Compare commits
21 Commits
9cebd9362b
...
175cf465e0
Author | SHA1 | Date |
---|---|---|
Luca Boccassi | 175cf465e0 | |
Christian Hesse | c946b13575 | |
Lennart Poettering | e39cbb1442 | |
Marco Tomaschett | bc4a027f9c | |
Lennart Poettering | d209e197f8 | |
Antonio Alvarez Feijoo | 9ed090230e | |
Luca Boccassi | 9bf6ffe166 | |
Lennart Poettering | 47c5ca237b | |
Lennart Poettering | 7f8a4f12df | |
Lennart Poettering | e412fc5e04 | |
Lennart Poettering | cc6baba720 | |
Lennart Poettering | 3ae48d071c | |
Antonio Alvarez Feijoo | 2ccacdd57c | |
Luca Boccassi | b96f2d71f8 | |
Luca Boccassi | d47d93eb7c | |
Luca Boccassi | 395910cfda | |
Luca Boccassi | 3a7f1f3b14 | |
Luca Boccassi | 48b13aa7b2 | |
Luca Boccassi | ef0247684c | |
Luca Boccassi | cd65a11c8d | |
Luca Boccassi | 3d8b2bccd2 |
|
@ -25,6 +25,7 @@ ADDITIONAL_DEPS=(
|
|||
python3-pytest
|
||||
rpm
|
||||
zstd
|
||||
debootstrap
|
||||
)
|
||||
|
||||
function info() {
|
||||
|
@ -128,6 +129,18 @@ for phase in "${PHASES[@]}"; do
|
|||
(set +x; while :; do echo -ne "\n[WATCHDOG] $(date)\n"; sleep 30; done) &
|
||||
meson test --timeout-multiplier=3 -C build --print-errorlogs
|
||||
;;
|
||||
RUN_NOPROC)
|
||||
debootstrap testing testing
|
||||
chroot testing mkdir -p /tmp/repo/
|
||||
chroot testing sh -c "echo 'deb-src http://deb.debian.org/debian testing main' > /etc/apt/sources.list.d/testing-src.list"
|
||||
chroot testing apt-get update
|
||||
chroot testing apt-get build-dep -y systemd
|
||||
mount --bind . testing/tmp/repo
|
||||
chroot testing sh -c 'cd /tmp/repo; meson -Dnobody-group=nogroup -Dslow-tests=true build'
|
||||
chroot testing sh -c 'cd /tmp/repo/build; ninja -v'
|
||||
chroot testing sh -c 'cd /tmp/repo/build; meson test --print-errorlogs'
|
||||
umount --lazy testing/tmp/repo
|
||||
;;
|
||||
CLEANUP)
|
||||
info "Cleanup phase"
|
||||
if [ ! -f /etc/machine-id ] && [ -w /etc/machine-id.bak ]; then
|
||||
|
|
|
@ -21,7 +21,7 @@ jobs:
|
|||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
run_phase: [GCC, GCC_ASAN_UBSAN, CLANG, CLANG_RELEASE, CLANG_ASAN_UBSAN, CLANG_ASAN_UBSAN_NO_DEPS]
|
||||
run_phase: [GCC, GCC_ASAN_UBSAN, CLANG, CLANG_RELEASE, CLANG_ASAN_UBSAN, CLANG_ASAN_UBSAN_NO_DEPS, NOPROC]
|
||||
cryptolib: [auto]
|
||||
include:
|
||||
- run_phase: GCC
|
||||
|
|
|
@ -953,6 +953,15 @@ sensor:modalias:acpi:MXC6655*:dmi:*:svnDefaultstring*:pnP612F:*
|
|||
sensor:modalias:acpi:SMO8500*:dmi:*:svnPEAQ:pnPEAQPMMC1010MD99187:*
|
||||
ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
|
||||
|
||||
#########################################
|
||||
# Pine64
|
||||
#########################################
|
||||
|
||||
# PineTab2
|
||||
|
||||
sensor:modalias:of:NaccelerometerT_null_Csilan,sc7a20:*
|
||||
ACCEL_MOUNT_MATRIX=0, 0, -1; 1, 0, 0; 0, -1, 0
|
||||
|
||||
#########################################
|
||||
# Pipo
|
||||
#########################################
|
||||
|
|
|
@ -265,32 +265,11 @@
|
|||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>Options</title>
|
||||
<title>Unlocking</title>
|
||||
|
||||
<para>The following options are understood:</para>
|
||||
<para>The following options are understood that may be used to unlock the device in preparation of the enrollment operations:</para>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><option>--password</option></term>
|
||||
|
||||
<listitem><para>Enroll a regular password/passphrase. This command is mostly equivalent to
|
||||
<command>cryptsetup luksAddKey</command>, however may be combined with
|
||||
<option>--wipe-slot=</option> in one call, see below.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>--recovery-key</option></term>
|
||||
|
||||
<listitem><para>Enroll a recovery key. Recovery keys are mostly identical to passphrases, but are
|
||||
computer-generated instead of being chosen by a human, and thus have a guaranteed high entropy. The
|
||||
key uses a character set that is easy to type in, and may be scanned off screen via a QR code.
|
||||
</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>--unlock-key-file=<replaceable>PATH</replaceable></option></term>
|
||||
|
||||
|
@ -328,7 +307,45 @@
|
|||
|
||||
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>Simple Enrollment</title>
|
||||
|
||||
<para>The following options are understood that may be used to enroll simple user input based
|
||||
unlocking:</para>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><option>--password</option></term>
|
||||
|
||||
<listitem><para>Enroll a regular password/passphrase. This command is mostly equivalent to
|
||||
<command>cryptsetup luksAddKey</command>, however may be combined with
|
||||
<option>--wipe-slot=</option> in one call, see below.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>--recovery-key</option></term>
|
||||
|
||||
<listitem><para>Enroll a recovery key. Recovery keys are mostly identical to passphrases, but are
|
||||
computer-generated instead of being chosen by a human, and thus have a guaranteed high entropy. The
|
||||
key uses a character set that is easy to type in, and may be scanned off screen via a QR code.
|
||||
</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>PKCS#11 Enrollment</title>
|
||||
|
||||
<para>The following option is understood that may be used to enroll PKCS#11 tokens:</para>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><option>--pkcs11-token-uri=<replaceable>URI</replaceable></option></term>
|
||||
|
||||
|
@ -361,7 +378,15 @@
|
|||
|
||||
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>FIDO2 Enrollment</title>
|
||||
|
||||
<para>The following options are understood that may be used to enroll PKCS#11 tokens:</para>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><option>--fido2-credential-algorithm=<replaceable>STRING</replaceable></option></term>
|
||||
<listitem><para>Specify COSE algorithm used in credential generation. The default value is
|
||||
|
@ -461,7 +486,15 @@
|
|||
|
||||
<xi:include href="version-info.xml" xpointer="v249"/></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>TPM2 Enrollment</title>
|
||||
|
||||
<para>The following options are understood that may be used to enroll TPM2 devices:</para>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><option>--tpm2-device=<replaceable>PATH</replaceable></option></term>
|
||||
|
||||
|
@ -636,7 +669,15 @@
|
|||
|
||||
<xi:include href="version-info.xml" xpointer="v255"/></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>Other Options</title>
|
||||
|
||||
