diff options
author | Michael Biebl <biebl@debian.org> | 2018-03-06 20:13:05 +0100 |
---|---|---|
committer | Michael Biebl <biebl@debian.org> | 2018-03-06 20:13:05 +0100 |
commit | 98393f852f2f66a74f7370aa63c07b26d610343c (patch) | |
tree | 627d6c5463c0e6ac9f4f6243a9c9274acdae197d /test | |
parent | 1d42b86df9052528a8f56b2f52d8bc2faf87b2da (diff) | |
download | systemd-98393f852f2f66a74f7370aa63c07b26d610343c.tar.gz |
New upstream version 238
Diffstat (limited to 'test')
64 files changed, 634 insertions, 101 deletions
diff --git a/test/TEST-15-DROPIN/test-dropin.sh b/test/TEST-15-DROPIN/test-dropin.sh index 9d8af99ac4..ab0a58caea 100755 --- a/test/TEST-15-DROPIN/test-dropin.sh +++ b/test/TEST-15-DROPIN/test-dropin.sh @@ -179,6 +179,16 @@ test_masked_dropins () { ln -sf ../b.service /usr/lib/systemd/system/a.service.wants/b.service check_ko a Wants b.service + # 'a' is masked but has an override config file + echo "*** test a is masked but has an override" + create_services a b + ln -sf /dev/null /etc/systemd/system/a.service + cat >/usr/lib/systemd/system/a.service.d/override.conf <<EOF +[Unit] +After=b.service +EOF + check_ok a UnitFileState masked + # 'b1' is an alias for 'b': masking 'b' dep should not influence 'b1' dep echo "*** test a wants b, b1, and one is masked" create_services a b diff --git a/test/TEST-21-SYSUSERS/inline.expected-group b/test/TEST-21-SYSUSERS/inline.expected-group new file mode 100644 index 0000000000..cc9093f807 --- /dev/null +++ b/test/TEST-21-SYSUSERS/inline.expected-group @@ -0,0 +1,2 @@ +g1:x:111: +u1:x:222: diff --git a/test/TEST-21-SYSUSERS/inline.expected-passwd b/test/TEST-21-SYSUSERS/inline.expected-passwd new file mode 100644 index 0000000000..f50f25c7d7 --- /dev/null +++ b/test/TEST-21-SYSUSERS/inline.expected-passwd @@ -0,0 +1 @@ +u1:x:222:222::/:/bin/zsh diff --git a/test/TEST-21-SYSUSERS/test-1.input b/test/TEST-21-SYSUSERS/test-1.input index bffc2cd7ea..297bbe3503 100644 --- a/test/TEST-21-SYSUSERS/test-1.input +++ b/test/TEST-21-SYSUSERS/test-1.input @@ -1,3 +1,5 @@ +# Trivial smoke test that covers the most basic functionality +# #Type Name ID GECOS HOMEDIR u u1 222 - - g g1 111 - - diff --git a/test/TEST-21-SYSUSERS/test-10.expected-group b/test/TEST-21-SYSUSERS/test-10.expected-group new file mode 100644 index 0000000000..1c92158720 --- /dev/null +++ b/test/TEST-21-SYSUSERS/test-10.expected-group @@ -0,0 +1,2 @@ +u1:x:300:u2 +u2:x:SYSTEM_UID_MAX: diff --git a/test/TEST-21-SYSUSERS/test-10.expected-passwd b/test/TEST-21-SYSUSERS/test-10.expected-passwd new file mode 100644 index 0000000000..222334bf70 --- /dev/null +++ b/test/TEST-21-SYSUSERS/test-10.expected-passwd @@ -0,0 +1,2 @@ +u1:x:300:300::/:/sbin/nologin +u2:x:SYSTEM_UID_MAX:SYSTEM_UID_MAX::/:/sbin/nologin diff --git a/test/TEST-21-SYSUSERS/test-10.input b/test/TEST-21-SYSUSERS/test-10.input new file mode 100644 index 0000000000..8e18a00a63 --- /dev/null +++ b/test/TEST-21-SYSUSERS/test-10.input @@ -0,0 +1,5 @@ +# check that 'm' lines do not conflicts 'u' line +# +#Type Name ID GECOS HOMEDIR +u u1 300 - - +m u2 u1 diff --git a/test/TEST-21-SYSUSERS/test-2.expected-group b/test/TEST-21-SYSUSERS/test-2.expected-group index f98e85fcf4..8fcc03f4e9 100644 --- a/test/TEST-21-SYSUSERS/test-2.expected-group +++ b/test/TEST-21-SYSUSERS/test-2.expected-group @@ -1 +1,4 @@ -u1:x:999: +u1:x:SYSTEM_UID_MAX: +u2:x:777: +u3:x:778: +u4:x:779: diff --git a/test/TEST-21-SYSUSERS/test-2.expected-passwd b/test/TEST-21-SYSUSERS/test-2.expected-passwd index d907e483f7..9eeee5d387 100644 --- a/test/TEST-21-SYSUSERS/test-2.expected-passwd +++ b/test/TEST-21-SYSUSERS/test-2.expected-passwd @@ -1 +1,4 @@ -u1:x:999:999:some gecos:/random/dir:/sbin/nologin +u1:x:SYSTEM_UID_MAX:SYSTEM_UID_MAX:some gecos:/random/dir:/sbin/nologin +u2:x:777:777:some gecos:/random/dir:/bin/zsh +u3:x:778:778::/random/dir2:/bin/bash +u4:x:779:779::/:/bin/csh diff --git a/test/TEST-21-SYSUSERS/test-2.input b/test/TEST-21-SYSUSERS/test-2.input index d8f31347a1..cedea9e401 100644 --- a/test/TEST-21-SYSUSERS/test-2.input +++ b/test/TEST-21-SYSUSERS/test-2.input @@ -1,2 +1,8 @@ -#Type Name ID GECOS HOMEDIR -u u1 - "some gecos" /random/dir +# Test generation of ID dynamically based on SYSTEM_UID_MAX and +# replacement of all fields up to the login shell. +# +#Type Name ID GECOS homedir shell +u u1 - "some gecos" /random/dir - +u u2 777 "some gecos" /random/dir /bin/zsh +u u3 778 - /random/dir2 /bin/bash +u u4 779 - - /bin/csh diff --git a/test/TEST-21-SYSUSERS/test-3.input b/test/TEST-21-SYSUSERS/test-3.input index b4f86a69f1..3257082cee 100644 --- a/test/TEST-21-SYSUSERS/test-3.input +++ b/test/TEST-21-SYSUSERS/test-3.input @@ -1,3 +1,6 @@ +# Ensure that the semantic for the uid:gid syntax is correct +# +#Type Name ID GECOS HOMEDIR g hoge 300 - - u foo 301 - - diff --git a/test/TEST-21-SYSUSERS/test-4.input b/test/TEST-21-SYSUSERS/test-4.input index 620423eab4..557f61c42b 100644 --- a/test/TEST-21-SYSUSERS/test-4.input +++ b/test/TEST-21-SYSUSERS/test-4.input @@ -1,3 +1,6 @@ +# Ensure that already created groups are used when using the uid:gid syntax +# +#Type Name ID GECOS HOMEDIR g xxx 310 u yyy 311:310 u xxx 312:310 diff --git a/test/TEST-21-SYSUSERS/test-5.expected-group b/test/TEST-21-SYSUSERS/test-5.expected-group new file mode 100644 index 0000000000..e9ef0a7999 --- /dev/null +++ b/test/TEST-21-SYSUSERS/test-5.expected-group @@ -0,0 +1,39 @@ +adm:x:4: +tty:x:5: +disk:x:6: +man:x:12: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +operator:x:37: +src:x:40: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100: +nogroup:x:65534: +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +proxy:x:13: +www-data:x:33: +backup:x:34: +list:x:38: +irc:x:39: +gnats:x:41: diff --git a/test/TEST-21-SYSUSERS/test-5.expected-passwd b/test/TEST-21-SYSUSERS/test-5.expected-passwd new file mode 100644 index 0000000000..116b126129 --- /dev/null +++ b/test/TEST-21-SYSUSERS/test-5.expected-passwd @@ -0,0 +1,18 @@ +root:x:0:0::/root:/bin/sh +daemon:x:1:1::/usr/sbin:/sbin/nologin +bin:x:2:2::/bin:/sbin/nologin +sys:x:3:3::/dev:/sbin/nologin +sync:x:4:65534::/bin:/sbin/nologin +games:x:5:60::/usr/games:/sbin/nologin +man:x:6:12::/var/cache/man:/sbin/nologin +lp:x:7:7::/var/spool/lpd:/sbin/nologin +mail:x:8:8::/var/mail:/sbin/nologin +news:x:9:9::/var/spool/news:/sbin/nologin +uucp:x:10:10::/var/spool/uucp:/sbin/nologin +proxy:x:13:13::/bin:/sbin/nologin +www-data:x:33:33::/var/www:/sbin/nologin +backup:x:34:34::/var/backups:/sbin/nologin +list:x:38:38::/var/list:/sbin/nologin +irc:x:39:39::/var/run/ircd:/sbin/nologin +gnats:x:41:41::/var/lib/gnats:/sbin/nologin +nobody:x:65534:65534::/nonexistent:/sbin/nologin diff --git a/test/TEST-21-SYSUSERS/test-5.input b/test/TEST-21-SYSUSERS/test-5.input new file mode 100644 index 0000000000..57519d7c9d --- /dev/null +++ b/test/TEST-21-SYSUSERS/test-5.input @@ -0,0 +1,47 @@ +# Reproduce the base-passwd master.