diff --git a/src/core/execute.c b/src/core/execute.c index e2fc61fe78..7c08fa4f6c 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -101,8 +101,6 @@ #define SNDBUF_SIZE (8*1024*1024) static int shift_fds(int fds[], size_t n_fds) { - int start, restart_from; - if (n_fds <= 0) return 0; @@ -110,13 +108,10 @@ static int shift_fds(int fds[], size_t n_fds) { assert(fds); - start = 0; - for (;;) { - int i; + for (int start = 0;;) { + int restart_from = -1; - restart_from = -1; - - for (i = start; i < (int) n_fds; i++) { + for (int i = start; i < (int) n_fds; i++) { int nfd; /* Already at right index? */ @@ -146,7 +141,7 @@ static int shift_fds(int fds[], size_t n_fds) { } static int flags_fds(const int fds[], size_t n_socket_fds, size_t n_storage_fds, bool nonblock) { - size_t i, n_fds; + size_t n_fds; int r; n_fds = n_socket_fds + n_storage_fds; @@ -158,7 +153,7 @@ static int flags_fds(const int fds[], size_t n_socket_fds, size_t n_storage_fds, /* Drops/Sets O_NONBLOCK and FD_CLOEXEC from the file flags. * O_NONBLOCK only applies to socket activation though. */ - for (i = 0; i < n_fds; i++) { + for (size_t i = 0; i < n_fds; i++) { if (i < n_socket_fds) { r = fd_nonblock(fds[i], nonblock); @@ -1745,7 +1740,6 @@ static int build_environment( char ***ret) { _cleanup_strv_free_ char **our_env = NULL; - ExecDirectoryType t; size_t n_env = 0; char *x; @@ -1873,7 +1867,7 @@ static int build_environment( our_env[n_env++] = x; } - for (t = 0; t < _EXEC_DIRECTORY_TYPE_MAX; t++) { + for (ExecDirectoryType t = 0; t < _EXEC_DIRECTORY_TYPE_MAX; t++) { _cleanup_free_ char *pre = NULL, *joined = NULL; const char *n; @@ -1991,12 +1985,10 @@ static bool exec_needs_mount_namespace( return true; if (context->root_directory) { - ExecDirectoryType t; - if (context->mount_apivfs) return true; - for (t = 0; t < _EXEC_DIRECTORY_TYPE_MAX; t++) { + for (ExecDirectoryType t = 0; t < _EXEC_DIRECTORY_TYPE_MAX; t++) { if (!params->prefix[t]) continue; @@ -2879,8 +2871,7 @@ static int compile_bind_mounts( _cleanup_strv_free_ char **empty_directories = NULL; BindMount *bind_mounts; - size_t n, h = 0, i; - ExecDirectoryType t; + size_t n, h = 0; int r; assert(context); @@ -2890,7 +2881,7 @@ static int compile_bind_mounts( assert(ret_empty_directories); n = context->n_bind_mounts; - for (t = 0; t < _EXEC_DIRECTORY_TYPE_MAX; t++) { + for (ExecDirectoryType t = 0; t < _EXEC_DIRECTORY_TYPE_MAX; t++) { if (!params->prefix[t]) continue; @@ -2908,7 +2899,7 @@ static int compile_bind_mounts( if (!bind_mounts) return -ENOMEM; - for (i = 0; i < context->n_bind_mounts; i++) { + for (size_t i = 0; i < context->n_bind_mounts; i++) { BindMount *item = context->bind_mounts + i; char *s, *d; @@ -2934,7 +2925,7 @@ static int compile_bind_mounts( }; } - for (t = 0; t < _EXEC_DIRECTORY_TYPE_MAX; t++) { + for (ExecDirectoryType t = 0; t < _EXEC_DIRECTORY_TYPE_MAX; t++) { char **suffix; if (!params->prefix[t]) @@ -3019,8 +3010,6 @@ static bool insist_on_sandboxing( const BindMount *bind_mounts, size_t n_bind_mounts) { - size_t i; - assert(context); assert(n_bind_mounts == 0 || bind_mounts); @@ -3042,7 +3031,7 @@ static bool insist_on_sandboxing( /* If there are any bind mounts set that don't map back onto themselves, fs namespacing becomes * essential. */ - for (i = 0; i < n_bind_mounts; i++) + for (size_t i = 0; i < n_bind_mounts; i++) if (!path_equal(bind_mounts[i].source, bind_mounts[i].destination)) return true; @@ -3235,13 +3224,12 @@ static int apply_root_directory( assert(context); assert(exit_status); - if (params->flags & EXEC_APPLY_CHROOT) { + if (params->flags & EXEC_APPLY_CHROOT) if (!needs_mount_ns && context->root_directory) if (chroot(context->root_directory) < 0) { *exit_status = EXIT_CHROOT; return -errno; } - } return 0; } @@ -3466,7 +3454,6 @@ static int acquire_home(const ExecContext *c, uid_t uid, const char** home, char static int compile_suggested_paths(const ExecContext *c, const ExecParameters *p, char ***ret) { _cleanup_strv_free_ char ** list = NULL; - ExecDirectoryType t; int r; assert(c); @@ -3479,7 +3466,7 @@ static int compile_suggested_paths(const ExecContext *c, const ExecParameters *p * dynamic UID allocation, in order to save us from doing costly recursive chown()s of the special * directories. */ - for (t = 0; t < _EXEC_DIRECTORY_TYPE_MAX; t++) { + for (ExecDirectoryType t = 0; t < _EXEC_DIRECTORY_TYPE_MAX; t++) { char **i; if (t == EXEC_DIRECTORY_CONFIGURATION) @@ -3614,7 +3601,6 @@ static int exec_child( uid_t uid = UID_INVALID; gid_t gid = GID_INVALID; size_t n_fds; - ExecDirectoryType dt; int secure_bits; _cleanup_free_ gid_t *gids_after_pam = NULL; int ngids_after_pam = 0; @@ -3953,7 +3939,7 @@ static int exec_child( } } - for (dt = 0; dt < _EXEC_DIRECTORY_TYPE_MAX; dt++) { + for (ExecDirectoryType dt = 0; dt < _EXEC_DIRECTORY_TYPE_MAX; dt++) { r = setup_exec_directory(context, params, uid, gid, dt, exit_status); if (r < 0) return log_unit_error_errno(unit, r, "Failed to set up special execution directory in %s: %m", params->prefix[dt]); @@ -4673,8 +4659,6 @@ int exec_spawn(Unit *unit, } void exec_context_init(ExecContext *c) { - ExecDirectoryType i; - assert(c); c->umask = 0022; @@ -4685,8 +4669,8 @@ void exec_context_init(ExecContext *c) { c->ignore_sigpipe = true; c->timer_slack_nsec = NSEC_INFINITY; c->personality = PERSONALITY_INVALID; - for (i = 0; i < _EXEC_DIRECTORY_TYPE_MAX; i++) - c->directories[i].mode = 0755; + for (ExecDirectoryType t = 0; t < _EXEC_DIRECTORY_TYPE_MAX; t++) + c->directories[t].mode = 0755; c->timeout_clean_usec = USEC_INFINITY; c->capability_bounding_set = CAP_ALL; assert_cc(NAMESPACE_FLAGS_INITIAL != NAMESPACE_FLAGS_ALL); @@ -4696,9 +4680,6 @@ void exec_context_init(ExecContext *c) { } void exec_context_done(ExecContext *c) { - ExecDirectoryType i; - size_t l; - assert(c); c->environment = strv_free(c->environment); @@ -4708,7 +4689,7 @@ void exec_context_done(ExecContext *c) { rlimit_free_all(c->rlimit); - for (l = 0; l < 3; l++) { + for (size_t l = 0; l < 3; l++) { c->stdio_fdname[l] = mfree(c->stdio_fdname[l]); c->stdio_file[l] = mfree(c->stdio_file[l]); } @@ -4757,8 +4738,8 @@ void exec_context_done(ExecContext *c) { c->syscall_archs = set_free(c->syscall_archs); c->address_families = set_free(c->address_families); - for (i = 0; i < _EXEC_DIRECTORY_TYPE_MAX; i++) - c->directories[i].paths = strv_free(c->directories[i].paths); + for (ExecDirectoryType t = 0; t < _EXEC_DIRECTORY_TYPE_MAX; t++) + c->directories[t].paths = strv_free(c->directories[t].paths); c->log_level_max = -1; @@ -4851,23 +4832,17 @@ ExecCommand* exec_command_free_list(ExecCommand *c) { } void exec_command_free_array(ExecCommand **c, size_t n) { - size_t i; - - for (i = 0; i < n; i++) + for (size_t i = 0; i < n; i++) c[i] = exec_command_free_list(c[i]); } void exec_command_reset_status_array(ExecCommand *c, size_t n) { - size_t i; - - for (i = 0; i < n; i++) + for (size_t i = 0; i < n; i++) exec_status_reset(&c[i].exec_status); } void exec_command_reset_status_list_array(ExecCommand **c, size_t n) { - size_t i; - - for (i = 0; i < n; i++) { + for (size_t i = 0; i < n; i++) { ExecCommand *z; LIST_FOREACH(command, z, c[i]) @@ -4919,7 +4894,7 @@ static int exec_context_named_iofds( const ExecParameters *p, int named_iofds[static 3]) { - size_t i, targets; + size_t targets; const char* stdio_fdname[3]; size_t n_fds; @@ -4931,12 +4906,12 @@ static int exec_context_named_iofds( (c->std_output == EXEC_OUTPUT_NAMED_FD) + (c->std_error == EXEC_OUTPUT_NAMED_FD); - for (i = 0; i < 3; i++) + for (size_t i = 0; i < 3; i++) stdio_fdname[i] = exec_context_fdname(c, i); n_fds = p->n_storage_fds + p->n_socket_fds; - for (i = 0; i < n_fds && targets > 0; i++) + for (size_t i = 0; i < n_fds && targets > 0; i++) if (named_iofds[STDIN_FILENO] < 0 && c->std_input == EXEC_INPUT_NAMED_FD && stdio_fdname[STDIN_FILENO] && @@ -4974,7 +4949,6 @@ static int exec_context_load_environment(const Unit *unit, const ExecContext *c, STRV_FOREACH(i, c->environment_files) { char *fn; int k; - unsigned n; bool ignore = false; char **p; _cleanup_globfree_ glob_t pglob = {}; @@ -5007,7 +4981,7 @@ static int exec_context_load_environment(const Unit *unit, const ExecContext *c, /* When we don't match anything, -ENOENT should be returned */ assert(pglob.gl_pathc > 0); - for (n = 0; n < pglob.gl_pathc; n++) { + for (unsigned n = 0; n < pglob.gl_pathc; n++) { k = load_env_file(NULL, pglob.gl_pathv[n], &p); if (k < 0) { if (ignore) @@ -5094,8 +5068,6 @@ static void strv_fprintf(FILE *f, char **l) { void exec_context_dump(const ExecContext *c, FILE* f, const char *prefix) { char **e, **d, buf_clean[FORMAT_TIMESPAN_MAX]; - ExecDirectoryType dt; - unsigned i; int r; assert(c); @@ -5206,7 +5178,7 @@ void exec_context_dump(const ExecContext *c, FILE* f, const char *prefix) { fprintf(f, "%sRuntimeDirectoryPreserve: %s\n", prefix, exec_preserve_mode_to_string(c->runtime_directory_preserve_mode)); - for (dt = 0; dt < _EXEC_DIRECTORY_TYPE_MAX; dt++) { + for (ExecDirectoryType dt = 0; dt < _EXEC_DIRECTORY_TYPE_MAX; dt++) { fprintf(f, "%s%sMode: %04o\n", prefix, exec_directory_type_to_string(dt), c->directories[dt].mode); STRV_FOREACH(d, c->directories[dt].paths) @@ -5232,7 +5204,7 @@ void exec_context_dump(const ExecContext *c, FILE* f, const char *prefix) { "%sCoredumpFilter: 0x%"PRIx64"\n", prefix, c->coredump_filter); - for (i = 0; i < RLIM_NLIMITS; i++) + for (unsigned i = 0; i < RLIM_NLIMITS; i++) if (c->rlimit[i]) { fprintf(f, "%sLimit%s: " RLIM_FMT "\n", prefix, rlimit_to_string(i), c->rlimit[i]->rlim_max); @@ -5360,16 +5332,12 @@ void exec_context_dump(const ExecContext *c, FILE* f, const char *prefix) { if (c->log_ratelimit_burst > 0) fprintf(f, "%sLogRateLimitBurst: %u\n", prefix, c->log_ratelimit_burst); - if (c->n_log_extra_fields > 0) { - size_t j; - - for (j = 0; j < c->n_log_extra_fields; j++) { - fprintf(f, "%sLogExtraFields: ", prefix); - fwrite(c->log_extra_fields[j].iov_base, - 1, c->log_extra_fields[j].iov_len, - f); - fputc('\n', f); - } + for (size_t j = 0; j < c->n_log_extra_fields; j++) { + fprintf(f, "%sLogExtraFields: ", prefix); + fwrite(c->log_extra_fields[j].iov_base, + 1, c->log_extra_fields[j].iov_len, + f); + fputc('\n', f); } if (c->log_namespace) @@ -5433,24 +5401,22 @@ void exec_context_dump(const ExecContext *c, FILE* f, const char *prefix) { fputs("\n", f); } - if (c->n_bind_mounts > 0) - for (i = 0; i < c->n_bind_mounts; i++) - fprintf(f, "%s%s: %s%s:%s:%s\n", prefix, - c->bind_mounts[i].read_only ? "BindReadOnlyPaths" : "BindPaths", - c->bind_mounts[i].ignore_enoent ? "-": "", - c->bind_mounts[i].source, - c->bind_mounts[i].destination, - c->bind_mounts[i].recursive ? "rbind" : "norbind"); + for (size_t i = 0; i < c->n_bind_mounts; i++) + fprintf(f, "%s%s: %s%s:%s:%s\n", prefix, + c->bind_mounts[i].read_only ? "BindReadOnlyPaths" : "BindPaths", + c->bind_mounts[i].ignore_enoent ? "-": "", + c->bind_mounts[i].source, + c->bind_mounts[i].destination, + c->bind_mounts[i].recursive ? "rbind" : "norbind"); - if (c->n_temporary_filesystems > 0) - for (i = 0; i < c->n_temporary_filesystems; i++) { - TemporaryFileSystem *t = c->temporary_filesystems + i; + for (size_t i = 0; i < c->n_temporary_filesystems; i++) { + const TemporaryFileSystem *t = c->temporary_filesystems + i; - fprintf(f, "%sTemporaryFileSystem: %s%s%s\n", prefix, - t->path, - isempty(t->options) ? "" : ":", - strempty(t->options)); - } + fprintf(f, "%sTemporaryFileSystem: %s%s%s\n", prefix, + t->path, + isempty(t->options) ? "" : ":", + strempty(t->options)); + } if (c->utmp_id) fprintf(f, @@ -5563,7 +5529,7 @@ void exec_context_dump(const ExecContext *c, FILE* f, const char *prefix) { fprintf(f, "%d\n", c->syscall_errno); } - for (i = 0; i < c->n_mount_images; i++) { + for (size_t i = 0; i < c->n_mount_images; i++) { MountOptions *o; fprintf(f, "%sMountImages: %s%s:%s%s", prefix, @@ -5610,11 +5576,9 @@ int exec_context_get_effective_ioprio(const ExecContext *c) { } void exec_context_free_log_extra_fields(ExecContext *c) { - size_t l; - assert(c); - for (l = 0; l < c->n_log_extra_fields; l++) + for (size_t l = 0; l < c->n_log_extra_fields; l++) free(c->log_extra_fields[l].iov_base); c->log_extra_fields = mfree(c->log_extra_fields); c->n_log_extra_fields = 0; @@ -5651,14 +5615,13 @@ int exec_context_get_clean_directories( char ***ret) { _cleanup_strv_free_ char **l = NULL; - ExecDirectoryType t; int r; assert(c); assert(prefix); assert(ret); - for (t = 0; t < _EXEC_DIRECTORY_TYPE_MAX; t++) { + for (ExecDirectoryType t = 0; t < _EXEC_DIRECTORY_TYPE_MAX; t++) { char **i; if (!FLAGS_SET(mask, 1U << t)) diff --git a/src/core/manager.c b/src/core/manager.c index b6165bd7e8..b3f6df8661 100644 --- a/src/core/manager.c +++ b/src/core/manager.c @@ -671,19 +671,19 @@ static int manager_setup_prefix(Manager *m) { }; static const struct table_entry paths_system[_EXEC_DIRECTORY_TYPE_MAX] = { - [EXEC_DIRECTORY_RUNTIME] = { SD_PATH_SYSTEM_RUNTIME, NULL }, - [EXEC_DIRECTORY_STATE] = { SD_PATH_SYSTEM_STATE_PRIVATE, NULL }, - [EXEC_DIRECTORY_CACHE] = { SD_PATH_SYSTEM_STATE_CACHE, NULL }, - [EXEC_DIRECTORY_LOGS] = { SD_PATH_SYSTEM_STATE_LOGS, NULL }, + [EXEC_DIRECTORY_RUNTIME] = { SD_PATH_SYSTEM_RUNTIME, NULL }, + [EXEC_DIRECTORY_STATE] = { SD_PATH_SYSTEM_STATE_PRIVATE, NULL }, + [EXEC_DIRECTORY_CACHE] = { SD_PATH_SYSTEM_STATE_CACHE, NULL }, + [EXEC_DIRECTORY_LOGS] = { SD_PATH_SYSTEM_STATE_LOGS, NULL }, [EXEC_DIRECTORY_CONFIGURATION] = { SD_PATH_SYSTEM_CONFIGURATION, NULL }, }; static const struct table_entry paths_user[_EXEC_DIRECTORY_TYPE_MAX] = { - [EXEC_DIRECTORY_RUNTIME] = { SD_PATH_USER_RUNTIME, NULL }, - [EXEC_DIRECTORY_STATE] = { SD_PATH_USER_CONFIGURATION, NULL }, - [EXEC_DIRECTORY_CACHE] = { SD_PATH_USER_STATE_CACHE, NULL }, - [EXEC_DIRECTORY_LOGS] = { SD_PATH_USER_CONFIGURATION, "log" }, - [EXEC_DIRECTORY_CONFIGURATION] = { SD_PATH_USER_CONFIGURATION, NULL }, + [EXEC_DIRECTORY_RUNTIME] = { SD_PATH_USER_RUNTIME, NULL }, + [EXEC_DIRECTORY_STATE] = { SD_PATH_USER_CONFIGURATION, NULL }, + [EXEC_DIRECTORY_CACHE] = { SD_PATH_USER_STATE_CACHE, NULL }, + [EXEC_DIRECTORY_LOGS] = { SD_PATH_USER_CONFIGURATION, "log" }, + [EXEC_DIRECTORY_CONFIGURATION] = { SD_PATH_USER_CONFIGURATION, NULL }, }; assert(m); @@ -1877,7 +1877,6 @@ Unit *manager_get_unit(Manager *m, const char *name) { static int manager_dispatch_target_deps_queue(Manager *m) { Unit *u; - unsigned k; int r = 0; static const UnitDependency deps[] = { @@ -1895,7 +1894,7 @@ static int manager_dispatch_target_deps_queue(Manager *m) { LIST_REMOVE(target_deps_queue, u->manager->target_deps_queue, u); u->in_target_deps_queue = false; - for (k = 0; k < ELEMENTSOF(deps); k++) { + for (size_t k = 0; k < ELEMENTSOF(deps); k++) { Unit *target; void *v; @@ -2114,12 +2113,10 @@ void manager_dump_units(Manager *s, FILE *f, const char *prefix) { } void manager_dump(Manager *m, FILE *f, const char *prefix) { - ManagerTimestamp q; - assert(m); assert(f); - for (q = 0; q < _MANAGER_TIMESTAMP_MAX; q++) { + for (ManagerTimestamp q = 0; q < _MANAGER_TIMESTAMP_MAX; q++) { const dual_timestamp *t = m->timestamps + q; char buf[CONST_MAX(FORMAT_TIMESPAN_MAX, FORMAT_TIMESTAMP_MAX)]; @@ -3216,7 +3213,6 @@ int manager_serialize( FDSet *fds, bool switching_root) { - ManagerTimestamp q; const char *t; Unit *u; int r; @@ -3251,7 +3247,7 @@ int manager_serialize( (void) serialize_usec(f, "reboot-watchdog-overridden", m->watchdog_overridden[WATCHDOG_REBOOT]); (void) serialize_usec(f, "kexec-watchdog-overridden", m->watchdog_overridden[WATCHDOG_KEXEC]); - for (q = 0; q < _MANAGER_TIMESTAMP_MAX; q++) { + for (ManagerTimestamp q = 0; q < _MANAGER_TIMESTAMP_MAX; q++) { _cleanup_free_ char *joined = NULL; if (!manager_timestamp_shall_serialize(q)) @@ -4179,11 +4175,9 @@ int manager_get_effective_environment(Manager *m, char ***ret) { } int manager_set_default_rlimits(Manager *m, struct rlimit **default_rlimit) { - int i; - assert(m); - for (i = 0; i < _RLIMIT_MAX; i++) { + for (unsigned i = 0; i < _RLIMIT_MAX; i++) { m->rlimit[i] = mfree(m->rlimit[i]); if (!default_rlimit[i]) diff --git a/src/test/test-execute.c b/src/test/test-execute.c index 9ca0620216..e32e0c0b6c 100644 --- a/src/test/test-execute.c +++ b/src/test/test-execute.c @@ -543,7 +543,29 @@ static void test_exec_supplementarygroups(Manager *m) { test(__func__, m, "exec-supplementarygroups-multiple-groups-withuid.service", 0, CLD_EXITED); } +static char* private_directory_bad(Manager *m) { + /* This mirrors setup_exec_directory(). */ + + for (ExecDirectoryType dt = 0; dt < _EXEC_DIRECTORY_TYPE_MAX; dt++) { + _cleanup_free_ char *p = NULL; + struct stat st; + + assert_se(p = path_join(m->prefix[dt], "private")); + + if (stat(p, &st) >= 0 && + (st.st_mode & (S_IRWXG|S_IRWXO))) + return TAKE_PTR(p); + } + + return NULL; +} + static void test_exec_dynamicuser(Manager *m) { + _cleanup_free_ char *bad = private_directory_bad(m); + if (bad) { + log_warning("%s: %s has bad permissions, skipping test.", __func__, bad); + return; + } test(__func__, m, "exec-dynamicuser-fixeduser.service", can_unshare ? 