db256aab13
Let's be more restrictive when validating PID files and MAINPID= messages: don't accept PIDs that make no sense, and if the configuration source is not trusted, don't accept out-of-cgroup PIDs. A configuratin source is considered trusted when the PID file is owned by root, or the message was received from root. This should lock things down a bit, in case service authors write out PID files from unprivileged code or use NotifyAccess=all with unprivileged code. Note that doing so was always problematic, just now it's a bit less problematic. When we open the PID file we'll now use the CHASE_SAFE chase_symlinks() logic, to ensure that we won't follow an unpriviled-owned symlink to a privileged-owned file thinking this was a valid privileged PID file, even though it really isn't. Fixes: #6632
43 lines
872 B
Bash
Executable file
43 lines
872 B
Bash
Executable file
#!/bin/bash
|
|
# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
|
|
# ex: ts=8 sw=4 sts=4 et filetype=sh
|
|
set -e
|
|
TEST_DESCRIPTION="test changing main PID"
|
|
|
|
. $TEST_BASE_DIR/test-functions
|
|
|
|
test_setup() {
|
|
create_empty_image
|
|
mkdir -p $TESTDIR/root
|
|
mount ${LOOPDEV}p1 $TESTDIR/root
|
|
|
|
(
|
|
LOG_LEVEL=5
|
|
eval $(udevadm info --export --query=env --name=${LOOPDEV}p2)
|
|
|
|
setup_basic_environment
|
|
|
|
# setup the testsuite service
|
|
cat >$initdir/etc/systemd/system/testsuite.service <<EOF
|
|
[Unit]
|
|
Description=Testsuite service
|
|
|
|
[Service]
|
|
ExecStart=/bin/bash -x /testsuite.sh
|
|
Type=oneshot
|
|
StandardOutput=tty
|
|
StandardError=tty
|
|
NotifyAccess=all
|
|
EOF
|
|
cp testsuite.sh $initdir/
|
|
|
|
setup_testsuite
|
|
) || return 1
|
|
setup_nspawn_root
|
|
|
|
ddebug "umount $TESTDIR/root"
|
|
umount $TESTDIR/root
|
|
}
|
|
|
|
do_test "$@"
|