<para>The following additional options are understood:</para>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><option>--wipe-slot=<replaceable>SLOT<optional>,SLOT...</optional></replaceable></option></term>
|
||||
|
||||
|
|
|
@ -38,19 +38,12 @@ __get_tpm2_devices() {
|
|||
done
|
||||
}
|
||||
|
||||
__get_block_devices() {
|
||||
local i
|
||||
for i in /dev/*; do
|
||||
[ -b "$i" ] && printf '%s\n' "$i"
|
||||
done
|
||||
}
|
||||
|
||||
_systemd_cryptenroll() {
|
||||
local comps
|
||||
local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword
|
||||
local -A OPTS=(
|
||||
[STANDALONE]='-h --help --version
|
||||
--password --recovery-key'
|
||||
--password --recovery-key --list-devices'
|
||||
[ARG]='--unlock-key-file
|
||||
--unlock-fido2-device
|
||||
--unlock-tpm2-device
|
||||
|
@ -116,7 +109,7 @@ _systemd_cryptenroll() {
|
|||
return 0
|
||||
fi
|
||||
|
||||
comps=$(__get_block_devices)
|
||||
comps=$(systemd-cryptenroll --list-devices)
|
||||
COMPREPLY=( $(compgen -W '$comps' -- "$cur") )
|
||||
return 0
|
||||
}
|
||||
|
|
|
@ -123,14 +123,14 @@ static int run(int argc, char *argv[]) {
|
|||
|
||||
log_setup();
|
||||
|
||||
r = proc_cmdline_get_bool("systemd.battery_check", PROC_CMDLINE_STRIP_RD_PREFIX|PROC_CMDLINE_TRUE_WHEN_MISSING, &arg_doit);
|
||||
if (r < 0)
|
||||
log_warning_errno(r, "Failed to parse systemd.battery_check= kernel command line option, ignoring: %m");
|
||||
|
||||
r = parse_argv(argc, argv);
|
||||
if (r <= 0)
|
||||
return r;
|
||||
|
||||
r = proc_cmdline_get_bool("systemd.battery_check", PROC_CMDLINE_STRIP_RD_PREFIX|PROC_CMDLINE_TRUE_WHEN_MISSING, &arg_doit);
|
||||
if (r < 0)
|
||||
log_warning_errno(r, "Failed to parse systemd.battery_check= kernel command line option, ignoring: %m");
|
||||
|
||||
if (!arg_doit) {
|
||||
log_info("Checking battery status and AC power existence is disabled by the kernel command line, skipping execution.");
|
||||
return 0;
|
||||
|
|
|
@ -39,7 +39,7 @@ static void test_get_bcd_title_one(
|
|||
assert_se(!title);
|
||||
}
|
||||
|
||||
TEST(get_bcd_title) {
|
||||
TEST(get_bcd_title, .proc_mounted = true) {
|
||||
test_get_bcd_title_one("test-bcd/win10.bcd.zst", u"Windows 10", sizeof(u"Windows 10"));
|
||||
|
||||
test_get_bcd_title_one("test-bcd/description-bad-type.bcd.zst", NULL, 0);
|
||||
|
@ -52,7 +52,7 @@ TEST(get_bcd_title) {
|
|||
test_get_bcd_title_one("test-bcd/empty.bcd.zst", NULL, 0);
|
||||
}
|
||||
|
||||
TEST(base_block) {
|
||||
TEST(base_block, .proc_mounted = true) {
|
||||
size_t len;
|
||||
BaseBlock backup;
|
||||
uint8_t *bcd_base;
|
||||
|
@ -89,7 +89,7 @@ TEST(base_block) {
|
|||
*bcd = backup;
|
||||
}
|
||||
|
||||
TEST(bad_bcd) {
|
||||
TEST(bad_bcd, .proc_mounted = true) {
|
||||
size_t len;
|
||||
uint8_t *hbins;
|
||||
uint32_t offset;
|
||||
|
|
|
@ -193,7 +193,7 @@ static int help(void) {
|
|||
"\n%3$sSimple Enrollment:%4$s\n"
|
||||
" --password Enroll a user-supplied password\n"
|
||||
" --recovery-key Enroll a recovery key\n"
|
||||
"\n%3$sPKCS11 Enrollment:%4$s\n"
|
||||
"\n%3$sPKCS#11 Enrollment:%4$s\n"
|
||||
" --pkcs11-token-uri=URI\n"
|
||||
" Specify PKCS#11 security token URI\n"
|
||||
"\n%3$sFIDO2 Enrollment:%4$s\n"
|
||||
|
|
|
@ -10,6 +10,7 @@
|
|||
#include "fd-util.h"
|
||||
#include "fuzz.h"
|
||||
#include "json-util.h"
|
||||
#include "stat-util.h"
|
||||
#include "strv.h"
|
||||
|
||||
static int json_dispatch_config(const char *name, sd_json_variant *variant, sd_json_dispatch_flags_t flags, void *userdata) {
|
||||
|
@ -90,6 +91,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
|
|||
if (outside_size_range(size, 0, 65536))
|
||||
return 0;
|
||||
|
||||
if (proc_mounted() <= 0)
|
||||
return EXIT_TEST_SKIP;
|
||||
|
||||
fuzz_setup_logging();
|
||||
|
||||
assert_se(datadup = memdup_suffix0(data, size));
|
||||
|
|
|
@ -4,6 +4,11 @@
|
|||
set -eux
|
||||
set -o pipefail
|
||||
|
||||
if ! mountpoint /proc; then
|
||||
echo "procfs is not available, skipping"
|
||||
exit 77
|
||||
fi
|
||||
|
||||
export SYSTEMD_LOG_LEVEL=debug
|
||||
|
||||
kernel_install="${1:?}"
|
||||
|
|
|
@ -9,6 +9,7 @@
|
|||
#include "fuzz.h"
|
||||
#include "path-util.h"
|
||||
#include "rm-rf.h"
|
||||
#include "stat-util.h"
|
||||
#include "tmpfile-util.h"
|
||||
|
||||
/* stub out network so that the server doesn't send */
|
||||
|
@ -74,6 +75,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
|
|||
if (size < sizeof(DHCPMessage))
|
||||
return 0;
|
||||
|
||||
if (proc_mounted() <= 0)
|
||||
return EXIT_TEST_SKIP;
|
||||
|
||||
fuzz_setup_logging();
|
||||
|
||||
assert_se(duped = memdup(data, size));
|
||||
|
|
|
@ -143,7 +143,7 @@ static void* client(void *p) {
|
|||
return NULL;
|
||||
}
|
||||
|
||||
TEST(description) {
|
||||
TEST(description, .proc_mounted = true) {
|
||||
_cleanup_free_ char *a = NULL;
|
||||
_cleanup_close_ int fd = -EBADF;
|
||||
union sockaddr_union sa = {
|
||||
|
|
|
@ -544,7 +544,7 @@ static void test_inotify_one(unsigned n_create_events) {
|
|||
sd_event_unref(e);
|
||||
}
|
||||
|
||||
TEST(inotify) {
|
||||
TEST(inotify, .proc_mounted = true) {
|
||||
test_inotify_one(100); /* should work without overflow */
|
||||
test_inotify_one(33000); /* should trigger a q overflow */
|
||||
}
|
||||
|
@ -568,7 +568,7 @@ static int pidfd_handler(sd_event_source *s, const siginfo_t *si, void *userdata
|
|||
return 0;
|
||||
}
|
||||
|
||||
TEST(pidfd) {
|
||||
TEST(pidfd, .proc_mounted = true) {
|
||||
sd_event_source *s = NULL, *t = NULL;
|
||||
sd_event *e = NULL;
|
||||
int pidfd;
|
||||
|
@ -757,7 +757,7 @@ static int inotify_self_destroy_handler(sd_event_source *s, const struct inotify
|
|||
return 1;
|
||||
}
|
||||
|
||||
TEST(inotify_self_destroy) {
|
||||
TEST(inotify_self_destroy, .proc_mounted = true) {
|
||||
_cleanup_(sd_event_source_unrefp) sd_event_source *s = NULL;
|
||||
_cleanup_(sd_event_unrefp) sd_event *e = NULL;
|
||||
char path[] = "/tmp/inotifyXXXXXX";
|
||||
|
@ -793,7 +793,7 @@ static int inotify_process_buffered_data_handler(sd_event_source *s, const struc
|
|||
return 1;
|
||||
}
|
||||
|
||||
TEST(inotify_process_buffered_data) {
|
||||
TEST(inotify_process_buffered_data, .proc_mounted = true) {
|
||||
_cleanup_(rm_rf_physical_and_freep) char *p = NULL, *q = NULL;
|
||||
_cleanup_(sd_event_source_unrefp) sd_event_source *a = NULL, *b = NULL;
|
||||
_cleanup_(sd_event_unrefp) sd_event *e = NULL;
|
||||
|
|
|
@ -578,7 +578,7 @@ static void test_sequence_numbers_one(void) {
|
|||
}
|
||||
}
|
||||
|
||||
TEST(sequence_numbers) {
|
||||
TEST(sequence_numbers, .proc_mounted = true) {
|
||||
ASSERT_OK_ERRNO(setenv("SYSTEMD_JOURNAL_COMPACT", "0", 1));
