From e69d724aff27b930f7499e7c76449bdc1609f1e8 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Tue, 3 Dec 2024 14:45:43 +0100 Subject: [PATCH] test-execute: Make /coverage writable in DynamicUser= tests DynamicUser=yes implies ProtectSystem=yes, so let's explicitly make sure the coverage directory is writable in these tests. --- test/test-execute/exec-ambientcapabilities-dynuser.service | 1 + test/test-execute/exec-dynamicuser-fixeduser-adm.service | 1 + test/test-execute/exec-dynamicuser-fixeduser-games.service | 1 + .../exec-dynamicuser-fixeduser-one-supplementarygroup.service | 1 + test/test-execute/exec-dynamicuser-fixeduser.service | 1 + test/test-execute/exec-dynamicuser-runtimedirectory1.service | 1 + test/test-execute/exec-dynamicuser-runtimedirectory2.service | 1 + test/test-execute/exec-dynamicuser-runtimedirectory3.service | 1 + .../test-execute/exec-dynamicuser-statedir-migrate-step2.service | 1 + test/test-execute/exec-dynamicuser-statedir.service | 1 + test/test-execute/exec-dynamicuser-supplementarygroups.service | 1 + 11 files changed, 11 insertions(+) diff --git a/test/test-execute/exec-ambientcapabilities-dynuser.service b/test/test-execute/exec-ambientcapabilities-dynuser.service index ab815f39a3..b927c7dbca 100644 --- a/test/test-execute/exec-ambientcapabilities-dynuser.service +++ b/test/test-execute/exec-ambientcapabilities-dynuser.service @@ -9,3 +9,4 @@ AmbientCapabilities=CAP_CHOWN CAP_SETUID CAP_NET_RAW DynamicUser=yes PrivateUsers=yes EnvironmentFile=-/usr/lib/systemd/systemd-asan-env +ReadWritePaths=-/coverage diff --git a/test/test-execute/exec-dynamicuser-fixeduser-adm.service b/test/test-execute/exec-dynamicuser-fixeduser-adm.service index 1b7f232cd1..3a7f8aef60 100644 --- a/test/test-execute/exec-dynamicuser-fixeduser-adm.service +++ b/test/test-execute/exec-dynamicuser-fixeduser-adm.service @@ -10,3 +10,4 @@ ExecStart=sh -x -c 'test "$$(id -nG)" = "adm" && test "$$(id -ng)" = "adm" && te ExecStart=sh -x -c 'test "$$(id -nG)" = "adm" && test "$$(id -ng)" = "adm" && test "$$(id -nu)" = "adm"' DynamicUser=yes User=adm +ReadWritePaths=-/coverage diff --git a/test/test-execute/exec-dynamicuser-fixeduser-games.service b/test/test-execute/exec-dynamicuser-fixeduser-games.service index b13c23a74d..40048d27a8 100644 --- a/test/test-execute/exec-dynamicuser-fixeduser-games.service +++ b/test/test-execute/exec-dynamicuser-fixeduser-games.service @@ -10,3 +10,4 @@ ExecStart=sh -x -c 'test "$$(id -nG)" = "games" && test "$$(id -ng)" = "games" & ExecStart=sh -x -c 'test "$$(id -nG)" = "games" && test "$$(id -ng)" = "games" && test "$$(id -nu)" = "games"' DynamicUser=yes User=games +ReadWritePaths=-/coverage diff --git a/test/test-execute/exec-dynamicuser-fixeduser-one-supplementarygroup.service b/test/test-execute/exec-dynamicuser-fixeduser-one-supplementarygroup.service index e494c33551..e58b524033 100644 --- a/test/test-execute/exec-dynamicuser-fixeduser-one-supplementarygroup.service +++ b/test/test-execute/exec-dynamicuser-fixeduser-one-supplementarygroup.service @@ -9,3 +9,4 @@ Type=oneshot User=1 DynamicUser=yes SupplementaryGroups=1 +ReadWritePaths=-/coverage diff --git a/test/test-execute/exec-dynamicuser-fixeduser.service b/test/test-execute/exec-dynamicuser-fixeduser.service