - char map_path[PATH_MAX]; - int status; - - flags = 0; - gid_map = NULL; - uid_map = NULL; - while ((opt = getopt(argc, argv, "+M:G:")) != -1) { - switch (opt) { - case 'M': - uid_map = optarg; - break; - case 'G': - gid_map = optarg; - break; - default: - usage(argv[0]); - } - } - - if (!uid_map || !gid_map) - usage(argv[0]); - - flags |= CLONE_NEWNS; - flags |= CLONE_NEWUSER; - - if (pipe(args.pipe_fd) == -1) - errExit("pipe"); - - child_pid = clone(child_func, child_stack + STACK_SIZE, flags | SIGCHLD, &args); - if (child_pid == -1) - errExit("clone"); - - snprintf(map_path, PATH_MAX, "/proc/%ld/uid_map", (long) child_pid); - update_map(uid_map, map_path); - - proc_setgroups_write(child_pid, "allow"); - snprintf(map_path, PATH_MAX, "/proc/%ld/gid_map", (long) child_pid); - update_map(gid_map, map_path); - - close(args.pipe_fd[1]); - - if (waitpid(child_pid, &status, 0) == -1) - errExit("waitpid"); - - exit(WIFEXITED(status) && WEXITSTATUS(status) == EXIT_SUCCESS ? EXIT_FAILURE : EXIT_SUCCESS); -} diff --git a/test/TEST-13-NSPAWN-SMOKE/test.sh b/test/TEST-13-NSPAWN-SMOKE/test.sh index dfc437c0ee..e6977a7f1c 100755 --- a/test/TEST-13-NSPAWN-SMOKE/test.sh +++ b/test/TEST-13-NSPAWN-SMOKE/test.sh @@ -40,7 +40,6 @@ test_setup() { setup_basic_environment dracut_install busybox chmod rmdir - dracut_install ./has-overflow cp create-busybox-container $initdir/ @@ -93,22 +92,8 @@ function run { /create-busybox-container "$_root" UNIFIED_CGROUP_HIERARCHY="$1" SYSTEMD_NSPAWN_USE_CGNS="$2" systemd-nspawn --register=no -D "$_root" -b UNIFIED_CGROUP_HIERARCHY="$1" SYSTEMD_NSPAWN_USE_CGNS="$2" systemd-nspawn --register=no -D "$_root" --private-network -b - - if ! UNIFIED_CGROUP_HIERARCHY="$1" SYSTEMD_NSPAWN_USE_CGNS="$2" systemd-nspawn --register=no -D "$_root" -U -b; then - if [[ "$1" = "no" && "$2" = "yes" ]] && /has-overflow -M '0 1073283072 65536' -G '0 1073283072 65536'; then - printf "Failure expected, ignoring (see https://github.com/systemd/systemd/issues/4352)\n" >&2 - else - return 1 - fi - fi - - if ! UNIFIED_CGROUP_HIERARCHY="$1" SYSTEMD_NSPAWN_USE_CGNS="$2" systemd-nspawn --register=no -D "$_root" --private-network -U -b; then - if [[ "$1" = "no" && "$2" = "yes" ]] && /has-overflow -M '0 1073283072 65536' -G '0 1073283072 65536'; then - printf "Failure expected, ignoring (see https://github.com/systemd/systemd/issues/4352)\n" >&2 - else - return 1 - fi - fi + UNIFIED_CGROUP_HIERARCHY="$1" SYSTEMD_NSPAWN_USE_CGNS="$2" systemd-nspawn --register=no -D "$_root" -U -b + UNIFIED_CGROUP_HIERARCHY="$1" SYSTEMD_NSPAWN_USE_CGNS="$2" systemd-nspawn --register=no -D "$_root" --private-network -U -b return 0 } -- cgit v1.2.3-54-g00ecf From 50ca7a35a1c4b7550bc7f219d1c54052a2662445 Mon Sep 17 00:00:00 2001 From: Djalal Harouni Date: Mon, 24 Oct 2016 12:38:53 +0200 Subject: test: lets add more tests to cover SupplementaryGroups= cases. --- Makefile.am | 3 +++ src/test/test-execute.c | 3 +++ ...supplementarygroups-multiple-groups-default-group-user.service | 7 +++++++ .../exec-supplementarygroups-multiple-groups-withgid.service | 8 ++++++++ .../exec-supplementarygroups-multiple-groups-withuid.service | 8 ++++++++ 5 files changed, 29 insertions(+) create mode 100644 test/test-execute/exec-supplementarygroups-multiple-groups-default-group-user.service create mode 100644 test/test-execute/exec-supplementarygroups-multiple-groups-withgid.service create mode 100644 test/test-execute/exec-supplementarygroups-multiple-groups-withuid.service (limited to 'Makefile.am') diff --git a/Makefile.am b/Makefile.am index 04e1b71e9e..18a5f4a82a 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1630,6 +1630,9 @@ EXTRA_DIST += \ test/test-execute/exec-supplementarygroups.service \ test/test-execute/exec-supplementarygroups-single-group.service \ test/test-execute/exec-supplementarygroups-single-group-user.service \ + test/test-execute/exec-supplementarygroups-multiple-groups-default-group-user.service \ + test/test-execute/exec-supplementarygroups-multiple-groups-withgid.service \ + test/test-execute/exec-supplementarygroups-multiple-groups-withuid.service \ test/test-execute/exec-ignoresigpipe-no.service \ test/test-execute/exec-ignoresigpipe-yes.service \ test/test-execute/exec-personality-x86-64.service \ diff --git a/src/test/test-execute.c b/src/test/test-execute.c index 1254ef8a05..404421a2b8 100644 --- a/src/test/test-execute.c +++ b/src/test/test-execute.c @@ -222,6 +222,9 @@ static void test_exec_supplementary_groups(Manager *m) { test(m, "exec-supplementarygroups.service", 0, CLD_EXITED); test(m, "exec-supplementarygroups-single-group.service", 0, CLD_EXITED); test(m, "exec-supplementarygroups-single-group-user.service", 0, CLD_EXITED); + test(m, "exec-supplementarygroups-multiple-groups-default-group-user.service", 0, CLD_EXITED); + test(m, "exec-supplementarygroups-multiple-groups-withgid.service", 0, CLD_EXITED); + test(m, "exec-supplementarygroups-multiple-groups-withuid.service", 0, CLD_EXITED); } static void test_exec_environment(Manager *m) { diff --git a/test/test-execute/exec-supplementarygroups-multiple-groups-default-group-user.service b/test/test-execute/exec-supplementarygroups-multiple-groups-default-group-user.service new file mode 100644 index 0000000000..a49c9d26a1 --- /dev/null +++ b/test/test-execute/exec-supplementarygroups-multiple-groups-default-group-user.service @@ -0,0 +1,7 @@ +[Unit] +Description=Test for Supplementary Group with multiple groups without Group and User + +[Service] +ExecStart=/bin/sh -x -c 'test "$$(id -G)" = "0 1 2 3" && test "$$(id -g)" = "0" && test "$$(id -u)" = "0"' +Type=oneshot +SupplementaryGroups=1 2 3 diff --git a/test/test-execute/exec-supplementarygroups-multiple-groups-withgid.service b/test/test-execute/exec-supplementarygroups-multiple-groups-withgid.service new file mode 100644 index 0000000000..5c62c1d639 --- /dev/null +++ b/test/test-execute/exec-supplementarygroups-multiple-groups-withgid.service @@ -0,0 +1,8 @@ +[Unit] +Description=Test for Supplementary Group with multiple groups and Group=1 + +[Service] +ExecStart=/bin/sh -x -c 'test "$$(id -G)" = "1 2 3" && test "$$(id -g)" = "1" && test "$$(id -u)" = "0"' +Type=oneshot +Group=1 +SupplementaryGroups=1 2 3 diff --git a/test/test-execute/exec-supplementarygroups-multiple-groups-withuid.service b/test/test-execute/exec-supplementarygroups-multiple-groups-withuid.service new file mode 100644 index 0000000000..00523e383b --- /dev/null +++ b/test/test-execute/exec-supplementarygroups-multiple-groups-withuid.service @@ -0,0 +1,8 @@ +[Unit] +Description=Test for Supplementary Group with multiple groups and Uid=1 + +[Service] +ExecStart=/bin/sh -x -c 'test "$$(id -G)" = "1 2 3" && test "$$(id -g)" = "1" && test "$$(id -u)" = "1"' +Type=oneshot +User=1 +SupplementaryGroups=1 2 3 -- cgit v1.2.3-54-g00ecf From f6281133def1da2d7ac875b8cf5af5c32bc63fd8 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 