| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Unprivileged overlayfs is supported since Linux 5.11. The only
change needed to get ExtensionDirectories to work is to avoid
hard-coding the staging directory to the system manager runtime
directory, everything else just works (TM).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The only piece missing was to somehow make /proc appear in the
new user+mount namespace. It is not possible to mount a new
/proc instance, not even with hidepid=invisible,subset=pid, in
a user namespace unless a PID namespace is created too (and also
at the same time as the other namespaces, it is not possible to
mount a new /proc in a child process that creates a PID namespace
forked from a parent that created a user+mount namespace, it has
to happen at the same time).
Use the host's /proc with a bind-mount as a fallback for this
case. User session services would already run with it, so
nothing is lost.
|
| | |
|
| |
|
|
|
|
| |
Specifying the test number manually is tedious and prone to errors (as
recently proven). Since we have all the necessary data to work out the
test number, let's do it automagically.
|
| | |
|
| |
|
|
| |
Now we will run setup_nspawn_root() in some case where do don't need to.
|
| |
|
|
|
| |
Setup of lingering is dropped. I don't think it's necessary for anything,
because the unit is still pulled in from the testsuite service.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As in 2a5fcfae024ffc370bb780572279f45a1da3f946
and in 3e67e5c9928f8b1e1c5a63def88d53ed1fed12eb
using /usr/bin/env allows bash to be looked up in PATH
rather than being hard-coded.
As with the previous changes the same arguments apply
- distributions have scripts to rewrite shebangs on installation and
they know what locations to rely on.
- For tests/compilation we should rather rely on the user to have setup
there PATH correctly.
In particular this makes testing from git easier on NixOS where do not provide
/bin/bash to improve compose-ability.
|
| |
|
|
|
|
|
|
|
| |
We wait for "basic.target" being reached in the user instance anyway
before allowing the user's session to start, hence doing such a wait is
unnecessary, since that would just mean we'd wait for "default.target"
on top of "basic.target", but we shouldn#t need anything of that...
Hence, let's simplify this, reduce explicit sync points.
|
| |
|
|
|
|
| |
The name is not as universal as we want, still, hence let's use our own
user we create with sysusers.d/. That should yield same behaviour
everywhere (and also test sysusers a bit as side effect).
|
| |
|
|
|
|
| |
let's make sure we always invoke our commands through /bin/sh, since
on some distros su will use /bin/nologin (or whatever is listed in
/etc/passwd) as shell otherwise and we don#t want that.
|
| |
|
|
|
| |
for some reason the newer tests used file copyies instead of symlinks.
let's fix that.
|
| |
|
|
|
|
| |
To support ProtectHome=y in a user namespace (which mounts the inaccessible
nodes), the nodes need to be accessible by the user. Create these paths and
devices in the user runtime directory so they can be used later if needed.
|
|
|
The test exercises that PrivateTmp=yes and ProtectHome={read-only,tmpfs}
directives work as expected when PrivateUsers=yes in a user manager.
Some code is also added to test-functions to help set up test cases that
exercise the user manager.
|
