Merge pull request #8552 from keszybz/test-improvements
Test and diagnostics improvements
This commit is contained in:
commit
959071cac2
|
@ -552,6 +552,7 @@ m4 = find_program('m4')
|
|||
stat = find_program('stat')
|
||||
git = find_program('git', required : false)
|
||||
env = find_program('env')
|
||||
perl = find_program('perl', required : false)
|
||||
|
||||
meson_make_symlink = meson.source_root() + '/tools/meson-make-symlink.sh'
|
||||
mkdir_p = 'mkdir -p $DESTDIR/@0@'
|
||||
|
|
|
@ -47,8 +47,8 @@ int mkdir_label(const char *path, mode_t mode) {
|
|||
return mac_smack_fix(path, false, false);
|
||||
}
|
||||
|
||||
int mkdir_safe_label(const char *path, mode_t mode, uid_t uid, gid_t gid, bool follow_symlink) {
|
||||
return mkdir_safe_internal(path, mode, uid, gid, follow_symlink, mkdir_label);
|
||||
int mkdir_safe_label(const char *path, mode_t mode, uid_t uid, gid_t gid, MkdirFlags flags) {
|
||||
return mkdir_safe_internal(path, mode, uid, gid, flags, mkdir_label);
|
||||
}
|
||||
|
||||
int mkdir_parents_label(const char *path, mode_t mode) {
|
||||
|
|
|
@ -29,9 +29,10 @@
|
|||
#include "mkdir.h"
|
||||
#include "path-util.h"
|
||||
#include "stat-util.h"
|
||||
#include "stdio-util.h"
|
||||
#include "user-util.h"
|
||||
|
||||
int mkdir_safe_internal(const char *path, mode_t mode, uid_t uid, gid_t gid, bool follow_symlink, mkdir_func_t _mkdir) {
|
||||
int mkdir_safe_internal(const char *path, mode_t mode, uid_t uid, gid_t gid, MkdirFlags flags, mkdir_func_t _mkdir) {
|
||||
struct stat st;
|
||||
int r;
|
||||
|
||||
|
@ -46,26 +47,47 @@ int mkdir_safe_internal(const char *path, mode_t mode, uid_t uid, gid_t gid, boo
|
|||
if (lstat(path, &st) < 0)
|
||||
return -errno;
|
||||
|
||||
if (follow_symlink && S_ISLNK(st.st_mode)) {
|
||||
if ((flags & MKDIR_FOLLOW_SYMLINK) && S_ISLNK(st.st_mode)) {
|
||||
_cleanup_free_ char *p = NULL;
|
||||
|
||||
r = chase_symlinks(path, NULL, CHASE_NONEXISTENT, &p);
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r == 0)
|
||||
return mkdir_safe_internal(p, mode, uid, gid, false, _mkdir);
|
||||
return mkdir_safe_internal(p, mode, uid, gid,
|
||||
flags & ~MKDIR_FOLLOW_SYMLINK,
|
||||
_mkdir);
|
||||
|
||||
if (lstat(p, &st) < 0)
|
||||
return -errno;
|
||||
}
|
||||
|
||||
if (!S_ISDIR(st.st_mode)) {
|
||||
log_full(flags & MKDIR_WARN_MODE ? LOG_WARNING : LOG_DEBUG,
|
||||
"Path \"%s\" already exists and is not a directory, refusing.", path);
|
||||
return -ENOTDIR;
|
||||
}
|
||||
if ((st.st_mode & 0007) > (mode & 0007) ||
|
||||
(st.st_mode & 0070) > (mode & 0070) ||
|
||||
(st.st_mode & 0700) > (mode & 0700) ||
|
||||
(uid != UID_INVALID && st.st_uid != uid) ||
|
||||
(gid != GID_INVALID && st.st_gid != gid) ||
|
||||
!S_ISDIR(st.st_mode))
|
||||
(st.st_mode & 0700) > (mode & 0700)) {
|
||||
log_full(flags & MKDIR_WARN_MODE ? LOG_WARNING : LOG_DEBUG,