21 Oct 2016 21:48:10 +0200 Subject: seccomp: add test-seccomp test tool This validates the system call set table and many of our seccomp-util.c APIs. --- Makefile.am | 11 +++++ src/shared/seccomp-util.h | 1 + src/test/test-seccomp.c | 103 ++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 115 insertions(+) create mode 100644 src/test/test-seccomp.c (limited to 'Makefile.am') diff --git a/Makefile.am b/Makefile.am index 18a5f4a82a..8ef3b42c41 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1570,6 +1570,11 @@ tests += \ test-acl-util endif +if HAVE_SECCOMP +tests += \ + test-seccomp +endif + EXTRA_DIST += \ test/a.service \ test/basic.target \ @@ -2038,6 +2043,12 @@ test_acl_util_SOURCES = \ test_acl_util_LDADD = \ libsystemd-shared.la +test_seccomp_SOURCES = \ + src/test/test-seccomp.c + +test_seccomp_LDADD = \ + libsystemd-shared.la + test_namespace_LDADD = \ libcore.la diff --git a/src/shared/seccomp-util.h b/src/shared/seccomp-util.h index 667687b14f..8050fc6fbf 100644 --- a/src/shared/seccomp-util.h +++ b/src/shared/seccomp-util.h @@ -20,6 +20,7 @@ ***/ #include +#include #include const char* seccomp_arch_to_string(uint32_t c); diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c new file mode 100644 index 0000000000..0060ecdf02 --- /dev/null +++ b/src/test/test-seccomp.c @@ -0,0 +1,103 @@ +/*** + This file is part of systemd. + + Copyright 2016 Lennart Poettering + + systemd is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as published by + the Free Software Foundation; either version 2.1 of the License, or + (at your option) any later version. + + systemd is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with systemd; If not, see . +***/ + +#include +#include +#include + +#include "fd-util.h" +#include "macro.h" +#include "process-util.h" +#include "seccomp-util.h" + +static void test_seccomp_arch_to_string(void) { + uint32_t a, b; + const char *name; + + a = seccomp_arch_native(); + assert_se(a > 0); + name = seccomp_arch_to_string(a); + assert_se(name); + assert_se(seccomp_arch_from_string(name, &b) >= 0); + assert_se(a == b); +} + +static void test_syscall_filter_set_find(void) { + assert_se(!syscall_filter_set_find(NULL)); + assert_se(!syscall_filter_set_find("")); + assert_se(!syscall_filter_set_find("quux")); + assert_se(!syscall_filter_set_find("@quux")); + + assert_se(syscall_filter_set_find("@clock") == syscall_filter_sets + SYSCALL_FILTER_SET_CLOCK); + assert_se(syscall_filter_set_find("@default") == syscall_filter_sets + SYSCALL_FILTER_SET_DEFAULT); + assert_se(syscall_filter_set_find("@raw-io") == syscall_filter_sets + SYSCALL_FILTER_SET_RAW_IO); +} + +static void test_filter_sets(void) { + unsigned i; + int r; + + if (!is_seccomp_available()) + return; + + if (geteuid() != 0) + return; + + for (i = 0; i < _SYSCALL_FILTER_SET_MAX; i++) { + pid_t pid; + + log_info("Testing %s", syscall_filter_sets[i].name); + + pid = fork(); + assert_se(pid >= 0); + + if (pid == 0) { /* Child? */ + int fd; + + if (i == SYSCALL_FILTER_SET_DEFAULT) /* if we look at the default set, whitelist instead of blacklist */ + r = seccomp_load_filter_set(SCMP_ACT_ERRNO(EPERM), syscall_filter_sets + i, SCMP_ACT_ALLOW); + else + r = seccomp_load_filter_set(SCMP_ACT_ALLOW, syscall_filter_sets + i, SCMP_ACT_ERRNO(EPERM)); + if (r < 0) + _exit(EXIT_FAILURE); + + /* Test the sycall filter with one random system call */ + fd = eventfd(0, EFD_NONBLOCK|EFD_CLOEXEC); + if (IN_SET(i, SYSCALL_FILTER_SET_IO_EVENT, SYSCALL_FILTER_SET_DEFAULT)) + assert_se(fd < 0 && errno == EPERM); + else { + assert_se(fd >= 0); + safe_close(fd); + } + + _exit(EXIT_SUCCESS); + } + + assert_se(wait_for_terminate_and_warn(syscall_filter_sets[i].name, pid, true) == EXIT_SUCCESS); + } +} + +int main(int argc, char *argv[]) { + + test_seccomp_arch_to_string(); + test_syscall_filter_set_find(); + test_filter_sets(); + + return 0; +} -- cgit v1.2.3-54-g00ecf From 828d92acbc8e6f536419cfaee10d6b5c7b0d7f82 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 24 Oct 2016 20:49:48 +0200 Subject: core: drop -.slice from shipped units Since this unit is synthesized anyway there's no point in actually shipping it on disk. This also has the benefit that "cd /usr/lib/systemd/system ; ls *" won't be confused by the leading dash of the file name anymore. --- Makefile.am | 12 ------------ units/x-.slice | 12 ------------ 2 files changed, 24 deletions(-) delete mode 100644 units/x-.slice (limited to 'Makefile.am') diff --git a/Makefile.am b/Makefile.am index 18a5f4a82a..bad6a2d18a 100644 --- a/Makefile.am +++ b/Makefile.am @@ -493,7 +493,6 @@ dist_systemunit_DATA = \ units/swap.target \ units/slices.target \ units/system.slice \ - units/x-.slice \ units/systemd-initctl.socket \ units/syslog.socket \ units/dev-hugepages.mount \ @@ -637,17 +636,6 @@ GENERAL_ALIASES += \ $(systemunitdir)/reboot.target $(pkgsysconfdir)/system/ctrl-alt-del.target \ $(systemunitdir)/machines.target $(pkgsysconfdir)/system/multi-user.target.wants/machines.target -# automake is broken and can't handle files with a dash in front -# http://debbugs.gnu.org/cgi/bugreport.cgi?bug=14728#8 -units-install-hook: - mv $(DESTDIR)$(systemunitdir)/x-.slice $(DESTDIR)/$(systemunitdir)/-.slice - -units-uninstall-hook: - rm -f $(DESTDIR)/$(systemunitdir)/-.slice - -INSTALL_DATA_HOOKS += units-install-hook -UNINSTALL_DATA_HOOKS += units-uninstall-hook - dist_doc_DATA = \ README \ NEWS \ diff --git a/units/x-.slice b/units/x-.slice deleted file mode 100644 index ac82c35874..0000000000 --- a/units/x-.slice +++ /dev/null @@ -1,12 +0,0 @@ -# This file is part of systemd. -# -# systemd is free software; you can redistribute it and/or modify it -# under the terms of the GNU Lesser General Public License as published by -# the Free Software Foundation; either version 2.1 of the License, or -# (at your option) any later version. - -[Unit] -Description=Root Slice -Documentation=man:systemd.special(7) -DefaultDependencies=no -Before=slices.target -- cgit v1.2.3-54-g00ecf From 515958c9eb538607a260aac4a4d0145583e1a2e5 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 2 Nov 2016 16:04:40 -0600 Subject: build-sys: bump package and library version in preparation for v232 --- Makefile.am | 4 ++-- configure.ac | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'Makefile.am') diff --git a/Makefile.am b/Makefile.am index a707d4a899..34c2f60330 100644 --- a/Makefile.am +++ b/Makefile.am @@ -42,9 +42,9 @@ LIBUDEV_CURRENT=7 LIBUDEV_REVISION=5 LIBUDEV_AGE=6 -LIBSYSTEMD_CURRENT=16 +LIBSYSTEMD_CURRENT=17 LIBSYSTEMD_REVISION=0 -LIBSYSTEMD_AGE=16 +LIBSYSTEMD_AGE=17 # Dirs of external packages dbuspolicydir=@dbuspolicydir@ diff --git a/configure.ac b/configure.ac index 0e87adc38f..0b10fc7de7 100644 --- a/configure.ac +++ b/configure.ac @@ -20,7 +20,7 @@ AC_PREREQ([2.64]) AC_INIT([systemd], - [231], + [232], [http://github.com/systemd/systemd/issues], [systemd], [http://www.freedesktop.org/wiki/Software/systemd]) -- cgit