2017-11-18 17:09:20 +01:00
|
|
|
|
/* SPDX-License-Identifier: LGPL-2.1+ */
|
2012-09-11 01:11:32 +02:00
|
|
|
|
|
2015-10-24 22:58:24 +02:00
|
|
|
|
#include <fcntl.h>
|
2012-09-11 01:11:32 +02:00
|
|
|
|
#include <stddef.h>
|
2015-10-24 22:58:24 +02:00
|
|
|
|
#include <stdio.h>
|
2012-09-11 01:11:32 +02:00
|
|
|
|
#include <string.h>
|
2015-10-29 12:12:22 +01:00
|
|
|
|
#include <sys/capability.h>
|
2013-01-18 16:57:11 +01:00
|
|
|
|
#include <unistd.h>
|
2012-09-11 01:11:32 +02:00
|
|
|
|
|
2018-05-15 20:17:34 +02:00
|
|
|
|
#include "all-units.h"
|
2018-11-30 21:05:27 +01:00
|
|
|
|
#include "alloc-util.h"
|
2016-01-07 23:00:04 +01:00
|
|
|
|
#include "capability-util.h"
|
2018-05-03 19:01:21 +02:00
|
|
|
|
#include "conf-parser.h"
|
2018-11-30 22:08:41 +01:00
|
|
|
|
#include "env-file.h"
|
2015-10-25 13:14:12 +01:00
|
|
|
|
#include "fd-util.h"
|
2018-05-16 11:35:41 +02:00
|
|
|
|
#include "fs-util.h"
|
2012-09-11 01:11:32 +02:00
|
|
|
|
#include "hashmap.h"
|
2015-10-24 22:58:24 +02:00
|
|
|
|
#include "hostname-util.h"
|
|
|
|
|
|
#include "install-printf.h"
|
|
|
|
|
|
#include "install.h"
|
2012-11-15 14:48:12 +01:00
|
|
|
|
#include "load-fragment.h"
|
2015-10-24 22:58:24 +02:00
|
|
|
|
#include "macro.h"
|
2016-04-08 18:54:05 +02:00
|
|
|
|
#include "rm-rf.h"
|
2015-10-24 22:58:24 +02:00
|
|
|
|
#include "specifier.h"
|
|
|
|
|
|
#include "string-util.h"
|
2013-01-18 16:57:11 +01:00
|
|
|
|
#include "strv.h"
|
2013-07-18 08:30:06 +02:00
|
|
|
|
#include "test-helper.h"
|
2016-04-08 18:54:05 +02:00
|
|
|
|
#include "tests.h"
|
2018-11-30 21:05:27 +01:00
|
|
|
|
#include "tmpfile-util.h"
|
core: simplify handling of %u, %U, %s and %h unit file specifiers
Previously, the %u, %U, %s and %h specifiers would resolve to the user
name, numeric user ID, shell and home directory of the user configured
in the User= setting of a unit file, or the user of the manager instance
if no User= setting was configured. That at least was the theory. In
real-life this was not ever actually useful:
- For the systemd --user instance it made no sense to ever set User=,
since the instance runs in user context after all, and hence the
privileges to change user IDs don't even exist. The four specifiers
were actually not useful at all in this case.
- For the systemd --system instance we did not allow any resolving that
would require NSS. Hence, %s and %h were not supported, unless
User=root was set, in which case they would be hardcoded to /bin/sh
and /root, to avoid NSS. Then, %u would actually resolve to whatever
was set with User=, but %U would only resolve to the numeric UID of
that setting if the User= was specified in numeric form, or happened
to be root (in which case 0 was hardcoded as mapping). Two of the
specifiers are entirely useless in this case, one is realistically
also useless, and one is pretty pointless.
- Resolving of these settings would only happen if User= was actually
set *before* the specifiers where resolved. This behaviour was
undocumented and is really ugly, as specifiers should actually be
considered something that applies to the whole file equally,
independently of order...
With this change, %u, %U, %s and %h are drastically simplified: they now
always refer to the user that is running the service instance, and the
user configured in the unit file is irrelevant. For the system instance
of systemd this means they always resolve to "root", "0", "/bin/sh" and
"/root", thus avoiding NSS. For the user instance, to the data for the
specific user.
The new behaviour is identical to the old behaviour in all --user cases
and for all units that have no User= set (or set to "0" or "root").
2015-10-31 22:12:51 +01:00
|
|
|
|
#include "user-util.h"
|
2015-10-24 22:58:24 +02:00
|
|
|
|
#include "util.h"
|
2012-09-11 01:11:32 +02:00
|
|
|
|
|
2013-07-30 15:07:20 +02:00
|
|
|
|
static int test_unit_file_get_set(void) {
|
2012-09-11 01:11:32 +02:00
|
|
|
|
int r;
|
|
|
|
|
|
Hashmap *h;
|
|
|
|
|
|
Iterator i;
|
|
|
|
|
|
UnitFileList *p;
|
|
|
|
|
|
|
2014-08-13 01:00:18 +02:00
|
|
|
|
h = hashmap_new(&string_hash_ops);
|
2014-10-04 23:51:45 +02:00
|
|
|
|
assert_se(h);
|
2012-09-11 01:11:32 +02:00
|
|
|
|
|
2016-04-29 15:59:51 +02:00
|
|
|
|
r = unit_file_get_list(UNIT_FILE_SYSTEM, NULL, h, NULL, NULL);
|
2018-09-13 16:11:16 +02:00
|
|
|
|
if (IN_SET(r, -EPERM, -EACCES))
|
|
|
|
|
|
return log_tests_skipped_errno(r, "unit_file_get_list");
|
2014-05-24 18:16:42 +02:00
|
|
|
|
|
2016-09-12 20:55:34 +02:00
|
|
|
|
log_full_errno(r == 0 ? LOG_INFO : LOG_ERR, r,
|
|
|
|
|
|
"unit_file_get_list: %m");
|
2013-07-30 15:07:20 +02:00
|
|
|
|
if (r < 0)
|
|
|
|
|
|
return EXIT_FAILURE;
|
2012-09-11 01:11:32 +02:00
|
|
|
|
|
|
|
|
|
|
HASHMAP_FOREACH(p, h, i)
|
|
|
|
|
|
printf("%s = %s\n", p->path, unit_file_state_to_string(p->state));
|
|
|
|
|
|
|
|
|
|
|
|
unit_file_list_free(h);
|
2013-07-30 15:07:20 +02:00
|
|
|
|
|
|
|
|
|
|
return 0;
|
2012-11-15 14:48:12 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void check_execcommand(ExecCommand *c,
|
|
|
|
|
|
const char* path,
|
|
|
|
|
|
const char* argv0,
|
|
|
|
|
|
const char* argv1,
|
2014-12-18 06:52:28 +01:00
|
|
|
|
const char* argv2,
|
2012-11-15 14:48:12 +01:00
|
|
|
|
bool ignore) {
|
2015-01-11 22:52:50 +01:00
|
|
|
|
size_t n;
|
|
|
|
|
|
|
2012-11-15 14:48:12 +01:00
|
|
|
|
assert_se(c);
|
2014-12-19 00:08:13 +01:00
|
|
|
|
log_info("expect: \"%s\" [\"%s\" \"%s\" \"%s\"]",
|
|
|
|
|
|
path, argv0 ?: path, argv1, argv2);
|
2015-01-11 22:52:50 +01:00
|
|
|
|
n = strv_length(c->argv);
|
2014-12-19 00:08:13 +01:00
|
|
|
|
log_info("actual: \"%s\" [\"%s\" \"%s\" \"%s\"]",
|
2015-01-11 22:52:50 +01:00
|
|
|
|
c->path, c->argv[0], n > 0 ? c->argv[1] : NULL, n > 1 ? c->argv[2] : NULL);
|
2012-11-15 14:48:12 +01:00
|
|
|
|
assert_se(streq(c->path, path));
|
2014-12-19 00:08:13 +01:00
|
|
|
|
assert_se(streq(c->argv[0], argv0 ?: path));
|
2015-01-11 22:52:50 +01:00
|
|
|
|
if (n > 0)
|
|
|
|
|
|
assert_se(streq_ptr(c->argv[1], argv1));
|
|
|
|
|
|
if (n > 1)
|
|
|
|
|
|
assert_se(streq_ptr(c->argv[2], argv2));
|
2017-08-01 10:16:42 +02:00
|
|
|
|
assert_se(!!(c->flags & EXEC_COMMAND_IGNORE_FAILURE) == ignore);
|
2012-11-15 14:48:12 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void test_config_parse_exec(void) {
|
2014-12-19 00:08:13 +01:00
|
|
|
|
/* int config_parse_exec(
|
2015-04-23 00:09:43 +02:00
|
|
|
|
const char *unit,
|
2014-12-19 00:08:13 +01:00
|
|
|
|
const char *filename,
|
|
|
|
|
|
unsigned line,
|
|
|
|
|
|
const char *section,
|
|
|
|
|
|
unsigned section_line,
|
|
|
|
|
|
const char *lvalue,
|
|
|
|
|
|
int ltype,
|
|
|
|
|
|
const char *rvalue,
|
|
|
|
|
|
void *data,
|
|
|
|
|
|
void *userdata) */
|
2012-11-15 14:48:12 +01:00
|
|
|
|
int r;
|
|
|
|
|
|
|
|
|
|
|
|
ExecCommand *c = NULL, *c1;
|
2014-12-19 00:08:13 +01:00
|
|
|
|
const char *ccc;
|
2018-03-09 21:55:55 +01:00
|
|
|
|
_cleanup_(manager_freep) Manager *m = NULL;
|
2018-03-09 21:34:28 +01:00
|
|
|
|
_cleanup_(unit_freep) Unit *u = NULL;
|
2016-01-12 08:40:52 +01:00
|
|
|
|
|
2017-09-16 11:19:43 +02:00
|
|
|
|
r = manager_new(UNIT_FILE_USER, MANAGER_TEST_RUN_MINIMAL, &m);
|
2016-01-12 08:40:52 +01:00
|
|
|
|
if (MANAGER_SKIP_TEST(r)) {
|
2016-09-12 20:55:34 +02:00
|
|
|
|
log_notice_errno(r, "Skipping test: manager_new: %m");
|
2016-01-12 08:40:52 +01:00
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
assert_se(r >= 0);
|
|
|
|
|
|
assert_se(manager_startup(m, NULL, NULL) >= 0);
|
|
|
|
|
|
|
|
|
|
|
|
assert_se(u = unit_new(m, sizeof(Service)));
|
2012-11-15 14:48:12 +01:00
|
|
|
|
|
2014-12-19 00:08:13 +01:00
|
|
|
|
log_info("/* basic test */");
|
2013-11-19 16:17:55 +01:00
|
|
|
|
r = config_parse_exec(NULL, "fake", 1, "section", 1,
|
2012-11-15 14:48:12 +01:00
|
|
|
|
"LValue", 0, "/RValue r1",
|
2016-01-12 08:40:52 +01:00
|
|
|
|
&c, u);
|
2012-11-15 14:48:12 +01:00
|
|
|
|
assert_se(r >= 0);
|
2014-12-18 06:52:28 +01:00
|
|
|
|
check_execcommand(c, "/RValue", "/RValue", "r1", NULL, false);
|
2012-11-15 14:48:12 +01:00
|
|
|
|
|
2013-11-19 16:17:55 +01:00
|
|
|
|
r = config_parse_exec(NULL, "fake", 2, "section", 1,
|
2014-12-19 00:08:13 +01:00
|
|
|
|
"LValue", 0, "/RValue///slashes r1///",
|
2016-01-12 08:40:52 +01:00
|
|
|
|
&c, u);
|
2014-12-19 00:08:13 +01:00
|
|
|
|
|
|
|
|
|
|
log_info("/* test slashes */");
|
2012-11-15 14:48:12 +01:00
|
|
|
|
assert_se(r >= 0);
|
|
|
|
|
|
c1 = c->command_next;
|
2014-12-19 00:08:13 +01:00
|
|
|
|
check_execcommand(c1, "/RValue/slashes", "/RValue///slashes", "r1///", NULL, false);
|
2012-11-15 14:48:12 +01:00
|
|
|
|
|
2014-12-19 00:08:13 +01:00
|
|
|
|
log_info("/* trailing slash */");
|
|
|
|
|
|
r = config_parse_exec(NULL, "fake", 4, "section", 1,
|
|
|
|
|
|
"LValue", 0, "/RValue/ argv0 r1",
|
2016-01-12 08:40:52 +01:00
|
|
|
|
&c, u);
|
core/load-fragment: refuse units with errors in certain directives
If an error is encountered in any of the Exec* lines, WorkingDirectory,
SELinuxContext, ApparmorProfile, SmackProcessLabel, Service (in .socket
units), User, or Group, refuse to load the unit. If the config stanza
has support, ignore the failure if '-' is present.
For those configuration directives, even if we started the unit, it's
pretty likely that it'll do something unexpected (like write files
in a wrong place, or with a wrong context, or run with wrong permissions,
etc). It seems better to refuse to start the unit and have the admin
clean up the configuration without giving the service a chance to mess
up stuff.
Note that all "security" options that restrict what the unit can do
(Capabilities, AmbientCapabilities, Restrict*, SystemCallFilter, Limit*,
PrivateDevices, Protect*, etc) are _not_ treated like this. Such options are
only supplementary, and are not always available depending on the architecture
and compilation options, so unit authors have to make sure that the service
runs correctly without them anyway.
Fixes #6237, #6277.
