Skip to content
This repository has been archived by the owner on Feb 24, 2020. It is now read-only.

tests: adjust security tests for systemd v232 #3401

Merged
merged 2 commits into from
Nov 23, 2016
Merged

tests: adjust security tests for systemd v232 #3401

merged 2 commits into from
Nov 23, 2016

Conversation

lucab
Copy link
Member

@lucab lucab commented Nov 22, 2016

systemd v232 gained some protection features both at nspawn and exec level, changing some behavior used while testing rkt insecure mode.
This PR adjusts the NoNewPrivileges check and temporarily disable the sysrq-trigger one.

Closes #3367

@lucab
tests: fix no-new-privs test on recent systemd
717efb0 
Systemd (v232+) provides multiple security features which automatically
set the no-new-privs bit to prevent bypass.
This commit opts-out paths protection, in order to test rkt no-new-privs
feature.
@lucab
tests: skip testing for insecure sysrq-trigger in TestPathsWrite
115aa21 
systemd v232 introduced an hardcoded protection for /proc/sysrq-trigger,
so rkt insecure mode does not work anymore for that path.
Disabling the insecure part of TestPathsWrite for now, can be re-enabled
once systemd/systemd#4395 is available in stage1.
@lucab lucab added this to the v1.20.0 milestone Nov 22, 2016
@jonboulle
Copy link
Contributor

lgtm

@lucab lucab merged commit ff6755b into rkt:master Nov 23, 2016
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
area/testing reviewed/lgtm reviewed/merge-on-green
Projects
None yet
Milestone
v1.20.0
Development

Successfully merging this pull request may close these issues.
2 participants
@lucab @jonboulle