v1.2.3-54-g00ecf From 2b9ac11ed96f2823972a77fc7cb0c32981218429 Mon Sep 17 00:00:00 2001 From: Djalal Harouni Date: Wed, 2 Nov 2016 22:59:41 +0100 Subject: test: test DynamicUser= with a fixed user --- Makefile.am | 2 ++ src/test/test-execute.c | 6 ++++++ .../exec-dynamicuser-fixeduser-one-supplementarygroup.service | 9 +++++++++ test/test-execute/exec-dynamicuser-fixeduser.service | 8 ++++++++ 4 files changed, 25 insertions(+) create mode 100644 test/test-execute/exec-dynamicuser-fixeduser-one-supplementarygroup.service create mode 100644 test/test-execute/exec-dynamicuser-fixeduser.service (limited to 'Makefile.am') diff --git a/Makefile.am b/Makefile.am index 34c2f60330..3226ea4549 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1626,6 +1626,8 @@ EXTRA_DIST += \ test/test-execute/exec-supplementarygroups-multiple-groups-default-group-user.service \ test/test-execute/exec-supplementarygroups-multiple-groups-withgid.service \ test/test-execute/exec-supplementarygroups-multiple-groups-withuid.service \ + test/test-execute/exec-dynamicuser-fixeduser.service \ + test/test-execute/exec-dynamicuser-fixeduser-one-supplementarygroup.service \ test/test-execute/exec-ignoresigpipe-no.service \ test/test-execute/exec-ignoresigpipe-yes.service \ test/test-execute/exec-personality-x86-64.service \ diff --git a/src/test/test-execute.c b/src/test/test-execute.c index c369098500..aa5a9f1695 100644 --- a/src/test/test-execute.c +++ b/src/test/test-execute.c @@ -259,6 +259,11 @@ static void test_exec_supplementary_groups(Manager *m) { test(m, "exec-supplementarygroups-multiple-groups-withuid.service", 0, CLD_EXITED); } +static void test_exec_dynamic_user(Manager *m) { + test(m, "exec-dynamicuser-fixeduser.service", 0, CLD_EXITED); + test(m, "exec-dynamicuser-fixeduser-one-supplementarygroup.service", 0, CLD_EXITED); +} + static void test_exec_environment(Manager *m) { test(m, "exec-environment.service", 0, CLD_EXITED); test(m, "exec-environment-multiple.service", 0, CLD_EXITED); @@ -432,6 +437,7 @@ int main(int argc, char *argv[]) { test_exec_user, test_exec_group, test_exec_supplementary_groups, + test_exec_dynamic_user, test_exec_environment, test_exec_environmentfile, test_exec_passenvironment, diff --git a/test/test-execute/exec-dynamicuser-fixeduser-one-supplementarygroup.service b/test/test-execute/exec-dynamicuser-fixeduser-one-supplementarygroup.service new file mode 100644 index 0000000000..de1a6e7303 --- /dev/null +++ b/test/test-execute/exec-dynamicuser-fixeduser-one-supplementarygroup.service @@ -0,0 +1,9 @@ +[Unit] +Description=Test DynamicUser with User= and SupplementaryGroups= + +[Service] +ExecStart=/bin/sh -x -c 'test "$$(id -G)" = "1" && test "$$(id -g)" = "1" && test "$$(id -u)" = "1"' +Type=oneshot +User=1 +DynamicUser=yes +SupplementaryGroups=1 diff --git a/test/test-execute/exec-dynamicuser-fixeduser.service b/test/test-execute/exec-dynamicuser-fixeduser.service new file mode 100644 index 0000000000..1d84af02ed --- /dev/null +++ b/test/test-execute/exec-dynamicuser-fixeduser.service @@ -0,0 +1,8 @@ +[Unit] +Description=Test DynamicUser with User= + +[Service] +ExecStart=/bin/sh -x -c 'test "$$(id -G)" = "1" && test "$$(id -g)" = "1" && test "$$(id -u)" = "1"' +Type=oneshot +User=1 +DynamicUser=yes -- cgit v1.2.3-54-g00ecf From 5c67067f0e521aba061904c7bb3aa092281ef9c4 Mon Sep 17 00:00:00 2001 From: Djalal