|
||||
test_sequence_numbers_one();
|
||||
|
||||
|
@ -869,7 +869,7 @@ static void test_generic_array_bisect_one(size_t n, size_t num_corrupted) {
|
|||
verify(f, seqnum, offset_candidates, offset, n);
|
||||
}
|
||||
|
||||
TEST(generic_array_bisect) {
|
||||
TEST(generic_array_bisect, .proc_mounted = true) {
|
||||
for (size_t n = 1; n < 10; n++)
|
||||
for (size_t m = 1; m <= n; m++)
|
||||
test_generic_array_bisect_one(n, m);
|
||||
|
|
|
@ -181,6 +181,9 @@ int main(int argc, char *argv[]) {
|
|||
if (access("/etc/machine-id", F_OK) != 0)
|
||||
return log_tests_skipped("/etc/machine-id not found");
|
||||
|
||||
if (proc_mounted() <= 0)
|
||||
return log_tests_skipped("procfs not available");
|
||||
|
||||
test_setup_logging(LOG_DEBUG);
|
||||
|
||||
/* Run this test multiple times with different configurations of features. */
|
||||
|
|
|
@ -180,6 +180,9 @@ int main(int argc, char *argv[]) {
|
|||
const char *verification_key = NULL;
|
||||
int max_iterations = 512;
|
||||
|
||||
if (proc_mounted() <= 0)
|
||||
return log_tests_skipped("procfs not available");
|
||||
|
||||
if (argc > 1) {
|
||||
/* Don't limit the number of iterations when the verification key
|
||||
* is provided on the command line, we want to do that only in CIs */
|
||||
|
|
|
@ -118,7 +118,7 @@ static void test_non_empty_one(void) {
|
|||
puts("------------------------------------------------------------");
|
||||
}
|
||||
|
||||
TEST(non_empty) {
|
||||
TEST(non_empty, .proc_mounted = true) {
|
||||
assert_se(setenv("SYSTEMD_JOURNAL_COMPACT", "0", 1) >= 0);
|
||||
test_non_empty_one();
|
||||
|
||||
|
@ -258,7 +258,7 @@ static void test_min_compress_size_one(void) {
|
|||
assert_se(!check_compressed(256, 255));
|
||||
}
|
||||
|
||||
TEST(min_compress_size) {
|
||||
TEST(min_compress_size, .proc_mounted = true) {
|
||||
assert_se(setenv("SYSTEMD_JOURNAL_COMPACT", "0", 1) >= 0);
|
||||
test_min_compress_size_one();
|
||||
|
||||
|
|
|
@ -16,7 +16,7 @@ int varlink_get_peer_pidref(sd_varlink *v, PidRef *ret) {
|
|||
|
||||
int pidfd = sd_varlink_get_peer_pidfd(v);
|
||||
if (pidfd < 0) {
|
||||
if (!ERRNO_IS_NEG_NOT_SUPPORTED(pidfd))
|
||||
if (!ERRNO_IS_NEG_NOT_SUPPORTED(pidfd) && pidfd != -EINVAL)
|
||||
return pidfd;
|
||||
|
||||
pid_t pid;
|
||||
|
|
|
@ -209,7 +209,7 @@ static void test_config_parse_address_one(const char *rvalue, int family, unsign
|
|||
}
|
||||
}
|
||||
|
||||
TEST(config_parse_address) {
|
||||
TEST(config_parse_address, .proc_mounted = true) {
|
||||
test_config_parse_address_one("", AF_INET, 0, NULL, 0);
|
||||
test_config_parse_address_one("/", AF_INET, 0, NULL, 0);
|
||||
test_config_parse_address_one("/8", AF_INET, 0, NULL, 0);
|
||||
|
|
|
@ -51,8 +51,16 @@ static void load_testdata_env(void) {
|
|||
return;
|
||||
called = true;
|
||||
|
||||
assert_se(readlink_and_make_absolute("/proc/self/exe", &s) >= 0);
|
||||
r = readlink_and_make_absolute("/proc/self/exe", &s);
|
||||
if (r >= 0)
|
||||
assert_se(path_extract_directory(s, &d) >= 0);
|
||||
else {
|
||||
_cleanup_free_ char *program = NULL;
|
||||
|
||||
log_debug_errno(r, "Failed to determine executable's directory, using current directory: %m");
|
||||
assert_se(path_make_absolute_cwd(program_invocation_name, &program) >= 0);
|
||||
assert_se(path_extract_directory(program, &d) >= 0);
|
||||
}
|
||||
assert_se(envpath = path_join(d, "systemd-runtest.env"));
|
||||
|
||||
r = load_env_file_pairs(NULL, envpath, &pairs);
|
||||
|
|
|
@ -13,6 +13,7 @@
|
|||
#include "process-util.h"
|
||||
#include "rlimit-util.h"
|
||||
#include "signal-util.h"
|
||||
#include "stat-util.h"
|
||||
#include "static-destruct.h"
|
||||
#include "strv.h"
|
||||
|
||||
|
@ -106,6 +107,7 @@ typedef struct TestFunc {
|
|||
const char * const name;
|
||||
bool has_ret:1;
|
||||
bool sd_booted:1;
|
||||
bool proc_mounted:1;
|
||||
} TestFunc;
|
||||
|
||||
/* See static-destruct.h for an explanation of how this works. */
|
||||
|
@ -162,6 +164,10 @@ static inline int run_test_table(void) {
|
|||
log_info("/* systemd not booted, skipping %s */", t->name);
|
||||
if (t->has_ret && r == EXIT_SUCCESS)
|
||||
r = EXIT_TEST_SKIP;
|
||||
} else if (t->proc_mounted && proc_mounted() <= 0) {
|
||||
log_info("/* procfs is not available, skipping %s */", t->name);
|
||||
if (t->has_ret && r == EXIT_SUCCESS)
|
||||
r = EXIT_TEST_SKIP;
|
||||
} else {
|
||||
log_info("/* %s */", t->name);
|
||||
|
||||
|
|
|
@ -392,7 +392,7 @@ int tpm2_make_pcr_json_array(uint32_t pcr_mask, sd_json_variant **ret);
|
|||
int tpm2_parse_pcr_json_array(sd_json_variant *v, uint32_t *ret);
|
||||
|
||||
int tpm2_make_luks2_json(int keyslot, uint32_t hash_pcr_mask, uint16_t pcr_bank, const struct iovec *pubkey, uint32_t pubkey_pcr_mask, uint16_t primary_alg, const struct iovec blobs[], size_t n_blobs, const struct iovec policy_hash[], size_t n_policy_hash, const struct iovec *salt, const struct iovec *srk, const struct iovec *pcrlock_nv, TPM2Flags flags, sd_json_variant **ret);
|
||||
int tpm2_parse_luks2_json(sd_json_variant *v, int *ret_keyslot, uint32_t *ret_hash_pcr_mask, uint16_t *ret_pcr_bank, struct iovec *ret_pubkey, uint32_t *ret_pubkey_pcr_mask, uint16_t *ret_primary_alg, struct iovec **ret_blobs, size_t *ret_n_blobs, struct iovec **ret_policy_hash, size_t *ret_n_policy_hash, struct iovec *ret_salt, struct iovec *ret_srk, struct iovec *pcrlock_nv, TPM2Flags *ret_flags);
|
||||
int tpm2_parse_luks2_json(sd_json_variant *v, int *ret_keyslot, uint32_t *ret_hash_pcr_mask, uint16_t *ret_pcr_bank, struct iovec *ret_pubkey, uint32_t *ret_pubkey_pcr_mask, uint16_t *ret_primary_alg, struct iovec **ret_blobs, size_t *ret_n_blobs, struct iovec **ret_policy_hash, size_t *ret_n_policy_hash, struct iovec *ret_salt, struct iovec *ret_srk, struct iovec *ret_pcrlock_nv, TPM2Flags *ret_flags);
|
||||
|
||||
/* Default to PCR 7 only */
|
||||
#define TPM2_PCR_INDEX_DEFAULT UINT32_C(7)
|
||||
|
|
|
@ -31,7 +31,7 @@ static void test_mount_points_list_one(const char *fname) {
|
|||
yes_no(m->try_remount_ro));
|
||||
}
|
||||
|
||||
TEST(mount_points_list) {
|
||||
TEST(mount_points_list, .proc_mounted = true) {
|
||||
test_mount_points_list_one(NULL);
|
||||
test_mount_points_list_one("/test-umount/empty.mountinfo");
|
||||
test_mount_points_list_one("/test-umount/garbled.mountinfo");
|
||||
|
@ -60,7 +60,7 @@ static void test_swap_list_one(const char *fname) {
|
|||
log_debug("path=%s", m->path);
|
||||
}
|
||||
|
||||
TEST(swap_list) {
|
||||
TEST(swap_list, .proc_mounted = true) {
|
||||
test_swap_list_one(NULL);
|
||||
test_swap_list_one("/test-umount/example.swaps");
