system/systemd
system/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd synced 2024-07-09 04:26:06 +00:00
Code Issues Projects Releases Wiki Activity

test: rename TEST-19-DELEGATE to TEST-19-CGROUP

Browse Source 
And clean it up a bit.
This commit is contained in:
Frantisek Sumsal 2023-05-16 19:17:40 +02:00
parent 5ff1c6fcde
commit 3999ea001a
4 changed files with 109 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
test/TEST-19-DELEGATE/Makefile → test/TEST-19-CGROUP/Makefile
View File

3
test/TEST-19-DELEGATE/test.sh → test/TEST-19-CGROUP/test.sh
View File

@ -2,8 +2,7 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
TEST_DESCRIPTION="test cgroup delegation in the unified hierarchy"
TEST_NO_NSPAWN=1
TEST_DESCRIPTION="Various cgroup-related tests"
# shellcheck source=test/test-functions
. "${TEST_BASE_DIR:?}/test-functions"

102
test/units/testsuite-19.delegate.sh Executable file
View File

@ -0,0 +1,102 @@
#!/usr/bin/env bash
# SPDX-License-Identifier: LGPL-2.1-or-later
set -eux
set -o pipefail
# Test cgroup delegation in the unified hierarchy
# shellcheck source=test/units/util.sh
. "$(dirname "$0")"/util.sh
if [[ "$(get_cgroup_hierarchy)" != unified ]]; then
echo "Skipping $0 as we're not running with the unified cgroup hierarchy"
exit 0
fi
at_exit() {
set +e
userdel -r test
}
systemd-run --wait \
--unit=test-0.service \
--property="DynamicUser=1" \
--property="Delegate=" \
test -w /sys/fs/cgroup/system.slice/test-0.service/ -a \
-w /sys/fs/cgroup/system.slice/test-0.service/cgroup.procs -a \
-w /sys/fs/cgroup/system.slice/test-0.service/cgroup.subtree_control
systemd-run --wait \
--unit=test-1.service \
--property="DynamicUser=1" \
--property="Delegate=memory pids" \
grep -q memory /sys/fs/cgroup/system.slice/test-1.service/cgroup.controllers
systemd-run --wait \
--unit=test-2.service \
--property="DynamicUser=1" \
--property="Delegate=memory pids" \
grep -q pids /sys/fs/cgroup/system.slice/test-2.service/cgroup.controllers
# "io" is not among the controllers enabled by default for all units, verify that
grep -qv io /sys/fs/cgroup/system.slice/cgroup.controllers
# Run a service with "io" enabled, and verify it works
systemd-run --wait \
--unit=test-3.service \
--property="IOAccounting=yes" \
--property="Slice=system-foo-bar-baz.slice" \
grep -q io /sys/fs/cgroup/system.slice/system-foo.slice/system-foo-bar.slice/system-foo-bar-baz.slice/test-3.service/cgroup.controllers
# We want to check if "io" is removed again from the controllers
# list. However, PID 1 (rightfully) does this asynchronously. In order
# to force synchronization on this, let's start a short-lived service
# which requires PID 1 to refresh the cgroup tree, so that we can
# verify that this all works.
systemd-run --wait --unit=test-4.service true
# And now check again, "io" should have vanished
grep -qv io /sys/fs/cgroup/system.slice/cgroup.controllers
# Check that unprivileged delegation works for scopes
useradd test ||:
systemd-run --uid=test \
--property="User=test" \
--property="Delegate=yes" \
--slice workload.slice \
--unit test-workload0.scope\
--scope \
test -w /sys/fs/cgroup/workload.slice/test-workload0.scope -a \
-w /sys/fs/cgroup/workload.slice/test-workload0.scope/cgroup.procs -a \
-w /sys/fs/cgroup/workload.slice/test-workload0.scope/cgroup.subtree_control
# Verify that DelegateSubgroup= affects ownership correctly
unit="test-subgroup-$RANDOM.service"
systemd-run --wait \
--unit="$unit" \
--property="DynamicUser=1" \
--property="Delegate=pids" \
--property="DelegateSubgroup=foo" \
test -w "/sys/fs/cgroup/system.slice/$unit" -a \
-w "/sys/fs/cgroup/system.slice/$unit/foo"
# Check that for the subgroup also attributes that aren't covered by
# regular (i.e. main cgroup) delegation ownership rules are delegated properly
if test -f /sys/fs/cgroup/cgroup.max.depth; then
unit="test-subgroup-$RANDOM.service"
systemd-run --wait \
--unit="$unit" \
--property="DynamicUser=1" \
--property="Delegate=pids" \
--property="DelegateSubgroup=zzz" \
test -w "/sys/fs/cgroup/system.slice/$unit/zzz/cgroup.max.depth"
fi
# Check that the invoked process itsel is also in the subgroup
unit="test-subgroup-$RANDOM.service"
systemd-run --wait \
--unit="$unit" \
--property="DynamicUser=1" \
--property="Delegate=pids" \
--property="DelegateSubgroup=bar" \
grep -q -x -F "0::/system.slice/$unit/bar" /proc/self/cgroup

