picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #8552 from keszybz/test-improvements 

Test and diagnostics improvements
This commit is contained in:
Lennart Poettering 2018-03-23 15:26:54 +01:00 committed by GitHub
parent 2f5fa62bf7 37c1d5e97d
commit 959071cac2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
20 changed files with 73 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
meson.build
View File

@ -552,6 +552,7 @@ m4 = find_program('m4')
stat = find_program('stat')
git = find_program('git', required : false)
env = find_program('env')
perl = find_program('perl', required : false)
meson_make_symlink = meson.source_root() + '/tools/meson-make-symlink.sh'
mkdir_p = 'mkdir -p $DESTDIR/@0@'

4
src/basic/mkdir-label.c
View File

@ -47,8 +47,8 @@ int mkdir_label(const char *path, mode_t mode) {
return mac_smack_fix(path, false, false);
}
int mkdir_safe_label(const char *path, mode_t mode, uid_t uid, gid_t gid, bool follow_symlink) {
return mkdir_safe_internal(path, mode, uid, gid, follow_symlink, mkdir_label);
int mkdir_safe_label(const char *path, mode_t mode, uid_t uid, gid_t gid, MkdirFlags flags) {
return mkdir_safe_internal(path, mode, uid, gid, flags, mkdir_label);
}
int mkdir_parents_label(const char *path, mode_t mode) {

40
src/basic/mkdir.c
View File

@ -29,9 +29,10 @@
#include "mkdir.h"
#include "path-util.h"
#include "stat-util.h"
#include "stdio-util.h"
#include "user-util.h"
int mkdir_safe_internal(const char *path, mode_t mode, uid_t uid, gid_t gid, bool follow_symlink, mkdir_func_t _mkdir) {
int mkdir_safe_internal(const char *path, mode_t mode, uid_t uid, gid_t gid, MkdirFlags flags, mkdir_func_t _mkdir) {
struct stat st;
int r;
@ -46,26 +47,47 @@ int mkdir_safe_internal(const char *path, mode_t mode, uid_t uid, gid_t gid, boo
if (lstat(path, &st) < 0)
return -errno;
if (follow_symlink && S_ISLNK(st.st_mode)) {
if ((flags & MKDIR_FOLLOW_SYMLINK) && S_ISLNK(st.st_mode)) {
_cleanup_free_ char *p = NULL;
r = chase_symlinks(path, NULL, CHASE_NONEXISTENT, &p);
if (r < 0)
return r;
if (r == 0)
return mkdir_safe_internal(p, mode, uid, gid, false, _mkdir);
return mkdir_safe_internal(p, mode, uid, gid,
flags & ~MKDIR_FOLLOW_SYMLINK,
_mkdir);
if (lstat(p, &st) < 0)
return -errno;
}
if (!S_ISDIR(st.st_mode)) {
log_full(flags & MKDIR_WARN_MODE ? LOG_WARNING : LOG_DEBUG,
"Path \"%s\" already exists and is not a directory, refusing.", path);
return -ENOTDIR;
}
if ((st.st_mode & 0007) > (mode & 0007) ||
(st.st_mode & 0070) > (mode & 0070) ||
(st.st_mode & 0700) > (mode & 0700) ||
(uid != UID_INVALID && st.st_uid != uid) ||
(gid != GID_INVALID && st.st_gid != gid) ||
!S_ISDIR(st.st_mode))
(st.st_mode & 0700) > (mode & 0700)) {
log_full(flags & MKDIR_WARN_MODE ? LOG_WARNING : LOG_DEBUG,
"Directory \"%s\" already exists, but has mode %04o that is too permissive (%04o was requested), refusing.",
path, st.st_mode & 0777, mode);
return -EEXIST;
}
if ((uid != UID_INVALID && st.st_uid != uid) ||
(gid != GID_INVALID && st.st_gid != gid)) {
char u[DECIMAL_STR_MAX(uid_t)] = "-", g[DECIMAL_STR_MAX(gid_t)] = "-";
if (uid != UID_INVALID)
xsprintf(u, UID_FMT, uid);
if (gid != UID_INVALID)
xsprintf(g, GID_FMT, gid);
log_full(flags & MKDIR_WARN_MODE ? LOG_WARNING : LOG_DEBUG,
"Directory \"%s\" already exists, but is owned by "UID_FMT":"GID_FMT" (%s:%s was requested), refusing.",
path, st.st_uid, st.st_gid, u, g);
return -EEXIST;
}
return 0;
}
@ -76,8 +98,8 @@ int mkdir_errno_wrapper(const char *pathname, mode_t mode) {
return 0;
}
int mkdir_safe(const char *path, mode_t mode, uid_t uid, gid_t gid, bool follow_symlink) {
return mkdir_safe_internal(path, mode, uid, gid, follow_symlink, mkdir_errno_wrapper);
int mkdir_safe(const char *path, mode_t mode, uid_t uid, gid_t gid, MkdirFlags flags) {
return mkdir_safe_internal(path, mode, uid, gid, flags, mkdir_errno_wrapper);
}
int mkdir_parents_internal(const char *prefix, const char *path, mode_t mode, mkdir_func_t _mkdir) {