2017-07-06 19:28:19 +02:00
|
|
|
|
assert_se(r == -ENOEXEC);
|
2014-12-19 00:08:13 +01:00
|
|
|
|
assert_se(c1->command_next == NULL);
|
|
|
|
|
|
|
|
|
|
|
|
log_info("/* honour_argv0 */");
|
2013-11-19 16:17:55 +01:00
|
|
|
|
r = config_parse_exec(NULL, "fake", 3, "section", 1,
|
2014-12-19 00:08:13 +01:00
|
|
|
|
"LValue", 0, "@/RValue///slashes2 ///argv0 r1",
|
2016-01-12 08:40:52 +01:00
|
|
|
|
&c, u);
|
2012-11-15 14:48:12 +01:00
|
|
|
|
assert_se(r >= 0);
|
|
|
|
|
|
c1 = c1->command_next;
|
2014-12-19 00:08:13 +01:00
|
|
|
|
check_execcommand(c1, "/RValue/slashes2", "///argv0", "r1", NULL, false);
|
2012-11-15 14:48:12 +01:00
|
|
|
|
|
2015-01-11 22:57:02 +01:00
|
|
|
|
log_info("/* honour_argv0, no args */");
|
|
|
|
|
|
r = config_parse_exec(NULL, "fake", 3, "section", 1,
|
|
|
|
|
|
"LValue", 0, "@/RValue",
|
2016-01-12 08:40:52 +01:00
|
|
|
|
&c, u);
|
core/load-fragment: refuse units with errors in certain directives
If an error is encountered in any of the Exec* lines, WorkingDirectory,
SELinuxContext, ApparmorProfile, SmackProcessLabel, Service (in .socket
units), User, or Group, refuse to load the unit. If the config stanza
has support, ignore the failure if '-' is present.
For those configuration directives, even if we started the unit, it's
pretty likely that it'll do something unexpected (like write files
in a wrong place, or with a wrong context, or run with wrong permissions,
etc). It seems better to refuse to start the unit and have the admin
clean up the configuration without giving the service a chance to mess
up stuff.
Note that all "security" options that restrict what the unit can do
(Capabilities, AmbientCapabilities, Restrict*, SystemCallFilter, Limit*,
PrivateDevices, Protect*, etc) are _not_ treated like this. Such options are
only supplementary, and are not always available depending on the architecture
and compilation options, so unit authors have to make sure that the service
runs correctly without them anyway.
Fixes #6237, #6277.
2017-07-06 19:28:19 +02:00
|
|
|
|
assert_se(r == -ENOEXEC);
|
2015-01-11 22:57:02 +01:00
|
|
|
|
assert_se(c1->command_next == NULL);
|
|
|
|
|
|
|
2015-06-06 08:12:25 +02:00
|
|
|
|
log_info("/* no command, whitespace only, reset */");
|
2015-01-11 22:57:02 +01:00
|
|
|
|
r = config_parse_exec(NULL, "fake", 3, "section", 1,
|
|
|
|
|
|
"LValue", 0, " ",
|
2016-01-12 08:40:52 +01:00
|
|
|
|
&c, u);
|
2015-01-11 22:57:02 +01:00
|
|
|
|
assert_se(r == 0);
|
2015-06-06 08:12:25 +02:00
|
|
|
|
assert_se(c == NULL);
|
2015-01-11 22:57:02 +01:00
|
|
|
|
|
2014-12-19 00:08:13 +01:00
|
|
|
|
log_info("/* ignore && honour_argv0 */");
|
2013-11-19 16:17:55 +01:00
|
|
|
|
r = config_parse_exec(NULL, "fake", 4, "section", 1,
|
2014-12-19 00:08:13 +01:00
|
|
|
|
"LValue", 0, "-@/RValue///slashes3 argv0a r1",
|
2016-01-12 08:40:52 +01:00
|
|
|
|
&c, u);
|
2012-11-15 14:48:12 +01:00
|
|
|
|
assert_se(r >= 0);
|
2015-06-06 08:12:25 +02:00
|
|
|
|
c1 = c;
|
2014-12-18 06:52:28 +01:00
|
|
|
|
check_execcommand(c1, "/RValue/slashes3", "argv0a", "r1", NULL, true);
|
2012-11-15 14:48:12 +01:00
|
|
|
|
|
2014-12-19 00:08:13 +01:00
|
|
|
|
log_info("/* ignore && honour_argv0 */");
|
2013-11-19 16:17:55 +01:00
|
|
|
|
r = config_parse_exec(NULL, "fake", 4, "section", 1,
|
2014-12-19 00:08:13 +01:00
|
|
|
|
"LValue", 0, "@-/RValue///slashes4 argv0b r1",
|
2016-01-12 08:40:52 +01:00
|
|
|
|
&c, u);
|
2012-11-15 15:25:05 +01:00
|
|
|
|
assert_se(r >= 0);
|
|
|
|
|
|
c1 = c1->command_next;
|
2014-12-18 06:52:28 +01:00
|
|
|
|
check_execcommand(c1, "/RValue/slashes4", "argv0b", "r1", NULL, true);
|
2012-11-15 15:25:05 +01:00
|
|
|
|
|
2014-12-19 00:08:13 +01:00
|
|
|
|
log_info("/* ignore && ignore */");
|
2013-11-19 16:17:55 +01:00
|
|
|
|
r = config_parse_exec(NULL, "fake", 4, "section", 1,
|
2012-11-15 15:25:05 +01:00
|
|
|
|
"LValue", 0, "--/RValue argv0 r1",
|
2016-01-12 08:40:52 +01:00
|
|
|
|
&c, u);
|
2012-11-15 15:25:05 +01:00
|
|
|
|
assert_se(r == 0);
|
|
|
|
|
|
assert_se(c1->command_next == NULL);
|
|
|
|
|
|
|
2014-12-19 00:08:13 +01:00
|
|
|
|
log_info("/* ignore && ignore (2) */");
|
2013-11-19 16:17:55 +01:00
|
|
|
|
r = config_parse_exec(NULL, "fake", 4, "section", 1,
|
2012-11-15 15:25:05 +01:00
|
|
|
|
"LValue", 0, "-@-/RValue argv0 r1",
|
2016-01-12 08:40:52 +01:00
|
|
|
|
&c, u);
|
2012-11-15 15:25:05 +01:00
|
|
|
|
assert_se(r == 0);
|
|
|
|
|
|
assert_se(c1->command_next == NULL);
|
|
|
|
|
|
|
2014-12-19 00:08:13 +01:00
|
|
|
|
log_info("/* semicolon */");
|
2013-11-19 16:17:55 +01:00
|
|
|
|
r = config_parse_exec(NULL, "fake", 5, "section", 1,
|
2012-11-15 14:48:12 +01:00
|
|
|
|
"LValue", 0,
|
|
|
|
|
|
"-@/RValue argv0 r1 ; "
|
|
|
|
|
|
"/goo/goo boo",
|
2016-01-12 08:40:52 +01:00
|
|
|
|
&c, u);
|
2012-11-15 14:48:12 +01:00
|
|
|
|
assert_se(r >= 0);
|
|
|
|
|
|
c1 = c1->command_next;
|
2014-12-18 06:52:28 +01:00
|
|
|
|
check_execcommand(c1, "/RValue", "argv0", "r1", NULL, true);
|
2012-11-15 14:48:12 +01:00
|
|
|
|
|
|
|
|
|
|
c1 = c1->command_next;
|
2014-12-19 00:08:13 +01:00
|
|
|
|
check_execcommand(c1, "/goo/goo", NULL, "boo", NULL, false);
|
2012-11-15 14:48:12 +01:00
|
|
|
|
|
2015-06-09 07:01:52 +02:00
|
|
|
|
log_info("/* two semicolons in a row */");
|
|
|
|
|
|
r = config_parse_exec(NULL, "fake", 5, "section", 1,
|
|
|
|
|
|
"LValue", 0,
|
|
|
|
|
|
"-@/RValue argv0 r1 ; ; "
|
|
|
|
|
|
"/goo/goo boo",
|
2016-01-12 08:40:52 +01:00
|
|
|
|
&c, u);
|
core/load-fragment: refuse units with errors in certain directives
If an error is encountered in any of the Exec* lines, WorkingDirectory,
SELinuxContext, ApparmorProfile, SmackProcessLabel, Service (in .socket
units), User, or Group, refuse to load the unit. If the config stanza
has support, ignore the failure if '-' is present.
For those configuration directives, even if we started the unit, it's
pretty likely that it'll do something unexpected (like write files
in a wrong place, or with a wrong context, or run with wrong permissions,
etc). It seems better to refuse to start the unit and have the admin
clean up the configuration without giving the service a chance to mess
up stuff.
Note that all "security" options that restrict what the unit can do
(Capabilities, AmbientCapabilities, Restrict*, SystemCallFilter, Limit*,
PrivateDevices, Protect*, etc) are _not_ treated like this. Such options are
only supplementary, and are not always available depending on the architecture
and compilation options, so unit authors have to make sure that the service
runs correctly without them anyway.
Fixes #6237, #6277.
2017-07-06 19:28:19 +02:00
|
|
|
|
assert_se(r == -ENOEXEC);
|
2015-06-09 07:01:52 +02:00
|
|
|
|
c1 = c1->command_next;
|
|
|
|
|
|
check_execcommand(c1, "/RValue", "argv0", "r1", NULL, true);
|
|
|
|
|
|
|
|
|
|
|
|
/* second command fails because the executable name is ";" */
|
|
|
|
|
|
assert_se(c1->command_next == NULL);
|
|
|
|
|
|
|
2014-12-19 00:08:13 +01:00
|
|
|
|
log_info("/* trailing semicolon */");
|
2013-11-19 16:17:55 +01:00
|
|
|
|
r = config_parse_exec(NULL, "fake", 5, "section", 1,
|
2012-11-15 14:48:12 +01:00
|
|
|
|
"LValue", 0,
|
|
|
|
|
|
"-@/RValue argv0 r1 ; ",
|
2016-01-12 08:40:52 +01:00
|
|
|
|
&c, u);
|
2012-11-15 14:48:12 +01:00
|
|
|
|
assert_se(r >= 0);
|
|
|
|
|
|
c1 = c1->command_next;
|
2014-12-18 06:52:28 +01:00
|
|
|
|
check_execcommand(c1, "/RValue", "argv0", "r1", NULL, true);
|
2012-11-15 14:48:12 +01:00
|
|
|
|
|
|
|
|
|
|
assert_se(c1->command_next == NULL);
|
|
|
|
|
|
|
2015-06-09 07:01:52 +02:00
|
|
|
|
log_info("/* trailing semicolon, no whitespace */");
|
|
|
|
|
|
r = config_parse_exec(NULL, "fake", 5, "section", 1,
|
|
|
|
|
|
"LValue", 0,
|
|
|
|
|
|
"-@/RValue argv0 r1 ;",
|
2016-01-12 08:40:52 +01:00
|
|
|
|
&c, u);
|
2015-06-09 07:01:52 +02:00
|
|
|
|
assert_se(r >= 0);
|
|
|
|
|
|
c1 = c1->command_next;
|
|
|
|
|
|
check_execcommand(c1, "/RValue", "argv0", "r1", NULL, true);
|
|
|
|
|
|
|
|
|
|
|
|
assert_se(c1->command_next == NULL);
|
|
|
|
|
|
|
|
|
|
|
|
log_info("/* trailing semicolon in single quotes */");
|
|
|
|
|
|
r = config_parse_exec(NULL, "fake", 5, "section", 1,
|
|
|
|
|
|
"LValue", 0,
|
|
|
|
|
|
"-@/RValue argv0 r1 ';'",
|
2016-01-12 08:40:52 +01:00
|
|
|
|
&c, u);
|
2015-06-09 07:01:52 +02:00
|
|
|
|
assert_se(r >= 0);
|
|
|
|
|
|
c1 = c1->command_next;
|
load-fragment: use unquote_first_word in config_parse_exec
Convert config_parse_exec() from using FOREACH_WORD_QUOTED into a loop
of unquote_first_word.
Loop through the arguments only once (the FOREACH_WORD_QUOTED
implementation did it twice, once to count them and another time to
process and store them.)
Use newly introduced flag UNQUOTE_UNESCAPE_RELAX to preserve
unrecognized escape sequences such as regexps matches such as "\w",
"\d", etc. (Valid escape sequences such as "\s" or "\b" still need an
extra backslash if literals are desired for regexps.)
Differences in behavior:
- Handle ; (command separator) in special, so that only ; on its own is
valid for that purpose, an quoted semicolon ";" or ';' will now behave
as a literal semicolon. This is probably what was initially intended.
- Handle \; (to introduce a literal semicolon) in special, so that only \;
is turned into a semicolon but not \\; or "\\;" or "\;" which are kept
as a literal \; in the output. This is probably what was initially
intended.
Known issues:
- Using an empty string (for example, ExecStartPre=<empty>) will empty
the list and remove the existing commands, but using whitespace only
(for example, ExecStartPre=<spaces>) will not. This is a pre-existing
issue and will be dealt with in a follow up commit.
Tested:
- Unit tests passing. Also `make distcheck` still works as expected.
- Installed it on a local machine and booted with it, checked console
output, systemctl and journalctl output, did not notice any issues
running the patched systemd binaries.
Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794
2015-05-31 07:48:52 +02:00
|
|
|
|
check_execcommand(c1, "/RValue", "argv0", "r1", ";", true);
|
2015-06-09 07:01:52 +02:00
|
|
|
|
|
2014-12-19 00:08:13 +01:00
|
|
|
|
log_info("/* escaped semicolon */");
|
2013-11-19 16:17:55 +01:00
|
|
|
|
r = config_parse_exec(NULL, "fake", 5, "section", 1,
|
2012-11-03 20:52:02 +01:00
|
|
|
|
"LValue", 0,
|
2014-12-18 06:52:28 +01:00
|
|
|
|
"/bin/find \\;",
|
2016-01-12 08:40:52 +01:00
|
|
|
|
&c, u);
|
2014-12-18 06:52:28 +01:00
|
|
|
|
assert_se(r >= 0);
|
|
|
|
|
|
c1 = c1->command_next;
|
2014-12-19 00:08:13 +01:00
|
|
|
|
check_execcommand(c1, "/bin/find", NULL, ";", NULL, false);
|
2014-12-18 06:52:28 +01:00
|
|
|
|
|
2014-12-19 00:08:13 +01:00
|
|
|
|
log_info("/* escaped semicolon with following arg */");
|
2014-12-18 06:52:28 +01:00
|
|
|
|
r = config_parse_exec(NULL, "fake", 5, "section", 1,
|
|
|
|
|
|
"LValue", 0,
|
2015-06-09 07:01:52 +02:00
|
|
|
|
"/sbin/find \\; /x",
|
2016-01-12 08:40:52 +01:00
|
|
|
|
&c, u);
|
2015-06-09 07:01:52 +02:00
|
|
|
|
assert_se(r >= 0);
|
|
|
|
|
|
c1 = c1->command_next;
|
|
|
|
|
|
check_execcommand(c1,
|
|
|
|
|
|
"/sbin/find", NULL, ";", "/x", false);
|
|
|
|
|
|
|
|
|
|
|
|
log_info("/* escaped semicolon as part of an expression */");
|
|
|
|
|
|
r = config_parse_exec(NULL, "fake", 5, "section", 1,
|
|
|
|
|
|
"LValue", 0,
|
|
|
|
|
|
"/sbin/find \\;x",
|
2016-01-12 08:40:52 +01:00
|
|
|
|
&c, u);
|
2012-11-03 20:52:02 +01:00
|
|
|
|
assert_se(r >= 0);
|
|
|
|
|
|
c1 = c1->command_next;
|
|
|
|
|
|
check_execcommand(c1,
|
2015-06-09 07:01:52 +02:00
|
|
|
|
"/sbin/find", NULL, "\\;x", NULL, false);
|
2014-12-19 00:08:13 +01:00
|
|
|
|
|
2015-06-01 18:05:02 +02:00
|
|
|
|
log_info("/* encoded semicolon */");
|
|
|
|
|
|
r = config_parse_exec(NULL, "fake", 5, "section", 1,
|
|
|
|
|
|
"LValue", 0,
|
|
|
|
|
|
"/bin/find \\073",
|
2016-01-12 08:40:52 +01:00
|
|
|
|
&c, u);
|
2015-06-01 18:05:02 +02:00
|
|
|
|
assert_se(r >= 0);
|
|
|
|
|
|
c1 = c1->command_next;
|
2015-06-03 16:36:20 +02:00
|
|
|
|
check_execcommand(c1, "/bin/find", NULL, ";", NULL, false);
|
2015-06-01 18:05:02 +02:00
|
|
|
|
|
2015-06-09 07:01:52 +02:00
|
|
|
|
log_info("/* quoted semicolon */");
|
|
|
|
|
|
r = config_parse_exec(NULL, "fake", 5, "section", 1,
|
|
|
|
|
|
"LValue", 0,
|
|
|
|
|
|
"/bin/find \";\"",
|
2016-01-12 08:40:52 +01:00
|
|
|
|
&c, u);
|
2015-06-09 07:01:52 +02:00
|
|
|
|
assert_se(r >= 0);
|
|
|
|
|
|
c1 = c1->command_next;
|
load-fragment: use unquote_first_word in config_parse_exec
Convert config_parse_exec() from using FOREACH_WORD_QUOTED into a loop
of unquote_first_word.
Loop through the arguments only once (the FOREACH_WORD_QUOTED
implementation did it twice, once to count them and another time to
process and store them.)
Use newly introduced flag UNQUOTE_UNESCAPE_RELAX to preserve
unrecognized escape sequences such as regexps matches such as "\w",
"\d", etc. (Valid escape sequences such as "\s" or "\b" still need an
extra backslash if literals are desired for regexps.)
Differences in behavior:
- Handle ; (command separator) in special, so that only ; on its own is
valid for that purpose, an quoted semicolon ";" or ';' will now behave
as a literal semicolon. This is probably what was initially intended.
- Handle \; (to introduce a literal semicolon) in special, so that only \;
is turned into a semicolon but not \\; or "\\;" or "\;" which are kept
as a literal \; in the output. This is probably what was initially
intended.
Known issues:
- Using an empty string (for example, ExecStartPre=<empty>) will empty
the list and remove the existing commands, but using whitespace only
(for example, ExecStartPre=<spaces>) will not. This is a pre-existing
issue and will be dealt with in a follow up commit.
Tested:
- Unit tests passing. Also `make distcheck` still works as expected.
- Installed it on a local machine and booted with it, checked console
output, systemctl and journalctl output, did not notice any issues
running the patched systemd binaries.
Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794
2015-05-31 07:48:52 +02:00
|
|
|
|
check_execcommand(c1, "/bin/find", NULL, ";", NULL, false);
|
2015-06-09 07:01:52 +02:00
|
|
|
|
|
|
|
|
|
|
log_info("/* quoted semicolon with following arg */");
|
|
|
|
|
|
r = config_parse_exec(NULL, "fake", 5, "section", 1,
|
|
|
|
|
|
"LValue", 0,
|
|
|
|
|
|
"/sbin/find \";\" /x",
|
2016-01-12 08:40:52 +01:00
|
|
|
|
&c, u);
|
2015-06-09 07:01:52 +02:00
|
|
|
|
assert_se(r >= 0);
|
|
|
|
|
|
c1 = c1->command_next;
|
|
|
|
|
|
check_execcommand(c1,
|
load-fragment: use unquote_first_word in config_parse_exec
Convert config_parse_exec() from using FOREACH_WORD_QUOTED into a loop
of unquote_first_word.
Loop through the arguments only once (the FOREACH_WORD_QUOTED
implementation did it twice, once to count them and another time to
process and store them.)
Use newly introduced flag UNQUOTE_UNESCAPE_RELAX to preserve
unrecognized escape sequences such as regexps matches such as "\w",
"\d", etc. (Valid escape sequences such as "\s" or "\b" still need an
extra backslash if literals are desired for regexps.)
Differences in behavior:
- Handle ; (command separator) in special, so that only ; on its own is
valid for that purpose, an quoted semicolon ";" or ';' will now behave
as a literal semicolon. This is probably what was initially intended.
- Handle \; (to introduce a literal semicolon) in special, so that only \;
is turned into a semicolon but not \\; or "\\;" or "\;" which are kept
as a literal \; in the output. This is probably what was initially
intended.
Known issues:
- Using an empty string (for example, ExecStartPre=<empty>) will empty
the list and remove the existing commands, but using whitespace only
(for example, ExecStartPre=<spaces>) will not. This is a pre-existing
issue and will be dealt with in a follow up commit.
Tested:
- Unit tests passing. Also `make distcheck` still works as expected.
- Installed it on a local machine and booted with it, checked console
output, systemctl and journalctl output, did not notice any issues
running the patched systemd binaries.
Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794
2015-05-31 07:48:52 +02:00
|
|
|
|
"/sbin/find", NULL, ";", "/x", false);
|
2015-06-09 07:01:52 +02:00
|
|
|
|
|
2014-12-19 00:08:13 +01:00
|
|
|
|
log_info("/* spaces in the filename */");
|
|
|
|
|
|
r = config_parse_exec(NULL, "fake", 5, "section", 1,
|
|
|
|
|
|
"LValue", 0,
|
|
|
|
|
|
"\"/PATH WITH SPACES/daemon\" -1 -2",
|
2016-01-12 08:40:52 +01:00
|
|
|
|
&c, u);
|
2014-12-19 00:08:13 +01:00
|
|
|
|
assert_se(r >= 0);
|
|
|
|
|
|
c1 = c1->command_next;
|
|
|
|
|
|
check_execcommand(c1,
|
|
|
|
|
|
"/PATH WITH SPACES/daemon", NULL, "-1", "-2", false);
|
|
|
|
|
|
|
|
|
|
|
|
log_info("/* spaces in the filename, no args */");
|
|
|
|
|
|
r = config_parse_exec(NULL, "fake", 5, "section", 1,
|
|
|
|
|
|
"LValue", 0,
|
|
|
|
|
|
"\"/PATH WITH SPACES/daemon -1 -2\"",
|
2016-01-12 08:40:52 +01:00
|
|
|
|
&c, u);
|
2014-12-19 00:08:13 +01:00
|
|
|
|
assert_se(r >= 0);
|
|
|
|
|
|
c1 = c1->command_next;
|
|
|
|
|
|
check_execcommand(c1,
|
|
|
|
|
|
"/PATH WITH SPACES/daemon -1 -2", NULL, NULL, NULL, false);
|
|
|
|
|
|
|
|
|
|
|
|
log_info("/* spaces in the filename, everything quoted */");
|
|
|
|
|
|
r = config_parse_exec(NULL, "fake", 5, "section", 1,
|
|
|
|
|
|
"LValue", 0,
|
|
|
|
|
|
"\"/PATH WITH SPACES/daemon\" \"-1\" '-2'",
|
2016-01-12 08:40:52 +01:00
|
|
|
|
&c, u);
|
2014-12-19 00:08:13 +01:00
|
|
|
|
assert_se(r >= 0);
|
|
|
|
|
|
c1 = c1->command_next;
|
|
|
|
|
|
check_execcommand(c1,
|
|
|
|
|
|
"/PATH WITH SPACES/daemon", NULL, "-1", "-2", false);
|
|
|
|
|
|
|
|
|
|
|
|
log_info("/* escaped spaces in the filename */");
|
|
|
|
|
|
r = config_parse_exec(NULL, "fake", 5, "section", 1,
|
|
|
|
|
|
"LValue", 0,
|
|
|
|
|
|
"\"/PATH\\sWITH\\sSPACES/daemon\" '-1 -2'",
|
2016-01-12 08:40:52 +01:00
|
|
|
|
&c, u);
|
2014-12-19 00:08:13 +01:00
|
|
|
|
assert_se(r >= 0);
|
|
|
|
|
|
c1 = c1->command_next;
|
|
|
|
|
|
check_execcommand(c1,
|
|
|
|
|
|
"/PATH WITH SPACES/daemon", NULL, "-1 -2", NULL, false);
|
|
|
|
|
|
|
|
|
|
|
|
log_info("/* escaped spaces in the filename (2) */");
|
|
|
|
|
|
r = config_parse_exec(NULL, "fake", 5, "section", 1,
|
|
|
|
|
|
"LValue", 0,
|
|
|
|
|
|
"\"/PATH\\x20WITH\\x20SPACES/daemon\" \"-1 -2\"",
|
2016-01-12 08:40:52 +01:00
|
|
|
|
&c, u);
|
2014-12-19 00:08:13 +01:00
|
|
|
|
assert_se(r >= 0);
|
|
|
|
|
|
c1 = c1->command_next;
|
|
|
|
|
|
check_execcommand(c1,
|
|
|
|
|
|
"/PATH WITH SPACES/daemon", NULL, "-1 -2", NULL, false);
|
|
|
|
|
|
|
|
|
|
|
|
for (ccc = "abfnrtv\\\'\"x"; *ccc; ccc++) {
|
|
|
|
|
|
/* \\x is an incomplete hexadecimal sequence, invalid because of the slash */
|
|
|
|
|
|
char path[] = "/path\\X";
|
|
|
|
|
|
path[sizeof(path) - 2] = *ccc;
|
|
|
|
|
|
|
|
|
|
|
|
log_info("/* invalid character: \\%c */", *ccc);
|
|
|
|
|
|
r = config_parse_exec(NULL, "fake", 4, "section", 1,
|
|
|
|
|
|
"LValue", 0, path,
|
2016-01-12 08:40:52 +01:00
|
|
|
|
&c, u);
|
core/load-fragment: refuse units with errors in certain directives
If an error is encountered in any of the Exec* lines, WorkingDirectory,
SELinuxContext, ApparmorProfile, SmackProcessLabel, Service (in .socket
units), User, or Group, refuse to load the unit. If the config stanza
has support, ignore the failure if '-' is present.
For those configuration directives, even if we started the unit, it's
pretty likely that it'll do something unexpected (like write files
in a wrong place, or with a wrong context, or run with wrong permissions,
etc). It seems better to refuse to start the unit and have the admin
clean up the configuration without giving the service a chance to mess
up stuff.
Note that all "security" options that restrict what the unit can do
(Capabilities, AmbientCapabilities, Restrict*, SystemCallFilter, Limit*,
PrivateDevices, Protect*, etc) are _not_ treated like this. Such options are
only supplementary, and are not always available depending on the architecture
and compilation options, so unit authors have to make sure that the service
runs correctly without them anyway.
Fixes #6237, #6277.
2017-07-06 19:28:19 +02:00
|
|
|
|
assert_se(r == -ENOEXEC);
|
2014-12-19 00:08:13 +01:00
|
|
|
|
assert_se(c1->command_next == NULL);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
log_info("/* valid character: \\s */");
|
|
|
|
|
|
r = config_parse_exec(NULL, "fake", 4, "section", 1,
|
|
|
|
|
|
"LValue", 0, "/path\\s",
|
2016-01-12 08:40:52 +01:00
|
|
|
|
&c, u);
|
2014-12-19 00:08:13 +01:00
|
|
|
|
assert_se(r >= 0);
|
|
|
|
|
|
c1 = c1->command_next;
|
|
|
|
|
|
check_execcommand(c1, "/path ", NULL, NULL, NULL, false);
|
|
|
|
|
|
|
2015-06-01 18:05:02 +02:00
|
|
|
|
log_info("/* quoted backslashes */");
|
|
|
|
|
|
r = config_parse_exec(NULL, "fake", 5, "section", 1,
|
|
|
|
|
|
"LValue", 0,
|
|
|
|
|
|
"/bin/grep '\\w+\\K'",
|
2016-01-12 08:40:52 +01:00
|
|
|
|
&c, u);
|
2015-06-01 18:05:02 +02:00
|
|
|
|
assert_se(r >= 0);
|
|
|
|
|
|
c1 = c1->command_next;
|
|
|
|
|
|
check_execcommand(c1, "/bin/grep", NULL, "\\w+\\K", NULL, false);
|
|
|
|
|
|
|
2014-12-19 00:08:13 +01:00
|
|
|
|
log_info("/* trailing backslash: \\ */");
|
|
|
|
|
|
/* backslash is invalid */
|
|
|
|
|
|
r = config_parse_exec(NULL, "fake", 4, "section", 1,
|
|
|
|
|
|
"LValue", 0, "/path\\",
|
2016-01-12 08:40:52 +01:00
|
|
|
|
&c, u);
|
core/load-fragment: refuse units with errors in certain directives
If an error is encountered in any of the Exec* lines, WorkingDirectory,
SELinuxContext, ApparmorProfile, SmackProcessLabel, Service (in .socket
units), User, or Group, refuse to load the unit. If the config stanza
has support, ignore the failure if '-' is present.