|
||||
"Directory \"%s\" already exists, but has mode %04o that is too permissive (%04o was requested), refusing.",
|
||||
path, st.st_mode & 0777, mode);
|
||||
return -EEXIST;
|
||||
}
|
||||
if ((uid != UID_INVALID && st.st_uid != uid) ||
|
||||
(gid != GID_INVALID && st.st_gid != gid)) {
|
||||
char u[DECIMAL_STR_MAX(uid_t)] = "-", g[DECIMAL_STR_MAX(gid_t)] = "-";
|
||||
|
||||
if (uid != UID_INVALID)
|
||||
xsprintf(u, UID_FMT, uid);
|
||||
if (gid != UID_INVALID)
|
||||
xsprintf(g, GID_FMT, gid);
|
||||
log_full(flags & MKDIR_WARN_MODE ? LOG_WARNING : LOG_DEBUG,
|
||||
"Directory \"%s\" already exists, but is owned by "UID_FMT":"GID_FMT" (%s:%s was requested), refusing.",
|
||||
path, st.st_uid, st.st_gid, u, g);
|
||||
return -EEXIST;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
@ -76,8 +98,8 @@ int mkdir_errno_wrapper(const char *pathname, mode_t mode) {
|
|||
return 0;
|
||||
}
|
||||
|
||||
int mkdir_safe(const char *path, mode_t mode, uid_t uid, gid_t gid, bool follow_symlink) {
|
||||
return mkdir_safe_internal(path, mode, uid, gid, follow_symlink, mkdir_errno_wrapper);
|
||||
int mkdir_safe(const char *path, mode_t mode, uid_t uid, gid_t gid, MkdirFlags flags) {
|
||||
return mkdir_safe_internal(path, mode, uid, gid, flags, mkdir_errno_wrapper);
|
||||
}
|
||||
|
||||
int mkdir_parents_internal(const char *prefix, const char *path, mode_t mode, mkdir_func_t _mkdir) {
|
||||
|
|
|
@ -23,18 +23,23 @@
|
|||
|
||||
#include <sys/types.h>
|
||||
|
||||
typedef enum MkdirFlags {
|
||||
MKDIR_FOLLOW_SYMLINK = 1 << 0,
|
||||
MKDIR_WARN_MODE = 1 << 1,
|
||||
} MkdirFlags;
|
||||
|
||||
int mkdir_errno_wrapper(const char *pathname, mode_t mode);
|
||||
int mkdir_safe(const char *path, mode_t mode, uid_t uid, gid_t gid, bool follow_symlink);
|
||||
int mkdir_safe(const char *path, mode_t mode, uid_t uid, gid_t gid, MkdirFlags flags);
|
||||
int mkdir_parents(const char *path, mode_t mode);
|
||||
int mkdir_p(const char *path, mode_t mode);
|
||||
|
||||
/* mandatory access control(MAC) versions */
|
||||
int mkdir_safe_label(const char *path, mode_t mode, uid_t uid, gid_t gid, bool follow_symlink);
|
||||
int mkdir_safe_label(const char *path, mode_t mode, uid_t uid, gid_t gid, MkdirFlags flags);
|
||||
int mkdir_parents_label(const char *path, mode_t mode);
|
||||
int mkdir_p_label(const char *path, mode_t mode);
|
||||
|
||||
/* internally used */
|
||||
typedef int (*mkdir_func_t)(const char *pathname, mode_t mode);
|
||||
int mkdir_safe_internal(const char *path, mode_t mode, uid_t uid, gid_t gid, bool follow_symlink, mkdir_func_t _mkdir);
|
||||
int mkdir_safe_internal(const char *path, mode_t mode, uid_t uid, gid_t gid, MkdirFlags flags, mkdir_func_t _mkdir);
|
||||
int mkdir_parents_internal(const char *prefix, const char *path, mode_t mode, mkdir_func_t _mkdir);
|
||||
