For some reason this fails on ext4 with "No space left on device".
Until we figure out why, let's skip the test on ext4 (which is reported
as ext2/ext3 by stat).
This module is builtin on ubuntu causing the test to fail. Let's
use just dummy instead. I tried replacing it with scsi_debug but
that caused issues with modprobe complaining it could not remove
scsi_debug because it was in use.
When root authorized keys are provided by mkosi they are not
newline-terminated so appending a public key to the file results
in a corrupt key, so just to be safe we add an empty line.
Depending on host configuration this may or may not be included (e.g.
on mkosi we get a result without an ifindex field). Let's strip it from
the resolved reply to avoid failing the test.
Other distributions may be able to install selinux
but they are not expected to use it.
The distribution is tested rather than whether selinux is enabled
because it is expected to work on CentOS and Fedora
and we want it to fail noisily.
TEST-26-SYSTEMCTL is racy as we call systemctl is-active immediately
after systemctl kill. Let's implement --wait for systemctl kill and
use it in TEST-26-SYSTEMCTL to avoid the race.
On OpenSUSE the systemd-hostnamed does not fail and is unloaded which
causes reset-failed to fail. So let's ignore any errors from reset-failed
to make the test more robust.
The rootfs only has 64K UIDs available when booting with virtiofs,
whereas the nspawn tests want to use user namespace which require
more than 64K UIDs.
Let's use oneshot services as we don't need long running services
for the tests we're doing. Let's also increase the sleeps a little
as the current values weren't sufficient when running the test locally
on my machine with mkosi.
If 3 lock messages get sent when going to sleep
then we can falsely assume we have woken up if we only assume we have at least two
so checking we have more than we did before sleeping addresses that issue.
OpenSUSE images seem to be unhappy with either how they are built
or what they are being asked to do.
The listed device-mapper failure is just one of the strange errors,
I have also seen it fail to propagate cgroup properties into new cgroups
that were previously guaranteed to exist.
This commit adds definitions to build the minimal_0 and minimal_1
images with mkosi and includes them into the system image. We also
move the building of the various app-xxx and similar images that are
extremely minimal into the tests itself by moving the related logic
from install_verity_minimal() into a new function
install_extension_images() in util.sh. Because the mkosi /usr is
read-only, we now place the extension images in /tmp instead of
/usr/share.
Co-authored-by: Richard Maw <richard.maw@codethink.co.uk>
Co-authored-by: sam-leonard-ct <sam.leonard@codethink.co.uk>
Otherwise we lose valuable logging from systemd-executor when things
go wrong since it can only log to the journal and not to the console
in these cases.
Also: rename Handover → Handoff. I think it makes it clearer that this
is not really about handing over any resources, but that the executor is
out off the game from that point on.
Currently, A large amount of unit test output is logged directly
to the console instead of to the per test log file as any subprocesses
executed by a test manager will detect that stderr is not connected
to the journal and log directly to /dev/console instead.
To solve this issue, let's make sure all tests are connected directly
to the journal by running them with systemd-run. We also simplify the
entire test script by getting rid of the custom queue and replicating
it with xargs instead. By using bash's function export feature, we can
make our run_test() function available to the bash subprocess spawned
by xargs.
Once a test is finished, we read its logs from the journal and put them
in the appropriate file if needed.
When starting a container with --user, the new uid will be resolved and switched to
only in the inner child, at the end of the setup, by spawning getent. But the
credentials are set up in the outer child, long before the user is resolvable,
and the directories/files are made only readable by root and read-only, which
means they cannot be changed later and made visible to the user.
When this particular combination is specified, it is obvious the caller wants
the single-process container to be able to use credentials, so make them world
readable only in that specific case.
Fixes https://github.com/systemd/systemd/issues/31794
Enable the exec_fd logic for Type=notify* services too, and change it
to send a timestamp instead of a '1' byte. Record the timestamp in a
new ExecMainHandoverTimestamp property so that users can track accurately
when control is handed over from systemd to the service payload, so
that latency and startup performance can be trivially and accurately
tracked and attributed.
Resolve at attach/detach/inspect time, so that the image is pinned and requires
re-attaching on update, given files are extracted from it so just passing
img.v/ to RootImage= is not enough to get a portable image updated
I was bitten several times by testing things only with --root flag, so this
commit prepares the existing test cases to run on / too. This required the test
cases to clean up after themselves, thus I have put each test case in a
separate subshell and used traps to do the cleanups.
I needed to change the hierarchy used by the test extension to /opt, because
unmounting /usr often failed with EBUSY.