For those configuration directives, even if we started the unit, it's
pretty likely that it'll do something unexpected (like write files
in a wrong place, or with a wrong context, or run with wrong permissions,
etc). It seems better to refuse to start the unit and have the admin
clean up the configuration without giving the service a chance to mess
up stuff.
Note that all "security" options that restrict what the unit can do
(Capabilities, AmbientCapabilities, Restrict*, SystemCallFilter, Limit*,
PrivateDevices, Protect*, etc) are _not_ treated like this. Such options are
only supplementary, and are not always available depending on the architecture
and compilation options, so unit authors have to make sure that the service
runs correctly without them anyway.
Fixes #6237, #6277.
2017-07-06 19:28:19 +02:00
|
|
|
|
assert_se(r == -ENOEXEC);
|
2014-12-19 00:08:13 +01:00
|
|
|
|
assert_se(c1->command_next == NULL);
|
2012-11-03 20:52:02 +01:00
|
|
|
|
|
2015-04-23 00:09:43 +02:00
|
|
|
|
log_info("/* missing ending ' */");
|
|
|
|
|
|
r = config_parse_exec(NULL, "fake", 4, "section", 1,
|
|
|
|
|
|
"LValue", 0, "/path 'foo",
|
2016-01-12 08:40:52 +01:00
|
|
|
|
&c, u);
|
core/load-fragment: refuse units with errors in certain directives
If an error is encountered in any of the Exec* lines, WorkingDirectory,
SELinuxContext, ApparmorProfile, SmackProcessLabel, Service (in .socket
units), User, or Group, refuse to load the unit. If the config stanza
has support, ignore the failure if '-' is present.
For those configuration directives, even if we started the unit, it's
pretty likely that it'll do something unexpected (like write files
in a wrong place, or with a wrong context, or run with wrong permissions,
etc). It seems better to refuse to start the unit and have the admin
clean up the configuration without giving the service a chance to mess
up stuff.
Note that all "security" options that restrict what the unit can do
(Capabilities, AmbientCapabilities, Restrict*, SystemCallFilter, Limit*,
PrivateDevices, Protect*, etc) are _not_ treated like this. Such options are
only supplementary, and are not always available depending on the architecture
and compilation options, so unit authors have to make sure that the service
runs correctly without them anyway.
Fixes #6237, #6277.
2017-07-06 19:28:19 +02:00
|
|
|
|
assert_se(r == -ENOEXEC);
|
2015-04-23 00:09:43 +02:00
|
|
|
|
assert_se(c1->command_next == NULL);
|
|
|
|
|
|
|
|
|
|
|
|
log_info("/* missing ending ' with trailing backslash */");
|
|
|
|
|
|
r = config_parse_exec(NULL, "fake", 4, "section", 1,
|
|
|
|
|
|
"LValue", 0, "/path 'foo\\",
|
2016-01-12 08:40:52 +01:00
|
|
|
|
&c, u);
|
core/load-fragment: refuse units with errors in certain directives
If an error is encountered in any of the Exec* lines, WorkingDirectory,
SELinuxContext, ApparmorProfile, SmackProcessLabel, Service (in .socket
units), User, or Group, refuse to load the unit. If the config stanza
has support, ignore the failure if '-' is present.
For those configuration directives, even if we started the unit, it's
pretty likely that it'll do something unexpected (like write files
in a wrong place, or with a wrong context, or run with wrong permissions,
etc). It seems better to refuse to start the unit and have the admin
clean up the configuration without giving the service a chance to mess
up stuff.
Note that all "security" options that restrict what the unit can do
(Capabilities, AmbientCapabilities, Restrict*, SystemCallFilter, Limit*,
PrivateDevices, Protect*, etc) are _not_ treated like this. Such options are
only supplementary, and are not always available depending on the architecture
and compilation options, so unit authors have to make sure that the service
runs correctly without them anyway.
Fixes #6237, #6277.
2017-07-06 19:28:19 +02:00
|
|
|
|
assert_se(r == -ENOEXEC);
|
2015-04-23 00:09:43 +02:00
|
|
|
|
assert_se(c1->command_next == NULL);
|
|
|
|
|
|
|
2015-05-14 09:06:40 +02:00
|
|
|
|
log_info("/* invalid space between modifiers */");
|
|
|
|
|
|
r = config_parse_exec(NULL, "fake", 4, "section", 1,
|
|
|
|
|
|
"LValue", 0, "- /path",
|
2016-01-12 08:40:52 +01:00
|
|
|
|
&c, u);
|
2015-05-14 09:06:40 +02:00
|
|
|
|
assert_se(r == 0);
|
|
|
|
|
|
assert_se(c1->command_next == NULL);
|
|
|
|
|
|
|
|
|
|
|
|
log_info("/* only modifiers, no path */");
|
|
|
|
|
|
r = config_parse_exec(NULL, "fake", 4, "section", 1,
|
|
|
|
|
|
"LValue", 0, "-",
|
2016-01-12 08:40:52 +01:00
|
|
|
|
&c, u);
|
2015-05-14 09:06:40 +02:00
|
|
|
|
assert_se(r == 0);
|
|
|
|
|
|
assert_se(c1->command_next == NULL);
|
|
|
|
|
|
|
|
|
|
|
|
log_info("/* empty argument, reset */");
|
|
|
|
|
|
r = config_parse_exec(NULL, "fake", 4, "section", 1,
|
|
|
|
|
|
"LValue", 0, "",
|
2016-01-12 08:40:52 +01:00
|
|
|
|
&c, u);
|
2015-05-14 09:06:40 +02:00
|
|
|
|
assert_se(r == 0);
|
|
|
|
|
|
assert_se(c == NULL);
|
|
|
|
|
|
|
2012-11-15 14:48:12 +01:00
|
|
|
|
exec_command_free_list(c);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-11-14 14:58:37 +01:00
|
|
|
|
static void test_config_parse_log_extra_fields(void) {
|
|
|
|
|
|
/* int config_parse_log_extra_fields(
|
|
|
|
|
|
const char *unit,
|
|
|
|
|
|
const char *filename,
|
|
|
|
|
|
unsigned line,
|
|
|
|
|
|
const char *section,
|
|
|
|
|
|
unsigned section_line,
|
|
|
|
|
|
const char *lvalue,
|
|
|
|
|
|
int ltype,
|
|
|
|
|
|
const char *rvalue,
|
|
|
|
|
|
void *data,
|
|
|
|
|
|
void *userdata) */
|
|
|
|
|
|
|
|
|
|
|
|
int r;
|
|
|
|
|
|
|
2018-03-09 21:55:55 +01:00
|
|
|
|
_cleanup_(manager_freep) Manager *m = NULL;
|
2018-03-09 21:34:28 +01:00
|
|
|
|
_cleanup_(unit_freep) Unit *u = NULL;
|
2017-11-14 14:58:37 +01:00
|
|
|
|
ExecContext c = {};
|
|
|
|
|
|
|
|
|
|
|
|
r = manager_new(UNIT_FILE_USER, MANAGER_TEST_RUN_MINIMAL, &m);
|
|
|
|
|
|
if (MANAGER_SKIP_TEST(r)) {
|
|
|
|
|
|
log_notice_errno(r, "Skipping test: manager_new: %m");
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
assert_se(r >= 0);
|
|
|
|
|
|
assert_se(manager_startup(m, NULL, NULL) >= 0);
|
|
|
|
|
|
|
|
|
|
|
|
assert_se(u = unit_new(m, sizeof(Service)));
|
|
|
|
|
|
|
|
|
|
|
|
log_info("/* %s – basic test */", __func__);
|
|
|
|
|
|
r = config_parse_log_extra_fields(NULL, "fake", 1, "section", 1,
|
|
|
|
|
|
"LValue", 0, "FOO=BAR \"QOOF=quux ' ' \"",
|
|
|
|
|
|
&c, u);
|
|
|
|
|
|
assert_se(r >= 0);
|
|
|
|
|
|
assert_se(c.n_log_extra_fields == 2);
|
|
|
|
|
|
assert_se(strneq(c.log_extra_fields[0].iov_base, "FOO=BAR", c.log_extra_fields[0].iov_len));
|
|
|
|
|
|
assert_se(strneq(c.log_extra_fields[1].iov_base, "QOOF=quux ' ' ", c.log_extra_fields[1].iov_len));
|
|
|
|
|
|
|
|
|
|
|
|
log_info("/* %s – add some */", __func__);
|
|
|
|
|
|
r = config_parse_log_extra_fields(NULL, "fake", 1, "section", 1,
|
|
|
|
|
|
"LValue", 0, "FOO2=BAR2 QOOF2=quux ' '",
|
|
|
|
|
|
&c, u);
|
|
|
|
|
|
assert_se(r >= 0);
|
|
|
|
|
|
assert_se(c.n_log_extra_fields == 4);
|
|
|
|
|
|
assert_se(strneq(c.log_extra_fields[0].iov_base, "FOO=BAR", c.log_extra_fields[0].iov_len));
|
|
|
|
|
|
assert_se(strneq(c.log_extra_fields[1].iov_base, "QOOF=quux ' ' ", c.log_extra_fields[1].iov_len));
|
|
|
|
|
|
assert_se(strneq(c.log_extra_fields[2].iov_base, "FOO2=BAR2", c.log_extra_fields[2].iov_len));
|
|
|
|
|
|
assert_se(strneq(c.log_extra_fields[3].iov_base, "QOOF2=quux", c.log_extra_fields[3].iov_len));
|
|
|
|
|
|
|
|
|
|
|
|
exec_context_dump(&c, stdout, " --> ");
|
|
|
|
|
|
|
|
|
|
|
|
log_info("/* %s – reset */", __func__);
|
|
|
|
|
|
r = config_parse_log_extra_fields(NULL, "fake", 1, "section", 1,
|
|
|
|
|
|
"LValue", 0, "",
|
|
|
|
|
|
&c, u);
|
|
|
|
|
|
assert_se(r >= 0);
|
|
|
|
|
|
assert_se(c.n_log_extra_fields == 0);
|
|
|
|
|
|
|
|
|
|
|
|
exec_context_free_log_extra_fields(&c);
|
|
|
|
|
|
|
|
|
|
|
|
log_info("/* %s – bye */", __func__);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2013-04-03 19:04:03 +02:00
|
|
|
|
#define env_file_1 \
|
|
|
|
|
|
"a=a\n" \
|
|
|
|
|
|
"b=b\\\n" \
|
|
|
|
|
|
"c\n" \
|
|
|
|
|
|
"d=d\\\n" \
|
|
|
|
|
|
"e\\\n" \
|
|
|
|
|
|
"f\n" \
|
|
|
|
|
|
"g=g\\ \n" \
|
|
|
|
|
|
"h=h\n" \
|
|
|
|
|
|
"i=i\\"
|
|
|
|
|
|
|
|
|
|
|
|
#define env_file_2 \
|
|
|
|
|
|
"a=a\\\n"
|
2013-01-18 16:57:11 +01:00
|
|
|
|
|
2013-02-13 05:28:48 +01:00
|
|
|
|
#define env_file_3 \
|
|
|
|
|
|
"#SPAMD_ARGS=\"-d --socketpath=/var/lib/bulwark/spamd \\\n" \
|
|
|
|
|
|
"#--nouser-config \\\n" \
|
|
|
|
|
|
"normal=line"
|
|
|
|
|
|
|
2013-04-14 02:22:53 +02:00
|
|
|
|
#define env_file_4 \
|
|
|
|
|
|
"# Generated\n" \
|
|
|
|
|
|
"\n" \
|
|
|
|
|
|
"HWMON_MODULES=\"coretemp f71882fg\"\n" \
|
|
|
|
|
|
"\n" \
|
|
|
|
|
|
"# For compatibility reasons\n" \
|
|
|
|
|
|
"\n" \
|
|
|
|
|
|
"MODULE_0=coretemp\n" \
|
|
|
|
|
|
"MODULE_1=f71882fg"
|
|
|
|
|
|
|
2014-11-20 21:18:23 +01:00
|
|
|
|
#define env_file_5 \
|
|
|
|
|
|
"a=\n" \
|
|
|
|
|
|
"b="
|
2013-04-14 02:22:53 +02:00
|
|
|
|
|
2013-01-18 16:57:11 +01:00
|
|
|
|
static void test_load_env_file_1(void) {
|
2013-04-18 09:11:22 +02:00
|
|
|
|
_cleanup_strv_free_ char **data = NULL;
|
2013-01-18 16:57:11 +01:00
|
|
|
|
int r;
|
|
|
|
|
|
|
2018-05-16 11:35:41 +02:00
|
|
|
|
_cleanup_(unlink_tempfilep) char name[] = "/tmp/test-load-env-file.XXXXXX";
|
2014-01-28 13:47:35 +01:00
|
|
|
|
_cleanup_close_ int fd;
|
|
|
|
|
|
|
2016-09-13 08:20:38 +02:00
|
|
|
|
fd = mkostemp_safe(name);
|
2014-10-04 23:51:45 +02:00
|
|
|
|
assert_se(fd >= 0);
|
2013-01-18 16:57:11 +01:00
|
|
|
|
assert_se(write(fd, env_file_1, sizeof(env_file_1)) == sizeof(env_file_1));
|
|
|
|
|
|
|
2018-11-12 14:04:47 +01:00
|
|
|
|
r = load_env_file(NULL, name, &data);
|
2014-10-04 23:51:45 +02:00
|
|
|
|
assert_se(r == 0);
|
|
|
|
|
|
assert_se(streq(data[0], "a=a"));
|
|
|
|
|
|
assert_se(streq(data[1], "b=bc"));
|
|
|
|
|
|
assert_se(streq(data[2], "d=def"));
|
|
|
|
|
|
assert_se(streq(data[3], "g=g "));
|
|
|
|
|
|
assert_se(streq(data[4], "h=h"));
|
|
|
|
|
|
assert_se(streq(data[5], "i=i"));
|
|
|
|
|
|
assert_se(data[6] == NULL);
|
2013-01-18 16:57:11 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void test_load_env_file_2(void) {
|
2013-04-18 09:11:22 +02:00
|
|
|
|
_cleanup_strv_free_ char **data = NULL;
|
2013-01-18 16:57:11 +01:00
|
|
|
|
int r;
|
|
|
|
|
|
|
2018-05-16 11:35:41 +02:00
|
|
|
|
_cleanup_(unlink_tempfilep) char name[] = "/tmp/test-load-env-file.XXXXXX";
|
2014-01-28 13:47:35 +01:00
|
|
|
|
_cleanup_close_ int fd;
|
|
|
|
|
|
|
2016-09-13 08:20:38 +02:00
|
|
|
|
fd = mkostemp_safe(name);
|
2014-10-04 23:51:45 +02:00
|
|
|
|
assert_se(fd >= 0);
|
2013-01-18 16:57:11 +01:00
|
|
|
|
assert_se(write(fd, env_file_2, sizeof(env_file_2)) == sizeof(env_file_2));
