diff options
| author | Yu Watanabe <watanabe.yu+github@gmail.com> | 2024-12-07 20:01:48 +0100 |
|---|---|---|
| committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2024-12-10 03:01:53 +0100 |
| commit | d2d006cc8cbc6fb5c0a30ae5a7b192cf53cc864a (patch) | |
| tree | 3ed35dc59a089bd80abb1ac31c7d785a0cc7cb1d | |
| parent | test-network: check status of networkd after everything cleared on tear down (diff) | |
| download | systemd-d2d006cc8cbc6fb5c0a30ae5a7b192cf53cc864a.tar.xz systemd-d2d006cc8cbc6fb5c0a30ae5a7b192cf53cc864a.zip | |
test: use systemd-asan-env environment file at more places
3 files changed, 29 insertions, 14 deletions
diff --git a/mkosi.sanitizers/mkosi.extra/usr/lib/systemd/system/systemd-coredump@.service.d/10-asan.conf b/mkosi.sanitizers/mkosi.extra/usr/lib/systemd/system/systemd-coredump@.service.d/10-asan.conf new file mode 100644 index 0000000000..d627672307 --- /dev/null +++ b/mkosi.sanitizers/mkosi.extra/usr/lib/systemd/system/systemd-coredump@.service.d/10-asan.conf @@ -0,0 +1,6 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Service] +# systemd-coredump may call get_user_creds(), which may pull in instrumented +# systemd NSS modules and may trigger fatal LSAN error. +EnvironmentFile=-/usr/lib/systemd/systemd-asan-env diff --git a/test/units/TEST-07-PID1.exec-context.sh b/test/units/TEST-07-PID1.exec-context.sh index 46fb1f79e8..402a3b3498 100755 --- a/test/units/TEST-07-PID1.exec-context.sh +++ b/test/units/TEST-07-PID1.exec-context.sh @@ -349,18 +349,18 @@ if [[ ! -v ASAN_OPTIONS ]] && systemctl --version | grep "+BPF_FRAMEWORK" && ker (! systemd-run --wait --pipe -p RestrictFileSystems="~proc devtmpfs sysfs" ls /sys) fi -if [[ ! -v ASAN_OPTIONS ]]; then - # Ensure DynamicUser=yes does not imply PrivateTmp=yes if TemporaryFileSystem=/tmp /var/tmp is set - systemd-run --unit test-07-dynamic-user-tmp.service \ - --service-type=notify \ - -p DynamicUser=yes \ - -p NotifyAccess=all \ - sh -c 'touch /tmp/a && touch /var/tmp/b && ! test -f /tmp/b && ! test -f /var/tmp/a && systemd-notify --ready && sleep infinity' - (! ls /tmp/systemd-private-"$(tr -d '-' < /proc/sys/kernel/random/boot_id)"-test-07-dynamic-user-tmp.service-* &>/dev/null) - (! ls /var/tmp/systemd-private-"$(tr -d '-' < /proc/sys/kernel/random/boot_id)"-test-07-dynamic-user-tmp.service-* &>/dev/null) - systemctl is-active test-07-dynamic-user-tmp.service - systemctl stop test-07-dynamic-user-tmp.service -fi +# Ensure DynamicUser=yes does not imply PrivateTmp=yes if TemporaryFileSystem=/tmp /var/tmp is set +systemd-run \ + --unit test-07-dynamic-user-tmp.service \ + --service-type=notify \ + -p DynamicUser=yes \ + -p EnvironmentFile=-/usr/lib/systemd/systemd-asan-env \ + -p NotifyAccess=all \ + sh -c 'touch /tmp/a && touch /var/tmp/b && ! test -f /tmp/b && ! test -f /var/tmp/a && systemd-notify --ready && sleep infinity' +(! ls /tmp/systemd-private-"$(tr -d '-' < /proc/sys/kernel/random/boot_id)"-test-07-dynamic-user-tmp.service-* &>/dev/null) +(! ls /var/tmp/systemd-private-"$(tr -d '-' < /proc/sys/kernel/random/boot_id)"-test-07-dynamic-user-tmp.service-* &>/dev/null) +systemctl is-active test-07-dynamic-user-tmp.service +systemctl stop test-07-dynamic-user-tmp.service # Make sure we properly (de)serialize various string arrays, including whitespaces # See: https://github.com/systemd/systemd/issues/31214 @@ -401,7 +401,16 @@ mkdir /tmp/root touch /tmp/root/foo chmod +x /tmp/root/foo (! systemd-run --wait --pipe false) -(! systemd-run --wait --pipe --unit "test-dynamicuser-fail" -p DynamicUser=yes -p WorkingDirectory=/nonexistent true) +if [[ ! -v ASAN_OPTIONS ]]; then + # Here, -p EnvironmentFile=-/usr/lib/systemd/systemd-asan-env does not work, + # as sd-executor loads NSS module and fails before applying the environment: + # (true)[660]: test-dynamicuser-fail.service: Changing to the requested working directory failed: No such file or directory + # (true)[660]: test-dynamicuser-fail.service: Failed at step CHDIR spawning /usr/bin/true: No such file or directory + # TEST-07-PID1.sh[660]: ==660==LeakSanitizer has encountered a fatal error. + # TEST-07-PID1.sh[660]: ==660==HINT: For debugging, try setting environment variable LSAN_OPTIONS=verbosity=1:log_threads=1 + # TEST-07-PID1.sh[660]: ==660==HINT: LeakSanitizer does not work under ptrace (strace, gdb, etc) + (! systemd-run --wait --pipe --unit "test-dynamicuser-fail" -p DynamicUser=yes -p WorkingDirectory=/nonexistent true) +fi (! systemd-run --wait --pipe -p RuntimeDirectory=not-a-directory true) (! systemd-run --wait --pipe -p RootDirectory=/tmp/root this-shouldnt-exist) (! systemd-run --wait --pipe -p RootDirectory=/tmp/root /foo) diff --git a/test/units/TEST-07-PID1.issue-14566.sh b/test/units/TEST-07-PID1.issue-14566.sh index d4be5b53b4..ecc18e411b 100755 --- a/test/units/TEST-07-PID1.issue-14566.sh +++ b/test/units/TEST-07-PID1.issue-14566.sh @@ -6,7 +6,7 @@ set -o pipefail # Test that KillMode=mixed does not leave left over processes with ExecStopPost= # Issue: https://github.com/systemd/systemd/issues/14566 -if [[ -n "${ASAN_OPTIONS:-}" ]]; then +if [[ -v ASAN_OPTIONS ]]; then # Temporarily skip this test when running with sanitizers due to a deadlock # See: https://bugzilla.redhat.com/show_bug.cgi?id=2098125 echo "Sanitizers detected, skipping the test..." |