]>
Commit | Line | Data |
---|---|---|
1b6f9b98 DDM |
1 | #!/bin/sh |
2 | # SPDX-License-Identifier: LGPL-2.1-or-later | |
3 | ||
1ad84c9a DDM |
4 | if [ "$1" = "build" ]; then |
5 | exit 0 | |
6 | fi | |
7 | ||
8 | if [ -n "$SANITIZERS" ]; then | |
9 | LD_PRELOAD=$(ldd /usr/lib/systemd/systemd | grep libasan.so | awk '{print $3}') | |
01a07564 | 10 | |
1ad84c9a | 11 | mkdir -p /etc/systemd/system.conf.d |
01a07564 | 12 | |
1ad84c9a | 13 | cat >/etc/systemd/system.conf.d/10-asan.conf <<EOF |
01a07564 DDM |
14 | [Manager] |
15 | ManagerEnvironment=ASAN_OPTIONS=$MKOSI_ASAN_OPTIONS\\ | |
16 | UBSAN_OPTIONS=$MKOSI_UBSAN_OPTIONS\\ | |
17 | LD_PRELOAD=$LD_PRELOAD | |
18 | DefaultEnvironment=ASAN_OPTIONS=$MKOSI_ASAN_OPTIONS\\ | |
19 | UBSAN_OPTIONS=$MKOSI_UBSAN_OPTIONS\\ | |
20 | LD_PRELOAD=$LD_PRELOAD | |
5a4327d1 DDM |
21 | EOF |
22 | ||
1ad84c9a DDM |
23 | # ASAN logs to stderr by default. However, journald's stderr is connected to /dev/null, so we lose |
24 | # all the ASAN logs. To rectify that, let's connect journald's stdout to the console so that any | |
25 | # sanitizer failures appear directly on the user's console. | |
26 | mkdir -p /etc/systemd/system/systemd-journald.service.d | |
27 | cat >/etc/systemd/system/systemd-journald.service.d/10-stdout-tty.conf <<EOF | |
01a07564 DDM |
28 | [Service] |
29 | StandardOutput=tty | |
30 | EOF | |
31 | ||
1ad84c9a DDM |
32 | # Both systemd and util-linux's login call vhangup() on /dev/console which disconnects all users. |
33 | # This means systemd-journald can't log to /dev/console even if we configure `StandardOutput=tty`. As | |
34 | # a workaround, we modify console-getty.service to disable systemd's vhangup() and disallow login | |
35 | # from calling vhangup() so that journald's ASAN logs correctly end up in the console. | |
01a07564 | 36 | |
1ad84c9a DDM |
37 | mkdir -p /etc/systemd/system/console-getty.service.d |
38 | cat >/etc/systemd/system/console-getty.service.d/10-no-vhangup.conf <<EOF | |
01a07564 DDM |
39 | [Service] |
40 | TTYVHangup=no | |
41 | CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG | |
42 | EOF | |
1ad84c9a DDM |
43 | # ASAN and syscall filters aren't compatible with each other. |
44 | find / -name '*.service' -type f -exec sed -i 's/^\(MemoryDeny\|SystemCall\)/# \1/' {} + | |
69d638e6 | 45 | |
1ad84c9a DDM |
46 | # `systemd-hwdb update` takes > 50s when built with sanitizers so let's not run it by default. |
47 | systemctl mask systemd-hwdb-update.service | |
48 | fi | |
37d35150 | 49 | |
1ad84c9a DDM |
50 | # Make sure dnsmasq.service doesn't start on boot on Debian/Ubuntu. |
51 | rm -f /etc/systemd/system/multi-user.target.wants/dnsmasq.service | |
01a07564 | 52 | |
1ad84c9a DDM |
53 | if [ -n "$IMAGE_ID" ] ; then |
54 | sed -n \ | |
55 | -i \ | |
56 | -e '/^IMAGE_ID=/!p' \ | |
57 | -e "\$aIMAGE_ID=$IMAGE_ID" \ | |
58 | /usr/lib/os-release | |
59 | fi | |
01a07564 | 60 | |
1ad84c9a DDM |
61 | if [ -n "$IMAGE_VERSION" ] ; then |
62 | sed -n \ | |
63 | -i \ | |
64 | -e '/^IMAGE_VERSION=/!p' \ | |
65 | -e "\$aIMAGE_VERSION=$IMAGE_VERSION" \ | |
66 | /usr/lib/os-release | |
1b6f9b98 | 67 | fi |