|
|
|
|
|
|
|
2018-11-12 14:04:47 +01:00
|
|
|
|
r = load_env_file(NULL, name, &data);
|
2014-10-04 23:51:45 +02:00
|
|
|
|
assert_se(r == 0);
|
|
|
|
|
|
assert_se(streq(data[0], "a=a"));
|
|
|
|
|
|
assert_se(data[1] == NULL);
|
2013-01-18 16:57:11 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
2013-02-13 05:28:48 +01:00
|
|
|
|
static void test_load_env_file_3(void) {
|
2013-04-18 09:11:22 +02:00
|
|
|
|
_cleanup_strv_free_ char **data = NULL;
|
2013-02-13 05:28:48 +01:00
|
|
|
|
int r;
|
|
|
|
|
|
|
2018-05-16 11:35:41 +02:00
|
|
|
|
_cleanup_(unlink_tempfilep) char name[] = "/tmp/test-load-env-file.XXXXXX";
|
2014-01-28 13:47:35 +01:00
|
|
|
|
_cleanup_close_ int fd;
|
|
|
|
|
|
|
2016-09-13 08:20:38 +02:00
|
|
|
|
fd = mkostemp_safe(name);
|
2014-10-04 23:51:45 +02:00
|
|
|
|
assert_se(fd >= 0);
|
2013-02-13 05:28:48 +01:00
|
|
|
|
assert_se(write(fd, env_file_3, sizeof(env_file_3)) == sizeof(env_file_3));
|
|
|
|
|
|
|
2018-11-12 14:04:47 +01:00
|
|
|
|
r = load_env_file(NULL, name, &data);
|
2014-10-04 23:51:45 +02:00
|
|
|
|
assert_se(r == 0);
|
|
|
|
|
|
assert_se(data == NULL);
|
2013-02-13 05:28:48 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
2013-04-14 02:22:53 +02:00
|
|
|
|
static void test_load_env_file_4(void) {
|
2013-04-18 09:11:22 +02:00
|
|
|
|
_cleanup_strv_free_ char **data = NULL;
|
2018-05-16 11:35:41 +02:00
|
|
|
|
_cleanup_(unlink_tempfilep) char name[] = "/tmp/test-load-env-file.XXXXXX";
|
2014-01-28 13:47:35 +01:00
|
|
|
|
_cleanup_close_ int fd;
|
2013-04-14 02:22:53 +02:00
|
|
|
|
int r;
|
|
|
|
|
|
|
2016-09-13 08:20:38 +02:00
|
|
|
|
fd = mkostemp_safe(name);
|
2014-10-04 23:51:45 +02:00
|
|
|
|
assert_se(fd >= 0);
|
2013-04-14 02:22:53 +02:00
|
|
|
|
assert_se(write(fd, env_file_4, sizeof(env_file_4)) == sizeof(env_file_4));
|
|
|
|
|
|
|
2018-11-12 14:04:47 +01:00
|
|
|
|
r = load_env_file(NULL, name, &data);
|
2014-10-04 23:51:45 +02:00
|
|
|
|
assert_se(r == 0);
|
|
|
|
|
|
assert_se(streq(data[0], "HWMON_MODULES=coretemp f71882fg"));
|
|
|
|
|
|
assert_se(streq(data[1], "MODULE_0=coretemp"));
|
|
|
|
|
|
assert_se(streq(data[2], "MODULE_1=f71882fg"));
|
|
|
|
|
|
assert_se(data[3] == NULL);
|
2013-04-14 02:22:53 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
2014-11-20 21:18:23 +01:00
|
|
|
|
static void test_load_env_file_5(void) {
|
|
|
|
|
|
_cleanup_strv_free_ char **data = NULL;
|
|
|
|
|
|
int r;
|
|
|
|
|
|
|
2018-05-16 11:35:41 +02:00
|
|
|
|
_cleanup_(unlink_tempfilep) char name[] = "/tmp/test-load-env-file.XXXXXX";
|
2014-11-20 21:18:23 +01:00
|
|
|
|
_cleanup_close_ int fd;
|
|
|
|
|
|
|
2016-09-13 08:20:38 +02:00
|
|
|
|
fd = mkostemp_safe(name);
|
2014-11-20 21:18:23 +01:00
|
|
|
|
assert_se(fd >= 0);
|
|
|
|
|
|
assert_se(write(fd, env_file_5, sizeof(env_file_5)) == sizeof(env_file_5));
|
|
|
|
|
|
|
2018-11-12 14:04:47 +01:00
|
|
|
|
r = load_env_file(NULL, name, &data);
|
2014-11-20 21:18:23 +01:00
|
|
|
|
assert_se(r == 0);
|
|
|
|
|
|
assert_se(streq(data[0], "a="));
|
|
|
|
|
|
assert_se(streq(data[1], "b="));
|
|
|
|
|
|
assert_se(data[2] == NULL);
|
|
|
|
|
|
}
|
2013-04-14 02:22:53 +02:00
|
|
|
|
|
2013-01-29 20:39:06 +01:00
|
|
|
|
static void test_install_printf(void) {
|
|
|
|
|
|
char name[] = "name.service",
|
core: simplify handling of %u, %U, %s and %h unit file specifiers
Previously, the %u, %U, %s and %h specifiers would resolve to the user
name, numeric user ID, shell and home directory of the user configured
in the User= setting of a unit file, or the user of the manager instance
if no User= setting was configured. That at least was the theory. In
real-life this was not ever actually useful:
- For the systemd --user instance it made no sense to ever set User=,
since the instance runs in user context after all, and hence the
privileges to change user IDs don't even exist. The four specifiers
were actually not useful at all in this case.
- For the systemd --system instance we did not allow any resolving that
would require NSS. Hence, %s and %h were not supported, unless
User=root was set, in which case they would be hardcoded to /bin/sh
and /root, to avoid NSS. Then, %u would actually resolve to whatever
was set with User=, but %U would only resolve to the numeric UID of
that setting if the User= was specified in numeric form, or happened
to be root (in which case 0 was hardcoded as mapping). Two of the
specifiers are entirely useless in this case, one is realistically
also useless, and one is pretty pointless.
- Resolving of these settings would only happen if User= was actually
set *before* the specifiers where resolved. This behaviour was
undocumented and is really ugly, as specifiers should actually be
considered something that applies to the whole file equally,
independently of order...
With this change, %u, %U, %s and %h are drastically simplified: they now
always refer to the user that is running the service instance, and the
user configured in the unit file is irrelevant. For the system instance
of systemd this means they always resolve to "root", "0", "/bin/sh" and
"/root", thus avoiding NSS. For the user instance, to the data for the
specific user.
The new behaviour is identical to the old behaviour in all --user cases
and for all units that have no User= set (or set to "0" or "root").
2015-10-31 22:12:51 +01:00
|
|
|
|
path[] = "/run/systemd/system/name.service";
|
|
|
|
|
|
UnitFileInstallInfo i = { .name = name, .path = path, };
|
|
|
|
|
|
UnitFileInstallInfo i2 = { .name= name, .path = path, };
|
2013-01-29 20:39:06 +01:00
|
|
|
|
char name3[] = "name@inst.service",
|
2013-03-10 00:55:31 +01:00
|
|
|
|
path3[] = "/run/systemd/system/name.service";
|
core: simplify handling of %u, %U, %s and %h unit file specifiers
Previously, the %u, %U, %s and %h specifiers would resolve to the user
name, numeric user ID, shell and home directory of the user configured
in the User= setting of a unit file, or the user of the manager instance
if no User= setting was configured. That at least was the theory. In
real-life this was not ever actually useful:
- For the systemd --user instance it made no sense to ever set User=,
since the instance runs in user context after all, and hence the
privileges to change user IDs don't even exist. The four specifiers
were actually not useful at all in this case.
- For the systemd --system instance we did not allow any resolving that
would require NSS. Hence, %s and %h were not supported, unless
User=root was set, in which case they would be hardcoded to /bin/sh
and /root, to avoid NSS. Then, %u would actually resolve to whatever
was set with User=, but %U would only resolve to the numeric UID of
that setting if the User= was specified in numeric form, or happened
to be root (in which case 0 was hardcoded as mapping). Two of the
specifiers are entirely useless in this case, one is realistically
also useless, and one is pretty pointless.
- Resolving of these settings would only happen if User= was actually
set *before* the specifiers where resolved. This behaviour was
undocumented and is really ugly, as specifiers should actually be
considered something that applies to the whole file equally,
independently of order...
With this change, %u, %U, %s and %h are drastically simplified: they now
always refer to the user that is running the service instance, and the
user configured in the unit file is irrelevant. For the system instance
of systemd this means they always resolve to "root", "0", "/bin/sh" and
"/root", thus avoiding NSS. For the user instance, to the data for the
specific user.
The new behaviour is identical to the old behaviour in all --user cases
and for all units that have no User= set (or set to "0" or "root").
2015-10-31 22:12:51 +01:00
|
|
|
|
UnitFileInstallInfo i3 = { .name = name3, .path = path3, };
|
|
|
|
|
|
UnitFileInstallInfo i4 = { .name = name3, .path = path3, };
|
2013-01-29 20:39:06 +01:00
|
|
|
|
|
2018-10-13 10:26:48 +02:00
|
|
|
|
_cleanup_free_ char *mid = NULL, *bid = NULL, *host = NULL, *gid = NULL, *group = NULL, *uid = NULL, *user = NULL;
|
2013-01-29 20:39:06 +01:00
|
|
|
|
|
2013-09-17 17:03:46 +02:00
|
|
|
|
assert_se(specifier_machine_id('m', NULL, NULL, &mid) >= 0 && mid);
|
|
|
|
|
|
assert_se(specifier_boot_id('b', NULL, NULL, &bid) >= 0 && bid);
|
2018-05-14 09:12:12 +02:00
|
|
|
|
assert_se(host = gethostname_malloc());
|
2018-10-13 10:26:48 +02:00
|
|
|
|
assert_se(group = gid_to_name(getgid()));
|
|
|
|
|
|
assert_se(asprintf(&gid, UID_FMT, getgid()) >= 0);
|
2018-05-14 09:12:12 +02:00
|
|
|
|
assert_se(user = uid_to_name(getuid()));
|
core: simplify handling of %u, %U, %s and %h unit file specifiers
Previously, the %u, %U, %s and %h specifiers would resolve to the user
name, numeric user ID, shell and home directory of the user configured
in the User= setting of a unit file, or the user of the manager instance
if no User= setting was configured. That at least was the theory. In
real-life this was not ever actually useful:
- For the systemd --user instance it made no sense to ever set User=,
since the instance runs in user context after all, and hence the
privileges to change user IDs don't even exist. The four specifiers
were actually not useful at all in this case.
- For the systemd --system instance we did not allow any resolving that
would require NSS. Hence, %s and %h were not supported, unless
User=root was set, in which case they would be hardcoded to /bin/sh
and /root, to avoid NSS. Then, %u would actually resolve to whatever
was set with User=, but %U would only resolve to the numeric UID of
that setting if the User= was specified in numeric form, or happened
to be root (in which case 0 was hardcoded as mapping). Two of the
specifiers are entirely useless in this case, one is realistically
also useless, and one is pretty pointless.
- Resolving of these settings would only happen if User= was actually
set *before* the specifiers where resolved. This behaviour was
undocumented and is really ugly, as specifiers should actually be
considered something that applies to the whole file equally,
independently of order...
With this change, %u, %U, %s and %h are drastically simplified: they now
always refer to the user that is running the service instance, and the
user configured in the unit file is irrelevant. For the system instance
of systemd this means they always resolve to "root", "0", "/bin/sh" and
"/root", thus avoiding NSS. For the user instance, to the data for the
specific user.
The new behaviour is identical to the old behaviour in all --user cases
and for all units that have no User= set (or set to "0" or "root").