index 4ebfc20cde..8e5244d891 100644 --- a/test/test-execute/exec-dynamicuser-fixeduser.service +++ b/test/test-execute/exec-dynamicuser-fixeduser.service @@ -8,3 +8,4 @@ ExecStart=sh -x -c 'test "$$(id -g)" = "1" && test "$$(id -u)" = "1"' Type=oneshot User=1 DynamicUser=yes +ReadWritePaths=-/coverage diff --git a/test/test-execute/exec-dynamicuser-runtimedirectory1.service b/test/test-execute/exec-dynamicuser-runtimedirectory1.service index 59d3bf0884..671b316736 100644 --- a/test/test-execute/exec-dynamicuser-runtimedirectory1.service +++ b/test/test-execute/exec-dynamicuser-runtimedirectory1.service @@ -11,3 +11,4 @@ RuntimeDirectory=test-exec_runtimedirectorypreserve RuntimeDirectoryPreserve=yes DynamicUser=yes EnvironmentFile=-/usr/lib/systemd/systemd-asan-env +ReadWritePaths=-/coverage diff --git a/test/test-execute/exec-dynamicuser-runtimedirectory2.service b/test/test-execute/exec-dynamicuser-runtimedirectory2.service index 6ff9d7503a..cdb80848e3 100644 --- a/test/test-execute/exec-dynamicuser-runtimedirectory2.service +++ b/test/test-execute/exec-dynamicuser-runtimedirectory2.service @@ -12,3 +12,4 @@ RuntimeDirectory=test-exec_runtimedirectorypreserve RuntimeDirectoryPreserve=yes DynamicUser=yes EnvironmentFile=-/usr/lib/systemd/systemd-asan-env +ReadWritePaths=-/coverage diff --git a/test/test-execute/exec-dynamicuser-runtimedirectory3.service b/test/test-execute/exec-dynamicuser-runtimedirectory3.service index cebb819476..51a9e44c6f 100644 --- a/test/test-execute/exec-dynamicuser-runtimedirectory3.service +++ b/test/test-execute/exec-dynamicuser-runtimedirectory3.service @@ -11,3 +11,4 @@ Type=oneshot RuntimeDirectory=test-exec_runtimedirectorypreserve DynamicUser=yes EnvironmentFile=-/usr/lib/systemd/systemd-asan-env +ReadWritePaths=-/coverage diff --git a/test/test-execute/exec-dynamicuser-statedir-migrate-step2.service b/test/test-execute/exec-dynamicuser-statedir-migrate-step2.service index 7261f4a174..f22862378c 100644 --- a/test/test-execute/exec-dynamicuser-statedir-migrate-step2.service +++ b/test/test-execute/exec-dynamicuser-statedir-migrate-step2.service @@ -25,3 +25,4 @@ Type=oneshot DynamicUser=yes StateDirectory=test-dynamicuser-migrate test-dynamicuser-migrate2/hoge EnvironmentFile=-/usr/lib/systemd/systemd-asan-env +ReadWritePaths=-/coverage diff --git a/test/test-execute/exec-dynamicuser-statedir.service b/test/test-execute/exec-dynamicuser-statedir.service index 636a70259c..1e4fe818ac 100644 --- a/test/test-execute/exec-dynamicuser-statedir.service +++ b/test/test-execute/exec-dynamicuser-statedir.service @@ -84,3 +84,4 @@ Type=oneshot DynamicUser=yes StateDirectory=waldo quux/pief aaa/bbb aaa aaa/ccc xxx/yyy:aaa/111 xxx:aaa/222 xxx/zzz:aaa/333 abc:d\:ef EnvironmentFile=-/usr/lib/systemd/systemd-asan-env +ReadWritePaths=-/coverage diff --git a/test/test-execute/exec-dynamicuser-supplementarygroups.service b/test/test-execute/exec-dynamicuser-supplementarygroups.service index be1b8f76f2..fd88a790e4 100644 --- a/test/test-execute/exec-dynamicuser-supplementarygroups.service +++ b/test/test-execute/exec-dynamicuser-supplementarygroups.service @@ -9,3 +9,4 @@ Type=oneshot DynamicUser=yes SupplementaryGroups=1 2 EnvironmentFile=-/usr/lib/systemd/systemd-asan-env +ReadWritePaths=-/coverage