int mkdir_p_internal(const char *prefix, const char *path, mode_t mode, mkdir_func_t _mkdir);
|
||||
|
|
|
@ -2049,7 +2049,7 @@ static int setup_exec_directory(
|
|||
}
|
||||
|
||||
/* First set up private root if it doesn't exist yet, with access mode 0700 and owned by root:root */
|
||||
r = mkdir_safe_label(private_root, 0700, 0, 0, false);
|
||||
r = mkdir_safe_label(private_root, 0700, 0, 0, MKDIR_WARN_MODE);
|
||||
if (r < 0)
|
||||
goto fail;
|
||||
|
||||
|
|
|
@ -1219,7 +1219,7 @@ static int method_set_user_linger(sd_bus_message *message, void *userdata, sd_bu
|
|||
|
||||
mkdir_p_label("/var/lib/systemd", 0755);
|
||||
|
||||
r = mkdir_safe_label("/var/lib/systemd/linger", 0755, 0, 0, false);
|
||||
r = mkdir_safe_label("/var/lib/systemd/linger", 0755, 0, 0, MKDIR_WARN_MODE);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -1963,7 +1963,7 @@ static int update_schedule_file(Manager *m) {
|
|||
|
||||
assert(m);
|
||||
|
||||
r = mkdir_safe_label("/run/systemd/shutdown", 0755, 0, 0, false);
|
||||
r = mkdir_safe_label("/run/systemd/shutdown", 0755, 0, 0, MKDIR_WARN_MODE);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to create shutdown subdirectory: %m");
|
||||
|
||||
|
|
|
@ -87,7 +87,7 @@ int inhibitor_save(Inhibitor *i) {
|
|||
|
||||
assert(i);
|
||||
|
||||
r = mkdir_safe_label("/run/systemd/inhibit", 0755, 0, 0, false);
|
||||
r = mkdir_safe_label("/run/systemd/inhibit", 0755, 0, 0, MKDIR_WARN_MODE);
|
||||
if (r < 0)
|
||||
goto fail;
|
||||
|
||||
|
@ -291,7 +291,7 @@ int inhibitor_create_fifo(Inhibitor *i) {
|
|||
|
||||
/* Create FIFO */
|
||||
if (!i->fifo_path) {
|
||||
r = mkdir_safe_label("/run/systemd/inhibit", 0755, 0, 0, false);
|
||||
r = mkdir_safe_label("/run/systemd/inhibit", 0755, 0, 0, MKDIR_WARN_MODE);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
|
|
@ -95,7 +95,7 @@ int seat_save(Seat *s) {
|
|||
if (!s->started)
|
||||
return 0;
|
||||
|
||||
r = mkdir_safe_label("/run/systemd/seats", 0755, 0, 0, false);
|
||||
r = mkdir_safe_label("/run/systemd/seats", 0755, 0, 0, MKDIR_WARN_MODE);
|
||||
if (r < 0)
|
||||
goto fail;
|
||||
|
||||
|
|
|
@ -180,7 +180,7 @@ int session_save(Session *s) {
|
|||
if (!s->started)
|
||||
return 0;
|
||||
|
||||
r = mkdir_safe_label("/run/systemd/sessions", 0755, 0, 0, false);
|
||||
r = mkdir_safe_label("/run/systemd/sessions", 0755, 0, 0, MKDIR_WARN_MODE);
|
||||
if (r < 0)
|
||||
goto fail;
|
||||
|
||||
|
@ -949,7 +949,7 @@ int session_create_fifo(Session *s) {
|
|||
|
||||
/* Create FIFO */
|
||||
if (!s->fifo_path) {
|
||||
r = mkdir_safe_label("/run/systemd/sessions", 0755, 0, 0, false);
|
||||
r = mkdir_safe_label("/run/systemd/sessions", 0755, 0, 0, MKDIR_WARN_MODE);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
|
|
@ -143,7 +143,7 @@ static int user_save_internal(User *u) {
|
|||
assert(u);
|
||||
assert(u->state_file);