2015-10-31 22:12:51 +01:00
|
|
|
|
assert_se(asprintf(&uid, UID_FMT, getuid()) >= 0);
|
2013-01-29 20:39:06 +01:00
|
|
|
|
|
|
|
|
|
|
#define expect(src, pattern, result) \
|
2013-04-03 19:04:03 +02:00
|
|
|
|
do { \
|
2013-09-17 17:03:46 +02:00
|
|
|
|
_cleanup_free_ char *t = NULL; \
|
2013-04-18 09:11:22 +02:00
|
|
|
|
_cleanup_free_ char \
|
2013-01-29 20:39:06 +01:00
|
|
|
|
*d1 = strdup(i.name), \
|
core: simplify handling of %u, %U, %s and %h unit file specifiers
Previously, the %u, %U, %s and %h specifiers would resolve to the user
name, numeric user ID, shell and home directory of the user configured
in the User= setting of a unit file, or the user of the manager instance
if no User= setting was configured. That at least was the theory. In
real-life this was not ever actually useful:
- For the systemd --user instance it made no sense to ever set User=,
since the instance runs in user context after all, and hence the
privileges to change user IDs don't even exist. The four specifiers
were actually not useful at all in this case.
- For the systemd --system instance we did not allow any resolving that
would require NSS. Hence, %s and %h were not supported, unless
User=root was set, in which case they would be hardcoded to /bin/sh
and /root, to avoid NSS. Then, %u would actually resolve to whatever
was set with User=, but %U would only resolve to the numeric UID of
that setting if the User= was specified in numeric form, or happened
to be root (in which case 0 was hardcoded as mapping). Two of the
specifiers are entirely useless in this case, one is realistically
also useless, and one is pretty pointless.
- Resolving of these settings would only happen if User= was actually
set *before* the specifiers where resolved. This behaviour was
undocumented and is really ugly, as specifiers should actually be
considered something that applies to the whole file equally,
independently of order...
With this change, %u, %U, %s and %h are drastically simplified: they now
always refer to the user that is running the service instance, and the
user configured in the unit file is irrelevant. For the system instance
of systemd this means they always resolve to "root", "0", "/bin/sh" and
"/root", thus avoiding NSS. For the user instance, to the data for the
specific user.
The new behaviour is identical to the old behaviour in all --user cases
and for all units that have no User= set (or set to "0" or "root").
2015-10-31 22:12:51 +01:00
|
|
|
|
*d2 = strdup(i.path); \
|
2013-09-17 17:03:46 +02:00
|
|
|
|
assert_se(install_full_printf(&src, pattern, &t) >= 0 || !result); \
|
2013-01-29 20:39:06 +01:00
|
|
|
|
memzero(i.name, strlen(i.name)); \
|
|
|
|
|
|
memzero(i.path, strlen(i.path)); \
|
core: simplify handling of %u, %U, %s and %h unit file specifiers
Previously, the %u, %U, %s and %h specifiers would resolve to the user
name, numeric user ID, shell and home directory of the user configured
in the User= setting of a unit file, or the user of the manager instance
if no User= setting was configured. That at least was the theory. In
real-life this was not ever actually useful:
- For the systemd --user instance it made no sense to ever set User=,
since the instance runs in user context after all, and hence the
privileges to change user IDs don't even exist. The four specifiers
were actually not useful at all in this case.
- For the systemd --system instance we did not allow any resolving that
would require NSS. Hence, %s and %h were not supported, unless
User=root was set, in which case they would be hardcoded to /bin/sh
and /root, to avoid NSS. Then, %u would actually resolve to whatever
was set with User=, but %U would only resolve to the numeric UID of
that setting if the User= was specified in numeric form, or happened
to be root (in which case 0 was hardcoded as mapping). Two of the
specifiers are entirely useless in this case, one is realistically
also useless, and one is pretty pointless.
- Resolving of these settings would only happen if User= was actually
set *before* the specifiers where resolved. This behaviour was
undocumented and is really ugly, as specifiers should actually be
considered something that applies to the whole file equally,
independently of order...
With this change, %u, %U, %s and %h are drastically simplified: they now
always refer to the user that is running the service instance, and the
user configured in the unit file is irrelevant. For the system instance
of systemd this means they always resolve to "root", "0", "/bin/sh" and
"/root", thus avoiding NSS. For the user instance, to the data for the
specific user.
The new behaviour is identical to the old behaviour in all --user cases
and for all units that have no User= set (or set to "0" or "root").
2015-10-31 22:12:51 +01:00
|
|
|
|
assert_se(d1 && d2); \
|
2013-01-29 20:39:06 +01:00
|
|
|
|
if (result) { \
|
|
|
|
|
|
printf("%s\n", t); \
|
core: simplify handling of %u, %U, %s and %h unit file specifiers
Previously, the %u, %U, %s and %h specifiers would resolve to the user
name, numeric user ID, shell and home directory of the user configured
in the User= setting of a unit file, or the user of the manager instance
if no User= setting was configured. That at least was the theory. In
real-life this was not ever actually useful:
- For the systemd --user instance it made no sense to ever set User=,
since the instance runs in user context after all, and hence the
privileges to change user IDs don't even exist. The four specifiers
were actually not useful at all in this case.
- For the systemd --system instance we did not allow any resolving that
would require NSS. Hence, %s and %h were not supported, unless
User=root was set, in which case they would be hardcoded to /bin/sh
and /root, to avoid NSS. Then, %u would actually resolve to whatever
was set with User=, but %U would only resolve to the numeric UID of
that setting if the User= was specified in numeric form, or happened
to be root (in which case 0 was hardcoded as mapping). Two of the
specifiers are entirely useless in this case, one is realistically
also useless, and one is pretty pointless.
- Resolving of these settings would only happen if User= was actually
set *before* the specifiers where resolved. This behaviour was
undocumented and is really ugly, as specifiers should actually be
considered something that applies to the whole file equally,
independently of order...
With this change, %u, %U, %s and %h are drastically simplified: they now
always refer to the user that is running the service instance, and the
user configured in the unit file is irrelevant. For the system instance
of systemd this means they always resolve to "root", "0", "/bin/sh" and
"/root", thus avoiding NSS. For the user instance, to the data for the
specific user.
The new behaviour is identical to the old behaviour in all --user cases
and for all units that have no User= set (or set to "0" or "root").
2015-10-31 22:12:51 +01:00
|
|
|
|
assert_se(streq(t, result)); \
|
|
|
|
|
|
} else assert_se(t == NULL); \
|
2013-01-29 20:39:06 +01:00
|
|
|
|
strcpy(i.name, d1); \
|
|
|
|
|
|
strcpy(i.path, d2); \
|
2016-02-23 18:52:52 +01:00
|
|
|
|
} while (false)
|
2013-01-29 20:39:06 +01:00
|
|
|
|
|
|
|
|
|
|
expect(i, "%n", "name.service");
|
|
|
|
|
|
expect(i, "%N", "name");
|
|
|
|
|
|
expect(i, "%p", "name");
|
|
|
|
|
|
expect(i, "%i", "");
|
2018-04-23 22:43:20 +02:00
|
|
|
|
expect(i, "%j", "name");
|
2018-10-13 10:26:48 +02:00
|
|
|
|
expect(i, "%g", group);
|
|
|
|
|
|
expect(i, "%G", gid);
|
core: simplify handling of %u, %U, %s and %h unit file specifiers
Previously, the %u, %U, %s and %h specifiers would resolve to the user
name, numeric user ID, shell and home directory of the user configured
in the User= setting of a unit file, or the user of the manager instance
if no User= setting was configured. That at least was the theory. In
real-life this was not ever actually useful:
- For the systemd --user instance it made no sense to ever set User=,
since the instance runs in user context after all, and hence the
privileges to change user IDs don't even exist. The four specifiers
were actually not useful at all in this case.
- For the systemd --system instance we did not allow any resolving that
would require NSS. Hence, %s and %h were not supported, unless
User=root was set, in which case they would be hardcoded to /bin/sh
and /root, to avoid NSS. Then, %u would actually resolve to whatever
was set with User=, but %U would only resolve to the numeric UID of
that setting if the User= was specified in numeric form, or happened
to be root (in which case 0 was hardcoded as mapping). Two of the
specifiers are entirely useless in this case, one is realistically
also useless, and one is pretty pointless.
- Resolving of these settings would only happen if User= was actually
set *before* the specifiers where resolved. This behaviour was
undocumented and is really ugly, as specifiers should actually be
considered something that applies to the whole file equally,
independently of order...
With this change, %u, %U, %s and %h are drastically simplified: they now
always refer to the user that is running the service instance, and the
user configured in the unit file is irrelevant. For the system instance
of systemd this means they always resolve to "root", "0", "/bin/sh" and
"/root", thus avoiding NSS. For the user instance, to the data for the
specific user.
The new behaviour is identical to the old behaviour in all --user cases
and for all units that have no User= set (or set to "0" or "root").
2015-10-31 22:12:51 +01:00
|
|
|
|
expect(i, "%u", user);
|
|
|
|
|
|
expect(i, "%U", uid);
|
2014-02-20 18:44:51 +01:00
|
|
|
|
|
2013-01-29 20:39:06 +01:00
|
|
|
|
expect(i, "%m", mid);
|
|
|
|
|
|
expect(i, "%b", bid);
|
|
|
|
|
|
expect(i, "%H", host);
|
|
|
|
|
|
|
2018-10-13 10:26:48 +02:00
|
|
|
|
expect(i2, "%g", group);
|
|
|
|
|
|
expect(i2, "%G", gid);
|
core: simplify handling of %u, %U, %s and %h unit file specifiers
Previously, the %u, %U, %s and %h specifiers would resolve to the user
name, numeric user ID, shell and home directory of the user configured
in the User= setting of a unit file, or the user of the manager instance
if no User= setting was configured. That at least was the theory. In
real-life this was not ever actually useful:
- For the systemd --user instance it made no sense to ever set User=,
since the instance runs in user context after all, and hence the
privileges to change user IDs don't even exist. The four specifiers
were actually not useful at all in this case.
- For the systemd --system instance we did not allow any resolving that
would require NSS. Hence, %s and %h were not supported, unless
User=root was set, in which case they would be hardcoded to /bin/sh
and /root, to avoid NSS. Then, %u would actually resolve to whatever
was set with User=, but %U would only resolve to the numeric UID of
that setting if the User= was specified in numeric form, or happened
to be root (in which case 0 was hardcoded as mapping). Two of the
specifiers are entirely useless in this case, one is realistically
also useless, and one is pretty pointless.
- Resolving of these settings would only happen if User= was actually
set *before* the specifiers where resolved. This behaviour was
undocumented and is really ugly, as specifiers should actually be
considered something that applies to the whole file equally,
independently of order...
With this change, %u, %U, %s and %h are drastically simplified: they now
always refer to the user that is running the service instance, and the
user configured in the unit file is irrelevant. For the system instance
of systemd this means they always resolve to "root", "0", "/bin/sh" and
"/root", thus avoiding NSS. For the user instance, to the data for the
specific user.
The new behaviour is identical to the old behaviour in all --user cases
and for all units that have no User= set (or set to "0" or "root").
2015-10-31 22:12:51 +01:00
|
|
|
|
expect(i2, "%u", user);
|
|
|
|
|
|
expect(i2, "%U", uid);
|
2013-01-29 20:39:06 +01:00
|
|
|
|
|
|
|
|
|
|
expect(i3, "%n", "name@inst.service");
|
|
|
|
|
|
expect(i3, "%N", "name@inst");
|
|
|
|
|
|
expect(i3, "%p", "name");
|
2018-10-13 10:26:48 +02:00
|
|
|
|
expect(i3, "%g", group);
|
|
|
|
|
|
expect(i3, "%G", gid);
|
core: simplify handling of %u, %U, %s and %h unit file specifiers
Previously, the %u, %U, %s and %h specifiers would resolve to the user
name, numeric user ID, shell and home directory of the user configured
in the User= setting of a unit file, or the user of the manager instance
if no User= setting was configured. That at least was the theory. In
real-life this was not ever actually useful:
- For the systemd --user instance it made no sense to ever set User=,
since the instance runs in user context after all, and hence the
privileges to change user IDs don't even exist. The four specifiers
were actually not useful at all in this case.
- For the systemd --system instance we did not allow any resolving that
would require NSS. Hence, %s and %h were not supported, unless
User=root was set, in which case they would be hardcoded to /bin/sh
and /root, to avoid NSS. Then, %u would actually resolve to whatever
was set with User=, but %U would only resolve to the numeric UID of
that setting if the User= was specified in numeric form, or happened
to be root (in which case 0 was hardcoded as mapping). Two of the
specifiers are entirely useless in this case, one is realistically
also useless, and one is pretty pointless.
- Resolving of these settings would only happen if User= was actually
set *before* the specifiers where resolved. This behaviour was
undocumented and is really ugly, as specifiers should actually be
considered something that applies to the whole file equally,
independently of order...
With this change, %u, %U, %s and %h are drastically simplified: they now
always refer to the user that is running the service instance, and the
user configured in the unit file is irrelevant. For the system instance
of systemd this means they always resolve to "root", "0", "/bin/sh" and
"/root", thus avoiding NSS. For the user instance, to the data for the
specific user.
The new behaviour is identical to the old behaviour in all --user cases
and for all units that have no User= set (or set to "0" or "root").
2015-10-31 22:12:51 +01:00
|
|
|
|
expect(i3, "%u", user);
|
|
|
|
|
|
expect(i3, "%U", uid);
|
2014-02-20 18:44:51 +01:00
|
|
|
|
|
2013-01-29 20:39:06 +01:00
|
|
|
|
expect(i3, "%m", mid);
|
|
|
|
|
|
expect(i3, "%b", bid);
|
|
|
|
|
|
expect(i3, "%H", host);
|
|
|
|
|
|
|
2018-10-13 10:26:48 +02:00
|
|
|
|
expect(i4, "%g", group);
|
|
|
|
|
|
expect(i4, "%G", gid);
|
core: simplify handling of %u, %U, %s and %h unit file specifiers
Previously, the %u, %U, %s and %h specifiers would resolve to the user
name, numeric user ID, shell and home directory of the user configured
in the User= setting of a unit file, or the user of the manager instance
if no User= setting was configured. That at least was the theory. In
real-life this was not ever actually useful:
- For the systemd --user instance it made no sense to ever set User=,
since the instance runs in user context after all, and hence the
privileges to change user IDs don't even exist. The four specifiers
were actually not useful at all in this case.
