dasharo/systemd
0
0
Fork 0
mirror of https://github.com/Dasharo/systemd.git synced 2026-03-06 15:02:31 -08:00
Code Issues Packages Projects Releases Wiki Activity

test-execute: check nobody user and group are configured correctly

Browse Source 
Several tests request nobody user or group. If they are badly
configured, then tests may fail.

This makes test-execute check nobody user and group are configured
correctly before running such tests.

Fixes #8276.
This commit is contained in:
Yu Watanabe
2018-03-01 18:29:28 +09:00
parent 649a5ffba8
commit 57c2efa0c3
1 changed files with 89 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

105
src/test/test-execute.c
View File

@@ -40,6 +40,7 @@
#include "test-helper.h"
#include "tests.h"
#include "unit.h"
#include "user-util.h"
#include "util.h"
#include "virt.h"
@@ -75,6 +76,51 @@ static void check(Manager *m, Unit *unit, int status_expected, int code_expected
assert_se(service->main_exec_status.code == code_expected);
}
static bool check_nobody_user_and_group(void) {
static int cache = -1;
struct passwd *p;
struct group *g;
if (cache >= 0)
return !!cache;
if (!synthesize_nobody())
goto invalid;
p = getpwnam(NOBODY_USER_NAME);
if (!p ||
!streq(p->pw_name, NOBODY_USER_NAME) ||
p->pw_uid != UID_NOBODY ||
p->pw_gid != GID_NOBODY)
goto invalid;
p = getpwuid(UID_NOBODY);
if (!p ||
!streq(p->pw_name, NOBODY_USER_NAME) ||
p->pw_uid != UID_NOBODY ||
p->pw_gid != GID_NOBODY)
goto invalid;
g = getgrnam(NOBODY_GROUP_NAME);
if (!g ||
!streq(g->gr_name, NOBODY_GROUP_NAME) ||
g->gr_gid != GID_NOBODY)
goto invalid;
g = getgrgid(GID_NOBODY);
if (!g ||
!streq(g->gr_name, NOBODY_GROUP_NAME) ||
g->gr_gid != GID_NOBODY)
goto invalid;
cache = 1;
return true;
invalid:
cache = 0;
return false;
}
static bool is_inaccessible_available(void) {
char *p;
@@ -332,33 +378,49 @@ static void test_exec_systemcallfilter_system(Manager *m) {
log_notice("Seccomp not available, skipping %s", __func__);
return;
}
if (getpwnam("nobody"))
if (!check_nobody_user_and_group()) {
log_error_errno(errno, "nobody user/group is not synthesized or may conflict to other entries, skipping %s", __func__);
return;
}
if (streq(NOBODY_USER_NAME, "nobody"))
test(m, "exec-systemcallfilter-system-user.service", 0, CLD_EXITED);
else if (getpwnam("nfsnobody"))
else if (streq(NOBODY_USER_NAME, "nfsnobody"))
test(m, "exec-systemcallfilter-system-user-nfsnobody.service", 0, CLD_EXITED);
else
log_error_errno(errno, "Skipping %s, could not find nobody/nfsnobody user: %m", __func__);
log_error("Unsupported nobody user name '%s', skipping %s", NOBODY_USER_NAME, __func__);
#endif
}
static void test_exec_user(Manager *m) {
if (getpwnam("nobody"))
if (!check_nobody_user_and_group()) {
log_error_errno(errno, "nobody user/group is not synthesized or may conflict to other entries, skipping %s", __func__);
return;
}
if (streq(NOBODY_USER_NAME, "nobody"))
test(m, "exec-user.service", 0, CLD_EXITED);
else if (getpwnam("nfsnobody"))
else if (streq(NOBODY_USER_NAME, "nfsnobody"))
test(m, "exec-user-nfsnobody.service", 0, CLD_EXITED);
else
log_error_errno(errno, "Skipping %s, could not find nobody/nfsnobody user: %m", __func__);
log_error("Unsupported nobody user name '%s', skipping %s", NOBODY_USER_NAME, __func__);
}
static void test_exec_group(Manager *m) {
if (getgrnam("nobody"))
if (!check_nobody_user_and_group()) {
log_error_errno(errno, "nobody user/group is not synthesized or may conflict to other entries, skipping %s", __func__);
return;
}
if (streq(NOBODY_GROUP_NAME, "nobody"))
test(m, "exec-group.service", 0, CLD_EXITED);
else if (getgrnam("nfsnobody"))
else if (streq(NOBODY_GROUP_NAME, "nfsnobody"))
test(m, "exec-group-nfsnobody.service", 0, CLD_EXITED);
else if (getgrnam("nogroup"))
else if (streq(NOBODY_GROUP_NAME, "nogroup"))
test(m, "exec-group-nogroup.service", 0, CLD_EXITED);
else
log_error_errno(errno, "Skipping %s, could not find nobody/nfsnobody/nogroup group: %m", __func__);
log_error("Unsupported nobody group name '%s', skipping %s", NOBODY_GROUP_NAME, __func__);
}
static void test_exec_supplementarygroups(Manager *m) {
@@ -442,12 +504,18 @@ static void test_exec_umask(Manager *m) {
static void test_exec_runtimedirectory(Manager *m) {
test(m, "exec-runtimedirectory.service", 0, CLD_EXITED);
test(m, "exec-runtimedirectory-mode.service", 0, CLD_EXITED);
if (getgrnam("nobody"))
if (!check_nobody_user_and_group()) {
log_error_errno(errno, "nobody user/group is not synthesized or may conflict to other entries, skipping %s", __func__);
return;
}
if (streq(NOBODY_GROUP_NAME, "nobody"))
test(m, "exec-runtimedirectory-owner.service", 0, CLD_EXITED);
else if (getgrnam("nfsnobody"))
else if (streq(NOBODY_GROUP_NAME, "nfsnobody"))
test(m, "exec-runtimedirectory-owner-nfsnobody.service", 0, CLD_EXITED);
else
log_error_errno(errno, "Skipping %s, could not find nobody/nfsnobody group: %m", __func__);
log_error("Unsupported nobody group name '%s', skipping %s", NOBODY_GROUP_NAME, __func__);
}
static void test_exec_capabilityboundingset(Manager *m) {
@@ -478,14 +546,19 @@ static void test_exec_capabilityambientset(Manager *m) {
return;
}
if (getpwnam("nobody")) {
if (!check_nobody_user_and_group()) {
log_error_errno(errno, "nobody user/group is not synthesized or may conflict to other entries, skipping %s", __func__);
return;
}
if (streq(NOBODY_USER_NAME, "nobody")) {
test(m, "exec-capabilityambientset.service", 0, CLD_EXITED);
test(m, "exec-capabilityambientset-merge.service", 0, CLD_EXITED);
} else if (getpwnam("nfsnobody")) {
} else if (streq(NOBODY_USER_NAME, "nfsnobody")) {
test(m, "exec-capabilityambientset-nfsnobody.service", 0, CLD_EXITED);
test(m, "exec-capabilityambientset-merge-nfsnobody.service", 0, CLD_EXITED);
} else
log_error_errno(errno, "Skipping %s, could not find nobody/nfsnobody user: %m", __func__);
log_error("Unsupported nobody user name '%s', skipping %s", NOBODY_USER_NAME, __func__);
}
static void test_exec_privatenetwork(Manager *m) {