Let's rework the test a bit, namely:
- condense the code a bit
- drop unnecessary braces around variables
- drop unnecessary explanations around `touch` calls
- drop/rename functions to make the code more self-explanatory
- simplify cleanup a bit
- create R/O bind mounts directly (supported since util-linux 2.27)
Previously, 'udevadm control' only checked the number of the arguments.
So, if only `--timeout` is specified, it spuriously did nothing and succeeded.
This makes the command request at least one control command.
Unfortunately bfd30e8af6 is not enough and the test fails, that still
occasionally occur, don't provide enough information to see what's
wrong. Let's rework the test a little to improve this, namely:
- redirect curl's output into a temporary file instead of piping it
directly into the "check" expression; that way we can simply dump
the temporary file when the test fails, providing potentially
crucial information. We don't want to always dump everything to
stdout, as some of the tests request an entire system journal (note
that shell redirection instead of `curl -o file` is used
intentionally, so the output file is always nuked first)
- by dropping the pipes in curl commands we can re-enable pipefail
- also, split some very long commands to multiple lines to (slightly)
improve readability
Follow-up for bfd30e8af6.
The timeout on sd-resolved's side is 5-10s (UDP or TCP), but dig's
default timeout is 5s. Let's give sd-resolved enough time to timeout
before either giving up or checking if it served stale data on dig's
side.
Resolves: #31639
I collected a couple of fails in this particular test, but without any
output they're impossible to debug. Let's make this slightly less
annoying and let curl show an error (if any) even in silent mode.
This patch uncovers that curl has been (silently) complaining about not
being able to write to the output destination, because `grep -q`
short-circuits on the first match and doesn't bother reading the rest,
so replace `grep -q` with `grep ... >/dev/null` to force grep to always
read the whole thing from curl.
Prep work for running the integration tests with meson, which requires
tests to exit with 77 to indicate they are skipped.
Note this only deals with the easy cases where there's only tests. The
hard ones where there's subtests of which only some are skipped are left
for another PR.
With plain QEMU on a saturated AWS region we might just barely miss the
timeout window, causing unexpected test fails:
[ 688.681324] systemd-nspawn[1332]: [ OK ] Finished systemd-user-sessions.service.
[ 689.451267] systemd-nspawn[1332]: [ OK ] Started console-getty.service.
[ 689.572874] systemd-nspawn[1332]: [ OK ] Reached target getty.target.
[ 693.634609] testsuite-74.sh[1223]: + at_exit
[ 693.634609] testsuite-74.sh[1223]: + rm -fv -- /tmp/test-dump /tmp/test-usr-dump /tmp/make-dump
[ 693.838395] testsuite-74.sh[1502]: removed '/tmp/test-dump'
[ 693.838395] testsuite-74.sh[1502]: removed '/tmp/test-usr-dump'
[ 693.838395] testsuite-74.sh[1502]: removed '/tmp/make-dump'
[ 693.951114] testsuite-74.sh[670]: + echo 'Subtest /usr/lib/systemd/tests/testdata/units/testsuite-74.coredump.sh failed'
[ 693.951114] testsuite-74.sh[670]: Subtest /usr/lib/systemd/tests/testdata/units/testsuite-74.coredump.sh failed
[ 693.951114] testsuite-74.sh[670]: + return 1
[ 694.659094] systemd[1]: testsuite-74.service: Main process exited, code=exited, status=1/FAILURE
[ 694.719563] systemd[1]: testsuite-74.service: Failed with result 'exit-code'.
[ 694.882069] systemd[1]: Failed to start testsuite-74.service.
[ 695.574445] systemd[1]: Reached target testsuite.target.
[ 696.174844] systemd[1]: Starting end.service...
[ 699.509408] systemd-nspawn[1332]:
[ 699.509408] systemd-nspawn[1332]: CentOS Stream 9
[ 699.509408] systemd-nspawn[1332]: Kernel 5.14.0-432.el9.x86_64 on an x86_64 (pts/0)
[ 699.509408] systemd-nspawn[1332]:
Also, move the rest of container the setup for the user xattrs test into
the condition, since doing it without the actual test is pretty
pointless.
Same reason as the reload, reexec is disruptive and it requires the
same privileges, so if somebody wants to limit reloads, they'll also
want to limit reexecs, so use the same setting.
Previously, 'udevadm test' performs not only processing udev rules,
but made several destructive change on the system; updating udev
database, device node permission, devlinks, network interface
properties, and so on.
Similary, 'udevadm test-builtin' may perform something destructive,
especially by 'keyboard', 'kmod', and 'net_setup_link' builtins.
Let's make these commands and test executables not change device
configurations.