11
src/basic/mkdir.h
View File

@ -23,18 +23,23 @@
#include <sys/types.h>
typedef enum MkdirFlags {
MKDIR_FOLLOW_SYMLINK = 1 << 0,
MKDIR_WARN_MODE = 1 << 1,
} MkdirFlags;
int mkdir_errno_wrapper(const char *pathname, mode_t mode);
int mkdir_safe(const char *path, mode_t mode, uid_t uid, gid_t gid, bool follow_symlink);
int mkdir_safe(const char *path, mode_t mode, uid_t uid, gid_t gid, MkdirFlags flags);
int mkdir_parents(const char *path, mode_t mode);
int mkdir_p(const char *path, mode_t mode);
/* mandatory access control(MAC) versions */
int mkdir_safe_label(const char *path, mode_t mode, uid_t uid, gid_t gid, bool follow_symlink);
int mkdir_safe_label(const char *path, mode_t mode, uid_t uid, gid_t gid, MkdirFlags flags);
int mkdir_parents_label(const char *path, mode_t mode);
int mkdir_p_label(const char *path, mode_t mode);
/* internally used */
typedef int (*mkdir_func_t)(const char *pathname, mode_t mode);
int mkdir_safe_internal(const char *path, mode_t mode, uid_t uid, gid_t gid, bool follow_symlink, mkdir_func_t _mkdir);
int mkdir_safe_internal(const char *path, mode_t mode, uid_t uid, gid_t gid, MkdirFlags flags, mkdir_func_t _mkdir);
int mkdir_parents_internal(const char *prefix, const char *path, mode_t mode, mkdir_func_t _mkdir);
int mkdir_p_internal(const char *prefix, const char *path, mode_t mode, mkdir_func_t _mkdir);

2
src/core/execute.c
View File

@ -2049,7 +2049,7 @@ static int setup_exec_directory(
}
/* First set up private root if it doesn't exist yet, with access mode 0700 and owned by root:root */
r = mkdir_safe_label(private_root, 0700, 0, 0, false);
r = mkdir_safe_label(private_root, 0700, 0, 0, MKDIR_WARN_MODE);
if (r < 0)
goto fail;

4
src/login/logind-dbus.c
View File

@ -1219,7 +1219,7 @@ static int method_set_user_linger(sd_bus_message *message, void *userdata, sd_bu
mkdir_p_label("/var/lib/systemd", 0755);
r = mkdir_safe_label("/var/lib/systemd/linger", 0755, 0, 0, false);
r = mkdir_safe_label("/var/lib/systemd/linger", 0755, 0, 0, MKDIR_WARN_MODE);
if (r < 0)
return r;
@ -1963,7 +1963,7 @@ static int update_schedule_file(Manager *m) {
assert(m);
r = mkdir_safe_label("/run/systemd/shutdown", 0755, 0, 0, false);
r = mkdir_safe_label("/run/systemd/shutdown", 0755, 0, 0, MKDIR_WARN_MODE);
if (r < 0)
return log_error_errno(r, "Failed to create shutdown subdirectory: %m");

