From: Yu Watanabe Date: Sat, 7 Dec 2024 19:01:48 +0000 (+0900) Subject: test: use systemd-asan-env environment file at more places X-Git-Tag: v257~9^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F35480%2Fhead;p=thirdparty%2Fsystemd.git test: use systemd-asan-env environment file at more places --- diff --git a/mkosi.sanitizers/mkosi.extra/usr/lib/systemd/system/systemd-coredump@.service.d/10-asan.conf b/mkosi.sanitizers/mkosi.extra/usr/lib/systemd/system/systemd-coredump@.service.d/10-asan.conf new file mode 100644 index 00000000000..d627672307c --- /dev/null +++ b/mkosi.sanitizers/mkosi.extra/usr/lib/systemd/system/systemd-coredump@.service.d/10-asan.conf @@ -0,0 +1,6 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Service] +# systemd-coredump may call get_user_creds(), which may pull in instrumented +# systemd NSS modules and may trigger fatal LSAN error. +EnvironmentFile=-/usr/lib/systemd/systemd-asan-env diff --git a/test/units/TEST-07-PID1.exec-context.sh b/test/units/TEST-07-PID1.exec-context.sh index 46fb1f79e85..402a3b3498f 100755 --- a/test/units/TEST-07-PID1.exec-context.sh +++ b/test/units/TEST-07-PID1.exec-context.sh @@ -349,18 +349,18 @@ if [[ ! -v ASAN_OPTIONS ]] && systemctl --version | grep "+BPF_FRAMEWORK" && ker (! systemd-run --wait --pipe -p RestrictFileSystems="~proc devtmpfs sysfs" ls /sys) fi -if [[ ! -v ASAN_OPTIONS ]]; then - # Ensure DynamicUser=yes does not imply PrivateTmp=yes if TemporaryFileSystem=/tmp /var/tmp is set - systemd-run --unit test-07-dynamic-user-tmp.service \ - --service-type=notify \ - -p DynamicUser=yes \ - -p NotifyAccess=all \ - sh -c 'touch /tmp/a && touch /var/tmp/b && ! test -f /tmp/b && ! test -f /var/tmp/a && systemd-notify --ready && sleep infinity' - (! ls /tmp/systemd-private-"$(tr -d '-' < /proc/sys/kernel/random/boot_id)"-test-07-dynamic-user-tmp.service-* &>/dev/null) - (! ls /var/tmp/systemd-private-"$(tr -d '-' < /proc/sys/kernel/random/boot_id)"-test-07-dynamic-user-tmp.service-* &>/dev/null) - systemctl is-active test-07-dynamic-user-tmp.service - systemctl stop test-07-dynamic-user-tmp.service -fi +# Ensure DynamicUser=yes does not imply PrivateTmp=yes if TemporaryFileSystem=/tmp /var/tmp is set +systemd-run \ + --unit test-07-dynamic-user-tmp.service \ + --service-type=notify \ + -p DynamicUser=yes \ + -p EnvironmentFile=-/usr/lib/systemd/systemd-asan-env \ + -p NotifyAccess=all \ + sh -c 'touch /tmp/a && touch /var/tmp/b && ! test -f /tmp/b && ! test -f /var/tmp/a && systemd-notify --ready && sleep infinity' +(! ls /tmp/systemd-private-"$(tr -d '-' < /proc/sys/kernel/random/boot_id)"-test-07-dynamic-user-tmp.service-* &>/dev/null) +(! ls /var/tmp/systemd-private-"$(tr -d '-' < /proc/sys/kernel/random/boot_id)"-test-07-dynamic-user-tmp.service-* &>/dev/null) +systemctl is-active test-07-dynamic-user-tmp.service +systemctl stop test-07-dynamic-user-tmp.service # Make sure we properly (de)serialize various string arrays, including whitespaces # See: https://github.com/systemd/systemd/issues/31214 @@ -401,7 +401,16 @@ mkdir /tmp/root touch /tmp/root/foo chmod +x /tmp/root/foo (! systemd-run --wait --pipe false) -(! systemd-run --wait --pipe --unit "test-dynamicuser-fail" -p DynamicUser=yes -p WorkingDirectory=/nonexistent true) +if [[ ! -v ASAN_OPTIONS ]]; then + # Here, -p EnvironmentFile=-/usr/lib/systemd/systemd-asan-env does not work, + # as sd-executor loads NSS module and fails before applying the environment: + # (true)[660]: test-dynamicuser-fail.service: Changing to the requested working directory failed: No such file or directory + # (true)[660]: test-dynamicuser-fail.service: Failed at step CHDIR spawning /usr/bin/true: No such file or directory + # TEST-07-PID1.sh[660]: ==660==LeakSanitizer has encountered a fatal error. + # TEST-07-PID1.sh[660]: ==660==HINT: For debugging, try setting environment variable LSAN_OPTIONS=verbosity=1:log_threads=1 + # TEST-07-PID1.sh[660]: ==660==HINT: LeakSanitizer does not work under ptrace (strace, gdb, etc) + (! systemd-run --wait --pipe --unit "test-dynamicuser-fail" -p DynamicUser=yes -p WorkingDirectory=/nonexistent true) +fi (! systemd-run --wait --pipe -p RuntimeDirectory=not-a-directory true) (! systemd-run --wait --pipe -p RootDirectory=/tmp/root this-shouldnt-exist) (! systemd-run --wait --pipe -p RootDirectory=/tmp/root /foo) diff --git a/test/units/TEST-07-PID1.issue-14566.sh b/test/units/TEST-07-PID1.issue-14566.sh index d4be5b53b40..ecc18e411bd 100755 --- a/test/units/TEST-07-PID1.issue-14566.sh +++ b/test/units/TEST-07-PID1.issue-14566.sh @@ -6,7 +6,7 @@ set -o pipefail # Test that KillMode=mixed does not leave left over processes with ExecStopPost= # Issue: https://github.com/systemd/systemd/issues/14566 -if [[ -n "${ASAN_OPTIONS:-}" ]]; then +if [[ -v ASAN_OPTIONS ]]; then # Temporarily skip this test when running with sanitizers due to a deadlock # See: https://bugzilla.redhat.com/show_bug.cgi?id=2098125 echo "Sanitizers detected, skipping the test..."