0 : EXIT_NAMESPACE, CLD_EXITED); if (check_user_has_group_with_same_name("adm")) @@ -782,7 +804,6 @@ typedef struct test_entry { #define entry(x) {x, #x} static int run_tests(UnitFileScope scope, const test_entry tests[], char **patterns) { - const test_entry *test = NULL; _cleanup_(manager_freep) Manager *m = NULL; int r; @@ -795,7 +816,7 @@ static int run_tests(UnitFileScope scope, const test_entry tests[], char **patte assert_se(r >= 0); assert_se(manager_startup(m, NULL, NULL) >= 0); - for (test = tests; test && test->f; test++) + for (const test_entry *test = tests; test->f; test++) if (strv_fnmatch_or_empty(patterns, test->name, FNM_NOESCAPE)) test->f(m); else diff --git a/src/test/test-sizeof.c b/src/test/test-sizeof.c index b9d63d6b41..6dee2022e8 100644 --- a/src/test/test-sizeof.c +++ b/src/test/test-sizeof.c @@ -16,6 +16,11 @@ DISABLE_WARNING_TYPE_LIMITS; +#define info_no_sign(t) \ + printf("%s → %zu bits, %zu byte alignment\n", STRINGIFY(t), \ + sizeof(t)*CHAR_BIT, \ + __alignof__(t)) + #define info(t) \ printf("%s → %zu bits%s, %zu byte alignment\n", STRINGIFY(t), \ sizeof(t)*CHAR_BIT, \ @@ -37,6 +42,12 @@ enum BigEnum2 { }; int main(void) { + int (*function_pointer)(void); + + info_no_sign(function_pointer); + info_no_sign(void*); + info(char*); + info(char); info(signed char); info(unsigned char); diff --git a/test/test-execute/exec-dynamicuser-statedir.service b/test/test-execute/exec-dynamicuser-statedir.service index ca40934de8..6103193ba3 100644 --- a/test/test-execute/exec-dynamicuser-statedir.service +++ b/test/test-execute/exec-dynamicuser-statedir.service @@ -10,10 +10,10 @@ ExecStart=test -f /var/lib/waldo/yay ExecStart=test -f /var/lib/quux/pief/yayyay ExecStart=test -f /var/lib/private/waldo/yay ExecStart=test -f /var/lib/private/quux/pief/yayyay -ExecStart=/bin/sh -x -c 'test "$$STATE_DIRECTORY" = "%S/waldo:%S/quux/pief"' +ExecStart=sh -x -c 'test "$$STATE_DIRECTORY" = "%S/waldo:%S/quux/pief"' # Make sure that /var/lib/private/waldo is really the only writable directory besides the obvious candidates -ExecStart=sh -x -c 'test $$(find / \( -path /var/tmp -o -path /tmp -o -path /proc -o -path /dev/mqueue -o -path /dev/shm -o -path /sys/fs/bpf -o -path /dev/.lxc \) -prune -o -type d -writable -print 2>/dev/null | sort -u | tr -d '\\\\n') = /var/lib/private/quux/pief/var/lib/private/waldo' +ExecStart=sh -x -c 'test $$(find / \\( -path /var/tmp -o -path /tmp -o -path /proc -o -path /dev/mqueue -o -path /dev/shm -o -path /sys/fs/bpf -o -path /dev/.lxc \\) -prune -o -type d -writable -print 2>/dev/null | sort -u | tr -d "\\\\n") = /var/lib/private/quux/pief/var/lib/private/waldo' Type=oneshot DynamicUser=yes diff --git a/test/udev-test.pl b/test/udev-test.pl index 2480e4120b..1ab6828d71 100755 --- a/test/udev-test.pl +++ b/test/udev-test.pl @@ -629,9 +629,9 @@ EOF desc => "textual user/group id", devpath => "/devices/pci0000:00/0000:00:1f.2/host0/target0:0:0/0:0:0:0/block/sda", exp_name => "node", - exp_perms => "root:mail:0660", + exp_perms => "root:audio:0660", rules => <