4
src/login/logind-inhibit.c
View File

@ -87,7 +87,7 @@ int inhibitor_save(Inhibitor *i) {
assert(i);
r = mkdir_safe_label("/run/systemd/inhibit", 0755, 0, 0, false);
r = mkdir_safe_label("/run/systemd/inhibit", 0755, 0, 0, MKDIR_WARN_MODE);
if (r < 0)
goto fail;
@ -291,7 +291,7 @@ int inhibitor_create_fifo(Inhibitor *i) {
/* Create FIFO */
if (!i->fifo_path) {
r = mkdir_safe_label("/run/systemd/inhibit", 0755, 0, 0, false);
r = mkdir_safe_label("/run/systemd/inhibit", 0755, 0, 0, MKDIR_WARN_MODE);
if (r < 0)
return r;

2
src/login/logind-seat.c
View File

@ -95,7 +95,7 @@ int seat_save(Seat *s) {
if (!s->started)
return 0;
r = mkdir_safe_label("/run/systemd/seats", 0755, 0, 0, false);
r = mkdir_safe_label("/run/systemd/seats", 0755, 0, 0, MKDIR_WARN_MODE);
if (r < 0)
goto fail;

4
src/login/logind-session.c
View File

@ -180,7 +180,7 @@ int session_save(Session *s) {
if (!s->started)
return 0;
r = mkdir_safe_label("/run/systemd/sessions", 0755, 0, 0, false);
r = mkdir_safe_label("/run/systemd/sessions", 0755, 0, 0, MKDIR_WARN_MODE);
if (r < 0)
goto fail;
@ -949,7 +949,7 @@ int session_create_fifo(Session *s) {
/* Create FIFO */
if (!s->fifo_path) {
r = mkdir_safe_label("/run/systemd/sessions", 0755, 0, 0, false);
r = mkdir_safe_label("/run/systemd/sessions", 0755, 0, 0, MKDIR_WARN_MODE);
if (r < 0)
return r;

4
src/login/logind-user.c
View File

@ -143,7 +143,7 @@ static int user_save_internal(User *u) {
assert(u);
assert(u->state_file);
r = mkdir_safe_label("/run/systemd/users", 0755, 0, 0, false);
r = mkdir_safe_label("/run/systemd/users", 0755, 0, 0, MKDIR_WARN_MODE);
if (r < 0)
goto fail;
@ -337,7 +337,7 @@ static int user_mkdir_runtime_path(User *u) {
assert(u);
r = mkdir_safe_label("/run/user", 0755, 0, 0, false);
r = mkdir_safe_label("/run/user", 0755, 0, 0, MKDIR_WARN_MODE);
if (r < 0)
return log_error_errno(r, "Failed to create /run/user: %m");

2
src/machine/machine.c
View File

@ -131,7 +131,7 @@ int machine_save(Machine *m) {
if (!m->started)
return 0;
r = mkdir_safe_label("/run/systemd/machines", 0755, 0, 0, false);
r = mkdir_safe_label("/run/systemd/machines", 0755, 0, 0, MKDIR_WARN_MODE);
if (r < 0)
goto fail;

8
src/network/networkd.c
View File

@ -56,7 +56,7 @@ int main(int argc, char *argv[]) {
/* Create runtime directory. This is not necessary when networkd is
* started with "RuntimeDirectory=systemd/netif", or after
* systemd-tmpfiles-setup.service. */
r = mkdir_safe_label("/run/systemd/netif", 0755, uid, gid, false);
r = mkdir_safe_label("/run/systemd/netif", 0755, uid, gid, MKDIR_WARN_MODE);
if (r < 0)
log_warning_errno(r, "Could not create runtime directory: %m");
@ -75,15 +75,15 @@ int main(int argc, char *argv[]) {
/* Always create the directories people can create inotify watches in.
* It is necessary to create the following subdirectories after drop_privileges()
* to support old kernels not supporting AmbientCapabilities=. */
r = mkdir_safe_label("/run/systemd/netif/links", 0755, uid, gid, false);
r = mkdir_safe_label("/run/systemd/netif/links", 0755, uid, gid, MKDIR_WARN_MODE);
if (r < 0)
log_warning_errno(r, "Could not create runtime directory 'links': %m");
r = mkdir_safe_label("/run/systemd/netif/leases", 0755, uid, gid, false);
r = mkdir_safe_label("/run/systemd/netif/leases", 0755, uid, gid, MKDIR_WARN_MODE);
if (r < 0)
log_warning_errno(r, "Could not create runtime directory 'leases': %m");
r = mkdir_safe_label("/run/systemd/netif/lldp", 0755, uid, gid, false);
r = mkdir_safe_label("/run/systemd/netif/lldp", 0755, uid, gid, MKDIR_WARN_MODE);
if (r < 0)
log_warning_errno(r, "Could not create runtime directory 'lldp': %m");