{passwd,group} from Debian +# +#Type Name ID GECOS Home directory +g adm 4 - +g tty 5 - +g disk 6 - +g man 12 - +g kmem 15 - +g dialout 20 - +g fax 21 - +g voice 22 - +g cdrom 24 - +g floppy 25 - +g tape 26 - +g sudo 27 - +g audio 29 - +g dip 30 - +g operator 37 - +g src 40 - +g shadow 42 - +g utmp 43 - +g video 44 - +g sasl 45 - +g plugdev 46 - +g staff 50 - +g games 60 - +g users 100 - +g nogroup 65534 - + +u root 0 - /root +u daemon 1 - /usr/sbin +u bin 2 - /bin +u sys 3 - /dev +u sync 4:65534 - /bin +u games 5:60 - /usr/games +u man 6:12 - /var/cache/man +u lp 7 - /var/spool/lpd +u mail 8 - /var/mail +u news 9 - /var/spool/news +u uucp 10 - /var/spool/uucp +u proxy 13 - /bin +u www-data 33 - /var/www +u backup 34 - /var/backups +u list 38 - /var/list +u irc 39 - /var/run/ircd +u gnats 41 - /var/lib/gnats +u nobody 65534:65534 - /nonexistent diff --git a/test/TEST-21-SYSUSERS/test-6.expected-group b/test/TEST-21-SYSUSERS/test-6.expected-group new file mode 100644 index 0000000000..499c9008ce --- /dev/null +++ b/test/TEST-21-SYSUSERS/test-6.expected-group @@ -0,0 +1,2 @@ +g1:x:111: +u1:x:SYSTEM_UID_MAX: diff --git a/test/TEST-21-SYSUSERS/test-6.expected-passwd b/test/TEST-21-SYSUSERS/test-6.expected-passwd new file mode 100644 index 0000000000..5af9d1142d --- /dev/null +++ b/test/TEST-21-SYSUSERS/test-6.expected-passwd @@ -0,0 +1 @@ +u1:x:SYSTEM_UID_MAX:SYSTEM_UID_MAX::/:/sbin/nologin diff --git a/test/TEST-21-SYSUSERS/test-6.input b/test/TEST-21-SYSUSERS/test-6.input new file mode 100644 index 0000000000..764f57e825 --- /dev/null +++ b/test/TEST-21-SYSUSERS/test-6.input @@ -0,0 +1,7 @@ +# Ensure that existing IDs are not reused by default. I.e. the existing +# ID 111 from g1 will cause u1 to get a new and different ID (999 on most +# systems). +# +#Type Name ID GECOS HOMEDIR +g g1 111 - - +u u1 111 - - diff --git a/test/TEST-21-SYSUSERS/test-7.expected-group b/test/TEST-21-SYSUSERS/test-7.expected-group new file mode 100644 index 0000000000..ae9539c9a1 --- /dev/null +++ b/test/TEST-21-SYSUSERS/test-7.expected-group @@ -0,0 +1,16 @@ +sys:x:3: +mem:x:8: +ftp:x:11: +mail:x:12: +log:x:19: +smmsp:x:25: +proc:x:26: +games:x:50: +lock:x:54: +network:x:90: +floppy:x:94: +scanner:x:96: +power:x:98: +bin:x:1: +daemon:x:2: +http:x:33: diff --git a/test/TEST-21-SYSUSERS/test-7.expected-passwd b/test/TEST-21-SYSUSERS/test-7.expected-passwd new file mode 100644 index 0000000000..79668c0654 --- /dev/null +++ b/test/TEST-21-SYSUSERS/test-7.expected-passwd @@ -0,0 +1,5 @@ +bin:x:1:1::/:/sbin/nologin +daemon:x:2:2::/:/sbin/nologin +mail:x:8:12::/var/spool/mail:/sbin/nologin +ftp:x:14:11::/srv/ftp:/sbin/nologin +http:x:33:33::/srv/http:/sbin/nologin diff --git a/test/TEST-21-SYSUSERS/test-7.input b/test/TEST-21-SYSUSERS/test-7.input new file mode 100644 index 0000000000..4e10b74227 --- /dev/null +++ b/test/TEST-21-SYSUSERS/test-7.input @@ -0,0 +1,26 @@ +# Issue #8315 +# +#Type Name ID GECOS HOMEDIR + +# default arch groups +# groups first, because we have user/group id mismatch on ftp and mail +g sys 3 - - +g mem 8 - - +g ftp 11 - - +g mail 12 - - +g log 19 - - +g smmsp 25 - - +g proc 26 - - +g games 50 - - +g lock 54 - - +g network 90 - - +g floppy 94 - - +g scanner 96 - - +g power 98 - - + +# default arch users +u bin 1 - - +u daemon 2 - - +u mail 8 - /var/spool/mail +u ftp 14 - /srv/ftp +u http 33 - /srv/http diff --git a/test/TEST-21-SYSUSERS/test-8.expected-group b/test/TEST-21-SYSUSERS/test-8.expected-group new file mode 100644 index 0000000000..f09b2b6426 --- /dev/null +++ b/test/TEST-21-SYSUSERS/test-8.expected-group @@ -0,0 +1 @@ +groupname:x:300: diff --git a/test/TEST-21-SYSUSERS/test-8.expected-passwd b/test/TEST-21-SYSUSERS/test-8.expected-passwd new file mode 100644 index 0000000000..727b8197ef --- /dev/null +++ b/test/TEST-21-SYSUSERS/test-8.expected-passwd @@ -0,0 +1 @@ +username:x:SYSTEM_UID_MAX:300::/:/sbin/nologin diff --git a/test/TEST-21-SYSUSERS/test-8.input b/test/TEST-21-SYSUSERS/test-8.input new file mode 100644 index 0000000000..b76dd3e20c --- /dev/null +++ b/test/TEST-21-SYSUSERS/test-8.input @@ -0,0 +1,2 @@ +g groupname 300 +u username -:300 diff --git a/test/TEST-21-SYSUSERS/test-9.expected-group b/test/TEST-21-SYSUSERS/test-9.expected-group new file mode 100644 index 0000000000..33335d4eaa --- /dev/null +++ b/test/TEST-21-SYSUSERS/test-9.expected-group @@ -0,0 +1 @@ +user1:x:300: diff --git a/test/TEST-21-SYSUSERS/test-9.expected-passwd b/test/TEST-21-SYSUSERS/test-9.expected-passwd new file mode 100644 index 0000000000..a23260f56e --- /dev/null +++ b/test/TEST-21-SYSUSERS/test-9.expected-passwd @@ -0,0 +1,2 @@ +user1:x:300:300::/:/sbin/nologin +user2:x:SYSTEM_UID_MAX:300::/:/sbin/nologin diff --git a/test/TEST-21-SYSUSERS/test-9.input b/test/TEST-21-SYSUSERS/test-9.input new file mode 100644 index 0000000000..4d536472c2 --- /dev/null +++ b/test/TEST-21-SYSUSERS/test-9.input @@ -0,0 +1,2 @@ +u user1 300 +u user2 -:300 diff --git a/test/TEST-21-SYSUSERS/test.sh b/test/TEST-21-SYSUSERS/test.sh index 14f2b4ae07..bebbab9d23 100755 --- a/test/TEST-21-SYSUSERS/test.sh +++ b/test/TEST-21-SYSUSERS/test.sh @@ -7,34 +7,98 @@ TEST_DESCRIPTION="Sysuser-related tests" . $TEST_BASE_DIR/test-functions test_setup() { - mkdir -p $TESTDIR/etc $TESTDIR/usr/lib/sysusers.d $TESTDIR/tmp + mkdir -p $TESTDIR/etc/sysusers.d $TESTDIR/usr/lib/sysusers.d $TESTDIR/tmp +} + +preprocess() { + in="$1" + + # see meson.build how to extract this. gcc -E was used before to + # get this value from config.h, however the autopkgtest fails with + # it + SYSTEM_UID_MAX=$(awk 'BEGIN { uid=999 } /^\s*SYS_UID_MAX\s+/ { uid=$2 } END { print uid }' /etc/login.defs) + sed "s/SYSTEM_UID_MAX/${SYSTEM_UID_MAX}/g" "$in" +} + +compare() { + if ! diff -u $TESTDIR/etc/passwd <(preprocess ${1%.*}.expected-passwd); then + echo "**** Unexpected output for $f" + exit 1 + fi + + if ! diff -u $TESTDIR/etc/group <(preprocess ${1%.