|
||||
}
|
||||
|
|
|
@ -8,6 +8,7 @@
|
|||
#include "fuzz.h"
|
||||
#include "nulstr-util.h"
|
||||
#include "selinux-util.h"
|
||||
#include "stat-util.h"
|
||||
#include "static-destruct.h"
|
||||
#include "stdio-util.h"
|
||||
#include "strv.h"
|
||||
|
@ -22,6 +23,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
|
|||
if (size > 16*1024)
|
||||
return 0; /* See the comment below about the limit for strv_length(). */
|
||||
|
||||
if (proc_mounted() <= 0)
|
||||
return EXIT_TEST_SKIP;
|
||||
|
||||
fuzz_setup_logging();
|
||||
|
||||
arg_pager_flags = PAGER_DISABLE; /* We shouldn't execute the pager */
|
||||
|
|
|
@ -84,7 +84,7 @@ TEST(rename_process_invalid) {
|
|||
assert_se(rename_process("") == -EINVAL);
|
||||
}
|
||||
|
||||
TEST(rename_process_multi) {
|
||||
TEST(rename_process_multi, .proc_mounted = true) {
|
||||
pid_t pid;
|
||||
|
||||
pid = fork();
|
||||
|
@ -109,7 +109,7 @@ TEST(rename_process_multi) {
|
|||
_exit(EXIT_SUCCESS);
|
||||
}
|
||||
|
||||
TEST(rename_process) {
|
||||
TEST(rename_process, .proc_mounted = true) {
|
||||
test_rename_process_one("foo", 1); /* should always fit */
|
||||
test_rename_process_one("this is a really really long process name, followed by some more words", 0); /* unlikely to fit */
|
||||
test_rename_process_one("1234567", 1); /* should always fit */
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
#include "audit-util.h"
|
||||
#include "tests.h"
|
||||
|
||||
TEST(audit_loginuid_from_pid) {
|
||||
TEST(audit_loginuid_from_pid, .proc_mounted = true) {
|
||||
_cleanup_(pidref_done) PidRef self = PIDREF_NULL, pid1 = PIDREF_NULL;
|
||||
int r;
|
||||
|
||||
|
|
|
@ -26,7 +26,7 @@ static void test_path_is_encrypted_one(const char *p, int expect) {
|
|||
assert_se(expect < 0 || ((r > 0) == (expect > 0)));
|
||||
}
|
||||
|
||||
TEST(path_is_encrypted) {
|
||||
TEST(path_is_encrypted, .proc_mounted = true) {
|
||||
int booted = sd_booted(); /* If this is run in build environments such as koji, /dev/ might be a
|
||||
* regular fs. Don't assume too much if not running under systemd. */
|
||||
|
||||
|
|
|
@ -39,6 +39,9 @@ int main(int argc, char *argv[]) {
|
|||
if (detect_container() > 0)
|
||||
return log_tests_skipped("test-bpf-firewall fails inside LXC and Docker containers: https://github.com/systemd/systemd/issues/9666");
|
||||
|
||||
if (proc_mounted() <= 0)
|
||||
return log_tests_skipped("procfs not available");
|
||||
|
||||
ASSERT_OK(getrlimit(RLIMIT_MEMLOCK, &rl));
|
||||
rl.rlim_cur = rl.rlim_max = MAX(rl.rlim_max, CAN_MEMLOCK_SIZE);
|
||||
(void) setrlimit(RLIMIT_MEMLOCK, &rl);
|
||||
|
|
|
@ -25,7 +25,7 @@ static void test_is_wanted_print_one(bool header) {
|
|||
log_info(" ");
|
||||
}
|
||||
|
||||
TEST(is_wanted_print) {
|
||||
TEST(is_wanted_print, .proc_mounted = true) {
|
||||
test_is_wanted_print_one(true);
|
||||
test_is_wanted_print_one(false); /* run twice to test caching */
|
||||
}
|
||||
|
|
|
@ -30,7 +30,7 @@ static void test_chase_extract_filename_one(const char *path, const char *root,
|
|||
ASSERT_STREQ(fname, expected);
|
||||
}
|
||||
|
||||
TEST(chase) {
|
||||
TEST(chase, .proc_mounted = true) {
|
||||
_cleanup_free_ char *result = NULL, *pwd = NULL;
|
||||
_cleanup_close_ int pfd = -EBADF;
|
||||
char *temp;
|
||||
|
@ -727,7 +727,7 @@ TEST(chaseat_prefix_root) {
|
|||
ASSERT_STREQ(ret, expected);
|
||||
}
|
||||
|
||||
TEST(trailing_dot_dot) {
|
||||
TEST(trailing_dot_dot, .proc_mounted = true) {
|
||||
_cleanup_free_ char *path = NULL, *fdpath = NULL;
|
||||
_cleanup_close_ int fd = -EBADF;
|
||||
|
||||
|
|
|
@ -38,7 +38,7 @@ static bool has_xattr(const char *p) {
|
|||
return true;
|
||||
}
|
||||
|
||||
TEST(chown_recursive) {
|
||||
TEST(chown_recursive, .proc_mounted = true) {
|
||||
_cleanup_(rm_rf_physical_and_freep) char *t = NULL;
|
||||
struct stat st;
|
||||
const char *p;
|
||||
|
|
|
@ -45,7 +45,7 @@
|
|||
#include "user-util.h"
|
||||
#include "virt.h"
|
||||
|
||||
TEST(condition_test_path) {
|
||||
TEST(condition_test_path, .proc_mounted = true) {
|
||||
Condition *condition;
|
||||
|
||||
condition = condition_new(CONDITION_PATH_EXISTS, "/bin/sh", false, false);
|
||||
|
@ -508,7 +508,7 @@ TEST(condition_test_firmware_smbios) {
|
|||
condition_free(condition);
|
||||
}
|
||||
|
||||
TEST(condition_test_kernel_command_line) {
|
||||
TEST(condition_test_kernel_command_line, .proc_mounted = true) {
|
||||
Condition *condition;
|
||||
int r;
|
||||
|
||||
|
|
|
@ -382,7 +382,7 @@ static void test_copy_bytes_regular_file_one(const char *src, bool try_reflink,
|
|||
assert_se((uint64_t) buf3.st_size == max_bytes);
|
||||
}
|
||||
|
||||
TEST(copy_bytes_regular_file) {
|
||||
TEST(copy_bytes_regular_file, .proc_mounted = true) {
|
||||
test_copy_bytes_regular_file_one(saved_argv[0], false, UINT64_MAX);
|
||||
test_copy_bytes_regular_file_one(saved_argv[0], true, UINT64_MAX);
|
||||
test_copy_bytes_regular_file_one(saved_argv[0], false, 1000); /* smaller than copy buffer size */
|
||||
|
@ -391,7 +391,7 @@ TEST(copy_bytes_regular_file) {
|
|||
test_copy_bytes_regular_file_one(saved_argv[0], true, 32000);
|
||||
}
|
||||
|
||||
TEST(copy_atomic) {
|
||||
TEST(copy_atomic, .proc_mounted = true) {
|
||||
_cleanup_(rm_rf_physical_and_freep) char *p = NULL;
|
||||
const char *q;
|
||||
int r;
|
||||
|
@ -409,7 +409,7 @@ TEST(copy_atomic) {
|
|||
assert_se(copy_file_atomic("/etc/fstab", q, 0644, COPY_REPLACE) >= 0);
|
||||
}
|
||||
|
||||
TEST(copy_proc) {
|
||||
TEST(copy_proc, .proc_mounted = true) {
|
||||
_cleanup_(rm_rf_physical_and_freep) char *p = NULL;
|
||||
_cleanup_free_ char *f = NULL, *a = NULL, *b = NULL;
|
||||
|
||||
|
@ -569,7 +569,7 @@ TEST(copy_lock) {
|
|||
fd = safe_close(fd);
|
||||
}
|
||||
|
||||
TEST(copy_verify_linked) {
|
||||
TEST(copy_verify_linked, .proc_mounted = true) {
|
||||
_cleanup_(rm_rf_physical_and_freep) char *t = NULL;
|
||||
_cleanup_close_ int tfd = -EBADF, fd_1 = -EBADF, fd_2 = -EBADF;
|
||||
|
||||
|
|
|
@ -47,7 +47,7 @@ static void test_acquire_data_fd_one(unsigned flags) {
|
|||
fd = safe_close(fd);
|
||||
}
|
||||
|
||||
TEST(acquire_data_fd) {
|
||||
TEST(acquire_data_fd, .proc_mounted = true) {
|
||||
test_acquire_data_fd_one(0);
|
||||
test_acquire_data_fd_one(ACQUIRE_NO_DEV_NULL);
|
||||
test_acquire_data_fd_one(ACQUIRE_NO_MEMFD);
|
||||
|
@ -79,7 +79,7 @@ static void assert_equal_fd(int fd1, int fd2) {
|
|||
}
|
||||
}
|
||||
|
||||
TEST(copy_data_fd) {
|
||||
TEST(copy_data_fd, .proc_mounted = true) {
|
||||
_cleanup_close_ int fd1 = -EBADF, fd2 = -EBADF;
|
||||
