Age | Commit message (Collapse) | Author |
|
Travis is now using Seccomp, and Docker's default Seccomp policy
disables execveat (though, weirdly, not fexecve). It also prohibits any
operations on AF_ALG sockets.
While I'm here, replace close/dup with dup2, which is more reliable.
Also, drop the fork mutex earlier. This way all of the exeve tests will
run, even if one fails.
https://docs.docker.com/engine/security/seccomp/
|
|
process_vm_readv requires it, and I'm not exactly sure which other
things do too.
|
|
This fixes the tests on Rust 1.38.0. We'll fix them for real after
release 0.15.0.
Issue #1096
|
|
* kmod tests must run exclusively, because they load and unload a module
with a constant name.
* A few tests were doing some variant of chdir, but weren't taking the
CWD_MTX.
* The kmod tests read files by path relative to CWD, so they need the
CWD_MTX. But they don't need it exclusively, so convert the CWD_MTX
into an RwLock.
* Tests that do change the cwd need to change it back when they're done.
|
|
* On Linux, it requires the CAP_SYS_PACCT capability.
* Reenable the test on FreeBSD, because our FreeBSD CI environment is no
longer jailed (since we switched from BuildBot to CirrusCI), but check
at runtime whether the process is jailed.
* test_acct needs the FORK_MTX because it uses Command::new .
* Fix a race condition. acct(2) isn't synchronous. It starts a kernel
thread but does not wait for it to become ready. Fix it by running
the test command within the polling loop.
|
|
It's not sufficient to check for root privileges, because a
containerized process may have root's euid but still lack important
capabilities. Fix these tests by checking for the CAP_SYS_MOD
capability.
|
|
It's not sufficient to check for root privileges. In a container, the
euid may be root even though the user lacks some capabilities. Replace
this test's root check with a check for the CAP_NET_ADMIN capability
instead.
|
|
- init_module and finit_module to load kernel modules
- delete_module to unload kernel modules
Signed-off-by: Pascal Bach <pascal.bach@nextrem.ch>
|
|
This macro can be used in tests to skip the test if it requires root to sucssfully run.
|
|
This is a lower-level interface than `std::fs::ReadDir`. Notable differences:
* can be opened from a file descriptor (as returned by `openat`, perhaps
before knowing if the path represents a file or directory). Uses
`fdopendir` for this, available on all Unix platforms as of
rust-lang/libc#1018.
* implements `AsRawFd`, so it can be passed to `fstat`, `openat`, etc.
* can be iterated through multiple times without closing and reopening the
file descriptor. Each iteration rewinds when finished.
* returns entries for `.` (current directory) and `..` (parent directory).
* returns entries' names as a `CStr` (no allocation or conversion beyond
whatever libc does).
|
|
Signed-off-by: Igor Gnatenko <i.gnatenko.brain@gmail.com>
|
|
|
|
820: Change AioCb to primarily use Bytes instead of Rc<[u8]> r=Susurrus a=asomers
`Rc<[u8]>` isn't a very good buffer type to use for aio. For one thing, it lacks interior mutability. For another, a single `Rc<[u8]>` can't be carved up into smaller buffers of the same type. `Bytes` and `BytesMut` fix both problems. This PR removes the ability to construct an `AioCb` from `Rc<[u8]>` and adds the ability to construct one from `Bytes`, `BytesMut`, or raw pointers (for consumers who need even more flexibility). At this stage, the PR has the following warts:
1. A hack is necessary to force small `Bytes` buffers to allocate on the heap. I plan to fix this with an enhancement to the bytes crate.
2. The `AioCb::buffer` method is necessary due to a deficiency in the tokio-core crate. Once I fix that, then only `AioCb::into_buffer`will need to be public.
|
|
It's not actually safe to read into an `Rc<[u8]>`. It only worked
because of a coincidental `unsafe` block. Replace that type with
`BytesMut` from the bytes crate. For consistency's sake, use `Bytes`
for writing too, and completely remove methods relating to `Rc<[u8]>`.
Note that the `AioCb` will actually own the `BytesMut` object. The
caller must call `into_buffer` to get it back once the I/O is complete.
Fixes #788
|
|
|
|
|
|
This was doing testing for errno constants and a few other
types that is no longer necessary now that these types are
all tested within the libc project itself.
|
|
Fix groups mutex name
|
|
This adds fexecve() to `nix::unistd`. It is available in libc since 0.2.29.
Ref: http://pubs.opengroup.org/onlinepubs/9699919799/functions/fexecve.html
|
|
|
|
ptsname(3) returns a pointer to a global variable, so it isn't
thread-safe. Protect it with a mutex.
|
|
Note that this is now only available for Linux as support is missing in libc
for Android (see rust-lang/libc#671).
As part of this work the SIGUSR2 signal mutex was altered to be a general
signal mutex. This is because all signal handling is shared across all threads
in the Rust test harness, so if you alter one signal, depending on whether it's
additive or may overwrite the mask for other signals, it could break the other
ones. Instead of putting this on the user, just broaden the scope of the mutex
so that any altering of signal handling needs to use it.
|
|
They have four problems:
* The chdir tests change the process's cwd, which is global. Protect them
all with a mutex.
* The wait tests will reap any subprocess, and several tests create
subprocesses. Protect them all with a mutex so only one
subprocess-creating test will run at a time.
* When a multithreaded test forks, the child process can sometimes block in
the stack unwinding code. It blocks on a mutex that was held by a
different thread in the parent, but that thread doesn't exist in the
child, so a deadlock results. Fix this by immediately calling
std::process:exit in the child processes.
* My previous attempt at thread safety in the aio tests didn't work, because
anonymous MutexGuards drop immediately. Fix this by naming the
SIGUSR2_MTX MutexGuards.
Fixes #251
|
|
std::fs::File closes the underlying file descriptor on Drop, without
checking for errors. test_lseek and test_lseek64 also manually close
the file descriptor. That works for single threaded test runs. But for
multithreaded runs, it causes EBADF errors in other tests. Fix the
tests by consuming the File with into_raw_fd(), so its drop method will
never be called.
Also, fix a potential short read bug in the same tests.
|
|
|
|
* grantpt
* ptsname/ptsname_r
* posix_openpt
* unlockpt
|
|
Adds a mutex to protect access to SIGUSR2 signal handlers by the AIO
tests.
Fixes #578
|
|
test_getsockname used an IPv4 socket and assumed that localhost was
"127.0.0.1". But that assumption doesn't hold on IPv6-only hosts or on
shared-IP FreeBSD jails. Unfortunately, the Rust standard library
doesn't provide a good way to resolve localhost. So change the test to
use a unix-domain socket instead.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|