[systemd-commits] 4 commits - test/TEST-04-SECCOMP test/test-functions units/systemd-logind.service.in
Zbigniew Jędrzejewski-Szmek
zbyszek at kemper.freedesktop.org
Sat Feb 15 01:09:09 CET 2014
test/TEST-04-SECCOMP/Makefile | 1
test/TEST-04-SECCOMP/test-seccomp.sh | 13 ++++
test/TEST-04-SECCOMP/test.sh | 79 ++++++++++++++++++++++++++++
test/TEST-04-SECCOMP/will-fail.service | 8 ++
test/TEST-04-SECCOMP/will-fail2.service | 6 ++
test/TEST-04-SECCOMP/will-not-fail.service | 9 +++
test/TEST-04-SECCOMP/will-not-fail2.service | 6 ++
test/test-functions | 14 ++--
units/systemd-logind.service.in | 5 +
9 files changed, 135 insertions(+), 6 deletions(-)
New commits:
commit f928d3263d788da8dec64f06c792988b6076e600
Author: Ronny Chevalier <chevalier.ronny at gmail.com>
Date: Fri Feb 14 17:21:41 2014 +0100
test: add basic seccomp tests
diff --git a/test/TEST-04-SECCOMP/Makefile b/test/TEST-04-SECCOMP/Makefile
new file mode 120000
index 0000000..e9f93b1
--- /dev/null
+++ b/test/TEST-04-SECCOMP/Makefile
@@ -0,0 +1 @@
+../TEST-01-BASIC/Makefile
\ No newline at end of file
diff --git a/test/TEST-04-SECCOMP/test-seccomp.sh b/test/TEST-04-SECCOMP/test-seccomp.sh
new file mode 100755
index 0000000..2496190
--- /dev/null
+++ b/test/TEST-04-SECCOMP/test-seccomp.sh
@@ -0,0 +1,13 @@
+#!/bin/bash -x
+
+systemctl start will-fail.service
+systemctl start will-fail2.service
+systemctl start will-not-fail.service
+systemctl start will-not-fail2.service
+systemctl is-failed will-fail.service || exit 1
+systemctl is-failed will-fail2.service || exit 1
+systemctl is-failed will-not-fail.service && exit 1
+systemctl is-failed will-not-fail2.service && exit 1
+
+touch /testok
+exit 0
diff --git a/test/TEST-04-SECCOMP/test.sh b/test/TEST-04-SECCOMP/test.sh
new file mode 100755
index 0000000..a85b50c
--- /dev/null
+++ b/test/TEST-04-SECCOMP/test.sh
@@ -0,0 +1,79 @@
+#!/bin/bash
+# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+# ex: ts=8 sw=4 sts=4 et filetype=sh
+TEST_DESCRIPTION="seccomp tests"
+
+. $TEST_BASE_DIR/test-functions
+
+check_result_qemu() {
+ ret=1
+ mkdir -p $TESTDIR/root
+ mount ${LOOPDEV}p1 $TESTDIR/root
+ [[ -e $TESTDIR/root/testok ]] && ret=0
+ [[ -f $TESTDIR/root/failed ]] && cp -a $TESTDIR/root/failed $TESTDIR
+ cp -a $TESTDIR/root/var/log/journal $TESTDIR
+ umount $TESTDIR/root
+ [[ -f $TESTDIR/failed ]] && cat $TESTDIR/failed
+ ls -l $TESTDIR/journal/*/*.journal
+ test -s $TESTDIR/failed && ret=$(($ret+1))
+ return $ret
+}
+
+test_run() {
+ if run_qemu; then
+ check_result_qemu || return 1
+ else
+ dwarn "can't run QEMU, skipping"
+ fi
+ if check_nspawn; then
+ run_nspawn
+ check_result_nspawn || return 1
+ else
+ dwarn "can't run systemd-nspawn, skipping"
+ fi
+ return 0
+}
+
+test_setup() {
+ create_empty_image
+ mkdir -p $TESTDIR/root
+ mount ${LOOPDEV}p1 $TESTDIR/root
+
+ # Create what will eventually be our root filesystem onto an overlay
+ (
+ LOG_LEVEL=5
+ eval $(udevadm info --export --query=env --name=${LOOPDEV}p2)
+
+ setup_basic_environment
+
+ # setup the testsuite service
+ cat >$initdir/etc/systemd/system/testsuite.service <<EOF
+[Unit]
+Description=Testsuite service
+After=multi-user.target
+
+[Service]
+ExecStart=/test-seccomp.sh
+Type=oneshot
+EOF
+
+ # copy the units used by this test
+ cp {will-fail,will-fail2,will-not-fail,will-not-fail2}.service \
+ $initdir/etc/systemd/system
+ cp test-seccomp.sh $initdir/
+
+ setup_testsuite
+ )
+ setup_nspawn_root
+
+ ddebug "umount $TESTDIR/root"
+ umount $TESTDIR/root
+}
+
+test_cleanup() {
+ umount $TESTDIR/root 2>/dev/null
+ [[ $LOOPDEV ]] && losetup -d $LOOPDEV
+ return 0
+}
+
+do_test "$@"
diff --git a/test/TEST-04-SECCOMP/will-fail.service b/test/TEST-04-SECCOMP/will-fail.service
new file mode 100644
index 0000000..c4e0be9
--- /dev/null
+++ b/test/TEST-04-SECCOMP/will-fail.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=Will fail
+
+[Service]
+ExecStart=/bin/echo "This should not be seen"
+SystemCallFilter=ioperm
+SystemCallFilter=~ioperm
+SystemCallFilter=ioperm
diff --git a/test/TEST-04-SECCOMP/will-fail2.service b/test/TEST-04-SECCOMP/will-fail2.service
new file mode 100644
index 0000000..f7f1ae9