_cleanup_close_pair_ int sfd[2] = EBADF_PAIR;
|
||||
_cleanup_(sigkill_waitp) pid_t pid = -1;
|
||||
|
|
|
@ -158,7 +158,7 @@ TEST(fd_move_above_stdio) {
|
|||
assert_se(close_nointr(new_fd) != EBADF);
|
||||
}
|
||||
|
||||
TEST(rearrange_stdio) {
|
||||
TEST(rearrange_stdio, .proc_mounted = true) {
|
||||
pid_t pid;
|
||||
int r;
|
||||
|
||||
|
@ -363,7 +363,7 @@ static int seccomp_prohibit_close_range(void) {
|
|||
#endif
|
||||
}
|
||||
|
||||
TEST(close_all_fds) {
|
||||
TEST(close_all_fds, .proc_mounted = true) {
|
||||
int r;
|
||||
|
||||
/* Runs the test four times. Once as is. Once with close_range() syscall blocked via seccomp, once
|
||||
|
@ -433,7 +433,7 @@ TEST(format_proc_fd_path) {
|
|||
ASSERT_STREQ(FORMAT_PROC_FD_PATH(2147483647), "/proc/self/fd/2147483647");
|
||||
}
|
||||
|
||||
TEST(fd_reopen) {
|
||||
TEST(fd_reopen, .proc_mounted = true) {
|
||||
_cleanup_close_ int fd1 = -EBADF, fd2 = -EBADF;
|
||||
struct stat st1, st2;
|
||||
int fl;
|
||||
|
@ -697,7 +697,7 @@ TEST(fds_are_same_mount) {
|
|||
assert_se(fds_are_same_mount(fd2, fd3) > 0);
|
||||
}
|
||||
|
||||
TEST(fd_get_path) {
|
||||
TEST(fd_get_path, .proc_mounted = true) {
|
||||
_cleanup_(rm_rf_physical_and_freep) char *t = NULL;
|
||||
_cleanup_close_ int tfd = -EBADF, fd = -EBADF;
|
||||
_cleanup_free_ char *p = NULL, *q = NULL, *saved_cwd = NULL;
|
||||
|
|
|
@ -10,7 +10,7 @@
|
|||
#include "tests.h"
|
||||
#include "tmpfile-util.h"
|
||||
|
||||
TEST(fdset_new_fill) {
|
||||
TEST(fdset_new_fill, .proc_mounted = true) {
|
||||
_cleanup_fdset_free_ FDSet *fdset = NULL;
|
||||
int fd = -EBADF, flags;
|
||||
|
||||
|
|
|
@ -367,7 +367,7 @@ TEST(status_field) {
|
|||
}
|
||||
}
|
||||
|
||||
TEST(capeff) {
|
||||
TEST(capeff, .proc_mounted = true) {
|
||||
for (int pid = 0; pid < 2; pid++) {
|
||||
_cleanup_free_ char *capeff = NULL;
|
||||
int r, p;
|
||||
|
@ -485,7 +485,7 @@ TEST(write_string_file_no_create) {
|
|||
ASSERT_STREQ(buf, "boohoo\n");
|
||||
}
|
||||
|
||||
TEST(write_string_file_verify) {
|
||||
TEST(write_string_file_verify, .proc_mounted = true) {
|
||||
_cleanup_free_ char *buf = NULL, *buf2 = NULL;
|
||||
int r;
|
||||
|
||||
|
@ -525,7 +525,7 @@ static void check_file_pairs_one(char **l) {
|
|||
}
|
||||
}
|
||||
|
||||
TEST(load_env_file_pairs) {
|
||||
TEST(load_env_file_pairs, .proc_mounted = true) {
|
||||
_cleanup_(unlink_tempfilep) char fn[] = "/tmp/test-load_env_file_pairs-XXXXXX";
|
||||
int fd, r;
|
||||
_cleanup_fclose_ FILE *f = NULL;
|
||||
|
@ -940,7 +940,7 @@ TEST(read_nul_string) {
|
|||
assert_se(read_nul_string(f, LONG_LINE_MAX, &s) == 0 && streq_ptr(s, ""));
|
||||
}
|
||||
|
||||
TEST(read_full_file_socket) {
|
||||
TEST(read_full_file_socket, .proc_mounted = true) {
|
||||
_cleanup_(rm_rf_physical_and_freep) char *z = NULL;
|
||||
_cleanup_close_ int listener = -EBADF;
|
||||
_cleanup_free_ char *data = NULL, *clientname = NULL;
|
||||
|
@ -1106,7 +1106,7 @@ TEST(read_virtual_file) {
|
|||
test_read_virtual_file_one(SIZE_MAX);
|
||||
}
|
||||
|
||||
TEST(fdopen_independent) {
|
||||
TEST(fdopen_independent, .proc_mounted = true) {
|
||||
#define TEST_TEXT "this is some random test text we are going to write to a memfd"
|
||||
_cleanup_close_ int fd = -EBADF;
|
||||
_cleanup_fclose_ FILE *f = NULL;
|
||||
|
|
|
@ -683,7 +683,7 @@ TEST(openat_report_new) {
|
|||
ASSERT_FALSE(b);
|
||||
}
|
||||
|
||||
TEST(xopenat_full) {
|
||||
TEST(xopenat_full, .proc_mounted = true) {
|
||||
_cleanup_(rm_rf_physical_and_freep) char *t = NULL;
|
||||
_cleanup_close_ int tfd = -EBADF, fd = -EBADF, fd2 = -EBADF;
|
||||
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
#include "tmpfile-util.h"
|
||||
#include "umask-util.h"
|
||||
|
||||
TEST(install_file) {
|
||||
TEST(install_file, .proc_mounted = true) {
|
||||
_cleanup_(rm_rf_physical_and_freep) char *p = NULL;
|
||||
_cleanup_free_ char *a = NULL, *b = NULL, *c = NULL;
|
||||
struct stat stat1, stat2;
|
||||
|
|
|
@ -1265,7 +1265,7 @@ TEST(parse_continue) {
|
|||
assert_se(sd_json_parse_with_source_continue(&p, "piff", /* flags= */ 0, &x, &line, &column) == -EINVAL);
|
||||
}
|
||||
|
||||
TEST(pidref) {
|
||||
TEST(pidref, .proc_mounted = true) {
|
||||
_cleanup_(pidref_done) PidRef myself = PIDREF_NULL, pid1 = PIDREF_NULL;
|
||||
|
||||
assert_se(pidref_set_pid(&myself, 0) >= 0);
|
||||
|
@ -1349,7 +1349,7 @@ TEST(devnum) {
|
|||
ASSERT_FAIL(json_dispatch_devnum("devnum", v, /* flags= */ 0, &parsed));
|
||||
}
|
||||
|
||||
TEST(fd_info) {
|
||||
TEST(fd_info, .proc_mounted = true) {
|
||||
_cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
|
||||
_cleanup_(pidref_done) PidRef pidref = PIDREF_NULL;
|
||||
_cleanup_close_ int fd = -EBADF;
|
||||
|
|
|
@ -224,15 +224,14 @@ static int run(int argc, char *argv[]) {
|
|||
dissected = dissected_image_unref(dissected);
|
||||
#endif
|
||||
|
||||
if (geteuid() != 0 || have_effective_cap(CAP_SYS_ADMIN) <= 0) {
|
||||
log_tests_skipped("not running privileged");
|
||||
return 0;
|
||||
}
|
||||
if (geteuid() != 0 || have_effective_cap(CAP_SYS_ADMIN) <= 0)
|
||||
return log_tests_skipped("not running privileged");
|
||||
|
||||
if (detect_container() > 0) {
|
||||
log_tests_skipped("Test not supported in a container, requires udev/uevent notifications");
|
||||
return 0;
|
||||
}
|
||||
if (detect_container() > 0)
|
||||
return log_tests_skipped("Test not supported in a container, requires udev/uevent notifications");
|
||||
|
||||
if (proc_mounted() <= 0)
|
||||
return log_tests_skipped("procfs not available");
|
||||
|
||||
assert_se(loop_device_make(fd, O_RDWR, 0, UINT64_MAX, 0, LO_FLAGS_PARTSCAN, LOCK_EX, &loop) >= 0);
|
||||
|
||||
|
|
|
@ -63,7 +63,7 @@ static int fake_pressure_callback(sd_event_source *s, void *userdata) {
|
|||
return 0;
|
||||
}
|
||||
|
||||
TEST(fake_pressure) {
|
||||
TEST(fake_pressure, .proc_mounted = true) {
|
||||
_cleanup_(sd_event_source_unrefp) sd_event_source *es = NULL, *ef = NULL;
|
||||
_cleanup_(sd_event_unrefp) sd_event *e = NULL;
|
||||
_cleanup_free_ char *j = NULL, *k = NULL;
|
||||
|
|
|
@ -130,7 +130,7 @@ TEST(mount_flags_to_string) {
|
|||
"MS_I_VERSION|MS_STRICTATIME|MS_LAZYTIME|fc000200");
|
||||
}
|
||||
|
||||
TEST(bind_remount_recursive) {
|
||||
TEST(bind_remount_recursive, .proc_mounted = true) {
|
||||
_cleanup_(rm_rf_physical_and_freep) char *tmp = NULL;
|
||||
_cleanup_free_ char *subdir = NULL;
|
||||
|
||||
|
@ -184,7 +184,7 @@ TEST(bind_remount_recursive) {
|
|||
}
|
||||
}
|
||||
|
||||
TEST(bind_remount_one) {
|
||||
TEST(bind_remount_one, .proc_mounted = true) {
|
||||
pid_t pid;
|
||||
|
