The man pages state that the '+' prefix in Exec* directives should
ignore filesystem namespacing options such as PrivateTmp. Now it does.
This is very similar to #8842, just with PrivateTmp instead of
PrivateDevices.
This particular test case keeps intermittently failing due to crashing
LSan when running under clang+ASan. Generally, sanitizers don't
like seccomp filters, so the best option here is to just switch this
test off for this scenario.
cpu_set_malloc() was the last user. It doesn't seem useful to keep
it just to save the allocation of a few hundred bytes in a test, so
it is dropped and a fixed maximum is allocated (1024 bytes).
Depending on system configuration and whether SCMP_ACT_KILL_PROCESS or
SCMP_ACT_KILL_THREAD is available/used processes might coredump on
specific coredumps or are just plain killed. For our test case the
difference doesn't really matter, hence let's hide it away.
When running in Fedora "mock", / is a tmpfs and /home is not mounted. The test
assumes that /home will be a tmpfs only and only if we can unshare. Obviously,
this does not hold in this case, because unsharing is not possible, but /home
is still a tmpfs. Let's just skip the test, since it's fully legitimate to
mount either or both of / and /home as tmpfs.
test_exec_ambientcapabilities: exec-ambientcapabilities-nobody.service: exit status 0, expected 1
Sometimes we get just the last line, for example from the failure summary,
so make it as useful as possible.
When debugging failure in one of the cases, it's annoying to have to wade
through the output from all the other cases. Let's allow picking select
cases.
Unfortunately, f5f9a580dd didn't help much and now
the next subtest gets stuck from time to time. Let's skip
test-execute altogether so as not to bother anybody with
spurious failures.
https://github.com/systemd/systemd/issues/10696 is still open.
Everybody is welcome to share ideas :-)
Let's not bother contributors with spurious failures nobody can't
seem to reproduce. There is an issue about that where we're trying
to figure out what's going on: https://github.com/systemd/systemd/issues/10696.
Let's use the correct wrapper for calling unit vtable functions. Let's
make sure we always use the right wrappers, and never bypass them
needlessly.
Moreover use SIGKILL rather than "9" as signal name. Let's not be
needlessly cryptic.
Follow-up for: f7f8e8cbb9
As was shown in https://github.com/systemd/systemd/issues/10696#issuecomment-439613204,
currently `meson` waits for 1080 seconds (which is three times the global timeout) for the
test to fail completely even though it takes just two minutes for it to really fail. This
happens because the test itself leaves the services it has launched behind, which, in turn, makes
meson think that the test is still in progress. KILL_ALL with SIGKILL should make the issue
go away.
This part of the copyright blurb stems from the GPL use recommendations:
https://www.gnu.org/licenses/gpl-howto.en.html
The concept appears to originate in times where version control was per
file, instead of per tree, and was a way to glue the files together.
Ultimately, we nowadays don't live in that world anymore, and this
information is entirely useless anyway, as people are very welcome to
copy these files into any projects they like, and they shouldn't have to
change bits that are part of our copyright header for that.
hence, let's just get rid of this old cruft, and shorten our codebase a
bit.