From: Frantisek Sumsal Date: Thu, 30 Sep 2021 12:14:19 +0000 (+0200) Subject: test: use a less restrictive portable profile when running w/ sanitizers X-Git-Tag: v250-rc1~581^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e72be068b159ff547cb74ea3f16f13b38bb5a02a;p=thirdparty%2Fsystemd.git test: use a less restrictive portable profile when running w/ sanitizers Since f833df3 we now actually use the seccomp rules defined in portable profiles. However, the default one is too restrictive for sanitizers, as it blocks certain syscall required by LSan. Mitigate this by using the 'trusted' profile when running TEST-29-PORTABLE under sanitizers. --- diff --git a/test/units/testsuite-29.sh b/test/units/testsuite-29.sh index 77bb6db15a7..7775695e6df 100755 --- a/test/units/testsuite-29.sh +++ b/test/units/testsuite-29.sh @@ -4,6 +4,13 @@ set -eux set -o pipefail +ARGS=() +if [[ -v ASAN_OPTIONS || -v UBSAN_OPTIONS ]]; then + # If we're running under sanitizers, we need to use a less restrictive + # profile, otherwise LSan syscall would get blocked by seccomp + ARGS+=(--profile=trusted) +fi + export SYSTEMD_LOG_LEVEL=debug mkdir -p /run/systemd/system/systemd-portabled.service.d/ cat </run/systemd/system/systemd-portabled.service.d/override.conf @@ -11,7 +18,7 @@ cat </run/systemd/system/systemd-portabled.service.d/override.conf Environment=SYSTEMD_LOG_LEVEL=debug EOF -portablectl attach --now --runtime /usr/share/minimal_0.raw app0 +portablectl "${ARGS[@]}" attach --now --runtime /usr/share/minimal_0.raw app0 systemctl is-active app0.service systemctl is-active app0-foo.service @@ -21,7 +28,7 @@ systemctl is-active app0-bar.service && exit 1 set -e set -o pipefail -portablectl reattach --now --runtime /usr/share/minimal_1.raw app0 +portablectl "${ARGS[@]}" reattach --now --runtime /usr/share/minimal_1.raw app0 systemctl is-active app0.service systemctl is-active app0-bar.service @@ -42,7 +49,7 @@ portablectl list | grep -q -F "No images." unsquashfs -dest /tmp/minimal_0 /usr/share/minimal_0.raw unsquashfs -dest /tmp/minimal_1 /usr/share/minimal_1.raw -portablectl attach --copy=symlink --now --runtime /tmp/minimal_0 app0 +portablectl "${ARGS[@]}" attach --copy=symlink --now --runtime /tmp/minimal_0 app0 systemctl is-active app0.service systemctl is-active app0-foo.service @@ -52,7 +59,7 @@ systemctl is-active app0-bar.service && exit 1 set -e set -o pipefail -portablectl reattach --now --enable --runtime /tmp/minimal_1 app0 +portablectl "${ARGS[@]}" reattach --now --enable --runtime /tmp/minimal_1 app0 systemctl is-active app0.service systemctl is-active app0-bar.service @@ -68,21 +75,21 @@ portablectl detach --now --enable --runtime /tmp/minimal_1 app0 portablectl list | grep -q -F "No images." -portablectl attach --now --runtime --extension /usr/share/app0.raw /usr/share/minimal_0.raw app0 +portablectl "${ARGS[@]}" attach --now --runtime --extension /usr/share/app0.raw /usr/share/minimal_0.raw app0 systemctl is-active app0.service -portablectl reattach --now --runtime --extension /usr/share/app0.raw /usr/share/minimal_1.raw app0 +portablectl "${ARGS[@]}" reattach --now --runtime --extension /usr/share/app0.raw /usr/share/minimal_1.raw app0 systemctl is-active app0.service portablectl detach --now --runtime --extension /usr/share/app0.raw /usr/share/minimal_1.raw app0 -portablectl attach --now --runtime --extension /usr/share/app1.raw /usr/share/minimal_0.raw app1 +portablectl "${ARGS[@]}" attach --now --runtime --extension /usr/share/app1.raw /usr/share/minimal_0.raw app1 systemctl is-active app1.service -portablectl reattach --now --runtime --extension /usr/share/app1.raw /usr/share/minimal_1.raw app1 +portablectl "${ARGS[@]}" reattach --now --runtime --extension /usr/share/app1.raw /usr/share/minimal_1.raw app1 systemctl is-active app1.service @@ -95,7 +102,7 @@ mount /usr/share/app1.raw /tmp/app1 mount /usr/share/minimal_0.raw /tmp/rootdir mount -t overlay overlay -o lowerdir=/tmp/app1:/tmp/rootdir /tmp/overlay -portablectl attach --copy=symlink --now --runtime /tmp/overlay app1 +portablectl "${ARGS[@]}" attach --copy=symlink --now --runtime /tmp/overlay app1 systemctl is-active app1.service