||||
if (geteuid() != 0 || have_effective_cap(CAP_SYS_ADMIN) <= 0) {
|
||||
|
@ -279,7 +279,7 @@ TEST(make_mount_point_inode) {
|
|||
assert_se(!(S_IXOTH & st.st_mode));
|
||||
}
|
||||
|
||||
TEST(make_mount_switch_root) {
|
||||
TEST(make_mount_switch_root, .proc_mounted = true) {
|
||||
_cleanup_(rm_rf_physical_and_freep) char *t = NULL;
|
||||
_cleanup_free_ char *s = NULL;
|
||||
int r;
|
||||
|
@ -333,7 +333,7 @@ TEST(make_mount_switch_root) {
|
|||
}
|
||||
}
|
||||
|
||||
TEST(umount_recursive) {
|
||||
TEST(umount_recursive, .proc_mounted = true) {
|
||||
static const struct {
|
||||
const char *prefix;
|
||||
const char * const keep[3];
|
||||
|
@ -418,7 +418,7 @@ TEST(umount_recursive) {
|
|||
}
|
||||
}
|
||||
|
||||
TEST(fd_make_mount_point) {
|
||||
TEST(fd_make_mount_point, .proc_mounted = true) {
|
||||
_cleanup_(rm_rf_physical_and_freep) char *t = NULL;
|
||||
_cleanup_free_ char *s = NULL;
|
||||
int r;
|
||||
|
@ -467,7 +467,7 @@ TEST(fd_make_mount_point) {
|
|||
}
|
||||
}
|
||||
|
||||
TEST(bind_mount_submounts) {
|
||||
TEST(bind_mount_submounts, .proc_mounted = true) {
|
||||
_cleanup_(rmdir_and_freep) char *a = NULL, *b = NULL;
|
||||
_cleanup_free_ char *x = NULL;
|
||||
int r;
|
||||
|
@ -537,7 +537,7 @@ TEST(bind_mount_submounts) {
|
|||
assert_se(umount_recursive(b, 0) >= 0);
|
||||
}
|
||||
|
||||
TEST(path_is_network_fs_harder) {
|
||||
TEST(path_is_network_fs_harder, .proc_mounted = true) {
|
||||
_cleanup_close_ int dir_fd = -EBADF;
|
||||
int r;
|
||||
|
||||
|
|
|
@ -445,6 +445,9 @@ static int intro(void) {
|
|||
/* let's move into our own mount namespace with all propagation from the host turned off, so
|
||||
* that /proc/self/mountinfo is static and constant for the whole time our test runs. */
|
||||
|
||||
if (proc_mounted() <= 0)
|
||||
return log_tests_skipped("procfs not available");
|
||||
|
||||
if (unshare(CLONE_NEWNS) < 0) {
|
||||
if (!ERRNO_IS_PRIVILEGE(errno))
|
||||
return log_error_errno(errno, "Failed to detach mount namespace: %m");
|
||||
|
|
|
@ -19,7 +19,7 @@ TEST(path_is_os_tree) {
|
|||
assert_se(path_is_os_tree("/idontexist") == -ENOENT);
|
||||
}
|
||||
|
||||
TEST(parse_os_release) {
|
||||
TEST(parse_os_release, .proc_mounted = true) {
|
||||
_cleanup_free_ char *id = NULL, *id2 = NULL, *name = NULL, *foobar = NULL;
|
||||
|
||||
if (access("/etc/os-release", F_OK) >= 0 || access("/usr/lib/os-release", F_OK) >= 0) {
|
||||
|
@ -61,7 +61,7 @@ TEST(parse_os_release) {
|
|||
ASSERT_OK_ERRNO(unsetenv("SYSTEMD_OS_RELEASE"));
|
||||
}
|
||||
|
||||
TEST(parse_extension_release) {
|
||||
TEST(parse_extension_release, .proc_mounted = true) {
|
||||
/* Let's assume that we have a valid extension image */
|
||||
_cleanup_free_ char *id = NULL, *version_id = NULL, *foobar = NULL, *a = NULL, *b = NULL;
|
||||
_cleanup_(rm_rf_physical_and_freep) char *tempdir = NULL;
|
||||
|
@ -104,7 +104,7 @@ TEST(parse_extension_release) {
|
|||
ASSERT_NULL(foobar);
|
||||
}
|
||||
|
||||
TEST(load_os_release_pairs) {
|
||||
TEST(load_os_release_pairs, .proc_mounted = true) {
|
||||
_cleanup_(unlink_tempfilep) char tmpfile[] = "/tmp/test-os-util.XXXXXX";
|
||||
ASSERT_EQ(write_tmpfile(tmpfile,
|
||||
"ID=\"ignored\" \n"
|
||||
|
|
|
@ -421,7 +421,7 @@ TEST(find_executable_full) {
|
|||
assert_se(find_executable_full(test_file_name, NULL, STRV_MAKE("/doesnotexist", "/tmp", "/bin"), false, &p, NULL) == -ENOENT);
|
||||
}
|
||||
|
||||
TEST(find_executable) {
|
||||
TEST(find_executable, .proc_mounted = true) {
|
||||
char *p;
|
||||
|
||||
assert_se(find_executable("/bin/sh", &p) == 0);
|
||||
|
|
|
@ -60,7 +60,7 @@ TEST(pidref_set_pidstr) {
|
|||
assert_se(!pidref_equal(&pidref, &PIDREF_MAKE_FROM_PID(getpid_cached()+1)));
|
||||
}
|
||||
|
||||
TEST(pidref_set_pidfd) {
|
||||
TEST(pidref_set_pidfd, .proc_mounted = true) {
|
||||
_cleanup_(pidref_done) PidRef a = PIDREF_NULL, b = PIDREF_NULL, c = PIDREF_NULL, d = PIDREF_NULL;
|
||||
|
||||
assert_se(pidref_set_self(&a) >= 0);
|
||||
|
@ -211,7 +211,7 @@ TEST(pidref_done_sigkill_wait) {
|
|||
freeze();
|
||||
}
|
||||
|
||||
TEST(pidref_verify) {
|
||||
TEST(pidref_verify, .proc_mounted = true) {
|
||||
_cleanup_(pidref_done) PidRef pidref = PIDREF_NULL;
|
||||
|
||||
assert_se(pidref_verify(NULL) == -ESRCH);
|
||||
|
|
|
@ -24,7 +24,7 @@ static int parse_item(const char *key, const char *value, void *data) {
|
|||
return 0;
|
||||
}
|
||||
|
||||
TEST(proc_cmdline_parse) {
|
||||
TEST(proc_cmdline_parse, .proc_mounted = true) {
|
||||
assert_se(proc_cmdline_parse(parse_item, &obj, PROC_CMDLINE_STRIP_RD_PREFIX) >= 0);
|
||||
}
|
||||
|
||||
|
|
|
@ -104,7 +104,7 @@ static void test_pid_get_comm_one(pid_t pid) {
|
|||
log_info("PID"PID_FMT" $PATH: '%s'", pid, strna(i));
|
||||
}
|
||||
|
||||
TEST(pid_get_comm) {
|
||||
TEST(pid_get_comm, .proc_mounted = true) {
|
||||
if (saved_argc > 1) {
|
||||
pid_t pid = 0;
|
||||
|
||||
|
@ -813,7 +813,7 @@ TEST(setpriority_closest) {
|
|||
}
|
||||
}
|
||||
|
||||
TEST(get_process_ppid) {
|
||||
TEST(get_process_ppid, .proc_mounted = true) {
|
||||
uint64_t limit;
|
||||
int r;
|
||||
|
||||
|
@ -850,7 +850,7 @@ TEST(get_process_ppid) {
|
|||
}
|
||||
}
|
||||
|
||||
TEST(set_oom_score_adjust) {
|
||||
TEST(set_oom_score_adjust, .proc_mounted = true) {
|
||||
int a, b, r;
|
||||
|
||||
ASSERT_OK(get_oom_score_adjust(&a));
|
||||
|
@ -881,7 +881,7 @@ static void* dummy_thread(void *p) {
|
|||
return NULL;
|
||||
}
|
||||
|
||||
TEST(get_process_threads) {
|
||||
TEST(get_process_threads, .proc_mounted = true) {
|
||||
int r;
|
||||
|
||||
/* Run this test in a child, so that we can guarantee there's exactly one thread around in the child */
|
||||
|
@ -973,7 +973,7 @@ TEST(is_reaper_process) {
|
|||
}
|
||||
}
|
||||
|
||||
TEST(pid_get_start_time) {
|
||||
TEST(pid_get_start_time, .proc_mounted = true) {
|
||||
_cleanup_(pidref_done) PidRef pidref = PIDREF_NULL;
|
||||
|
||||
ASSERT_OK(pidref_set_self(&pidref));
|
||||
|
|
|
@ -16,6 +16,9 @@ int main(int argc, char *argv[]) {
|
|||
|
||||
test_setup_logging(LOG_DEBUG);
|
||||
|
||||
if (proc_mounted() <= 0)
|
||||
return log_tests_skipped("procfs not available");
|
||||
|
||||
assert_se(procfs_cpu_get_usage(&nsec) >= 0);
|
||||
log_info("Current system CPU time: %s", FORMAT_TIMESPAN(nsec/NSEC_PER_USEC, 1));
|
||||
|
||||
|
|
|
@ -141,7 +141,7 @@ TEST(setrlimit) {
|
|||
assert_se(old.rlim_max == new.rlim_max);
|
||||
}
|
||||
|
||||
TEST(pid_getrlimit) {
|
||||
TEST(pid_getrlimit, .proc_mounted = true) {
|
||||
int r;
|
||||
|
||||
