From 9590065f37be040996f1c2b9a246b9952fdc0c0b Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 14 Sep 2018 15:51:04 +0900 Subject: [PATCH 1/4] test-fs-util: skip some tests when running in unprivileged container --- src/test/test-fs-util.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c index d188c24f7b..4b61a3f43f 100644 --- a/src/test/test-fs-util.c +++ b/src/test/test-fs-util.c @@ -17,6 +17,7 @@ #include "strv.h" #include "user-util.h" #include "util.h" +#include "virt.h" static void test_chase_symlinks(void) { _cleanup_free_ char *result = NULL; @@ -493,6 +494,7 @@ static void test_touch_file(void) { struct stat st; const char *a; usec_t test_mtime; + int r; test_uid = geteuid() == 0 ? 65534 : getuid(); test_gid = geteuid() == 0 ? 65534 : getgid(); @@ -542,7 +544,12 @@ static void test_touch_file(void) { if (geteuid() == 0) { a = strjoina(p, "/cdev"); - assert_se(mknod(a, 0775 | S_IFCHR, makedev(0, 0)) >= 0); + r = mknod(a, 0775 | S_IFCHR, makedev(0, 0)); + if (r < 0 && errno == EPERM && detect_container() > 0) { + log_notice("Running in unprivileged container? Skipping remaining tests in %s", __func__); + return; + } + assert_se(r >= 0); assert_se(touch_file(a, false, test_mtime, test_uid, test_gid, 0640) >= 0); assert_se(lstat(a, &st) >= 0); assert_se(st.st_uid == test_uid); From 767eab47501b06327a0e6030e5c54860a3fc427f Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 20 Sep 2018 16:08:38 +0900 Subject: [PATCH 2/4] test-process-util: skip several verifications when running in unprivileged container --- src/test/test-process-util.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/test/test-process-util.c b/src/test/test-process-util.c index d396c29b06..d0eba32202 100644 --- a/src/test/test-process-util.c +++ b/src/test/test-process-util.c @@ -401,12 +401,17 @@ static void test_rename_process_now(const char *p, int ret) { log_info("comm = <%s>", comm); assert_se(strneq(comm, p, TASK_COMM_LEN-1)); - assert_se(get_process_cmdline(0, 0, false, &cmdline) >= 0); + r = get_process_cmdline(0, 0, false, &cmdline); + assert_se(r >= 0); /* we cannot expect cmdline to be renamed properly without privileges */ if (geteuid() == 0) { - log_info("cmdline = <%s>", cmdline); - assert_se(strneq(p, cmdline, STRLEN("test-process-util"))); - assert_se(startswith(p, cmdline)); + if (r == 0 && detect_container() > 0) + log_info("cmdline = <%s> (not verified, Running in unprivileged container?)", cmdline); + else { + log_info("cmdline = <%s>", cmdline); + assert_se(strneq(p, cmdline, STRLEN("test-process-util"))); + assert_se(startswith(p, cmdline)); + } } else log_info("cmdline = <%s> (not verified)", cmdline); } From 738c74d7b163ea18e3c68115c3ed8ceed166cbf7 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 12 Sep 2018 18:18:33 +0900 Subject: [PATCH 3/4] test-execute: also check python3 is installed or not --- src/test/test-execute.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/src/test/test-execute.c b/src/test/test-execute.c index c3ea5f6469..80b60d0317 100644 --- a/src/test/test-execute.c +++ b/src/test/test-execute.c @@ -337,6 +337,8 @@ static void test_exec_temporaryfilesystem(Manager *m) { static void test_exec_systemcallfilter(Manager *m) { #if HAVE_SECCOMP + int r; + if (!is_seccomp_available()) { log_notice("Seccomp not available, skipping %s", __func__); return; @@ -346,6 +348,13 @@ static void test_exec_systemcallfilter(Manager *m) { test(m, "exec-systemcallfilter-not-failing2.service", 0, CLD_EXITED); test(m, "exec-systemcallfilter-failing.service", SIGSYS, CLD_KILLED); test(m, "exec-systemcallfilter-failing2.service", SIGSYS, CLD_KILLED); + + r = find_binary("python3", NULL); + if (r < 0) { + log_notice_errno(r, "Skipping remaining tests in %s, could not find python3 binary: %m", __func__); + return; + } + test(m, "exec-systemcallfilter-with-errno-name.service", errno_from_name("EILSEQ"), CLD_EXITED); test(m, "exec-systemcallfilter-with-errno-number.service", 255, CLD_EXITED); #endif @@ -353,11 +362,19 @@ static void test_exec_systemcallfilter(Manager *m) { static void test_exec_systemcallerrornumber(Manager *m) { #if HAVE_SECCOMP + int r; + if (!is_seccomp_available()) { log_notice("Seccomp not available, skipping %s", __func__); return; } + r = find_binary("python3", NULL); + if (r < 0) { + log_notice_errno(r, "Skipping %s, could not find python3 binary: %m", __func__); + return; + } + test(m, "exec-systemcallerrornumber-name.service", errno_from_name("EACCES"), CLD_EXITED); test(m, "exec-systemcallerrornumber-number.service", 255, CLD_EXITED); #endif From 642d1a6d6e98204ade25816bcc429cb67df92a29 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 14 Sep 2018 15:47:42 +0900 Subject: [PATCH 4/4] test-execute: skip several tests when running in container --- src/test/test-execute.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/src/test/test-execute.c b/src/test/test-execute.c index 80b60d0317..ade02b1e3c 100644 --- a/src/test/test-execute.c +++ b/src/test/test-execute.c @@ -640,14 +640,24 @@ static void test_exec_privatenetwork(Manager *m) { static void test_exec_oomscoreadjust(Manager *m) { test(m, "exec-oomscoreadjust-positive.service", 0, CLD_EXITED); + + if (detect_container() > 0) { + log_notice("Testing in container, skipping remaining tests in %s", __func__); + return; + } test(m, "exec-oomscoreadjust-negative.service", 0, CLD_EXITED); } static void test_exec_ioschedulingclass(Manager *m) { test(m, "exec-ioschedulingclass-none.service", 0, CLD_EXITED); test(m, "exec-ioschedulingclass-idle.service", 0, CLD_EXITED); - test(m, "exec-ioschedulingclass-realtime.service", 0, CLD_EXITED); test(m, "exec-ioschedulingclass-best-effort.service", 0, CLD_EXITED); + + if (detect_container() > 0) { + log_notice("Testing in container, skipping remaining tests in %s", __func__); + return; + } + test(m, "exec-ioschedulingclass-realtime.service", 0, CLD_EXITED); } static void test_exec_unsetenvironment(Manager *m) {