70
test/units/testsuite-19.sh
View File

@ -3,70 +3,12 @@
set -eux
set -o pipefail
test_scope_unpriv_delegation() {
useradd test ||:
trap "userdel -r test" RETURN
: >/failed
systemd-run --uid=test -p User=test -p Delegate=yes --slice workload.slice --unit test-workload0.scope --scope \
test -w /sys/fs/cgroup/workload.slice/test-workload0.scope -a \
-w /sys/fs/cgroup/workload.slice/test-workload0.scope/cgroup.procs -a \
-w /sys/fs/cgroup/workload.slice/test-workload0.scope/cgroup.subtree_control
}
# shellcheck source=test/units/test-control.sh
. "$(dirname "$0")"/test-control.sh
if grep -q cgroup2 /proc/filesystems ; then
systemd-run --wait --unit=test-0.service -p "DynamicUser=1" -p "Delegate=" \
test -w /sys/fs/cgroup/system.slice/test-0.service/ -a \
-w /sys/fs/cgroup/system.slice/test-0.service/cgroup.procs -a \
-w /sys/fs/cgroup/system.slice/test-0.service/cgroup.subtree_control
run_subtests
systemd-run --wait --unit=test-1.service -p "DynamicUser=1" -p "Delegate=memory pids" \
grep -q memory /sys/fs/cgroup/system.slice/test-1.service/cgroup.controllers
systemd-run --wait --unit=test-2.service -p "DynamicUser=1" -p "Delegate=memory pids" \
grep -q pids /sys/fs/cgroup/system.slice/test-2.service/cgroup.controllers
# "io" is not among the controllers enabled by default for all units, verify that
grep -qv io /sys/fs/cgroup/system.slice/cgroup.controllers
# Run a service with "io" enabled, and verify it works
systemd-run --wait --unit=test-3.service -p "IOAccounting=yes" -p "Slice=system-foo-bar-baz.slice" \
grep -q io /sys/fs/cgroup/system.slice/system-foo.slice/system-foo-bar.slice/system-foo-bar-baz.slice/test-3.service/cgroup.controllers
# We want to check if "io" is removed again from the controllers
# list. However, PID 1 (rightfully) does this asynchronously. In order
# to force synchronization on this, let's start a short-lived service
# which requires PID 1 to refresh the cgroup tree, so that we can
# verify that this all works.
systemd-run --wait --unit=test-4.service true
# And now check again, "io" should have vanished
grep -qv io /sys/fs/cgroup/system.slice/cgroup.controllers
# Check that unprivileged delegation works for scopes
test_scope_unpriv_delegation
# Verify that DelegateSubgroup= affects ownership correctly
U="test-subgroup-$RANDOM.service"
systemd-run --wait --unit="$U" -p "DynamicUser=1" -p "Delegate=pids" -p "DelegateSubgroup=foo" \
test -w "/sys/fs/cgroup/system.slice/$U" -a \
-w "/sys/fs/cgroup/system.slice/$U/foo"
# Check that for the subgroup also attributes that aren't covered by
# regular (i.e. main cgroup) delegation ownership rules are delegated properly
if test -f /sys/fs/cgroup/cgroup.max.depth ; then
U="test-subgroup-$RANDOM.service"
systemd-run --wait --unit="$U" -p "DynamicUser=1" -p "Delegate=pids" -p "DelegateSubgroup=zzz" \
test -w "/sys/fs/cgroup/system.slice/$U/zzz/cgroup.max.depth"
fi
# Check that the invoked process itsel is also in the subgroup
U="test-subgroup-$RANDOM.service"
systemd-run --wait --unit="$U" -p "DynamicUser=1" -p "Delegate=pids" -p "DelegateSubgroup=bar" \
grep -q -x -F "0::/system.slice/$U/bar" /proc/self/cgroup
else
echo "Skipping TEST-19-DELEGATE, as the kernel doesn't actually support cgroup v2" >&2
fi
echo OK >/testok
exit 0
touch /testok
rm /failed