/* We fork off a child and read the parent's resource limit from there (i.e. our own), and compare
|
||||
|
|
|
@ -363,7 +363,7 @@ TEST(restrict_namespace) {
|
|||
assert_se(wait_for_terminate_and_check("nsseccomp", pid, WAIT_LOG) == EXIT_SUCCESS);
|
||||
}
|
||||
|
||||
TEST(protect_sysctl) {
|
||||
TEST(protect_sysctl, .proc_mounted = true) {
|
||||
pid_t pid;
|
||||
_cleanup_free_ char *seccomp = NULL;
|
||||
|
||||
|
|
|
@ -369,7 +369,7 @@ TEST(in_addr_port_ifindex_name_from_string_auto) {
|
|||
test_in_addr_port_ifindex_name_from_string_auto_one("[fe80::18]:53%lo#hoge.com", AF_INET6, 53, 1, "hoge.com", "[fe80::18]:53%1#hoge.com");
|
||||
}
|
||||
|
||||
TEST(netns_get_nsid) {
|
||||
TEST(netns_get_nsid, .proc_mounted = true) {
|
||||
uint32_t u;
|
||||
int r;
|
||||
|
||||
|
|
|
@ -542,7 +542,7 @@ TEST(ipv6_enabled) {
|
|||
log_info("IPv6 enabled: %s", yes_no(socket_ipv6_is_enabled()));
|
||||
}
|
||||
|
||||
TEST(sockaddr_un_set_path) {
|
||||
TEST(sockaddr_un_set_path, .proc_mounted = true) {
|
||||
_cleanup_(rm_rf_physical_and_freep) char *t = NULL;
|
||||
_cleanup_(unlink_and_freep) char *sh = NULL;
|
||||
_cleanup_free_ char *j = NULL;
|
||||
|
|
|
@ -56,7 +56,7 @@ static const Specifier specifier_table[] = {
|
|||
{}
|
||||
};
|
||||
|
||||
TEST(specifier_printf) {
|
||||
TEST(specifier_printf, .proc_mounted = true) {
|
||||
static const Specifier table[] = {
|
||||
{ 'X', specifier_string, (char*) "AAAA" },
|
||||
{ 'Y', specifier_string, (char*) "BBBB" },
|
||||
|
@ -128,7 +128,7 @@ TEST(specifier_real_path_missing_file) {
|
|||
assert_se(r == -ENOENT);
|
||||
}
|
||||
|
||||
TEST(specifiers) {
|
||||
TEST(specifiers, .proc_mounted = true) {
|
||||
int r;
|
||||
|
||||
for (const Specifier *s = specifier_table; s->specifier; s++) {
|
||||
|
@ -173,7 +173,7 @@ TEST(specifiers_assorted) {
|
|||
}
|
||||
}
|
||||
|
||||
TEST(specifiers_missing_data_ok) {
|
||||
TEST(specifiers_missing_data_ok, .proc_mounted = true) {
|
||||
_cleanup_free_ char *resolved = NULL;
|
||||
|
||||
assert_se(setenv("SYSTEMD_OS_RELEASE", "/dev/null", 1) == 0);
|
||||
|
|
|
@ -22,7 +22,7 @@
|
|||
#include "tests.h"
|
||||
#include "tmpfile-util.h"
|
||||
|
||||
TEST(null_or_empty_path) {
|
||||
TEST(null_or_empty_path, .proc_mounted = true) {
|
||||
assert_se(null_or_empty_path("/dev/null") == 1);
|
||||
assert_se(null_or_empty_path("/dev/tty") == 1); /* We assume that any character device is "empty", bleh. */
|
||||
assert_se(null_or_empty_path("../../../../../../../../../../../../../../../../../../../../dev/null") == 1);
|
||||
|
@ -30,7 +30,7 @@ TEST(null_or_empty_path) {
|
|||
assert_se(null_or_empty_path("/nosuchfileordir") == -ENOENT);
|
||||
}
|
||||
|
||||
TEST(null_or_empty_path_with_root) {
|
||||
TEST(null_or_empty_path_with_root, .proc_mounted = true) {
|
||||
assert_se(null_or_empty_path_with_root("/dev/null", NULL) == 1);
|
||||
assert_se(null_or_empty_path_with_root("/dev/null", "/") == 1);
|
||||
assert_se(null_or_empty_path_with_root("/dev/null", "/.././../") == 1);
|
||||
|
@ -46,7 +46,7 @@ TEST(null_or_empty_path_with_root) {
|
|||
assert_se(null_or_empty_path_with_root("/foobar/barbar/dev/null", "/foobar/barbar/") == 1);
|
||||
}
|
||||
|
||||
TEST(inode_same) {
|
||||
TEST(inode_same, .proc_mounted = true) {
|
||||
_cleanup_close_ int fd = -EBADF;
|
||||
_cleanup_(unlink_tempfilep) char name[] = "/tmp/test-files_same.XXXXXX";
|
||||
_cleanup_(unlink_tempfilep) char name_alias[] = "/tmp/test-files_same.alias";
|
||||
|
@ -190,7 +190,7 @@ TEST(fd_is_ns) {
|
|||
assert_se(IN_SET(fd_is_ns(fd, CLONE_NEWNET), 1, -EUCLEAN));
|
||||
}
|
||||
|
||||
TEST(dir_is_empty) {
|
||||
TEST(dir_is_empty, .proc_mounted = true) {
|
||||
_cleanup_(rm_rf_physical_and_freep) char *empty_dir = NULL;
|
||||
_cleanup_free_ char *j = NULL, *jj = NULL, *jjj = NULL;
|
||||
|
||||
|
|
|
@ -38,7 +38,7 @@ TEST(sysctl_normalize) {
|
|||
}
|
||||
}
|
||||
|
||||
TEST(sysctl_read) {
|
||||
TEST(sysctl_read, .proc_mounted = true) {
|
||||
_cleanup_free_ char *s = NULL;
|
||||
struct utsname u;
|
||||
sd_id128_t a, b;
|
||||
|
|
|
@ -70,7 +70,7 @@ TEST(read_one_char) {
|
|||
assert_se(read_one_char(file, &r, 1000000, &need_nl) < 0);
|
||||
}
|
||||
|
||||
TEST(getttyname_malloc) {
|
||||
TEST(getttyname_malloc, .proc_mounted = true) {
|
||||
_cleanup_free_ char *ttyname = NULL;
|
||||
_cleanup_close_ int master = -EBADF;
|
||||
|
||||
|
@ -214,7 +214,7 @@ TEST(terminal_fix_size) {
|
|||
log_notice("Fixed terminal size.");
|
||||
}
|
||||
|
||||
TEST(terminal_is_pty_fd) {
|
||||
TEST(terminal_is_pty_fd, .proc_mounted = true) {
|
||||
_cleanup_close_ int fd1 = -EBADF, fd2 = -EBADF;
|
||||
int r;
|
||||
|
||||
|
@ -294,7 +294,7 @@ TEST(terminal_reset_defensive) {
|
|||
log_notice_errno(r, "Failed to reset terminal: %m");
|
||||
}
|
||||
|
||||
TEST(pty_open_peer) {
|
||||
TEST(pty_open_peer, .proc_mounted = true) {
|
||||
_cleanup_close_ int pty_fd = -EBADF, peer_fd = -EBADF;
|
||||
_cleanup_free_ char *pty_path = NULL;
|
||||
|
||||
|
|
|
@ -461,7 +461,7 @@ static void test_format_timestamp_with_tz_one(const char *tz) {
|
|||
tzset();
|
||||
}
|
||||
|
||||
TEST(FORMAT_TIMESTAMP_with_tz) {
|
||||
TEST(FORMAT_TIMESTAMP_with_tz, .proc_mounted = true) {
|
||||
_cleanup_strv_free_ char **timezones = NULL;
|
||||
|
||||
test_format_timestamp_with_tz_one("UTC");
|
||||
|
|
|
@ -242,7 +242,7 @@ TEST(tempfn_random_child) {
|
|||
test_tempfn_random_child_one(p, "hoge", q, 0);
|
||||
}
|
||||
|
||||
TEST(link_tmpfile) {
|
||||
TEST(link_tmpfile, .proc_mounted = true) {
|
||||
_cleanup_free_ char *cmd = NULL, *cmd2 = NULL, *ans = NULL, *ans2 = NULL, *d = NULL, *tmp = NULL, *line = NULL;
|
||||
_cleanup_close_ int fd = -EBADF, fd2 = -EBADF;
|
||||
const char *p = saved_argv[1] ?: "/tmp";
|
||||
|
|
|
@ -10,6 +10,9 @@ int main(int argc, char *argv[]) {
|
|||
|
||||
test_setup_logging(LOG_DEBUG);
|
||||
|
||||
if (proc_mounted() <= 0)
|
||||
return log_tests_skipped("procfs not available");
|
||||
|
||||
u = umask(0111);
|
||||
|
||||
n = 0;
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
#include "tmpfile-util.h"
|
||||
#include "xattr-util.h"
|
||||
|
||||
TEST(getxattr_at_malloc) {
|
||||
TEST(getxattr_at_malloc, .proc_mounted = true) {
|
||||
_cleanup_(rm_rf_physical_and_freep) char *t = NULL;
|
||||
_cleanup_free_ char *value = NULL;
|
||||
_cleanup_close_ int fd = -EBADF;
|
||||
|
@ -86,7 +86,7 @@ static void verify_xattr(int dfd, const char *expected) {
|
|||
ASSERT_STREQ(value, expected);
|
||||
}
|
||||
|
||||
TEST(xsetxattr) {
|
||||
TEST(xsetxattr, .proc_mounted = true) {
|
||||
_cleanup_(rm_rf_physical_and_freep) char *t = NULL;