--- /dev/null
+++ b/test/TEST-04-SECCOMP/will-fail2.service
@@ -0,0 +1,6 @@
+[Unit]
+Description=Will fail 2
+
+[Service]
+ExecStart=/bin/echo "This should not be seen"
+SystemCallFilter=~write open execve exit_group close mmap munmap fstat DONOTEXIST
diff --git a/test/TEST-04-SECCOMP/will-not-fail.service b/test/TEST-04-SECCOMP/will-not-fail.service
new file mode 100644
index 0000000..5c1b594
--- /dev/null
+++ b/test/TEST-04-SECCOMP/will-not-fail.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=Will not fail
+
+[Service]
+ExecStart=/bin/echo "Foo bar"
+SystemCallFilter=~read write open execve ioperm
+SystemCallFilter=ioctl
+SystemCallFilter=read write open execve
+SystemCallFilter=~ioperm
diff --git a/test/TEST-04-SECCOMP/will-not-fail2.service b/test/TEST-04-SECCOMP/will-not-fail2.service
new file mode 100644
index 0000000..2df05e3
--- /dev/null
+++ b/test/TEST-04-SECCOMP/will-not-fail2.service
@@ -0,0 +1,6 @@
+[Unit]
+Description=Reset SystemCallFilter
+
+[Service]
+ExecStart=/bin/echo "Foo bar"
+SystemCallFilter=
commit 8f9c6fe5ff1d59001aecbf3fbf9ca0ed7ff28ba7
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Fri Feb 14 17:01:43 2014 -0500
units: systemd-logind fails hard without dbus
That is, without --enable-kdbus and kdbus running.
With --enable-kdbus things are more complicated, because dbus might be
necessary, if kdbus is missing at runtime. If it is not necessary,
the socket will be started, which is not imporant, but not the service.
diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in
index 9019668..c6cbd1c 100644
--- a/units/systemd-logind.service.in
+++ b/units/systemd-logind.service.in
@@ -13,6 +13,11 @@ Documentation=http://www.freedesktop.org/wiki/Software/systemd/multiseat
Wants=user.slice
After=nss-user-lookup.target user.slice
+# Ask for the dbus socket. If running over kdbus, the socket will
+# not be actually used.
+Wants=dbus.socket
+After=dbus.socket
+
[Service]
ExecStart=@rootlibexecdir@/systemd-logind
Restart=always
commit 8a8332f77e61d41f3bb28b8f929ed41e0ffaf721
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Fri Feb 14 16:39:58 2014 -0500
test: print the important commands to make debugging easier
diff --git a/test/test-functions b/test/test-functions
index 8e300b1..dac0dcc 100644
--- a/test/test-functions
+++ b/test/test-functions
@@ -66,11 +66,13 @@ $KERNEL_APPEND \
QEMU_OPTIONS="$QEMU_OPTIONS -initrd $INITRD"
fi
- $QEMU_BIN $QEMU_OPTIONS -append "$KERNEL_APPEND" $TESTDIR/rootdisk.img || return 1
+ ( set -x
+ $QEMU_BIN $QEMU_OPTIONS -append "$KERNEL_APPEND" $TESTDIR/rootdisk.img ) || return 1
}
run_nspawn() {
- ../../systemd-nspawn --boot --directory=$TESTDIR/nspawn-root /usr/lib/systemd/systemd
+ set -x
+ ../../systemd-nspawn --boot --directory=$TESTDIR/nspawn-root /usr/lib/systemd/systemd $KERNEL_APPEND
}
setup_basic_environment() {
@@ -108,7 +110,7 @@ install_dmevent() {
install_systemd() {
# install compiled files
- (cd $TEST_BASE_DIR/..; make DESTDIR=$initdir install)
+ (cd $TEST_BASE_DIR/..; set -x; make DESTDIR=$initdir install)
# remove unneeded documentation
rm -fr $initdir/usr/share/{man,doc,gtk-doc}
# we strip binaries since debug symbols increase binaries size a lot
commit b8667ee4162cd2510363602b417cecede9fd2cca
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Fri Feb 14 16:39:15 2014 -0500
test: make the image bigger
I got some errors about lack of disk space... 100MB either way
shouldn't matter.
diff --git a/test/test-functions b/test/test-functions
index a9446e5..8e300b1 100644
--- a/test/test-functions
+++ b/test/test-functions
@@ -126,12 +126,12 @@ install_missing_libraries() {
create_empty_image() {
rm -f "$TESTDIR/rootdisk.img"
# Create the blank file to use as a root filesystem
- dd if=/dev/null of="$TESTDIR/rootdisk.img" bs=1M seek=200
+ dd if=/dev/null of="$TESTDIR/rootdisk.img" bs=1M seek=300
LOOPDEV=$(losetup --show -P -f $TESTDIR/rootdisk.img)
[ -b "$LOOPDEV" ] || return 1
echo "LOOPDEV=$LOOPDEV" >> $STATEFILE
- sfdisk -C 6400 -H 2 -S 32 -L "$LOOPDEV" <<EOF
-,3200
+ sfdisk -C 9600 -H 2 -S 32 -L "$LOOPDEV" <<EOF
+,4800
,
EOF
More information about the systemd-commits
mailing list