From 445d545dd3a27d7344dfaf37f29c50e0f0eabc83 Mon Sep 17 00:00:00 2001 From: Frantisek Sumsal Date: Thu, 25 Apr 2024 19:50:10 +0200 Subject: [PATCH] test: check coredump handling in containers & namespaces This is partially based on upstream's 097e28736a, which tests coredump forwarding (that we don't have in RHEL 9). It also provides basic coverage for RHEL-29430 (generating stack traces for processes in containers without coredump fowarding). rhel-only Related: RHEL-34061 --- test/test-functions | 2 +- test/units/testsuite-74.coredump.sh | 64 ++++++++++++++++++++++++++++- 2 files changed, 64 insertions(+), 2 deletions(-) diff --git a/test/test-functions b/test/test-functions index 1608644cbb1..947f8589c50 100644 --- a/test/test-functions +++ b/test/test-functions @@ -2619,7 +2619,7 @@ inst_binary() { # ls, stat - pulls in nss_systemd with certain options (like ls -l) when # nsswitch.conf uses [SUCCESS=merge] (like on Arch Linux) # tar - called by machinectl in TEST-25 - if get_bool "$IS_BUILT_WITH_ASAN" && [[ "$bin" =~ /(chown|getent|login|ls|stat|su|tar|useradd|userdel)$ ]]; then + if get_bool "$IS_BUILT_WITH_ASAN" && [[ "$bin" =~ /(chown|getent|login|id|ls|stat|su|tar|useradd|userdel)$ ]]; then wrap_binary=1 fi diff --git a/test/units/testsuite-74.coredump.sh b/test/units/testsuite-74.coredump.sh index d30fd737172..1093cad8a90 100755 --- a/test/units/testsuite-74.coredump.sh +++ b/test/units/testsuite-74.coredump.sh @@ -74,6 +74,68 @@ rm -fv /run/systemd/coredump.conf.d/99-external.conf # Wait a bit for the coredumps to get processed timeout 30 bash -c "while [[ \$(coredumpctl list -q --no-legend $CORE_TEST_BIN | wc -l) -lt 4 ]]; do sleep 1; done" +# RHEL9: following part is taken out of 097e28736aed9280dfac0f8e8096deca71bac813 but slightly tweaked, since +# in RHEL9 we don't have the support for coredump forwarding +CONTAINER="testsuite-74-container" +TESTUSER_UID="$(id -u testuser)" +TESTUSER_GID="$(id -g testuser)" + +mkdir -p "/var/lib/machines/$CONTAINER" +mkdir -p "/run/systemd/system/systemd-nspawn@$CONTAINER.service.d" +# Bind-mounting /etc into the container kinda defeats the purpose of --volatile=, +# but we need the ASan-related overrides scattered across /etc +cat > "/run/systemd/system/systemd-nspawn@$CONTAINER.service.d/override.conf" << EOF +[Service] +ExecStart= +ExecStart=systemd-nspawn --quiet --link-journal=try-guest --keep-unit --machine=%i --boot \ + --volatile=yes --directory=/ --bind-ro=/etc --inaccessible=/etc/machine-id +EOF +systemctl daemon-reload + +machinectl start "$CONTAINER" +timeout 60 bash -xec "until systemd-run -M '$CONTAINER' -q --wait --pipe true; do sleep .5; done" +machinectl copy-to "$CONTAINER" "$MAKE_DUMP_SCRIPT" + +run_namespaced_coredump_tests() { + local TS + + # Make a couple of coredumps in a full-fleged container + TS="$(date +"%s.%N")" + [[ "$(coredumpctl list --since="@$TS" -q --no-legend /usr/bin/sleep | wc -l)" -eq 0 ]] + [[ "$(coredumpctl list --since="@$TS" -q --no-legend /usr/bin/sleep _UID="$TESTUSER_UID" | wc -l)" -eq 0 ]] + systemd-run -M "testuser@$CONTAINER" --user -q --wait --pipe "$MAKE_DUMP_SCRIPT" "/usr/bin/sleep" "SIGABRT" + systemd-run -M "$CONTAINER" -q --wait --pipe "$MAKE_DUMP_SCRIPT" "/usr/bin/sleep" "SIGTRAP" + # Wait a bit for the coredumps to get processed + timeout 30 bash -c "while [[ \$(coredumpctl list --since=@$TS -q --no-legend /usr/bin/sleep | wc -l) -ne 2 ]]; do sleep 1; done" + coredumpctl list + [[ "$(coredumpctl list --since="@$TS" -q --no-legend /usr/bin/sleep _UID="$TESTUSER_UID" _GID="$TESTUSER_GID" | wc -l)" -eq 1 ]] + + # Simplified version of the above - not a full container, just a mount & pid namespace + TS="$(date +"%s.%N")" + unshare --mount --pid --fork --mount-proc /bin/bash -xec "$MAKE_DUMP_SCRIPT /usr/bin/sleep SIGABRT" + timeout 30 bash -c "while [[ \$(coredumpctl list --since=@$TS -q --no-legend /usr/bin/sleep | wc -l) -ne 1 ]]; do sleep 1; done" + TS="$(date +"%s.%N")" + unshare --setuid="$TESTUSER_UID" --setgid="$TESTUSER_GID" --mount --pid --fork --mount-proc /bin/bash -xec "$MAKE_DUMP_SCRIPT /usr/bin/sleep SIGABRT" + timeout 30 bash -c "while [[ \$(coredumpctl list --since=@$TS -q --no-legend /usr/bin/sleep _UID=$TESTUSER_UID _GID=$TESTUSER_GID | wc -l) -ne 1 ]]; do sleep 1; done" +} + +# First, run the tests with default systemd-coredumpd settings +run_namespaced_coredump_tests + +# And now with SYSTEMD_COREDUMP_ALLOW_NAMESPACE_CHANGE=1 (RHEL-only) +cat >/tmp/coredump-handler.sh <