|
||||
_cleanup_close_ int dfd = -EBADF, fd = -EBADF;
|
||||
const char *x;
|
||||
|
|
|
@ -23,6 +23,7 @@
|
|||
#include "user-util.h"
|
||||
#include "userdb.h"
|
||||
#include "verbs.h"
|
||||
#include "virt.h"
|
||||
|
||||
static enum {
|
||||
OUTPUT_CLASSIC,
|
||||
|
@ -139,10 +140,16 @@ static int show_user(UserRecord *ur, Table *table) {
|
|||
return 0;
|
||||
}
|
||||
|
||||
static bool test_show_mapped(void) {
|
||||
/* Show mapped user range only in environments where user mapping is a thing. */
|
||||
return running_in_userns() > 0;
|
||||
}
|
||||
|
||||
static const struct {
|
||||
uid_t first, last;
|
||||
const char *name;
|
||||
UserDisposition disposition;
|
||||
bool (*test)(void);
|
||||
} uid_range_table[] = {
|
||||
{
|
||||
.first = 1,
|
||||
|
@ -175,11 +182,12 @@ static const struct {
|
|||
.last = MAP_UID_MAX,
|
||||
.name = "mapped",
|
||||
.disposition = USER_REGULAR,
|
||||
.test = test_show_mapped,
|
||||
},
|
||||
};
|
||||
|
||||
static int table_add_uid_boundaries(Table *table, const UIDRange *p) {
|
||||
int r;
|
||||
int r, n_added = 0;
|
||||
|
||||
assert(table);
|
||||
|
||||
|
@ -192,6 +200,9 @@ static int table_add_uid_boundaries(Table *table, const UIDRange *p) {
|
|||
if (!uid_range_covers(p, i->first, i->last - i->first + 1))
|
||||
continue;
|
||||
|
||||
if (i->test && !i->test())
|
||||
continue;
|
||||
|
||||
name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN),
|
||||
" begin ", i->name, " users ",
|
||||
special_glyph(SPECIAL_GLYPH_ARROW_DOWN));
|
||||
|
@ -249,9 +260,11 @@ static int table_add_uid_boundaries(Table *table, const UIDRange *p) {
|
|||
TABLE_INT, 1); /* sort after any other entry with the same UID */
|
||||
if (r < 0)
|
||||
return table_log_add_error(r);
|
||||
|
||||
n_added += 2;
|
||||
}
|
||||
|
||||
return ELEMENTSOF(uid_range_table) * 2;
|
||||
return n_added;
|
||||
}
|
||||
|
||||
static int add_unavailable_uid(Table *table, uid_t start, uid_t end) {
|
||||
|
@ -565,16 +578,22 @@ static int show_group(GroupRecord *gr, Table *table) {
|
|||
}
|
||||
|
||||
static int table_add_gid_boundaries(Table *table, const UIDRange *p) {
|
||||
int r;
|
||||
int r, n_added = 0;
|
||||
|
||||
assert(table);
|
||||
|
||||
FOREACH_ELEMENT(i, uid_range_table) {
|
||||
_cleanup_free_ char *name = NULL, *comment = NULL;
|
||||
|
||||
if (!FLAGS_SET(arg_disposition_mask, UINT64_C(1) << i->disposition))
|
||||
continue;
|
||||
|
||||
if (!uid_range_covers(p, i->first, i->last - i->first + 1))
|
||||
continue;
|
||||
|
||||
if (i->test && !i->test())
|
||||
continue;
|
||||
|
||||
name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN),
|
||||
" begin ", i->name, " groups ",
|
||||
special_glyph(SPECIAL_GLYPH_ARROW_DOWN));
|
||||
|
@ -626,9 +645,11 @@ static int table_add_gid_boundaries(Table *table, const UIDRange *p) {
|
|||
TABLE_INT, 1); /* sort after any other entry with the same GID */
|
||||
if (r < 0)
|
||||
return table_log_add_error(r);
|
||||
|
||||
n_added += 2;
|
||||
}
|
||||
|
||||
return ELEMENTSOF(uid_range_table) * 2;
|
||||
return n_added;
|
||||
}
|
||||
|
||||
static int add_unavailable_gid(Table *table, uid_t start, uid_t end) {
|
||||
|
|
|
@ -4,6 +4,11 @@ set -eux
|
|||
shopt -s nullglob
|
||||
shopt -s globstar
|
||||
|
||||
if ! mountpoint /proc; then
|
||||
echo "procfs is not available, skipping"
|
||||
exit 77
|
||||
fi
|
||||
|
||||
if [[ -n "${1:-}" ]]; then
|
||||
generator=$1
|
||||
elif [[ -x /usr/lib/systemd/system-generators/systemd-fstab-generator ]]; then
|
||||
|
|
|
@ -2,6 +2,11 @@
|
|||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
set -ex
|
||||
|
||||
if ! mountpoint /proc; then
|
||||
echo "procfs is not available, skipping"
|
||||
exit 77
|
||||
fi
|
||||
|
||||
# Silence warning from running_in_chroot_or_offline()
|
||||
export SYSTEMD_IN_CHROOT=0
|
||||
|
||||
|
|
|
@ -234,6 +234,11 @@ def test_conditionalized_execute_bit():
|
|||
assert "user:root:rwx" in c.stdout and "group:root:r-x" in c.stdout
|
||||
|
||||
if __name__ == '__main__':
|
||||
# If proc is not mounted, skip the test
|
||||
if not os.path.exists('/proc/self'):
|
||||
print("procfs is not available, skipping")
|
||||
sys.exit(EXIT_TEST_SKIP)
|
||||
|
||||
test_invalids(user=False)
|
||||
test_invalids(user=True)
|
||||
test_uninitialized_t()
|
||||
|
|
|
@ -2,6 +2,11 @@
|
|||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
set -e
|
||||
|
||||
if ! mountpoint /proc; then
|
||||
echo "procfs is not available, skipping"
|
||||
exit 77
|
||||
fi
|
||||
|
||||
SYSUSERS="${1:-systemd-sysusers}"
|
||||
|
||||
# shellcheck disable=SC1090
|
||||
|
|
|
@ -13,11 +13,12 @@
|
|||
|
||||
d /run/lock 0755 root root -
|
||||
L /var/lock - - - - ../run/lock
|
||||
|
||||
{% if HAVE_SYSV_COMPAT %}
|
||||
{% if CREATE_LOG_DIRS %}
|
||||
L$ /var/log/README - - - - ../..{{DOC_DIR}}/README.logs
|
||||
{% endif %}
|
||||
|
||||
{% if HAVE_SYSV_COMPAT %}
|
||||
# /run/lock/subsys is used for serializing SysV service execution, and
|
||||
# hence without use on SysV-less systems.
|
||||
d /run/lock/subsys 0755 root root -
|
||||
|
|
|
@ -10,6 +10,11 @@ set -o pipefail
|
|||
BINARY="${1:?}"
|
||||
export SYSTEMD_LOG_LEVEL=info
|
||||
|
||||
if [[ ! -d /proc/self/ ]]; then
|
||||
echo "/proc/self/ is not available, skipping"
|
||||
exit 77
|
||||
fi
|
||||
|
||||
if [[ ! -x "$BINARY" ]]; then
|
||||
echo "$BINARY is not an executable"
|
||||
exit 1
|
||||
|
|
|
@ -1,14 +1,24 @@
|
|||
#!/usr/bin/env python3
|
||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
import os
|
||||
from argparse import ArgumentParser
|
||||
from pathlib import Path
|
||||
from subprocess import PIPE, run
|
||||
|
||||
|
||||
def extract_interfaces_xml(output_dir, executable):
|
||||
# If proc is not mounted, set LD_LIBRARY_PATH so that shared/core libs can be found
|
||||
env = os.environ.copy()
|
||||
if not os.path.exists('/proc/self'):
|
||||
if 'LD_LIBRARY_PATH' not in env:
|
||||
env["LD_LIBRARY_PATH"] = "src/shared:src/core"
|
||||
else:
|
||||
env["LD_LIBRARY_PATH"] = f"src/shared:src/core:{env['LD_LIBRARY_PATH']}"
|
||||
|
||||
proc = run(
|
||||
args=[executable.absolute(), '--bus-introspect', 'list'],
|
||||
stdout=PIPE,
|
||||
env=env,
|
||||
check=True,
|
||||
universal_newlines=True)
|
||||
|
||||
|
@ -18,6 +28,7 @@ def extract_interfaces_xml(output_dir, executable):
|
|||
proc = run(
|
||||
args=[executable.absolute(), '--bus-introspect', interface_name],
|
||||
stdout=PIPE,
|
||||
env=env,
|
||||
check=True,
|
||||
universal_newlines=True)
|
||||
|
||||
|
|
Loading…
Reference in New Issue