- For the systemd --system instance we did not allow any resolving that
would require NSS. Hence, %s and %h were not supported, unless
User=root was set, in which case they would be hardcoded to /bin/sh
and /root, to avoid NSS. Then, %u would actually resolve to whatever
was set with User=, but %U would only resolve to the numeric UID of
that setting if the User= was specified in numeric form, or happened
to be root (in which case 0 was hardcoded as mapping). Two of the
specifiers are entirely useless in this case, one is realistically
also useless, and one is pretty pointless.
- Resolving of these settings would only happen if User= was actually
set *before* the specifiers where resolved. This behaviour was
undocumented and is really ugly, as specifiers should actually be
considered something that applies to the whole file equally,
independently of order...
With this change, %u, %U, %s and %h are drastically simplified: they now
always refer to the user that is running the service instance, and the
user configured in the unit file is irrelevant. For the system instance
of systemd this means they always resolve to "root", "0", "/bin/sh" and
"/root", thus avoiding NSS. For the user instance, to the data for the
specific user.
The new behaviour is identical to the old behaviour in all --user cases
and for all units that have no User= set (or set to "0" or "root").
2015-10-31 22:12:51 +01:00
|
|
|
|
expect(i4, "%u", user);
|
|
|
|
|
|
expect(i4, "%U", uid);
|
2013-01-29 20:39:06 +01:00
|
|
|
|
}
|
2013-01-18 16:57:11 +01:00
|
|
|
|
|
2015-10-29 12:12:22 +01:00
|
|
|
|
static uint64_t make_cap(int cap) {
|
|
|
|
|
|
return ((uint64_t) 1ULL << (uint64_t) cap);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2016-01-07 23:00:04 +01:00
|
|
|
|
static void test_config_parse_capability_set(void) {
|
|
|
|
|
|
/* int config_parse_capability_set(
|
2015-10-29 12:12:22 +01:00
|
|
|
|
const char *unit,
|
|
|
|
|
|
const char *filename,
|
|
|
|
|
|
unsigned line,
|
|
|
|
|
|
const char *section,
|
|
|
|
|
|
unsigned section_line,
|
|
|
|
|
|
const char *lvalue,
|
|
|
|
|
|
int ltype,
|
|
|
|
|
|
const char *rvalue,
|
|
|
|
|
|
void *data,
|
|
|
|
|
|
void *userdata) */
|
|
|
|
|
|
int r;
|
2016-01-07 23:00:04 +01:00
|
|
|
|
uint64_t capability_bounding_set = 0;
|
2015-10-29 12:12:22 +01:00
|
|
|
|
|
2016-01-07 23:00:04 +01:00
|
|
|
|
r = config_parse_capability_set(NULL, "fake", 1, "section", 1,
|
2015-10-29 12:12:22 +01:00
|
|
|
|
"CapabilityBoundingSet", 0, "CAP_NET_RAW",
|
2016-01-07 23:00:04 +01:00
|
|
|
|
&capability_bounding_set, NULL);
|
2015-10-29 12:12:22 +01:00
|
|
|
|
assert_se(r >= 0);
|
2016-01-07 23:00:04 +01:00
|
|
|
|
assert_se(capability_bounding_set == make_cap(CAP_NET_RAW));
|
2015-10-29 12:12:22 +01:00
|
|
|
|
|
2016-01-07 23:00:04 +01:00
|
|
|
|
r = config_parse_capability_set(NULL, "fake", 1, "section", 1,
|
2015-10-29 12:12:22 +01:00
|
|
|
|
"CapabilityBoundingSet", 0, "CAP_NET_ADMIN",
|
2016-01-07 23:00:04 +01:00
|
|
|
|
&capability_bounding_set, NULL);
|
2015-10-29 12:12:22 +01:00
|
|
|
|
assert_se(r >= 0);
|
2016-01-07 23:00:04 +01:00
|
|
|
|
assert_se(capability_bounding_set == (make_cap(CAP_NET_RAW) | make_cap(CAP_NET_ADMIN)));
|
2015-10-29 12:12:22 +01:00
|
|
|
|
|
2017-09-04 09:25:22 +02:00
|
|
|
|
r = config_parse_capability_set(NULL, "fake", 1, "section", 1,
|
|
|
|
|
|
"CapabilityBoundingSet", 0, "~CAP_NET_ADMIN",
|
|
|
|
|
|
&capability_bounding_set, NULL);
|
|
|
|
|
|
assert_se(r >= 0);
|
|
|
|
|
|
assert_se(capability_bounding_set == make_cap(CAP_NET_RAW));
|
|
|
|
|
|
|
2016-01-07 23:00:04 +01:00
|
|
|
|
r = config_parse_capability_set(NULL, "fake", 1, "section", 1,
|
2015-10-29 12:12:22 +01:00
|
|
|
|
"CapabilityBoundingSet", 0, "",
|
2016-01-07 23:00:04 +01:00
|
|
|
|
&capability_bounding_set, NULL);
|
2015-10-29 12:12:22 +01:00
|
|
|
|
assert_se(r >= 0);
|
2016-01-07 23:00:04 +01:00
|
|
|
|
assert_se(capability_bounding_set == UINT64_C(0));
|
2015-10-29 12:12:22 +01:00
|
|
|
|
|
2016-01-07 23:00:04 +01:00
|
|
|
|
r = config_parse_capability_set(NULL, "fake", 1, "section", 1,
|
2015-10-29 12:12:22 +01:00
|
|
|
|
"CapabilityBoundingSet", 0, "~",
|
2016-01-07 23:00:04 +01:00
|
|
|
|
&capability_bounding_set, NULL);
|
2015-10-29 12:12:22 +01:00
|
|
|
|
assert_se(r >= 0);
|
2016-01-07 23:00:04 +01:00
|
|
|
|
assert_se(cap_test_all(capability_bounding_set));
|
2015-10-30 07:22:53 +01:00
|
|
|
|
|
2016-01-07 23:00:04 +01:00
|
|
|
|
capability_bounding_set = 0;
|
|
|
|
|
|
r = config_parse_capability_set(NULL, "fake", 1, "section", 1,
|
2015-10-30 07:22:53 +01:00
|
|
|
|
"CapabilityBoundingSet", 0, " 'CAP_NET_RAW' WAT_CAP??? CAP_NET_ADMIN CAP'_trailing_garbage",
|
2016-01-07 23:00:04 +01:00
|
|
|
|
&capability_bounding_set, NULL);
|
2015-10-30 07:22:53 +01:00
|
|
|
|
assert_se(r >= 0);
|
2016-01-07 23:00:04 +01:00
|
|
|
|
assert_se(capability_bounding_set == (make_cap(CAP_NET_RAW) | make_cap(CAP_NET_ADMIN)));
|
2015-10-29 12:12:22 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
2015-11-10 16:52:52 +01:00
|
|
|
|
static void test_config_parse_rlimit(void) {
|
|
|
|
|
|
struct rlimit * rl[_RLIMIT_MAX] = {};
|
|
|
|
|
|
|
2018-05-03 19:01:21 +02:00
|
|
|
|
assert_se(config_parse_rlimit(NULL, "fake", 1, "section", 1, "LimitNOFILE", RLIMIT_NOFILE, "55", rl, NULL) >= 0);
|
2015-11-10 16:52:52 +01:00
|
|
|
|
assert_se(rl[RLIMIT_NOFILE]);
|
|
|
|
|
|
assert_se(rl[RLIMIT_NOFILE]->rlim_cur == 55);
|
|
|
|
|
|
assert_se(rl[RLIMIT_NOFILE]->rlim_cur == rl[RLIMIT_NOFILE]->rlim_max);
|
|
|
|
|
|
|
2018-05-03 19:01:21 +02:00
|
|
|
|
assert_se(config_parse_rlimit(NULL, "fake", 1, "section", 1, "LimitNOFILE", RLIMIT_NOFILE, "55:66", rl, NULL) >= 0);
|
2015-11-20 12:54:10 +01:00
|
|
|
|
assert_se(rl[RLIMIT_NOFILE]);
|
|
|
|
|
|
assert_se(rl[RLIMIT_NOFILE]->rlim_cur == 55);
|
|
|
|
|
|
assert_se(rl[RLIMIT_NOFILE]->rlim_max == 66);
|
|
|
|
|
|
|
2018-05-03 19:01:21 +02:00
|
|
|
|
assert_se(config_parse_rlimit(NULL, "fake", 1, "section", 1, "LimitNOFILE", RLIMIT_NOFILE, "infinity", rl, NULL) >= 0);
|
2015-11-10 16:52:52 +01:00
|
|
|
|
assert_se(rl[RLIMIT_NOFILE]);
|
|
|
|
|
|
assert_se(rl[RLIMIT_NOFILE]->rlim_cur == RLIM_INFINITY);
|
|
|
|
|
|
assert_se(rl[RLIMIT_NOFILE]->rlim_cur == rl[RLIMIT_NOFILE]->rlim_max);
|
|
|
|
|
|
|
2018-05-03 19:01:21 +02:00
|
|
|
|
assert_se(config_parse_rlimit(NULL, "fake", 1, "section", 1, "LimitNOFILE", RLIMIT_NOFILE, "infinity:infinity", rl, NULL) >= 0);
|
2015-11-20 12:54:10 +01:00
|
|
|
|
assert_se(rl[RLIMIT_NOFILE]);
|
|
|
|
|
|
assert_se(rl[RLIMIT_NOFILE]->rlim_cur == RLIM_INFINITY);
|
|
|
|
|
|
assert_se(rl[RLIMIT_NOFILE]->rlim_cur == rl[RLIMIT_NOFILE]->rlim_max);
|
|
|
|
|
|
|
2016-02-01 21:07:09 +01:00
|
|
|
|
rl[RLIMIT_NOFILE]->rlim_cur = 10;
|
|
|
|
|
|
rl[RLIMIT_NOFILE]->rlim_max = 20;
|
|
|
|
|
|
|
|
|
|
|
|
/* Invalid values don't change rl */
|
2018-05-03 19:01:21 +02:00
|
|
|
|
assert_se(config_parse_rlimit(NULL, "fake", 1, "section", 1, "LimitNOFILE", RLIMIT_NOFILE, "10:20:30", rl, NULL) >= 0);
|
2015-11-27 09:54:42 +01:00
|
|
|
|
assert_se(rl[RLIMIT_NOFILE]);
|
|
|
|
|
|
assert_se(rl[RLIMIT_NOFILE]->rlim_cur == 10);
|
|
|
|
|
|
assert_se(rl[RLIMIT_NOFILE]->rlim_max == 20);
|
|
|
|
|
|
|
2018-05-03 19:01:21 +02:00
|
|
|
|
assert_se(config_parse_rlimit(NULL, "fake", 1, "section", 1, "LimitNOFILE", RLIMIT_NOFILE, "wat:wat", rl, NULL) >= 0);
|
2015-11-27 09:54:42 +01:00
|
|
|
|
assert_se(rl[RLIMIT_NOFILE]);
|
|
|
|
|
|
assert_se(rl[RLIMIT_NOFILE]->rlim_cur == 10);
|
|
|
|
|
|
assert_se(rl[RLIMIT_NOFILE]->rlim_max == 20);
|
|
|
|
|
|
|
2018-05-03 19:01:21 +02:00
|
|
|
|
assert_se(config_parse_rlimit(NULL, "fake", 1, "section", 1, "LimitNOFILE", RLIMIT_NOFILE, "66:wat", rl, NULL) >= 0);
|
2015-11-27 09:54:42 +01:00
|
|
|
|
assert_se(rl[RLIMIT_NOFILE]);
|
|
|
|
|
|
assert_se(rl[RLIMIT_NOFILE]->rlim_cur == 10);
|
|
|
|
|
|
assert_se(rl[RLIMIT_NOFILE]->rlim_max == 20);
|
|
|
|
|
|
|
2018-05-03 19:01:21 +02:00
|
|
|
|
assert_se(config_parse_rlimit(NULL, "fake", 1, "section", 1, "LimitNOFILE", RLIMIT_NOFILE, "200:100", rl, NULL) >= 0);
|
2015-11-27 09:54:42 +01:00
|
|
|
|
assert_se(rl[RLIMIT_NOFILE]);
|
|
|
|
|
|
assert_se(rl[RLIMIT_NOFILE]->rlim_cur == 10);
|
|
|
|
|
|
assert_se(rl[RLIMIT_NOFILE]->rlim_max == 20);
|
|
|
|
|
|
|
2015-11-10 16:52:52 +01:00
|
|
|
|
rl[RLIMIT_NOFILE] = mfree(rl[RLIMIT_NOFILE]);
|
|
|
|
|
|
|
2018-05-03 19:01:21 +02:00
|
|
|
|
assert_se(config_parse_rlimit(NULL, "fake", 1, "section", 1, "LimitCPU", RLIMIT_CPU, "56", rl, NULL) >= 0);
|
2015-11-10 16:52:52 +01:00
|
|
|
|
assert_se(rl[RLIMIT_CPU]);
|
|
|
|
|
|
assert_se(rl[RLIMIT_CPU]->rlim_cur == 56);
|
|
|
|
|
|
assert_se(rl[RLIMIT_CPU]->rlim_cur == rl[RLIMIT_CPU]->rlim_max);
|
|
|
|
|
|
|
2018-05-03 19:01:21 +02:00
|
|
|
|
assert_se(config_parse_rlimit(NULL, "fake", 1, "section", 1, "LimitCPU", RLIMIT_CPU, "57s", rl, NULL) >= 0);
|
2015-11-10 16:52:52 +01:00
|
|
|
|
assert_se(rl[RLIMIT_CPU]);
|
|
|
|
|
|
assert_se(rl[RLIMIT_CPU]->rlim_cur == 57);
|
|
|
|
|
|
assert_se(rl[RLIMIT_CPU]->rlim_cur == rl[RLIMIT_CPU]->rlim_max);
|
|
|
|
|
|
|
2018-05-03 19:01:21 +02:00
|
|
|
|