Harouni Date: Wed, 2 Nov 2016 23:02:28 +0100 Subject: test: test DynamicUser= with SupplementaryGroups= --- Makefile.am | 1 + src/test/test-execute.c | 1 + test/test-execute/exec-dynamicuser-supplementarygroups.service | 8 ++++++++ 3 files changed, 10 insertions(+) create mode 100644 test/test-execute/exec-dynamicuser-supplementarygroups.service (limited to 'Makefile.am') diff --git a/Makefile.am b/Makefile.am index 3226ea4549..f7652c2346 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1628,6 +1628,7 @@ EXTRA_DIST += \ test/test-execute/exec-supplementarygroups-multiple-groups-withuid.service \ test/test-execute/exec-dynamicuser-fixeduser.service \ test/test-execute/exec-dynamicuser-fixeduser-one-supplementarygroup.service \ + test/test-execute/exec-dynamicuser-supplementarygroups.service \ test/test-execute/exec-ignoresigpipe-no.service \ test/test-execute/exec-ignoresigpipe-yes.service \ test/test-execute/exec-personality-x86-64.service \ diff --git a/src/test/test-execute.c b/src/test/test-execute.c index aa5a9f1695..6029853e3e 100644 --- a/src/test/test-execute.c +++ b/src/test/test-execute.c @@ -262,6 +262,7 @@ static void test_exec_supplementary_groups(Manager *m) { static void test_exec_dynamic_user(Manager *m) { test(m, "exec-dynamicuser-fixeduser.service", 0, CLD_EXITED); test(m, "exec-dynamicuser-fixeduser-one-supplementarygroup.service", 0, CLD_EXITED); + test(m, "exec-dynamicuser-supplementarygroups.service", 0, CLD_EXITED); } static void test_exec_environment(Manager *m) { diff --git a/test/test-execute/exec-dynamicuser-supplementarygroups.service b/test/test-execute/exec-dynamicuser-supplementarygroups.service new file mode 100644 index 0000000000..a47b7fab78 --- /dev/null +++ b/test/test-execute/exec-dynamicuser-supplementarygroups.service @@ -0,0 +1,8 @@ +[Unit] +Description=Test DynamicUser with SupplementaryGroups= + +[Service] +ExecStart=/bin/sh -x -c 'test "$$(id -G | cut -d " " --complement -f 1)" = "1 2 3"' +Type=oneshot +DynamicUser=yes +SupplementaryGroups=1 2 3 -- cgit v1.2.3-54-g00ecf From 2eaef25e43b8df349906b50ff95c4df383b7ba5a Mon Sep 17 00:00:00 2001 From: Zbigniew Jędrzejewski-Szmek Date: Sat, 12 Nov 2016 10:05:24 -0500 Subject: build-sys: do not install ctrl-alt-del.target symlink twice It was a harmless but pointless duplication. Fixes #4655. Note: in general we try to install as little as possible in /etc/systemd/{system,user}. We only install .wants links there for units which are "user configurable", i.e. which have an [Install] section. Most our units and aliases are not user configurable, do not have an [Install] section, and must be symlinked statically during installation. A few units do have an [Install] section, and are enabled through symlinks in /etc/ during installation using GENERAL_ALIASES. It *would* be possible to not create those symlinks, and instead require 'systemctl preset' to be invoked after installation, but GENERAL_ALIASES works well enough. --- Makefile.am | 1 - 1 file changed, 1 deletion(-) (limited to 'Makefile.am') diff --git a/Makefile.am b/Makefile.am index f7652c2346..35ec60f736 100644 --- a/Makefile.am +++ b/Makefile.am @@ -633,7 +633,6 @@ EXTRA_DIST += \ units/halt-local.service.in GENERAL_ALIASES += \ - $(systemunitdir)/reboot.target $(pkgsysconfdir)/system/ctrl-alt-del.target \ $(systemunitdir)/machines.target $(pkgsysconfdir)/system/multi-user.target.wants/machines.target dist_doc_DATA = \ -- cgit v1.2.3-54-g00ecf