test-network: disable several more sandbox features when running with sanitizers

author Yu Watanabe <watanabe.yu+github@gmail.com>

Wed, 5 Nov 2025 15:03:16 +0000 (00:03 +0900)

committer Luca Boccassi <luca.boccassi@gmail.com>

Thu, 6 Nov 2025 23:38:13 +0000 (23:38 +0000)
author Yu Watanabe <watanabe.yu+github@gmail.com>
Wed, 5 Nov 2025 15:03:16 +0000 (00:03 +0900)
committer Luca Boccassi <luca.boccassi@gmail.com>
Thu, 6 Nov 2025 23:38:13 +0000 (23:38 +0000)
diff --git a/test/test-network/systemd-networkd-tests.py b/test/test-network/systemd-networkd-tests.py

index 6802646728c9e5bbca4ecd43ef1295cee8e4f627..93ad5635002d0e0bef80e3a88f27ff65bb93c9d9 100755 (executable)
--- a/test/test-network/systemd-networkd-tests.py
+++ b/test/test-network/systemd-networkd-tests.py
@@ -487,7 +487,19 @@ def create_service_dropin(service, command, additional_settings=None):
      if ubsan_options:
          drop_in += [f'Environment=UBSAN_OPTIONS="{ubsan_options}"']
      if asan_options or lsan_options or ubsan_options:
-        drop_in += ['SystemCallFilter=']
+        # Disable system call filter when running with sanitizers, as they seem to call filtered syscall at
+        # the very end of the execution and stuck the process. See issue #39567.
+        drop_in += [
+            'LockPersonality=no',
+            'ProtectClock=no',
+            'ProtectKernelLogs=no',
+            'RestrictAddressFamilies=',
+            'RestrictNamespaces=no',
+            'RestrictRealtime=no',
+            'RestrictSUIDSGID=no',
+            'SystemCallArchitectures=',
+            'SystemCallFilter=',
+        ]
      if use_valgrind or asan_options or lsan_options or ubsan_options:
          drop_in += ['MemoryDenyWriteExecute=no']
      if use_valgrind:
author	Yu Watanabe <watanabe.yu+github@gmail.com>
	Wed, 5 Nov 2025 15:03:16 +0000 (00:03 +0900)
committer	Luca Boccassi <luca.boccassi@gmail.com>
	Thu, 6 Nov 2025 23:38:13 +0000 (23:38 +0000)