*}.expected-group); then + echo "**** Unexpected output for $f $2" + exit 1 + fi } test_run() { # ensure our build of systemd-sysusers is run PATH=${BUILD_DIR}:$PATH + rm -f $TESTDIR/etc/sysusers.d/* $TESTDIR/usr/lib/sysusers.d/* + # happy tests for f in test-*.input; do echo "*** Running $f" - rm -f $TESTDIR/etc/* + rm -f $TESTDIR/etc/*{passwd,group,shadow} cp $f $TESTDIR/usr/lib/sysusers.d/test.conf systemd-sysusers --root=$TESTDIR - if ! diff -u $TESTDIR/etc/passwd ${f%.*}.expected-passwd; then - echo "**** Unexpected output for $f" - exit 1 - fi - if ! diff -u $TESTDIR/etc/group ${f%.*}.expected-group; then - echo "**** Unexpected output for $f" - exit 1 - fi + compare $f "" + done + + for f in test-*.input; do + echo "*** Running $f on stdin" + rm -f $TESTDIR/etc/*{passwd,group,shadow} + touch $TESTDIR/etc/sysusers.d/test.conf + cat $f | systemd-sysusers --root=$TESTDIR - + + compare $f "on stdin" + done + + for f in test-*.input; do + echo "*** Running $f on stdin with --replace" + rm -f $TESTDIR/etc/*{passwd,group,shadow} + touch $TESTDIR/etc/sysusers.d/test.conf + # this overrides test.conf which is masked on disk + cat $f | systemd-sysusers --root=$TESTDIR --replace=/etc/sysusers.d/test.conf - + # this should be ignored + cat test-1.input | systemd-sysusers --root=$TESTDIR --replace=/usr/lib/sysusers.d/test.conf - + + compare $f "on stdin with --replace" done + # test --inline + echo "*** Testing --inline" + rm -f $TESTDIR/etc/*{passwd,group,shadow} + # copy a random file to make sure it is ignored + cp $f $TESTDIR/etc/sysusers.d/confuse.conf + systemd-sysusers --root=$TESTDIR --inline \ + "u u1 222 - - /bin/zsh" \ + "g g1 111" + + compare inline "(--inline)" + + # test --replace + echo "*** Testing --inline with --replace" + rm -f $TESTDIR/etc/*{passwd,group,shadow} + # copy a random file to make sure it is ignored + cp $f $TESTDIR/etc/sysusers.d/confuse.conf + systemd-sysusers --root=$TESTDIR \ + --inline \ + --replace=/etc/sysusers.d/confuse.conf \ + "u u1 222 - - /bin/zsh" \ + "g g1 111" + + compare inline "(--inline --replace=…)" + + rm -f $TESTDIR/etc/sysusers.d/* $TESTDIR/usr/lib/sysusers.d/* + # tests for error conditions for f in unhappy-*.input; do echo "*** Running test $f" - rm -f $TESTDIR/etc/* + rm -f $TESTDIR/etc/*{passwd,group,shadow} cp $f $TESTDIR/usr/lib/sysusers.d/test.conf systemd-sysusers --root=$TESTDIR 2> /dev/null journalctl -t systemd-sysusers -o cat | tail -n1 > $TESTDIR/tmp/err diff --git a/test/TEST-21-SYSUSERS/unhappy-1.input b/test/TEST-21-SYSUSERS/unhappy-1.input index 77390371de..b8ed85525b 100644 --- a/test/TEST-21-SYSUSERS/unhappy-1.input +++ b/test/TEST-21-SYSUSERS/unhappy-1.input @@ -1 +1,4 @@ -u u1 9999999999 - -
\ No newline at end of file +# Ensure invalid uids are detected +# +#Type Name ID GECOS HOMEDIR +u u1 9999999999 - - diff --git a/test/TEST-21-SYSUSERS/unhappy-2.input b/test/TEST-21-SYSUSERS/unhappy-2.input index 521c741cb5..5be0e6d187 100644 --- a/test/TEST-21-SYSUSERS/unhappy-2.input +++ b/test/TEST-21-SYSUSERS/unhappy-2.input @@ -1,2 +1,4 @@ -# it is not allowed to create groups implicitely in the uid:gid syntax -u u1 100:100 -
\ No newline at end of file +# Ensure it is not allowed to create groups implicitely in the uid:gid syntax +# +#Type Name ID GECOS HOMEDIR +u u1 100:100 - diff --git a/test/TEST-22-TMPFILES/Makefile b/test/TEST-22-TMPFILES/Makefile new file mode 100644 index 0000000000..34d7cc6cdf --- /dev/null +++ b/test/TEST-22-TMPFILES/Makefile @@ -0,0 +1,4 @@ +BUILD_DIR=$(shell ../../tools/find-build-dir.sh) + +all setup clean run: + @basedir=../.. TEST_BASE_DIR=../ BUILD_DIR=$(BUILD_DIR) ./test.sh --$@ diff --git a/test/TEST-22-TMPFILES/run-tmpfiles-tests.sh b/test/TEST-22-TMPFILES/run-tmpfiles-tests.sh new file mode 100755 index 0000000000..3ad652f4ed --- /dev/null +++ b/test/TEST-22-TMPFILES/run-tmpfiles-tests.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +set -x +set -e + +>/failed + +for t in test-*.sh; do + echo "Running $t"; ./$t +done + +touch /testok +rm /failed diff --git a/test/TEST-22-TMPFILES/test-01.sh b/test/TEST-22-TMPFILES/test-01.sh new file mode 100755 index 0000000000..d233e37fb2 --- /dev/null +++ b/test/TEST-22-TMPFILES/test-01.sh @@ -0,0 +1,13 @@ +#! /bin/bash +# +# With "e" don't attempt to set permissions when file doesn't exist, see +# https://github.com/systemd/systemd/pull/6682. +# + +set -e + +rm -fr /tmp/test + +echo "e /tmp/test - root root 1d" | systemd-tmpfiles --create - + +! test -e /tmp/test diff --git a/test/TEST-22-TMPFILES/test.sh b/test/TEST-22-TMPFILES/test.sh new file mode 100755 index 0000000000..ca78933380 --- /dev/null +++ b/test/TEST-22-TMPFILES/test.sh @@ -0,0 +1,38 @@ +#!/bin/bash +# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- +# ex: ts=8 sw=4 sts=4 et filetype=sh +set -e +TEST_DESCRIPTION="Tmpfiles related tests" +TEST_NO_QEMU=1 + +. $TEST_BASE_DIR/test-functions + +test_setup() { + # create the basic filesystem layout + setup_basic_environment >/dev/null + inst_binary mv + inst_binary stat + inst_binary seq + inst_binary xargs + + # mask some services that we do not want to run in these tests + ln -fs /dev/null $initdir/etc/systemd/system/systemd-hwdb-update.service + ln -fs /dev/null $initdir/etc/systemd/system/systemd-journal-catalog-update.service + ln -fs /dev/null $initdir/etc/systemd/system/systemd-networkd.service + ln -fs /dev/null $initdir/etc/systemd/system/systemd-networkd.socket + ln -fs /dev/null $initdir/etc/systemd/system/systemd-resolved.service + ln -fs /dev/null $initdir/etc/systemd/system/systemd-machined.service + + # setup the testsuite service + cp testsuite.service $initdir/etc/systemd/system/ + setup_testsuite + + mkdir -p $initdir/testsuite + cp run-tmpfiles-tests.sh $initdir/testsuite/ + cp test-*.sh $initdir/testsuite/ + + # create dedicated rootfs for nspawn (located in $TESTDIR/nspawn-root) + setup_nspawn_root +} + +do_test "$@" diff --git a/test/TEST-22-TMPFILES/testsuite.service b/test/TEST-22-TMPFILES/testsuite.service new file mode 100644 index 0000000000..3a44b41989 --- /dev/null +++ b/test/TEST-22-TMPFILES/testsuite.service @@ -0,0 +1,8 @@ +[Unit] +Description=Testsuite service +After=multi-user.target + +[Service] +WorkingDirectory=/testsuite +ExecStart=/testsuite/run-tmpfiles-tests.sh +Type=oneshot diff --git a/test/meson.build b/test/meson.build index 4667628b24..f86cf388e0 100644 --- a/test/meson.build +++ b/test/meson.build @@ -45,11 +45,13 @@ test_data_files = ''' sockets.target son.service sysinit.target + test-execute/exec-ambientcapabilities-merge-nfsnobody.service + test-execute/exec-ambientcapabilities-merge-nobody.service + test-execute/exec-ambientcapabilities-merge.service + test-execute/exec-ambientcapabilities-nfsnobody.service + test-execute/exec-ambientcapabilities-nobody.service + test-execute/exec-ambientcapabilities.service test-execute/exec-bindpaths.service - test-execute/exec-capabilityambientset-merge-nfsnobody.service - test-execute/exec-capabilityambientset-merge.service - test-execute/exec-capabilityambientset-nfsnobody.service - test-execute/exec-capabilityambientset.service test-execute/exec-capabilityboundingset-invert.service test-execute/exec-capabilityboundingset-merge.service test-execute/exec-capabilityboundingset-reset.service @@ -68,6 +70,7 @@ test_data_files = ''' test-execute/exec-environment.service test-execute/exec-environmentfile.service test-execute/exec-group-nfsnobody.service + test-execute/exec-group-nobody.service test-execute/exec-group-nogroup.service test-execute/exec-group.service test-execute/exec-ignoresigpipe-no.service @@ -113,6 +116,8 @@ test_data_files = ''' test-execute/exec-restrictnamespaces-yes.service test-execute/exec-runtimedirectory-mode.service test-execute/exec-runtimedirectory-owner-nfsnobody.service + test-execute/exec-runtimedirectory-owner-nobody.service + test-execute/exec-runtimedirectory-owner-nogroup.service test-execute/exec-runtimedirectory-owner.service test-execute/exec-runtimedirectory.service test-execute/exec-specifier-interpolation.service @@ -133,13 +138,19 @@ test_data_files = ''' test-execute/exec-systemcallfilter-not-failing.service test-execute/exec-systemcallfilter-not-failing2.service test-execute/exec-systemcallfilter-system-user-nfsnobody.service + test-execute/exec-systemcallfilter-system-user-nobody.service test-execute/exec-systemcallfilter-system-user.service test-execute/exec-systemcallfilter-with-errno-name.service test-execute/exec-systemcallfilter-with-errno-number.service + test-execute/exec-temporaryfilesystem-options.service + test-execute/exec-temporaryfilesystem-ro.service + test-execute/exec-temporaryfilesystem-rw.service + test-execute/exec-temporaryfilesystem-usr.service test-execute/exec-umask-0177.service test-execute/exec-umask-default.service test-execute/exec-unsetenvironment.service test-execute/exec-user-nfsnobody.service + test-execute/exec-user-nobody.service test-execute/exec-user.service test-execute/exec-workingdirectory.service test-path/basic.target diff --git a/test/networkd-test.py b/test/networkd-test.py index 860c9f1898..3f917f0d9c 100755 --- a/test/networkd-test.py +++ b/test/networkd-test.py @@ -33,13 +33,13 @@ import errno import os +import shutil +import socket +import subprocess import sys +import tempfile import time import unittest -import tempfile -import subprocess -import shutil -import socket HAVE_DNSMASQ = shutil.which('dnsmasq') is not None @@ -93,8 +93,8 @@ class NetworkdTestingUtilities: def write_network_dropin(self, unit_name, dropin_name, contents): """Write a network unit drop-in, and queue it to be removed.""" - dropin_dir = os.path.join(NETWORK_UNITDIR, "%s.d" % unit_name) - dropin_path = os.path.join(dropin_dir, "%s.conf" % dropin_name) + dropin_dir = os.path.join(NETWORK_UNITDIR, "{}.d".format(unit_name)) + dropin_path = os.path.join(dropin_dir, "{}.conf".format(dropin_name)) os.makedirs(dropin_dir, exist_ok=True) self.addCleanup(os.rmdir, dropin_dir) @@ -130,7 +130,7 @@ class NetworkdTestingUtilities: # Wait for the requested interfaces, but don't fail for them. subprocess.call([NETWORKD_WAIT_ONLINE, '--timeout=5'] + - ['--interface=%s' % iface for iface in kwargs]) + ['--interface={}'.format(iface) for iface in kwargs]) # Validate each link state found in the networkctl output. out = subprocess.check_output(['networkctl', '--no-legend']).rstrip() @@ -142,13 +142,12 @@ class NetworkdTestingUtilities: actual = fields[-1] if (actual != expected and not (expected == 'managed' and actual != 'unmanaged')): - self.fail("Link %s expects state %s, found %s" % - (iface, expected, actual)) + self.fail("Link {} expects state {}, found {}".format(iface, expected, actual)) interfaces.remove(iface) # Ensure that all requested interfaces have been covered. if interfaces: - self.fail("Missing links in status output: %s" % interfaces) + self.fail("Missing links in status output: {}".format(interfaces)) class BridgeTest(NetworkdTestingUtilities, unittest.TestCase): @@ -257,7 +256,7 @@ class ClientTestBase(NetworkdTestingUtilities): def show_journal(self, unit): '''Show journal of given unit since start of the test''' - print('---- %s ----' % unit) + print('---- {} ----'.format(unit)) subprocess.check_output(['journalctl', '--sync']) sys.stdout.flush() subprocess.call(['journalctl', '-b', '--no-pager', '--quiet', @@ -287,10 +286,10 @@ class ClientTestBase(NetworkdTestingUtilities): raise self.write_network(self.config, '''\ [Match] -Name=%s +Name={} [Network] -DHCP=%s -%s''' % (self.iface, dhcp_mode, extra_opts)) +DHCP={} +{}'''.format(self.iface, dhcp_mode, extra_opts)) if coldplug: # create interface first, then start networkd @@ -335,8 +334,8 @@ DHCP=%s # check networkctl state out = subprocess.check_output(['networkctl']) - self.assertRegex(out, (r'%s\s+ether\s+[a-z-]+\s+unmanaged' % self.if_router).encode()) - self.assertRegex(out, (r'%s\s+ether\s+routable\s+configured' % self.iface).encode()) + self.assertRegex(out, (r'{}\s+ether\s+[a-z-]+\s+unmanaged'.format(self.if_router)).encode()) + self.assertRegex(out, (r'{}\s+ether\s+routable\s+configured'.format(self.iface)).encode()) out = subprocess.check_output(['networkctl', 'status', self.iface]) self.assertRegex(out, br'Type:\s+ether') @@ -352,11 +351,11 @@ DHCP=%s except (AssertionError, subprocess.CalledProcessError): # show networkd status, journal, and DHCP server log on failure with open(os.path.join(NETWORK_UNITDIR, self.config)) as f: - print('\n---- %s ----\n%s' % (self.config, f.read())) + print('\n---- {} ----\n{}'.format(self.config, f.read())) print('---- interface status ----') sys.stdout.flush() subprocess.call(['ip', 'a', 'show', 'dev', self.iface]) - print('---- networkctl status %s ----' % self.iface) + print('---- networkctl status {} ----'.format(self.iface)) sys.stdout.flush() subprocess.call(['networkctl', 'status', self.iface]) self.show_journal('systemd-networkd.service') @@ -513,7 +512,7 @@ class DnsmasqClientTest(ClientTestBase, unittest.TestCase): '''Print DHCP server log for debugging failures''' with open(self.dnsmasq_log) as f: - sys.stdout.write('\n\n---- dnsmasq log ----\n%s\n------\n\n' % f.read()) + sys.stdout.write('\n\n---- dnsmasq log ----\n{}\n------\n\n'.format(f.read())) def test_resolved_domain_restricted_dns(self): '''resolved: domain-restricted DNS servers''' @@ -523,10 +522,10 @@ class DnsmasqClientTest(ClientTestBase, unittest.TestCase): self.create_iface(dnsmasq_opts=['--address=/#/192.168.42.1']) self.write_network('general.network', '''\ [Match] -Name=%s +Name={} [Network] DHCP=ipv4 -IPv6AcceptRA=False''' % self.iface) +IPv6AcceptRA=False'''.format(self.iface)) # create second device/dnsmasq for a .company/.lab VPN interface # static IPs for simplicity @@ -653,7 +652,7 @@ Domains= ~company ~lab''') self.addCleanup(subprocess.call, ['umount', '/etc/hostname']) subprocess.check_call(['systemctl', 'stop', 'systemd-hostnamed.service']) - self.create_iface(dnsmasq_opts=['--dhcp-host=%s,192.168.5.210,testgreen' % self.iface_mac]) + self.create_iface(dnsmasq_opts=['--dhcp-host={},192.168.5.210,testgreen'.format(self.iface_mac)]) self.do_test(coldplug=None, extra_opts='IPv6AcceptRA=False', dhcp_mode='ipv4') try: @@ -670,7 +669,7 @@ Domains= ~company ~lab''') sys.stdout.write('[retry %i] ' % retry) sys.stdout.flush() else: - self.fail('Transient hostname not found in hostnamectl:\n%s' % out.decode()) + self.fail('Transient hostname not found in hostnamectl:\n{}'.format(out.decode())) # and also applied to the system self.assertEqual(socket.gethostname(), 'testgreen') except AssertionError: @@ -688,7 +687,7 @@ Domains= ~company ~lab''') self.writeConfig('/etc/hostname', orig_hostname) subprocess.check_call(['systemctl', 'stop', 'systemd-hostnamed.service']) - self.create_iface(dnsmasq_opts=['--dhcp-host=%s,192.168.5.210,testgreen' % self.iface_mac]) + self.create_iface(dnsmasq_opts=['--dhcp-host={},192.168.5.210,testgreen'.format(self.iface_mac)]) self.do_test(coldplug=None, extra_opts='IPv6AcceptRA=False', dhcp_mode='ipv4') try: @@ -942,9 +941,9 @@ class MatchClientTest(unittest.TestCase, NetworkdTestingUtilities): ['addr', mac], ['addr', mac]) self.write_network('no-veth.network', """\ [Match] -MACAddress=%s +MACAddress={} Name=!nonexistent *peer* -[Network]""" % mac) +[Network]""".format(mac)) subprocess.check_call(['systemctl', 'start', 'systemd-networkd']) self.assert_link_states(test_veth='managed', test_peer='unmanaged') diff --git a/test/rule-syntax-check.py b/test/rule-syntax-check.py index e053b027ca..a245432b62 100755 --- a/test/rule-syntax-check.py +++ b/test/rule-syntax-check.py @@ -28,10 +28,15 @@ rules_files = sys.argv[1:] if not rules_files: sys.exit('Specify files to test as arguments') -no_args_tests = re.compile(r'(ACTION|DEVPATH|KERNELS?|NAME|SYMLINK|SUBSYSTEMS?|DRIVERS?|TAG|RESULT|TEST)\s*(?:=|!)=\s*"([^"]*)"$') -args_tests = re.compile(r'(ATTRS?|ENV|TEST){([a-zA-Z0-9/_.*%-]+)}\s*(?:=|!)=\s*"([^"]*)"$') -no_args_assign = re.compile(r'(NAME|SYMLINK|OWNER|GROUP|MODE|TAG|PROGRAM|RUN|LABEL|GOTO|OPTIONS|IMPORT)\s*(?:\+=|:=|=)\s*"([^"]*)"$') -args_assign = re.compile(r'(ATTR|ENV|IMPORT|RUN){([a-zA-Z0-9/_.*%-]+)}\s*(=|\+=)\s*"([^"]*)"$') +quoted_string_re = r'"(?:[^\\"]|\\.)*"' +no_args_tests = re.compile(r'(ACTION|DEVPATH|KERNELS?|NAME|SYMLINK|SUBSYSTEMS?|DRIVERS?|TAG|PROGRAM|RESULT|TEST)\s*(?:=|!)=\s*' + quoted_string_re + '$') +args_tests = re.compile(r'(ATTRS?|ENV|TEST){([a-zA-Z0-9/_.*%-]+)}\s*(?:=|!)=\s*' + quoted_string_re + '$') +no_args_assign = re.compile(r'(NAME|SYMLINK|OWNER|GROUP|MODE|TAG|RUN|LABEL|GOTO|OPTIONS|IMPORT)\s*(?:\+=|:=|=)\s*' + quoted_string_re + '$') +args_assign = re.compile(r'(ATTR|ENV|IMPORT|RUN){([a-zA-Z0-9/_.*%-]+)}\s*(=|\+=)\s*' + quoted_string_re + '$') +# Find comma-separated groups, but allow commas that are inside quoted strings. +# Using quoted_string_re + '?' so that strings missing the last double quote +# will still match for this part that splits on commas. +comma_separated_group_re = re.compile(r'(?:[^,"]|' + quoted_string_re + '?)+') result = 0 buffer = '' @@ -54,8 +59,10 @@ for path in rules_files: if not line or line.startswith('#'): continue - for clause in line.split(','): - clause = clause.strip() + # Separator ',' is normally optional but we make it mandatory here as + # it generally improves the readability of the rules. + for clause_match in comma_separated_group_re.finditer(line): + clause = clause_match.group().strip() if not (no_args_tests.match(clause) or args_tests.match(clause) or no_args_assign.match(clause) or args_assign.match(clause)): diff --git a/test/sysv-generator-test.py b/test/sysv-generator-test.py index 0b4710aeab..463ee3c555 100755 --- a/test/sysv-generator-test.py +++ b/test/sysv-generator-test.py @@ -19,15 +19,16 @@ # You should have received a copy of the GNU Lesser General Public License # along with systemd; If not, see <http://www.gnu.org/licenses/>. -import unittest -import sys +import collections import os +import shutil import subprocess +import sys import tempfile -import shutil -from glob import glob -import collections +import unittest + from configparser import RawConfigParser +from glob import glob sysv_generator = './systemd-sysv-generator' @@ -112,22 +113,20 @@ class SysvGeneratorTest(unittest.TestCase): keys.setdefault('Required-Stop', keys['Required-Start']) keys.setdefault('Default-Start', '2 3 4 5') keys.setdefault('Default-Stop', '0 1 6') - keys.setdefault('Short-Description', 'test %s service' % - name_without_sh) - keys.setdefault('Description', 'long description for test %s service' % - name_without_sh) + keys.setdefault('Short-Description', 'test {} service'.format(name_without_sh)) + keys.setdefault('Description', 'long description for test {} service'.format(name_without_sh)) script = os.path.join(self.init_d_dir, fname) with open(script, 'w') as f: f.write('#!