Addresses https://github.com/systemd/systemd/pull/31075#issuecomment-1911117026:
[ 40.039232] testsuite-50.sh[624]: ++ systemd-dissect --make-archive /tmp/tmp.RZEq3t/minimal_0.raw
[ 40.044745] testsuite-50.sh[625]: ++ sha256sum
[ 40.066693] systemd-dissect[621]: libarchive.so.13 is not installed: libarchive.so.13: cannot open shared object file: No such file or directory
[ 40.068577] systemd-dissect[621]: Archive support not available (compiled without libarchive, or libarchive not installed?).
[ 40.092242] systemd-dissect[624]: libarchive.so.13 is not installed: libarchive.so.13: cannot open shared object file: No such file or directory
[ 40.095716] systemd-dissect[624]: Archive support not available (compiled without libarchive, or libarchive not installed?).
[ 40.100510] testsuite-50.sh[538]: + test e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 '!=' ''
[ 40.100510] testsuite-50.sh[538]: + test e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 = e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
[ 40.108249] testsuite-50.sh[627]: + tar t
[ 40.113791] testsuite-50.sh[626]: + systemd-dissect --make-archive /tmp/tmp.RZEq3t/minimal_0.raw
[ 40.120300] testsuite-50.sh[628]: + grep etc/os-release
[ 40.176288] systemd-dissect[626]: libarchive.so.13 is not installed: libarchive.so.13: cannot open shared object file: No such file or directory
[ 40.180273] systemd-dissect[626]: Archive support not available (compiled without libarchive, or libarchive not installed?).
[ 40.184017] testsuite-50.sh[627]: tar: This does not look like a tar archive
[ 40.185430] testsuite-50.sh[627]: tar: Exiting with failure status due to previous errors
Follow-up for b68f4ca.
It never worked, but the fail was masked by missing set -e, see the
previous commit.
Also, throw env into the test container and dump the environment on
container start, to make potential failures easier to debug.
When running an image that cannot be mounted (e.g.: key missing intentionally
for development purposes), there's a retry loop that takes some time
and slows development down. Add an env var to disable it.
If sd_bus_set_exit_on_disconnect is used and the bus is part of an event
loop, and the D-Bus connection goes away (e.g.: soft-reboot), sd-bus
will always exit() the program instead of returning from the loop, as
the reference to the event is removed before it is checked.
Some tests have hard-coded results that need to match, and change if
the caller has a timezone set via the TZ= environment variable, as it
is the case during reproducible build tests. Unset it.
Let's recommend that config files and drop-ins in /usr use the range
0-49 and config files in /etc and /run use the range 50-99 so that
files in /run and /etc will generally always override files from
/usr.
Let's get rid of the confusing goto so that the flow is more
straightforward. Note that the behavior is slightly changed:
previously, ret_filtered would be an empty string even if
the original opts passed in is NULL, but after this commit
it returns NULL too. But this shouldn't matter, as all our
code handles NULL opts gracefully.
This file is a bit misnamed. What it actually implements is one specific
BPF LSM module, that restricts file systems. As such it really should be
named after that, and not primarily by the mechanism it uses for that.
With this our glue code is now named the same way as the actual bpf code
files in src/core/bpf/, thus things become a bit more symmetric.
This is particular relevant as we'll soon have another BPF LSM in our
tree, see #26826, and we should be able to distinguish them by name.
This commit just renames the files and does some dumb search/replace of
the string. A follow-up commit will name some functions more expressively
inside the files.
I added the filtering in 752fedbea7 as a way
to reduce the number of items in the tables. I thought it's "obvious", but
it might not be so.
One immediate problem is that the filter is broken, because on arm64,
os.uname().machine returns "aarch64", so we incorrectly filter out the arm
syscalls (there is just one: arm_fadvise64_64). Of course we could fix the
filter, but I think it's better to nuke it altogether. The filter on applies to
1 arm syscall and 5 s390 syscalls, and we have 500+ other syscalls, so this
"optimization" doesn't really matter. OTOH, if we get the filter wrong,
the result is bad. And also, the existence of the filter at all creates
problems for cross-builds.
I wanted to get rid of 'generate-syscall-list.py', but we need to generate a
backslash in the output. https://github.com/mesonbuild/meson/issues/1564 makes
this very very hard, since any attempt to put a backslash an inline argument
results in the backslash being replaces by a forward slash, which doesn't quite
have the same meaning. So let's use a standalone script until
https://github.com/mesonbuild/meson/issues/1564 is resolved.
We can only delegate actual controllers, not the BPF pseudo-controllers
we defined as there's imply no concept for that. Hence, when users set
Delegate=yes to do a wildcard delegation, only delegate the regular
controllers.
This means that we won't bother with BPF stuff for such units where it's
entirelly unnecessary.