|
||||
|
||||
r = mkdir_safe_label("/run/systemd/users", 0755, 0, 0, false);
|
||||
r = mkdir_safe_label("/run/systemd/users", 0755, 0, 0, MKDIR_WARN_MODE);
|
||||
if (r < 0)
|
||||
goto fail;
|
||||
|
||||
|
@ -337,7 +337,7 @@ static int user_mkdir_runtime_path(User *u) {
|
|||
|
||||
assert(u);
|
||||
|
||||
r = mkdir_safe_label("/run/user", 0755, 0, 0, false);
|
||||
r = mkdir_safe_label("/run/user", 0755, 0, 0, MKDIR_WARN_MODE);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to create /run/user: %m");
|
||||
|
||||
|
|
|
@ -131,7 +131,7 @@ int machine_save(Machine *m) {
|
|||
if (!m->started)
|
||||
return 0;
|
||||
|
||||
r = mkdir_safe_label("/run/systemd/machines", 0755, 0, 0, false);
|
||||
r = mkdir_safe_label("/run/systemd/machines", 0755, 0, 0, MKDIR_WARN_MODE);
|
||||
if (r < 0)
|
||||
goto fail;
|
||||
|
||||
|
|
|
@ -56,7 +56,7 @@ int main(int argc, char *argv[]) {
|
|||
/* Create runtime directory. This is not necessary when networkd is
|
||||
* started with "RuntimeDirectory=systemd/netif", or after
|
||||
* systemd-tmpfiles-setup.service. */
|
||||
r = mkdir_safe_label("/run/systemd/netif", 0755, uid, gid, false);
|
||||
r = mkdir_safe_label("/run/systemd/netif", 0755, uid, gid, MKDIR_WARN_MODE);
|
||||
if (r < 0)
|
||||
log_warning_errno(r, "Could not create runtime directory: %m");
|
||||
|
||||
|
@ -75,15 +75,15 @@ int main(int argc, char *argv[]) {
|
|||
/* Always create the directories people can create inotify watches in.
|
||||
* It is necessary to create the following subdirectories after drop_privileges()
|
||||
* to support old kernels not supporting AmbientCapabilities=. */
|
||||
r = mkdir_safe_label("/run/systemd/netif/links", 0755, uid, gid, false);
|
||||
r = mkdir_safe_label("/run/systemd/netif/links", 0755, uid, gid, MKDIR_WARN_MODE);
|
||||
if (r < 0)
|
||||
log_warning_errno(r, "Could not create runtime directory 'links': %m");
|
||||
|
||||
r = mkdir_safe_label("/run/systemd/netif/leases", 0755, uid, gid, false);
|
||||
r = mkdir_safe_label("/run/systemd/netif/leases", 0755, uid, gid, MKDIR_WARN_MODE);
|
||||
if (r < 0)
|
||||
log_warning_errno(r, "Could not create runtime directory 'leases': %m");
|
||||
|
||||
r = mkdir_safe_label("/run/systemd/netif/lldp", 0755, uid, gid, false);
|
||||
r = mkdir_safe_label("/run/systemd/netif/lldp", 0755, uid, gid, MKDIR_WARN_MODE);
|
||||
if (r < 0)
|
||||
log_warning_errno(r, "Could not create runtime directory 'lldp': %m");
|
||||
|
||||
|
|
|
@ -226,8 +226,8 @@ int change_uid_gid(const char *user, char **_home) {
|
|||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to make home root directory: %m");
|
||||
|
||||
r = mkdir_safe(home, 0755, uid, gid, false);
|
||||
if (r < 0 && r != -EEXIST)
|
||||
r = mkdir_safe(home, 0755, uid, gid, 0);
|
||||
if (r < 0 && !IN_SET(r, -EEXIST, -ENOTDIR))
|
||||