/bin/init-d-interpreter\n### BEGIN INIT INFO\n') for k, v in keys.items(): if v is not None: - f.write('#%20s %s\n' % (k + ':', v)) + f.write('#{:>20} {}\n'.format(k + ':', v)) f.write('### END INIT INFO\ncode --goes here\n') os.chmod(script, 0o755) if enable: def make_link(prefix, runlevel): - d = os.path.join(self.rcnd_dir, 'rc%s.d' % runlevel) + d = os.path.join(self.rcnd_dir, 'rc{}.d'.format(runlevel)) if not os.path.isdir(d): os.mkdir(d) os.symlink('../init.d/' + fname, os.path.join(d, prefix + fname)) @@ -146,7 +145,7 @@ class SysvGeneratorTest(unittest.TestCase): # should be enabled for target in all_targets: - link = os.path.join(self.out_dir, '%s.target.wants' % target, unit) + link = os.path.join(self.out_dir, '{}.target.wants'.format(target), unit) if target in targets: unit_file = os.readlink(link) # os.path.exists() will fail on a dangling symlink @@ -154,7 +153,7 @@ class SysvGeneratorTest(unittest.TestCase): self.assertEqual(os.path.basename(unit_file), unit) else: self.assertFalse(os.path.exists(link), - '%s unexpectedly exists' % link) + '{} unexpectedly exists'.format(link)) # # test cases @@ -188,9 +187,9 @@ class SysvGeneratorTest(unittest.TestCase): self.assertEqual(s.get('Service', 'Type'), 'forking') init_script = os.path.join(self.init_d_dir, 'foo') self.assertEqual(s.get('Service', 'ExecStart'), - '%s start' % init_script) + '{} start'.format(init_script)) self.assertEqual(s.get('Service', 'ExecStop'), - '%s stop' % init_script) + '{} stop'.format(init_script)) self.assertNotIn('Overwriting', err) @@ -276,7 +275,7 @@ class SysvGeneratorTest(unittest.TestCase): d = os.path.join(self.rcnd_dir, 'rc2.d') if not os.path.isdir(d): os.mkdir(d) - os.symlink('../init.d/' + name, os.path.join(d, 'S%02i%s' % (prio, name))) + os.symlink('../init.d/' + name, os.path.join(d, 'S{:>2}{}'.format(prio, name))) err, results = self.run_generator() self.assertEqual(sorted(results), ['consumer.service', 'provider.service']) @@ -351,9 +350,9 @@ class SysvGeneratorTest(unittest.TestCase): # calls correct script with .sh init_script = os.path.join(self.init_d_dir, 'foo.sh') self.assertEqual(s.get('Service', 'ExecStart'), - '%s start' % init_script) + '{} start'.format(init_script)) self.assertEqual(s.get('Service', 'ExecStop'), - '%s stop' % init_script) + '{} stop'.format(init_script)) self.assert_enabled('foo.service', ['multi-user', 'graphical']) diff --git a/test/test-execute/exec-capabilityambientset-merge-nfsnobody.service b/test/test-execute/exec-ambientcapabilities-merge-nfsnobody.service index 00bec581b5..d2cadebde4 100644 --- a/test/test-execute/exec-capabilityambientset-merge-nfsnobody.service +++ b/test/test-execute/exec-ambientcapabilities-merge-nfsnobody.service @@ -2,8 +2,8 @@ Description=Test for AmbientCapabilities [Service] -ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000003000"' +ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000002001"' Type=oneshot User=nfsnobody -AmbientCapabilities=CAP_NET_ADMIN +AmbientCapabilities=CAP_CHOWN AmbientCapabilities=CAP_NET_RAW diff --git a/test/test-execute/exec-capabilityambientset-merge.service b/test/test-execute/exec-ambientcapabilities-merge-nobody.service index 64964380e2..545081d629 100644 --- a/test/test-execute/exec-capabilityambientset-merge.service +++ b/test/test-execute/exec-ambientcapabilities-merge-nobody.service @@ -2,8 +2,8 @@ Description=Test for AmbientCapabilities [Service] -ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000003000"' +ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000002001"' Type=oneshot User=nobody -AmbientCapabilities=CAP_NET_ADMIN +AmbientCapabilities=CAP_CHOWN AmbientCapabilities=CAP_NET_RAW diff --git a/test/test-execute/exec-ambientcapabilities-merge.service b/test/test-execute/exec-ambientcapabilities-merge.service new file mode 100644 index 0000000000..2e3fe59124 --- /dev/null +++ b/test/test-execute/exec-ambientcapabilities-merge.service @@ -0,0 +1,9 @@ +[Unit] +Description=Test for AmbientCapabilities (daemon) + +[Service] +ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000002001"' +Type=oneshot +User=daemon +AmbientCapabilities=CAP_CHOWN +AmbientCapabilities=CAP_NET_RAW diff --git a/test/test-execute/exec-capabilityambientset-nfsnobody.service b/test/test-execute/exec-ambientcapabilities-nfsnobody.service index 614cfdd584..9377ee16b2 100644 --- a/test/test-execute/exec-capabilityambientset-nfsnobody.service +++ b/test/test-execute/exec-ambientcapabilities-nfsnobody.service @@ -2,7 +2,7 @@ Description=Test for AmbientCapabilities [Service] -ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000003000"' +ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000002001"' Type=oneshot User=nfsnobody -AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW +AmbientCapabilities=CAP_CHOWN CAP_NET_RAW diff --git a/test/test-execute/exec-capabilityambientset.service b/test/test-execute/exec-ambientcapabilities-nobody.service index d63f884ef8..07a6c7511d 100644 --- a/test/test-execute/exec-capabilityambientset.service +++ b/test/test-execute/exec-ambientcapabilities-nobody.service @@ -2,7 +2,7 @@ Description=Test for AmbientCapabilities [Service] -ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000003000"' +ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000002001"' Type=oneshot User=nobody -AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW +AmbientCapabilities=CAP_CHOWN CAP_NET_RAW diff --git a/test/test-execute/exec-ambientcapabilities.service b/test/test-execute/exec-ambientcapabilities.service new file mode 100644 index 0000000000..d91cc09a48 --- /dev/null +++ b/test/test-execute/exec-ambientcapabilities.service @@ -0,0 +1,8 @@ +[Unit] +Description=Test for AmbientCapabilities (daemon) + +[Service] +ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000002001"' +Type=oneshot +User=daemon +AmbientCapabilities=CAP_CHOWN CAP_NET_RAW diff --git a/test/test-execute/exec-dynamicuser-statedir.service b/test/test-execute/exec-dynamicuser-statedir.service index cc09c938cf..5ea6d9da42 100644 --- a/test/test-execute/exec-dynamicuser-statedir.service +++ b/test/test-execute/exec-dynamicuser-statedir.service @@ -12,7 +12,7 @@ ExecStart=/bin/sh -c 'test -f /var/lib/private/waldo/yay' ExecStart=/bin/sh -c 'test -f /var/lib/private/quux/pief/yayyay' # Make sure that /var/lib/private/waldo is really the only writable directory besides the obvious candidates -ExecStart=/bin/sh -x -c 'test $$(find / -type d -writable 2> /dev/null | egrep -v -e \'^(/var/tmp$$|/tmp$$|/proc/|/dev/mqueue$$|/dev/shm$$)\' | sort -u | tr -d '\\\\n') = /var/lib/private/quux/pief/var/lib/private/waldo' +ExecStart=/bin/sh -x -c 'test $$(find / -type d -writable 2> /dev/null | egrep -v -e \'^(/var/tmp$$|/tmp$$|/proc/|/dev/mqueue$$|/dev/shm$$|/sys/fs/bpf$$)\' | sort -u | tr -d '\\\\n') = /var/lib/private/quux/pief/var/lib/private/waldo' Type=oneshot DynamicUser=yes diff --git a/test/test-execute/exec-group-nobody.service b/test/test-execute/exec-group-nobody.service new file mode 100644 index 0000000000..be7c796912 --- /dev/null +++ b/test/test-execute/exec-group-nobody.service @@ -0,0 +1,7 @@ +[Unit] +Description=Test for Group + +[Service] +ExecStart=/bin/sh -x -c 'test "$$(id -n -g)" = "nobody"' +Type=oneshot +Group=nobody diff --git a/test/test-execute/exec-group.service b/test/test-execute/exec-group.service index be7c796912..be55992395 100644 --- a/test/test-execute/exec-group.service +++ b/test/test-execute/exec-group.service @@ -1,7 +1,7 @@ [Unit] -Description=Test for Group +Description=Test for Group (daemon) [Service] -ExecStart=/bin/sh -x -c 'test "$$(id -n -g)" = "nobody"' +ExecStart=/bin/sh -x -c 'test "$$(id -n -g)" = "daemon"' Type=oneshot -Group=nobody +Group=daemon diff --git a/test/test-execute/exec-runtimedirectory-mode.service b/test/test-execute/exec-runtimedirectory-mode.service index 842721d5c2..480f904155 100644 --- a/test/test-execute/exec-runtimedirectory-mode.service +++ b/test/test-execute/exec-runtimedirectory-mode.service @@ -2,7 +2,7 @@ Description=Test for RuntimeDirectoryMode [Service] -ExecStart=/bin/sh -x -c 'mode=$$(stat -c %%a /tmp/test-exec_runtimedirectory-mode); test "$$mode" = "750"' +ExecStart=/bin/sh -x -c 'mode=$$(stat -c %%a %t/test-exec_runtimedirectory-mode); test "$$mode" = "750"' Type=oneshot RuntimeDirectory=test-exec_runtimedirectory-mode RuntimeDirectoryMode=0750 diff --git a/test/test-execute/exec-runtimedirectory-owner-nfsnobody.service b/test/test-execute/exec-runtimedirectory-owner-nfsnobody.service index e962af8a4b..1e3b6b4151 100644 --- a/test/test-execute/exec-runtimedirectory-owner-nfsnobody.service +++ b/test/test-execute/exec-runtimedirectory-owner-nfsnobody.service @@ -2,7 +2,7 @@ Description=Test for RuntimeDirectory owner (must not be the default group of the user if Group is set) [Service] -ExecStart=/bin/sh -x -c 'group=$$(stat -c %%G /tmp/test-exec_runtimedirectory-owner); test "$$group" = "nfsnobody"' +ExecStart=/bin/sh -x -c 'group=$$(stat -c %%G %t/test-exec_runtimedirectory-owner); test "$$group" = "nfsnobody"' Type=oneshot Group=nfsnobody User=root diff --git a/test/test-execute/exec-runtimedirectory-owner-nobody.service b/test/test-execute/exec-runtimedirectory-owner-nobody.service new file mode 100644 index 0000000000..54782f9bbd --- /dev/null +++ b/test/test-execute/exec-runtimedirectory-owner-nobody.service @@ -0,0 +1,9 @@ +[Unit] +Description=Test for RuntimeDirectory owner (must not be the default group of the user if Group is set) + +[Service] +ExecStart=/bin/sh -x -c 'group=$$(stat -c %%G %t/test-exec_runtimedirectory-owner); test "$$group" = "nobody"' +Type=oneshot +Group=nobody +User=root +RuntimeDirectory=test-exec_runtimedirectory-owner diff --git a/test/test-execute/exec-runtimedirectory-owner-nogroup.service b/test/test-execute/exec-runtimedirectory-owner-nogroup.service new file mode 100644 index 0000000000..663afe1188 --- /dev/null +++ b/test/test-execute/exec-runtimedirectory-owner-nogroup.service @@ -0,0 +1,9 @@ +[Unit] +Description=Test for RuntimeDirectory owner (must not be the default group of the user if Group is set) + +[Service] +ExecStart=/bin/sh -x -c 'group=$$(stat -c %%G %t/test-exec_runtimedirectory-owner); test "$$group" = "nogroup"' +Type=oneshot +Group=nogroup +User=root +RuntimeDirectory=test-exec_runtimedirectory-owner diff --git a/test/test-execute/exec-runtimedirectory-owner.service b/test/test-execute/exec-runtimedirectory-owner.service index 1f438c182e..07dd7ca3af 100644 --- a/test/test-execute/exec-runtimedirectory-owner.service +++ b/test/test-execute/exec-runtimedirectory-owner.service @@ -2,8 +2,8 @@ Description=Test for RuntimeDirectory owner (must not be the default group of the user if Group is set) [Service] -ExecStart=/bin/sh -x -c 'group=$$(stat -c %%G /tmp/test-exec_runtimedirectory-owner); test "$$group" = "nobody"' +ExecStart=/bin/sh -x -c 'group=$$(stat -c %%G %t/test-exec_runtimedirectory-owner-daemon); test "$$group" = "daemon"' Type=oneshot -Group=nobody +Group=daemon User=root -RuntimeDirectory=test-exec_runtimedirectory-owner +RuntimeDirectory=test-exec_runtimedirectory-owner-daemon diff --git a/test/test-execute/exec-runtimedirectory.service b/test/test-execute/exec-runtimedirectory.service index ec46c9d49b..d8f242fde2 100644 --- a/test/test-execute/exec-runtimedirectory.service +++ b/test/test-execute/exec-runtimedirectory.service @@ -2,6 +2,6 @@ Description=Test for RuntimeDirectory [Service] -ExecStart=/bin/sh -x -c 'test -d /tmp/test-exec_runtimedirectory' +ExecStart=/bin/sh -x -c 'test -d %t/test-exec_runtimedirectory' Type=oneshot RuntimeDirectory=test-exec_runtimedirectory diff --git a/test/test-execute/exec-systemcallfilter-system-user-nobody.service b/test/test-execute/exec-systemcallfilter-system-user-nobody.service new file mode 100644 index 0000000000..da129a30e4 --- /dev/null +++ b/test/test-execute/exec-systemcallfilter-system-user-nobody.service @@ -0,0 +1,11 @@ +[Unit] +Description=Test for SystemCallFilter in system mode with User set + +[Service] +ExecStart=/bin/sh -c 'echo "Foo bar"' +Type=oneshot +User=nobody +SystemCallFilter=~read write open execve ioperm +SystemCallFilter=ioctl +SystemCallFilter=read write open execve +SystemCallFilter=~ioperm diff --git a/test/test-execute/exec-systemcallfilter-system-user.service b/test/test-execute/exec-systemcallfilter-system-user.service index da129a30e4..488a3bb79e 100644 --- a/test/test-execute/exec-systemcallfilter-system-user.service +++ b/test/test-execute/exec-systemcallfilter-system-user.service @@ -1,10 +1,10 @@ [Unit] -Description=Test for SystemCallFilter in system mode with User set +Description=Test for SystemCallFilter in system mode with User set (daemon) [Service] ExecStart=/bin/sh -c 'echo "Foo bar"' Type=oneshot -User=nobody +User=daemon SystemCallFilter=~read write open execve ioperm SystemCallFilter=ioctl SystemCallFilter=read write open execve diff --git a/test/test-execute/exec-temporaryfilesystem-options.service b/test/test-execute/exec-temporaryfilesystem-options.service new file mode 100644 index 0000000000..b7a5baf93a --- /dev/null +++ b/test/test-execute/exec-temporaryfilesystem-options.service @@ -0,0 +1,17 @@ +[Unit] +Description=Test for TemporaryFileSystem with mount options + +[Service] +Type=oneshot + +# The mount options default to "mode=0755,nodev,strictatime". +# Let's override some of them, and test the behaviour of "ro". +TemporaryFileSystem=/var:ro,mode=0700,nostrictatime + +# Check /proc/self/mountinfo +ExecStart=/bin/sh -x -c 'test "$$(awk \'$$5 == "/var" && $$11 !~ /(^|,)ro(,|$$)/ { print $$6 }\' /proc/self/mountinfo)" = ""' +ExecStart=/bin/sh -x -c 'test "$$(awk \'$$5 == "/var" && $$11 !~ /(^|,)mode=700(,|$$)/ { print $$6 }\' /proc/self/mountinfo)" = ""' + +ExecStart=/bin/sh -x -c 'test "$$(awk \'$$5 == "/var" && $$6 !~ /(^|,)ro(,|$$)/ { print $$6 }\' /proc/self/mountinfo)" = ""' +ExecStart=/bin/sh -x -c 'test "$$(awk \'$$5 == "/var" && $$6 !