assert_se(config_parse_rlimit(NULL, "fake", 1, "section", 1, "LimitCPU", RLIMIT_CPU, "40s:1m", rl, NULL) >= 0);
|
2015-11-20 12:54:10 +01:00
|
|
|
|
assert_se(rl[RLIMIT_CPU]);
|
|
|
|
|
|
assert_se(rl[RLIMIT_CPU]->rlim_cur == 40);
|
|
|
|
|
|
assert_se(rl[RLIMIT_CPU]->rlim_max == 60);
|
|
|
|
|
|
|
2018-05-03 19:01:21 +02:00
|
|
|
|
assert_se(config_parse_rlimit(NULL, "fake", 1, "section", 1, "LimitCPU", RLIMIT_CPU, "infinity", rl, NULL) >= 0);
|
2015-11-10 16:52:52 +01:00
|
|
|
|
assert_se(rl[RLIMIT_CPU]);
|
|
|
|
|
|
assert_se(rl[RLIMIT_CPU]->rlim_cur == RLIM_INFINITY);
|
|
|
|
|
|
assert_se(rl[RLIMIT_CPU]->rlim_cur == rl[RLIMIT_CPU]->rlim_max);
|
|
|
|
|
|
|
2018-05-03 19:01:21 +02:00
|
|
|
|
assert_se(config_parse_rlimit(NULL, "fake", 1, "section", 1, "LimitCPU", RLIMIT_CPU, "1234ms", rl, NULL) >= 0);
|
2015-11-10 16:52:52 +01:00
|
|
|
|
assert_se(rl[RLIMIT_CPU]);
|
|
|
|
|
|
assert_se(rl[RLIMIT_CPU]->rlim_cur == 2);
|
|
|
|
|
|
assert_se(rl[RLIMIT_CPU]->rlim_cur == rl[RLIMIT_CPU]->rlim_max);
|
|
|
|
|
|
|
|
|
|
|
|
rl[RLIMIT_CPU] = mfree(rl[RLIMIT_CPU]);
|
|
|
|
|
|
|
2018-05-03 19:01:21 +02:00
|
|
|
|
assert_se(config_parse_rlimit(NULL, "fake", 1, "section", 1, "LimitRTTIME", RLIMIT_RTTIME, "58", rl, NULL) >= 0);
|
2015-11-10 16:52:52 +01:00
|
|
|
|
assert_se(rl[RLIMIT_RTTIME]);
|
|
|
|
|
|
assert_se(rl[RLIMIT_RTTIME]->rlim_cur == 58);
|
|
|
|
|
|
assert_se(rl[RLIMIT_RTTIME]->rlim_cur == rl[RLIMIT_RTTIME]->rlim_max);
|
|
|
|
|
|
|
2018-05-03 19:01:21 +02:00
|
|
|
|
assert_se(config_parse_rlimit(NULL, "fake", 1, "section", 1, "LimitRTTIME", RLIMIT_RTTIME, "58:60", rl, NULL) >= 0);
|
2015-11-20 12:54:10 +01:00
|
|
|
|
assert_se(rl[RLIMIT_RTTIME]);
|
|
|
|
|
|
assert_se(rl[RLIMIT_RTTIME]->rlim_cur == 58);
|
|
|
|
|
|
assert_se(rl[RLIMIT_RTTIME]->rlim_max == 60);
|
|
|
|
|
|
|
2018-05-03 19:01:21 +02:00
|
|
|
|
assert_se(config_parse_rlimit(NULL, "fake", 1, "section", 1, "LimitRTTIME", RLIMIT_RTTIME, "59s", rl, NULL) >= 0);
|
2015-11-10 16:52:52 +01:00
|
|
|
|
assert_se(rl[RLIMIT_RTTIME]);
|
|
|
|
|
|
assert_se(rl[RLIMIT_RTTIME]->rlim_cur == 59 * USEC_PER_SEC);
|
|
|
|
|
|
assert_se(rl[RLIMIT_RTTIME]->rlim_cur == rl[RLIMIT_RTTIME]->rlim_max);
|
|
|
|
|
|
|
2018-05-03 19:01:21 +02:00
|
|
|
|
assert_se(config_parse_rlimit(NULL, "fake", 1, "section", 1, "LimitRTTIME", RLIMIT_RTTIME, "59s:123s", rl, NULL) >= 0);
|
2015-11-20 12:54:10 +01:00
|
|
|
|
assert_se(rl[RLIMIT_RTTIME]);
|
|
|
|
|
|
assert_se(rl[RLIMIT_RTTIME]->rlim_cur == 59 * USEC_PER_SEC);
|
|
|
|
|
|
assert_se(rl[RLIMIT_RTTIME]->rlim_max == 123 * USEC_PER_SEC);
|
|
|
|
|
|
|
2018-05-03 19:01:21 +02:00
|
|
|
|
assert_se(config_parse_rlimit(NULL, "fake", 1, "section", 1, "LimitRTTIME", RLIMIT_RTTIME, "infinity", rl, NULL) >= 0);
|
2015-11-10 16:52:52 +01:00
|
|
|
|
assert_se(rl[RLIMIT_RTTIME]);
|
|
|
|
|
|
assert_se(rl[RLIMIT_RTTIME]->rlim_cur == RLIM_INFINITY);
|
|
|
|
|
|
assert_se(rl[RLIMIT_RTTIME]->rlim_cur == rl[RLIMIT_RTTIME]->rlim_max);
|
|
|
|
|
|
|
2018-05-03 19:01:21 +02:00
|
|
|
|
assert_se(config_parse_rlimit(NULL, "fake", 1, "section", 1, "LimitRTTIME", RLIMIT_RTTIME, "infinity:infinity", rl, NULL) >= 0);
|
2015-11-20 12:54:10 +01:00
|
|
|
|
assert_se(rl[RLIMIT_RTTIME]);
|
|
|
|
|
|
assert_se(rl[RLIMIT_RTTIME]->rlim_cur == RLIM_INFINITY);
|
|
|
|
|
|
assert_se(rl[RLIMIT_RTTIME]->rlim_cur == rl[RLIMIT_RTTIME]->rlim_max);
|
|
|
|
|
|
|
2018-05-03 19:01:21 +02:00
|
|
|
|
assert_se(config_parse_rlimit(NULL, "fake", 1, "section", 1, "LimitRTTIME", RLIMIT_RTTIME, "2345ms", rl, NULL) >= 0);
|
2015-11-10 16:52:52 +01:00
|
|
|
|
assert_se(rl[RLIMIT_RTTIME]);
|
|
|
|
|
|
assert_se(rl[RLIMIT_RTTIME]->rlim_cur == 2345 * USEC_PER_MSEC);
|
|
|
|
|
|
assert_se(rl[RLIMIT_RTTIME]->rlim_cur == rl[RLIMIT_RTTIME]->rlim_max);
|
|
|
|
|
|
|
|
|
|
|
|
rl[RLIMIT_RTTIME] = mfree(rl[RLIMIT_RTTIME]);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2015-11-07 19:54:12 +01:00
|
|
|
|
static void test_config_parse_pass_environ(void) {
|
|
|
|
|
|
/* int config_parse_pass_environ(
|
|
|
|
|
|
const char *unit,
|
|
|
|
|
|
const char *filename,
|
|
|
|
|
|
unsigned line,
|
|
|
|
|
|
const char *section,
|
|
|
|
|
|
unsigned section_line,
|
|
|
|
|
|
const char *lvalue,
|
|
|
|
|
|
int ltype,
|
|
|
|
|
|
const char *rvalue,
|
|
|
|
|
|
void *data,
|
|
|
|
|
|
void *userdata) */
|
|
|
|
|
|
int r;
|
|
|
|
|
|
_cleanup_strv_free_ char **passenv = NULL;
|
|
|
|
|
|
|
|
|
|
|
|
r = config_parse_pass_environ(NULL, "fake", 1, "section", 1,
|
|
|
|
|
|
"PassEnvironment", 0, "A B",
|
|
|
|
|
|
&passenv, NULL);
|
|
|
|
|
|
assert_se(r >= 0);
|
|
|
|
|
|
assert_se(strv_length(passenv) == 2);
|
|
|
|
|
|
assert_se(streq(passenv[0], "A"));
|
|
|
|
|
|
assert_se(streq(passenv[1], "B"));
|
|
|
|
|
|
|
|
|
|
|
|
r = config_parse_pass_environ(NULL, "fake", 1, "section", 1,
|
|
|
|
|
|
"PassEnvironment", 0, "",
|
|
|
|
|
|
&passenv, NULL);
|
|
|
|
|
|
assert_se(r >= 0);
|
|
|
|
|
|
assert_se(strv_isempty(passenv));
|
|
|
|
|
|
|
|
|
|
|
|
r = config_parse_pass_environ(NULL, "fake", 1, "section", 1,
|
|
|
|
|
|
"PassEnvironment", 0, "'invalid name' 'normal_name' A=1 \\",
|
|
|
|
|
|
&passenv, NULL);
|
|
|
|
|
|
assert_se(r >= 0);
|
|
|
|
|
|
assert_se(strv_length(passenv) == 1);
|
|
|
|
|
|
assert_se(streq(passenv[0], "normal_name"));
|
|
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-08-26 16:21:23 +02:00
|
|
|
|
static void test_unit_dump_config_items(void) {
|
|
|
|
|
|
unit_dump_config_items(stdout);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2012-11-15 14:48:12 +01:00
|
|
|
|
int main(int argc, char *argv[]) {
|
2016-05-20 15:08:24 +02:00
|
|
|
|
_cleanup_(rm_rf_physical_and_freep) char *runtime_dir = NULL;
|
2013-07-30 15:07:20 +02:00
|
|
|
|
int r;
|
2012-11-15 14:48:12 +01:00
|
|
|
|
|
2018-09-13 14:31:13 +02:00
|
|
|
|
test_setup_logging(LOG_INFO);
|
2013-04-15 07:40:44 +02:00
|
|
|
|
|
2017-10-10 20:55:20 +02:00
|
|
|
|
r = enter_cgroup_subroot();
|
2018-09-13 13:34:12 +02:00
|
|
|
|
if (r == -ENOMEDIUM)
|
|
|
|
|
|
return log_tests_skipped("cgroupfs not available");
|
tests: when running a manager object in a test, migrate to private cgroup subroot first (#6576)
Without this "meson test" will end up running all tests in the same
cgroup root, and they all will try to manage it. Which usually isn't too
bad, except when they end up clearing up each other's cgroups. This race
is hard to trigger but has caused various CI runs to fail spuriously.
With this change we simply move every test that runs a manager object
into their own private cgroup. Note that we don't clean up the cgroup at
the end, we leave that to the cgroup manager around it.
This fixes races that become visible by test runs throwing out errors
like this:
```
exec-systemcallfilter-failing.service: Passing 0 fds to service
exec-systemcallfilter-failing.service: About to execute: /bin/echo 'This should not be seen'
exec-systemcallfilter-failing.service: Forked /bin/echo as 5693
exec-systemcallfilter-failing.service: Changed dead -> start
exec-systemcallfilter-failing.service: Failed to attach to cgroup /exec-systemcallfilter-failing.service: No such file or directory
Received SIGCHLD from PID 5693 ((echo)).
Child 5693 ((echo)) died (code=exited, status=219/CGROUP)
exec-systemcallfilter-failing.service: Child 5693 belongs to exec-systemcallfilter-failing.service
exec-systemcallfilter-failing.service: Main process exited, code=exited, status=219/CGROUP
exec-systemcallfilter-failing.service: Changed start -> failed
exec-systemcallfilter-failing.service: Unit entered failed state.
exec-systemcallfilter-failing.service: Failed with result 'exit-code'.
exec-systemcallfilter-failing.service: cgroup is empty
Assertion 'service->main_exec_status.status == status_expected' failed at ../src/src/test/test-execute.c:71, function check(). Aborting.
```
BTW, I tracked this race down by using perf:
```
# perf record -e cgroup:cgroup_mkdir,cgroup_rmdir
…
# perf script
```
Thanks a lot @iaguis, @alban for helping me how to use perf for this.
Fixes #5895.
2017-08-09 15:42:49 +02:00
|
|
|
|
|
2016-04-08 18:54:05 +02:00
|
|
|
|
assert_se(runtime_dir = setup_fake_runtime_dir());
|
|
|
|
|
|
|
2013-07-30 15:07:20 +02:00
|
|
|
|
r = test_unit_file_get_set();
|
2012-11-15 14:48:12 +01:00
|
|
|
|
test_config_parse_exec();
|
2017-11-14 14:58:37 +01:00
|
|
|
|
test_config_parse_log_extra_fields();
|
2016-01-07 23:00:04 +01:00
|
|
|
|
test_config_parse_capability_set();
|
2015-11-10 16:52:52 +01:00
|
|
|
|
test_config_parse_rlimit();
|
2015-11-07 19:54:12 +01:00
|
|
|
|
test_config_parse_pass_environ();
|
2013-01-18 16:57:11 +01:00
|
|
|
|
test_load_env_file_1();
|
|
|
|
|
|
test_load_env_file_2();
|
2013-02-13 05:28:48 +01:00
|
|
|
|
test_load_env_file_3();
|
2013-04-14 02:22:53 +02:00
|
|
|
|
test_load_env_file_4();
|
2014-11-20 21:18:23 +01:00
|
|
|
|
test_load_env_file_5();
|
2013-07-18 08:30:06 +02:00
|
|
|
|
TEST_REQ_RUNNING_SYSTEMD(test_install_printf());
|
2017-08-26 16:21:23 +02:00
|
|
|
|
test_unit_dump_config_items();
|
2012-09-11 01:11:32 +02:00
|
|
|
|
|
2013-07-30 15:07:20 +02:00
|
|
|
|
return r;
|
2012-09-11 01:11:32 +02:00
|
|
|
|
}
|