[systemd-commits] 3 commits - src/libsystemd src/test
David Herrmann
dvdhrm at kemper.freedesktop.org
Sun Jan 18 11:10:20 PST 2015
src/libsystemd/sd-bus/bus-control.c | 18 +++++++++---------
src/test/test-execute.c | 26 ++++++--------------------
2 files changed, 15 insertions(+), 29 deletions(-)
New commits:
commit 607ff5f95aac387ef3fb79358e7416b7c8b2090d
Author: David Herrmann <dh.herrmann at gmail.com>
Date: Sun Jan 18 20:07:51 2015 +0100
Revert "test-exec: do not skip all the tests"
This reverts commit 68e68ca8106e7cd874682ae425843b48579c6539. We *need*
root access to create cgroups. The only exception is if it is run from
within a cgroup with "Delegate=yes". However, this is not always true and
we really shouldn't rely on this.
If your terminal runs from within a systemd --user instance, you're fine.
Everyone else is not (like running from ssh, VTs, and so on..).
diff --git a/src/test/test-execute.c b/src/test/test-execute.c
index 69368b1..91ccaf7 100644
--- a/src/test/test-execute.c
+++ b/src/test/test-execute.c
@@ -90,10 +90,6 @@ static void test_exec_ignoresigpipe(Manager *m) {
}
static void test_exec_privatetmp(Manager *m) {
- if (getuid() != 0) {
- printf("Skipping test_exec_privatetmp: not root\n");
- return;
- }
assert_se(touch("/tmp/test-exec_privatetmp") >= 0);
test(m, "exec-privatetmp-yes.service", 0, CLD_EXITED);
@@ -103,10 +99,6 @@ static void test_exec_privatetmp(Manager *m) {
}
static void test_exec_privatedevices(Manager *m) {
- if (getuid() != 0) {
- printf("Skipping test_exec_privatedevices: not root\n");
- return;
- }
test(m, "exec-privatedevices-yes.service", 0, CLD_EXITED);
test(m, "exec-privatedevices-no.service", 0, CLD_EXITED);
}
@@ -127,18 +119,10 @@ static void test_exec_systemcallerrornumber(Manager *m) {
}
static void test_exec_user(Manager *m) {
- if (getuid() != 0) {
- printf("Skipping test_exec_user: not root\n");
- return;
- }
test(m, "exec-user.service", 0, CLD_EXITED);
}
static void test_exec_group(Manager *m) {
- if (getuid() != 0) {
- printf("Skipping test_exec_group: not root\n");
- return;
- }
test(m, "exec-group.service", 0, CLD_EXITED);
}
@@ -149,10 +133,6 @@ static void test_exec_environment(Manager *m) {
}
static void test_exec_umask(Manager *m) {
- if (getuid() != 0) {
- printf("Skipping test_exec_umask: not root\n");
- return;
- }
test(m, "exec-umask-default.service", 0, CLD_EXITED);
test(m, "exec-umask-0177.service", 0, CLD_EXITED);
}
@@ -179,6 +159,12 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ /* It is needed otherwise cgroup creation fails */
+ if (getuid() != 0) {
+ printf("Skipping test: not root\n");
+ return EXIT_TEST_SKIP;
+ }
+
assert_se(set_unit_path(TEST_DIR ":") >= 0);
r = manager_new(SYSTEMD_USER, true, &m);
commit 21fce57b26f50381d21a22be4d62a8f6067dc5c9
Author: David Herrmann <dh.herrmann at gmail.com>
Date: Sun Jan 18 19:37:34 2015 +0100
bus: fix SD_BUS_CREDS_AUGMENT on kdbus queries
If we set SD_BUS_CREDS_AUGMENT, we *need* the PID from the kernel so we
can lookup further information from /proc. However, we *must* set
SD_BUS_CREDS_PIDS in "mask", otherwise, our creds-collector will never
actually copy the pid into "sd_bus_creds". Fix this, so
SD_BUS_CREDS_AUGMENT works even if SD_BUS_CREDS_PID is not specified by
the caller.