When listing images they are inspected one by one, so in case of a
portable with extensions they always resulted as not found.
Allow a partial match when listing, so that we can find the appropriate
unit that an image belongs to, and list the correct state as attached.
Currently app_1.0.raw is refused if it contains extension-release.d/extension-release.app,
which stops one from using versioned images without using the force flag to disable
the check. Relax it so that only the actual name, and not the version, is compared, like
it already happens in other places.
This fixes a race condition crash in homed that would happen in the
following sequence of events:
1. Client 1 takes a ref on the home area
2. Client 1 calls some method via dbus
3. Client 2 calls Release()
In homed, the Release() would check if a ref is still held (in this
case: yes it is) and returns an error. Except that is done through a
code-path that asserts that no operations are ongoing. In this case,
it's valid to have an ongoing operation, and so the assertion fails
causing homed to crash.
When sd-run connects to D-Bus rather than the private socket, it will
generate the transient unit name using the bus ID assigned by the D-Bus
broker/daemon. The issue is that this ID is only unique per D-Bus run,
if the broker/daemon restarts it starts again from 1, and it's a simple
incremental counter for each client.
So if a transient unit run-u6.service starts and fails, and it is not
collected (default on failure), and the system soft-reboots, any new
transient unit might conflict as the counter will restart:
Failed to start transient service unit: Unit run-u6.service was already loaded or has a fragment file.
Get the soft-reboot counter, and if it's greater than zero, append it
to the autogenerated unit name to avoid clashes.
losetup in util-linux 2.40 started reporting lost loop devices [0] and
it has an unfortunate side-effect where it reports lost devices even in
containers, which then makes the loop device check "falsely" pass [1].
Let's just check for /dev/loop-control explicitly to "work around" this.
[0] a6ca0456cc
[1] https://github.com/util-linux/util-linux/issues/2824
Drop connections and caches and reload config from files, to allow
for low-interruptions updates, and hook up to the usual SIGHUP and
ExecReload=. Mark servers and services configured directly via D-Bus
so that they can be kept around, and only the configuration file
settings are dropped and reloaded.
Fixes https://github.com/systemd/systemd/issues/17503
Fixes https://github.com/systemd/systemd/issues/20604
This patch fixes an issue where, when not specifiying either at least one
`SocketBindAllow` or `SocketBindDeny` rule, behavior for the bind syscall
filtering would be unexpected.
For example, when trying to bind to a port with only "SocketBindDeny=any"
given, the syscall would succeed:
> systemd-run -t -p "SocketBindDeny=any" nc -l 8080
Expected with this set of rules (also in accordance with the documentation)
would be an Operation not permitted error.
This behavior occurs because a default initialized socket_bind_rule struct
matches what "any" represents. When creating the bpf list all elements get
default initialized, as such represeting "any". Seemingly it is necressarry
to set the size of the map to at least one, as such if no allow rule is
given default initialization and minimal map size cause one any allow rule
to be in the map, causing the behavior observed above.
This patch solves this by introducing a new "match nothing" magic stored in
the rule's address family and setting such a rule as the first one if no
rule is given, making sure that default initialized rule structs are never
used.
Resolves#30556
Rate limiting authentication attempts in the test can cause somewhat
sporadic test failures: adding a test case might suddenly cause future
test cases to fail because of too many authentication attempts too
quickly
We're not trying to test the rate-limiting, we're trying to test the
functionality of homed. So we effectively disable rate-limiting on all
the home areas we create
This makes it possible to update a home record (and blob directory) of a
home area that's either completely absent (i.e. on a USB stick that's
unplugged) or just inaccessible due to lack of authentication
This bypasses authentication (i.e. user_record_authenticate) if the
volume key was loaded from the keyring and no secret section is
provided.
This also changes Update() and Resize() to always try and load the
volume key from the keyring. This makes the secret section optional for
these methods while still letting them function (as long as the home
area is active)
Naming is always a matter of preference, and the old name would certainly work,
but I think the new one has the following advantages:
- A verb is better than a noun.
- The name more similar to "the competition", i.e. 'sudo', 'pkexec', 'runas',
'doas', which generally include an action verb.
- The connection between 'systemd-run' and 'run0' is more obvious.
There has been no release yet with the old name, so we can rename without
caring for backwards compatibility.
dig question with DNSSEC on will now be proxied upstream, i.e. to the
test knot server. This leads to different results, but the result isn't
tha tinteresting since we don't want to test knot, but resolved. Hence
comment this test.
There seems to be something wrong with the test though, as the upstream
server refused recursion, but if so it is not suitable as an upstream
server really, as resolved can only be client to a recursive resolver.