4
src/nspawn/nspawn-setuid.c
View File

@ -226,8 +226,8 @@ int change_uid_gid(const char *user, char **_home) {
if (r < 0)
return log_error_errno(r, "Failed to make home root directory: %m");
r = mkdir_safe(home, 0755, uid, gid, false);
if (r < 0 && r != -EEXIST)
r = mkdir_safe(home, 0755, uid, gid, 0);
if (r < 0 && !IN_SET(r, -EEXIST, -ENOTDIR))
return log_error_errno(r, "Failed to make home directory: %m");
(void) fchown(STDIN_FILENO, uid, gid);

2
src/resolve/resolved.c
View File

@ -62,7 +62,7 @@ int main(int argc, char *argv[]) {
}
/* Always create the directory where resolv.conf will live */
r = mkdir_safe_label("/run/systemd/resolve", 0755, uid, gid, false);
r = mkdir_safe_label("/run/systemd/resolve", 0755, uid, gid, MKDIR_WARN_MODE);
if (r < 0) {
log_error_errno(r, "Could not create runtime directory: %m");
goto finish;

2
src/test/test-fs-util.c
View File

@ -317,7 +317,7 @@ static void test_readlink_and_make_absolute(void) {
char *r = NULL;
_cleanup_free_ char *pwd = NULL;
assert_se(mkdir_safe(tempdir, 0755, getuid(), getgid(), false) >= 0);
assert_se(mkdir_safe(tempdir, 0755, getuid(), getgid(), MKDIR_WARN_MODE) >= 0);
assert_se(touch(name) >= 0);
assert_se(symlink(name, name_alias) >= 0);

3
src/timesync/timesyncd.c
View File

@ -71,7 +71,8 @@ static int load_clock_timestamp(uid_t uid, gid_t gid) {
}
} else {
r = mkdir_safe_label("/var/lib/systemd/timesync", 0755, uid, gid, true);
r = mkdir_safe_label("/var/lib/systemd/timesync", 0755, uid, gid,
MKDIR_FOLLOW_SYMLINK | MKDIR_WARN_MODE);
if (r < 0)
return log_error_errno(r, "Failed to create state directory: %m");

10
test/meson.build
View File

@ -233,9 +233,13 @@ custom_target(
output : 'sys',
build_by_default : true)
udev_test_pl = find_program('udev-test.pl')
test('udev-test',
udev_test_pl)
if perl.found()
udev_test_pl = find_program('udev-test.pl')
test('udev-test',
udev_test_pl)
else
message('Skipping udev-test because perl is not available')
endif
if conf.get('ENABLE_HWDB') == 1
hwdb_test_sh = find_program('hwdb-test.sh')

2
test/test-execute/exec-capabilityboundingset-invert.service
View File

@ -2,6 +2,6 @@
Description=Test for CapabilityBoundingSet
[Service]
ExecStart=/bin/sh -x -c 'c=$$(capsh --print | grep "^Bounding set .*cap_chown"); test -z "$$c"'
ExecStart=/bin/sh -x -c '! capsh --print | grep "^Bounding set .*cap_chown"'
Type=oneshot
CapabilityBoundingSet=~CAP_CHOWN

2
test/test-execute/exec-privatenetwork-yes.service
View File

@ -2,6 +2,6 @@
Description=Test for PrivateNetwork
[Service]
ExecStart=/bin/sh -x -c 'i=$$(ip link | grep ": " | grep -v ": lo:"); test -z "$$i"'
ExecStart=/bin/sh -x -c '! ip link | grep ": " | grep -Ev ": (lo|sit0@.*):"'
Type=oneshot
PrivateNetwork=yes

2
test/test-execute/exec-specifier-interpolation.service
View File

@ -3,4 +3,4 @@ Description=https://github.com/systemd/systemd/issues/2637
[Service]
Type=oneshot
ExecStart=/bin/sh -x -c "perl -e 'exit(!(qq{%%U} eq qq{\\x25U}))'"
ExecStart=/bin/sh -x -c "! test -x perl || perl -e 'exit(!(qq{%%U} eq qq{\\x25U}))'"