return log_error_errno(r, "Failed to make home directory: %m");
|
||||
|
||||
(void) fchown(STDIN_FILENO, uid, gid);
|
||||
|
|
|
@ -62,7 +62,7 @@ int main(int argc, char *argv[]) {
|
|||
}
|
||||
|
||||
/* Always create the directory where resolv.conf will live */
|
||||
r = mkdir_safe_label("/run/systemd/resolve", 0755, uid, gid, false);
|
||||
r = mkdir_safe_label("/run/systemd/resolve", 0755, uid, gid, MKDIR_WARN_MODE);
|
||||
if (r < 0) {
|
||||
log_error_errno(r, "Could not create runtime directory: %m");
|
||||
goto finish;
|
||||
|
|
|
@ -317,7 +317,7 @@ static void test_readlink_and_make_absolute(void) {
|
|||
char *r = NULL;
|
||||
_cleanup_free_ char *pwd = NULL;
|
||||
|
||||
assert_se(mkdir_safe(tempdir, 0755, getuid(), getgid(), false) >= 0);
|
||||
assert_se(mkdir_safe(tempdir, 0755, getuid(), getgid(), MKDIR_WARN_MODE) >= 0);
|
||||
assert_se(touch(name) >= 0);
|
||||
|
||||
assert_se(symlink(name, name_alias) >= 0);
|
||||
|
|
|
@ -71,7 +71,8 @@ static int load_clock_timestamp(uid_t uid, gid_t gid) {
|
|||
}
|
||||
|
||||
} else {
|
||||
r = mkdir_safe_label("/var/lib/systemd/timesync", 0755, uid, gid, true);
|
||||
r = mkdir_safe_label("/var/lib/systemd/timesync", 0755, uid, gid,
|
||||
MKDIR_FOLLOW_SYMLINK | MKDIR_WARN_MODE);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to create state directory: %m");
|
||||
|
||||
|
|
|
@ -233,9 +233,13 @@ custom_target(
|
|||
output : 'sys',
|
||||
build_by_default : true)
|
||||
|
||||
udev_test_pl = find_program('udev-test.pl')
|
||||
test('udev-test',
|
||||
udev_test_pl)
|
||||
if perl.found()
|
||||
udev_test_pl = find_program('udev-test.pl')
|
||||
test('udev-test',
|
||||
udev_test_pl)
|
||||
else
|
||||
message('Skipping udev-test because perl is not available')
|
||||
endif
|
||||
|
||||
if conf.get('ENABLE_HWDB') == 1
|
||||
hwdb_test_sh = find_program('hwdb-test.sh')
|
||||
|
|
|
@ -2,6 +2,6 @@
|
|||
Description=Test for CapabilityBoundingSet
|
||||
|
||||
[Service]
|
||||
ExecStart=/bin/sh -x -c 'c=$$(capsh --print | grep "^Bounding set .*cap_chown"); test -z "$$c"'
|
||||
ExecStart=/bin/sh -x -c '! capsh --print | grep "^Bounding set .*cap_chown"'
|
||||
Type=oneshot
|
||||
CapabilityBoundingSet=~CAP_CHOWN
|
||||
|
|
|
@ -2,6 +2,6 @@
|
|||
Description=Test for PrivateNetwork
|
||||
|
||||
[Service]
|
||||
ExecStart=/bin/sh -x -c 'i=$$(ip link | grep ": " | grep -v ": lo:"); test -z "$$i"'
|
||||
ExecStart=/bin/sh -x -c '! ip link | grep ": " | grep -Ev ": (lo|sit0@.*):"'
|
||||
Type=oneshot
|
||||
PrivateNetwork=yes
|
||||
|
|
|
@ -3,4 +3,4 @@ Description=https://github.com/systemd/systemd/issues/2637
|
|||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/bin/sh -x -c "perl -e 'exit(!(qq{%%U} eq qq{\\x25U}))'"
|
||||
ExecStart=/bin/sh -x -c "! test -x perl || perl -e 'exit(!(qq{%%U} eq qq{\\x25U}))'"
|
||||
|
|
Loading…
Reference in New Issue