Merge 9e3d6b193d into 0df42ebcd6

2024-11-07 22:30:46 +01:00
5 changed files with 32 additions and 32 deletions
--- a/25
+++ b/25
@ -129,10 +129,6 @@ Deprecations and removals:
 Features:
 * format-table: introduce new cell type for strings with ansi sequences in
  them. display them in regular output mode (via strip_tab_ansi()), but
  suppress them in json mode.
 * machined: when registering a machine, also take a relative cgroup path,
  relative to the machine's unit. This is useful when registering unpriv
  machines, as they might sit down the cgroup tree, below a cgroup delegation
@ -221,8 +217,12 @@ Features:
  services where mount propagation from the root fs is off, an still have
  confext/sysext propagated in.
 * support F_DUDFD_QUERY for comparing fds in same_fd (requires kernel 6.10)
 * generic interface for varlink for setting log level and stuff that all our daemons can implement
 * use pty ioctl to get peer wherever possible (TIOCGPTPEER)
 * maybe teach repart.d/ dropins a new setting MakeMountNodes= or so, which is
  just like MakeDirectories=, but uses an access mode of 0000 and sets the +i
  chattr bit. This is useful as protection against early uses of /var/ or /tmp/
@ -253,6 +253,8 @@ Features:
 * initrd: when transitioning from initrd to host, validate that
  /lib/modules/`uname -r` exists, refuse otherwise
 * tmpfiles: add "owning" flag for lines that limits effect of --purge
 * signed bpf loading: to address need for signature verification for bpf
  programs when they are loaded, and given the bpf folks don't think this is
  realistic in kernel space, maybe add small daemon that facilitates this
@ -456,6 +458,9 @@ Features:
 * introduce mntid_t, and make it 64bit, as apparently the kernel switched to
  64bit mount ids
 * use udev rule networkd ownership property to take ownership of network
  interfaces nspawn creates
 * mountfsd/nsresourced
  - userdb: maybe allow callers to map one uid to their own uid
  - bpflsm: allow writes if resulting UID on disk would be userns' owner UID
@ -642,7 +647,6 @@ Features:
  - openpt_allocate_in_namespace()
  - unit_attach_pid_to_cgroup_via_bus()
  - cg_attach() – requires new kernel feature
  - journald's process cache
 * ddi must be listed as block device fstype
@ -1466,6 +1470,9 @@ Features:
 * in sd-id128: also parse UUIDs in RFC4122 URN syntax (i.e. chop off urn:uuid: prefix)
 * DynamicUser= + StateDirectory= → use uid mapping mounts, too, in order to
  make dirs appear under right UID.
 * systemd-sysext: optionally, run it in initrd already, before transitioning
  into host, to open up possibility for services shipped like that.
@ -1637,6 +1644,14 @@ Features:
 * maybe add kernel cmdline params: to force random seed crediting
 * introduce a new per-process uuid, similar to the boot id, the machine id, the
  invocation id, that is derived from process creds, specifically a hashed
  combination of AT_RANDOM + getpid() + the starttime from
  /proc/self/status. Then add these ids implicitly when logging. Deriving this
  uuid from these three things has the benefit that it can be derived easily
  from /proc/$PID/ in a stable, and unique way that changes on both fork() and
  exec().
 * let's not GC a unit while its ratelimits are still pending
 * when killing due to service watchdog timeout maybe detect whether target
--- a/src/basic/fs-util.c
+++ b/src/basic/fs-util.c
@ -1131,8 +1131,6 @@ int xopenat_full(int dir_fd, const char *path, int open_flags, XOpenFlags xopen_
         *   • If O_CREAT is used with XO_LABEL, any created file will be immediately relabelled.
         *
         *   • If the path is specified NULL or empty, behaves like fd_reopen().
         *
         *   • If XO_NOCOW is specified will turn on the NOCOW btrfs flag on the file, if available.
         */
        if (isempty(path)) {
--- a/test/meson.build
+++ b/test/meson.build
@ -142,13 +142,11 @@ endif
 ############################################################
 if install_tests
-        install_data('run-unit-tests.py',
+        foreach script : ['integration-test-setup.sh', 'run-unit-tests.py']
-                     install_mode : 'rwxr-xr-x',
+                install_data(script,
-                     install_dir : testsdir)
+                             install_mode : 'rwxr-xr-x',
-
+                             install_dir : testsdir)
-        install_data('integration-test-setup.sh',
+        endforeach
                     install_mode : 'rwxr-xr-x',
                     install_dir : testdata_dir)
 endif
 ############################################################
--- a/test/test.service.in
+++ b/test/test.service.in
@ -7,9 +7,9 @@ Before=getty-pre.target
 [Service]
 ExecStartPre=rm -f /failed /testok
-ExecStartPre=/usr/lib/systemd/tests/testdata/integration-test-setup.sh setup
+ExecStartPre=/usr/lib/systemd/tests/integration-test-setup.sh setup
 ExecStart=@command@
-ExecStopPost=/usr/lib/systemd/tests/testdata/integration-test-setup.sh finalize
+ExecStopPost=/usr/lib/systemd/tests/integration-test-setup.sh finalize
 Type=oneshot
 MemoryAccounting=@memory-accounting@
 StateDirectory=%N
--- a/test/units/TEST-07-PID1.private-pids.sh
+++ b/test/units/TEST-07-PID1.private-pids.sh
@ -132,12 +132,10 @@ testcase_unpriv() {
        return 0
    fi
-    # IMPORTANT: For /proc/ to be remounted in pid namespace within an unprivileged user namespace, there needs to
+    # The kernel has a restriction for unprivileged user namespaces where they cannot mount a less restrictive
-    # be at least 1 unmasked procfs mount in ANY directory. Otherwise, if /proc/ is masked (e.g. /proc/scsi is
+    # instance of /proc/. So if /proc/ is masked (e.g. /proc/kmsg is over-mounted with tmpfs as systemd-nspawn does),
-    # over-mounted with tmpfs), then mounting a new /proc/ will fail.
+    # then mounting a new /proc/ will fail and we will still see the host's /proc/. Thus, to allow tests to run in
-    #
+    # a VM or nspawn, we mount a new proc on a temporary directory with no masking to bypass this kernel restriction.
    # Thus, to guarantee PrivatePIDs=yes tests for unprivileged users pass, we mount a new procfs on a temporary
    # directory with no masking. This will guarantee an unprivileged user can mount a new /proc/ successfully.
    mkdir -p /tmp/TEST-07-PID1-private-pids-proc
    mount -t proc proc /tmp/TEST-07-PID1-private-pids-proc
@ -148,16 +146,7 @@ testcase_unpriv() {
    umount /tmp/TEST-07-PID1-private-pids-proc
    rm -rf /tmp/TEST-07-PID1-private-pids-proc
-    # Now we will mask /proc/ by mounting tmpfs over /proc/scsi. This will guarantee that mounting /proc/ will fail
+    # Now verify the behavior with masking - units should fail as PrivatePIDs=yes has no graceful fallback.
    # for unprivileged users when using PrivatePIDs=yes. Now units should fail as PrivatePIDs=yes has no graceful
    # fallback.
    #
    # Note some kernels do not have /proc/scsi so we verify the directory exists prior to running the test.
    if [ ! -d /proc/scsi ]; then
        echo "/proc/scsi does not exist, skipping unprivileged PrivatePIDs=yes test with masked /proc/"
        return 0
    fi
    if [[ "$HAS_EXISTING_SCSI_MOUNT" == "no" ]]; then
        mount -t tmpfs tmpfs /proc/scsi
    fi