1 Star 0 Fork 100

YukariChiba/systemd

forked from src-openEuler/systemd 
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
克隆/下载
backport-test-use-a-less-restrictive-portable-profile-when-ru.patch 3.27 KB
一键复制 编辑 原始数据 按行查看 历史
From 9dbdd33ffa824934962ebe61d03a9f727a1c416c Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Thu, 30 Sep 2021 14:14:19 +0200
Subject: [PATCH] test: use a less restrictive portable profile when running w/
sanitizers
Since f833df3 we now actually use the seccomp rules defined in portable
profiles. However, the default one is too restrictive for sanitizers, as
it blocks certain syscall required by LSan. Mitigate this by using the
'trusted' profile when running TEST-29-PORTABLE under sanitizers.
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/9dbdd33ffa824934962ebe61d03a9f727a1c416c
---
test/units/testsuite-29.sh | 21 ++++++++++++++-------
1 file changed, 14 insertions(+), 7 deletions(-)
diff --git a/test/units/testsuite-29.sh b/test/units/testsuite-29.sh
index 3408e6d71a..549fc2663c 100755
--- a/test/units/testsuite-29.sh
+++ b/test/units/testsuite-29.sh
@@ -4,9 +4,16 @@
set -eux
set -o pipefail
+ARGS=()
+if [[ -v ASAN_OPTIONS || -v UBSAN_OPTIONS ]]; then
+ # If we're running under sanitizers, we need to use a less restrictive
+ # profile, otherwise LSan syscall would get blocked by seccomp
+ ARGS+=(--profile=trusted)
+fi
+
export SYSTEMD_LOG_LEVEL=debug
-portablectl attach --now --runtime /usr/share/minimal_0.raw app0
+portablectl "${ARGS[@]}" attach --now --runtime /usr/share/minimal_0.raw app0
systemctl is-active app0.service
systemctl is-active app0-foo.service
@@ -16,7 +23,7 @@ systemctl is-active app0-bar.service && exit 1
set -e
set -o pipefail
-portablectl reattach --now --runtime /usr/share/minimal_1.raw app0
+portablectl "${ARGS[@]}" reattach --now --runtime /usr/share/minimal_1.raw app0
systemctl is-active app0.service
systemctl is-active app0-bar.service
@@ -37,7 +44,7 @@ portablectl list | grep -q -F "No images."
unsquashfs -dest /tmp/minimal_0 /usr/share/minimal_0.raw
unsquashfs -dest /tmp/minimal_1 /usr/share/minimal_1.raw
-portablectl attach --copy=symlink --now --runtime /tmp/minimal_0 app0
+portablectl "${ARGS[@]}" attach --copy=symlink --now --runtime /tmp/minimal_0 app0
systemctl is-active app0.service
systemctl is-active app0-foo.service
@@ -47,7 +54,7 @@ systemctl is-active app0-bar.service && exit 1
set -e
set -o pipefail
-portablectl reattach --now --enable --runtime /tmp/minimal_1 app0
+portablectl "${ARGS[@]}" reattach --now --enable --runtime /tmp/minimal_1 app0
systemctl is-active app0.service
systemctl is-active app0-bar.service
@@ -66,11 +73,11 @@ portablectl list | grep -q -F "No images."
root="/usr/share/minimal_0.raw"
app1="/usr/share/app1.raw"
-portablectl attach --now --runtime --extension ${app1} ${root} app1
+portablectl "${ARGS[@]}" attach --now --runtime --extension ${app1} ${root} app1
systemctl is-active app1.service
-portablectl reattach --now --runtime --extension ${app1} ${root} app1
+portablectl "${ARGS[@]}" reattach --now --runtime --extension ${app1} ${root} app1
systemctl is-active app1.service
@@ -83,7 +90,7 @@ mount ${app1} /tmp/app1
mount ${root} /tmp/rootdir
mount -t overlay overlay -o lowerdir=/tmp/app1:/tmp/rootdir /tmp/overlay
-portablectl attach --copy=symlink --now --runtime /tmp/overlay app1
+portablectl "${ARGS[@]}" attach --copy=symlink --now --runtime /tmp/overlay app1
systemctl is-active app1.service
--
2.33.0
Loading...
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/YukariChiba/systemd.git
git@gitee.com:YukariChiba/systemd.git
YukariChiba
systemd
systemd
master

搜索帮助