~ /(^|,)nodev(,|$$)/ { print $$6 }\' /proc/self/mountinfo)" = ""' +ExecStart=/bin/sh -x -c 'test "$$(awk \'$$5 == "/var" && $$6 ~ /(^|,)strictatime(,|$$)/ { print $$6 }\' /proc/self/mountinfo)" = ""' diff --git a/test/test-execute/exec-temporaryfilesystem-ro.service b/test/test-execute/exec-temporaryfilesystem-ro.service new file mode 100644 index 0000000000..c0e3721a01 --- /dev/null +++ b/test/test-execute/exec-temporaryfilesystem-ro.service @@ -0,0 +1,33 @@ +[Unit] +Description=Test for TemporaryFileSystem with read-only mode + +[Service] +Type=oneshot + +# Check directories exist +ExecStart=/bin/sh -c 'test -d /var/test-exec-temporaryfilesystem/rw && test -d /var/test-exec-temporaryfilesystem/ro' + +# Check TemporaryFileSystem= are empty +ExecStart=/bin/sh -c 'for i in $$(ls -A /var); do test $$i = test-exec-temporaryfilesystem || false; done' + +# Cannot create a file in /var +ExecStart=/bin/sh -c '! touch /var/hoge' + +# Create a file in /var/test-exec-temporaryfilesystem/rw +ExecStart=/bin/sh -c 'touch /var/test-exec-temporaryfilesystem/rw/thisisasimpletest-temporaryfilesystem' + +# Then, the file can be access through /tmp +ExecStart=/bin/sh -c 'test -f /tmp/thisisasimpletest-temporaryfilesystem' + +# Also, through /var/test-exec-temporaryfilesystem/ro +ExecStart=/bin/sh -c 'test -f /var/test-exec-temporaryfilesystem/ro/thisisasimpletest-temporaryfilesystem' + +# The file cannot modify through /var/test-exec-temporaryfilesystem/ro +ExecStart=/bin/sh -c '! touch /var/test-exec-temporaryfilesystem/ro/thisisasimpletest-temporaryfilesystem' + +# Cleanup +ExecStart=/bin/sh -c 'rm /tmp/thisisasimpletest-temporaryfilesystem' + +TemporaryFileSystem=/var:ro +BindPaths=/tmp:/var/test-exec-temporaryfilesystem/rw +BindReadOnlyPaths=/tmp:/var/test-exec-temporaryfilesystem/ro diff --git a/test/test-execute/exec-temporaryfilesystem-rw.service b/test/test-execute/exec-temporaryfilesystem-rw.service new file mode 100644 index 0000000000..fc02ceab1c --- /dev/null +++ b/test/test-execute/exec-temporaryfilesystem-rw.service @@ -0,0 +1,33 @@ +[Unit] +Description=Test for TemporaryFileSystem + +[Service] +Type=oneshot + +# Check directories exist +ExecStart=/bin/sh -c 'test -d /var/test-exec-temporaryfilesystem/rw && test -d /var/test-exec-temporaryfilesystem/ro' + +# Check TemporaryFileSystem= are empty +ExecStart=/bin/sh -c 'for i in $$(ls -A /var); do test $$i = test-exec-temporaryfilesystem || false; done' + +# Create a file in /var +ExecStart=/bin/sh -c 'touch /var/hoge' + +# Create a file in /var/test-exec-temporaryfilesystem/rw +ExecStart=/bin/sh -c 'touch /var/test-exec-temporaryfilesystem/rw/thisisasimpletest-temporaryfilesystem' + +# Then, the file can be access through /tmp +ExecStart=/bin/sh -c 'test -f /tmp/thisisasimpletest-temporaryfilesystem' + +# Also, through /var/test-exec-temporaryfilesystem/ro +ExecStart=/bin/sh -c 'test -f /var/test-exec-temporaryfilesystem/ro/thisisasimpletest-temporaryfilesystem' + +# The file cannot modify through /var/test-exec-temporaryfilesystem/ro +ExecStart=/bin/sh -c '! touch /var/test-exec-temporaryfilesystem/ro/thisisasimpletest-temporaryfilesystem' + +# Cleanup +ExecStart=/bin/sh -c 'rm /tmp/thisisasimpletest-temporaryfilesystem' + +TemporaryFileSystem=/var +BindPaths=/tmp:/var/test-exec-temporaryfilesystem/rw +BindReadOnlyPaths=/tmp:/var/test-exec-temporaryfilesystem/ro diff --git a/test/test-execute/exec-temporaryfilesystem-usr.service b/test/test-execute/exec-temporaryfilesystem-usr.service new file mode 100644 index 0000000000..05c1ec0694 --- /dev/null +++ b/test/test-execute/exec-temporaryfilesystem-usr.service @@ -0,0 +1,15 @@ +[Unit] +Description=Test for TemporaryFileSystem on /usr + +[Service] +Type=oneshot + +# Check TemporaryFileSystem= are empty +ExecStart=/bin/sh -c 'for i in $$(ls -A /usr); do test $$i = lib -o $$i = lib64 -o $$i = bin -o $$i = sbin || false; done' + +# Cannot create files under /usr +ExecStart=/bin/sh -c '! touch /usr/hoge' +ExecStart=/bin/sh -c '! touch /usr/bin/hoge' + +TemporaryFileSystem=/usr:ro +BindReadOnlyPaths=-/usr/lib -/usr/lib64 /usr/bin /usr/sbin diff --git a/test/test-execute/exec-user-nobody.service b/test/test-execute/exec-user-nobody.service new file mode 100644 index 0000000000..0a00c1abc4 --- /dev/null +++ b/test/test-execute/exec-user-nobody.service @@ -0,0 +1,7 @@ +[Unit] +Description=Test for User + +[Service] +ExecStart=/bin/sh -x -c 'test "$$USER" = "nobody"' +Type=oneshot +User=nobody diff --git a/test/test-execute/exec-user.service b/test/test-execute/exec-user.service index 0a00c1abc4..d315a828d4 100644 --- a/test/test-execute/exec-user.service +++ b/test/test-execute/exec-user.service @@ -1,7 +1,7 @@ [Unit] -Description=Test for User +Description=Test for User (daemon) [Service] -ExecStart=/bin/sh -x -c 'test "$$USER" = "nobody"' +ExecStart=/bin/sh -x -c 'test "$$USER" = "daemon"' Type=oneshot -User=nobody +User=daemon diff --git a/test/test-functions b/test/test-functions index 018bdca888..17e83ccf3f 100644 --- a/test/test-functions +++ b/test/test-functions @@ -313,8 +313,9 @@ install_dmevent() { inst_libdir_file "libdevmapper-event.so*" if [[ "$LOOKS_LIKE_DEBIAN" ]]; then # dmsetup installs 55-dm and 60-persistent-storage-dm on Debian/Ubuntu - # see https://anonscm.debian.org/cgit/pkg-lvm/lvm2.git/tree/debian/patches/0007-udev.patch - inst_rules 55-dm.rules 60-persistent-storage-dm.rules + # and since buster/bionic 95-dm-notify.rules + # see https://gitlab.com/debian-lvm/lvm2/blob/master/debian/patches/udev.patch + inst_rules 55-dm.rules 60-persistent-storage-dm.rules 95-dm-notify.rules else inst_rules 10-dm.rules 13-dm-disk.rules 95-dm-notify.rules fi @@ -1057,6 +1058,7 @@ inst_rules() { fi done [[ $_found ]] || dinfo "Skipping udev rule: $_rule" + _found= done } @@ -1381,8 +1383,8 @@ inst_libdir_file() { } setup_suse() { - ln -s ../usr/bin/systemctl $initdir/bin/systemctl - ln -s ../usr/lib/systemd $initdir/lib/systemd + ln -fs ../usr/bin/systemctl $initdir/bin/ + ln -fs ../usr/lib/systemd $initdir/lib/ inst_simple "/usr/lib/systemd/system/haveged.service" } diff --git a/test/udev-test.pl b/test/udev-test.pl index 20f662eb3b..9e7cc94638 100755 --- a/test/udev-test.pl +++ b/test/udev-test.pl @@ -606,9 +606,9 @@ EOF desc => "textual user id", devpath => "/devices/pci0000:00/0000:00:1f.2/host0/target0:0:0/0:0:0:0/block/sda", exp_name => "node", - exp_perms => "nobody::0600", + exp_perms => "daemon::0600", rules => <<EOF -SUBSYSTEMS=="scsi", KERNEL=="sda", SYMLINK+="node", OWNER="nobody" +SUBSYSTEMS=="scsi", KERNEL=="sda", SYMLINK+="node", OWNER="daemon" EOF }, { |