diff --git a/src/libsystemd/sd-bus/bus-control.c b/src/libsystemd/sd-bus/bus-control.c
index 442def7..5dd2307 100644
--- a/src/libsystemd/sd-bus/bus-control.c
+++ b/src/libsystemd/sd-bus/bus-control.c
@@ -641,9 +641,6 @@ int bus_get_name_creds_kdbus(
memcpy(cmd->items[0].str, name, l);
}
- cmd->size = size;
- cmd->flags = attach_flags_to_kdbus(mask);
-
/* If augmentation is on, and the bus didn't provide us
* the bits we want, then ask for the PID/TID so that we
* can read the rest from /proc. */
@@ -655,7 +652,10 @@ int bus_get_name_creds_kdbus(
SD_BUS_CREDS_EFFECTIVE_CAPS|SD_BUS_CREDS_PERMITTED_CAPS|SD_BUS_CREDS_INHERITABLE_CAPS|SD_BUS_CREDS_BOUNDING_CAPS|
SD_BUS_CREDS_SELINUX_CONTEXT|
SD_BUS_CREDS_AUDIT_SESSION_ID|SD_BUS_CREDS_AUDIT_LOGIN_UID)))
- cmd->flags |= KDBUS_ATTACH_PIDS;
+ mask |= SD_BUS_CREDS_PID;
+
+ cmd->size = size;
+ cmd->flags = attach_flags_to_kdbus(mask);
r = ioctl(bus->input_fd, KDBUS_CMD_CONN_INFO, cmd);
if (r < 0)
@@ -907,8 +907,6 @@ static int bus_get_owner_creds_kdbus(sd_bus *bus, uint64_t mask, sd_bus_creds **
if (!c)
return -ENOMEM;
- cmd.flags = attach_flags_to_kdbus(mask);
-
/* If augmentation is on, and the bus doesn't didn't allow us
* to get the bits we want, then ask for the PID/TID so that we
* can read the rest from /proc. */
@@ -920,7 +918,9 @@ static int bus_get_owner_creds_kdbus(sd_bus *bus, uint64_t mask, sd_bus_creds **
SD_BUS_CREDS_EFFECTIVE_CAPS|SD_BUS_CREDS_PERMITTED_CAPS|SD_BUS_CREDS_INHERITABLE_CAPS|SD_BUS_CREDS_BOUNDING_CAPS|
SD_BUS_CREDS_SELINUX_CONTEXT|
SD_BUS_CREDS_AUDIT_SESSION_ID|SD_BUS_CREDS_AUDIT_LOGIN_UID)))
- cmd.flags |= KDBUS_ATTACH_PIDS;
+ mask |= SD_BUS_CREDS_PID;
+
+ cmd.flags = attach_flags_to_kdbus(mask);
r = ioctl(bus->input_fd, KDBUS_CMD_BUS_CREATOR_INFO, &cmd);
if (r < 0)
commit eea0b59193f37fcc9ee227de26d0009e6bdc6d92
Author: David Herrmann <dh.herrmann at gmail.com>
Date: Sun Jan 18 19:28:30 2015 +0100
bus: fix typo
Fix comment typo and clarify that this is not about privileges but can
have rather arbitrary reasons.
diff --git a/src/libsystemd/sd-bus/bus-control.c b/src/libsystemd/sd-bus/bus-control.c
index 35c79cf..442def7 100644
--- a/src/libsystemd/sd-bus/bus-control.c
+++ b/src/libsystemd/sd-bus/bus-control.c
@@ -644,8 +644,8 @@ int bus_get_name_creds_kdbus(
cmd->size = size;
cmd->flags = attach_flags_to_kdbus(mask);
- /* If augmentation is on, and the bus doesn't didn't allow us
- * to get the bits we want, then ask for the PID/TID so that we
+ /* If augmentation is on, and the bus didn't provide us
+ * the bits we want, then ask for the PID/TID so that we
* can read the rest from /proc. */
if ((mask & SD_BUS_CREDS_AUGMENT) &&
(mask & (SD_BUS_CREDS_UID|SD_BUS_CREDS_EUID|SD_BUS_CREDS_SUID|SD_BUS_CREDS_FSUID|
More information about the systemd-commits
mailing list