From efeb864cb547a2cbf96dc0053a8bdb4d9190b364 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Wed, 12 Jun 2024 05:50:45 +0200 Subject: Merging upstream version 256. Signed-off-by: Daniel Baumann --- .../exec-ambientcapabilities-dynuser.service | 3 ++- .../exec-ambientcapabilities-merge-nfsnobody.service | 2 +- .../exec-ambientcapabilities-merge-nobody.service | 2 +- test/test-execute/exec-ambientcapabilities-merge.service | 2 +- .../exec-ambientcapabilities-nfsnobody.service | 2 +- .../test-execute/exec-ambientcapabilities-nobody.service | 2 +- test/test-execute/exec-ambientcapabilities.service | 2 +- test/test-execute/exec-bindpaths.service | 2 +- .../exec-capabilityboundingset-invert.service | 2 +- .../exec-capabilityboundingset-merge.service | 2 +- .../exec-capabilityboundingset-reset.service | 2 +- .../exec-capabilityboundingset-simple.service | 2 +- test/test-execute/exec-condition-failed.service | 2 +- test/test-execute/exec-condition-skip.service | 2 +- test/test-execute/exec-cpuaffinity1.service | 2 +- test/test-execute/exec-cpuaffinity2.service | 2 +- test/test-execute/exec-cpuaffinity3.service | 2 +- test/test-execute/exec-dynamicuser-fixeduser-adm.service | 4 ++-- .../exec-dynamicuser-fixeduser-games.service | 4 ++-- ...-dynamicuser-fixeduser-one-supplementarygroup.service | 4 ++-- test/test-execute/exec-dynamicuser-fixeduser.service | 4 ++-- .../exec-dynamicuser-runtimedirectory1.service | 7 ++++--- .../exec-dynamicuser-runtimedirectory2.service | 9 +++++---- .../exec-dynamicuser-runtimedirectory3.service | 9 +++++---- .../exec-dynamicuser-statedir-migrate-step1.service | 2 +- .../exec-dynamicuser-statedir-migrate-step2.service | 3 ++- test/test-execute/exec-dynamicuser-statedir.service | 1 + .../exec-dynamicuser-supplementarygroups.service | 5 +++-- test/test-execute/exec-environment-empty.service | 2 +- test/test-execute/exec-environment-multiple.service | 2 +- test/test-execute/exec-environment-no-substitute.service | 2 +- test/test-execute/exec-environment.service | 2 +- test/test-execute/exec-environmentfile.service | 2 +- .../exec-execsearchpath-environment-path-set.service | 2 +- .../test-execute/exec-execsearchpath-environment.service | 2 +- .../exec-execsearchpath-environmentfile-set.service | 2 +- .../exec-execsearchpath-environmentfile.service | 2 +- .../exec-execsearchpath-passenvironment-set.service | 2 +- .../exec-execsearchpath-passenvironment.service | 2 +- .../exec-execsearchpath-unit-specifier.service | 2 +- test/test-execute/exec-group-nfsnobody.service | 2 +- test/test-execute/exec-group-nobody.service | 2 +- test/test-execute/exec-group-nogroup.service | 2 +- test/test-execute/exec-group.service | 2 +- test/test-execute/exec-ignoresigpipe-no.service | 2 +- test/test-execute/exec-ignoresigpipe-yes.service | 2 +- .../exec-inaccessiblepaths-mount-propagation.service | 2 +- test/test-execute/exec-inaccessiblepaths-sys.service | 2 +- .../exec-ioschedulingclass-best-effort.service | 2 +- test/test-execute/exec-ioschedulingclass-idle.service | 2 +- test/test-execute/exec-ioschedulingclass-none.service | 2 +- .../test-execute/exec-ioschedulingclass-realtime.service | 2 +- test/test-execute/exec-load-credential.service | 8 ++++---- .../exec-networknamespacepath-privatemounts-no.service | 12 ++++++------ .../exec-networknamespacepath-privatemounts-yes.service | 12 ++++++------ test/test-execute/exec-noexecpaths-simple.service | 2 +- test/test-execute/exec-oomscoreadjust-negative.service | 2 +- test/test-execute/exec-oomscoreadjust-positive.service | 2 +- test/test-execute/exec-passenvironment-absent.service | 2 +- test/test-execute/exec-passenvironment-empty.service | 2 +- test/test-execute/exec-passenvironment-repeated.service | 2 +- test/test-execute/exec-passenvironment.service | 2 +- test/test-execute/exec-personality-aarch64.service | 2 +- test/test-execute/exec-personality-loongarch64.service | 2 +- test/test-execute/exec-personality-ppc64.service | 2 +- test/test-execute/exec-personality-ppc64le.service | 2 +- test/test-execute/exec-personality-s390.service | 2 +- test/test-execute/exec-personality-s390x.service | 8 ++++++++ test/test-execute/exec-personality-x86-64.service | 2 +- test/test-execute/exec-personality-x86.service | 2 +- test/test-execute/exec-privatedevices-bind.service | 4 ++-- .../exec-privatedevices-disabled-by-prefix.service | 2 +- .../exec-privatedevices-no-capability-mknod.service | 2 +- .../exec-privatedevices-no-capability-sys-rawio.service | 2 +- test/test-execute/exec-privatedevices-no.service | 2 +- .../exec-privatedevices-yes-capability-mknod.service | 2 +- .../exec-privatedevices-yes-capability-sys-rawio.service | 2 +- .../exec-privatedevices-yes-with-group.service | 6 +++--- test/test-execute/exec-privatedevices-yes.service | 2 +- .../exec-privatenetwork-yes-privatemounts-no.service | 6 +++--- .../exec-privatenetwork-yes-privatemounts-yes.service | 6 +++--- .../exec-privatetmp-disabled-by-prefix.service | 2 +- test/test-execute/exec-privatetmp-no.service | 2 +- test/test-execute/exec-privatetmp-yes.service | 2 +- ...xec-protecthome-tmpfs-vs-protectsystem-strict.service | 2 +- .../exec-protectkernellogs-no-capabilities.service | 2 +- .../exec-protectkernellogs-yes-capabilities.service | 2 +- .../exec-protectkernelmodules-no-capabilities.service | 2 +- .../exec-protectkernelmodules-yes-capabilities.service | 2 +- ...ec-protectkernelmodules-yes-mount-propagation.service | 2 +- .../exec-readonlypaths-mount-propagation.service | 2 +- test/test-execute/exec-readonlypaths-simple.service | 2 +- .../exec-readonlypaths-with-bindpaths.service | 2 +- test/test-execute/exec-readonlypaths.service | 4 ++-- .../exec-readwritepaths-mount-propagation.service | 2 +- test/test-execute/exec-runtimedirectory-mode.service | 4 ++-- .../exec-runtimedirectory-owner-nfsnobody.service | 2 +- .../exec-runtimedirectory-owner-nobody.service | 2 +- .../exec-runtimedirectory-owner-nogroup.service | 2 +- test/test-execute/exec-runtimedirectory-owner.service | 2 +- test/test-execute/exec-runtimedirectory.service | 6 +++--- test/test-execute/exec-set-credential.service | 8 ++++---- test/test-execute/exec-specifier-interpolation.service | 2 +- test/test-execute/exec-standardinput-data.service | 2 +- ...tarygroups-multiple-groups-default-group-user.service | 8 ++++---- ...c-supplementarygroups-multiple-groups-withgid.service | 6 +++--- ...c-supplementarygroups-multiple-groups-withuid.service | 4 ++-- .../exec-supplementarygroups-single-group-user.service | 4 ++-- .../exec-supplementarygroups-single-group.service | 4 ++-- test/test-execute/exec-supplementarygroups.service | 4 ++-- .../test-execute/exec-systemcallerrornumber-name.service | 2 +- .../exec-systemcallerrornumber-number.service | 2 +- test/test-execute/exec-systemcallfilter-failing.service | 2 +- test/test-execute/exec-systemcallfilter-failing2.service | 2 +- test/test-execute/exec-systemcallfilter-failing3.service | 2 +- ...ec-systemcallfilter-nonewprivileges-bounding1.service | 2 +- ...ec-systemcallfilter-nonewprivileges-bounding2.service | 2 +- ...systemcallfilter-nonewprivileges-protectclock.service | 2 +- .../exec-systemcallfilter-nonewprivileges.service | 2 +- .../exec-systemcallfilter-not-failing.service | 2 +- .../exec-systemcallfilter-not-failing2.service | 2 +- .../exec-systemcallfilter-not-failing3.service | 2 +- .../exec-systemcallfilter-override-error-action.service | 2 +- .../exec-systemcallfilter-override-error-action2.service | 2 +- .../exec-systemcallfilter-system-user-nfsnobody.service | 2 +- .../exec-systemcallfilter-system-user-nobody.service | 2 +- .../exec-systemcallfilter-system-user.service | 2 +- ...xec-systemcallfilter-with-errno-in-allow-list.service | 2 +- .../exec-systemcallfilter-with-errno-multi.service | 2 +- .../exec-systemcallfilter-with-errno-name.service | 2 +- .../exec-systemcallfilter-with-errno-number.service | 2 +- .../exec-temporaryfilesystem-options.service | 8 ++++---- test/test-execute/exec-temporaryfilesystem-ro.service | 16 ++++++++-------- test/test-execute/exec-temporaryfilesystem-usr.service | 6 +++--- test/test-execute/exec-umask-0177.service | 2 +- test/test-execute/exec-umask-default.service | 2 +- test/test-execute/exec-umask-namespace.service | 2 +- test/test-execute/exec-unsetenvironment.service | 2 +- test/test-execute/exec-user-nfsnobody.service | 2 +- test/test-execute/exec-user-nobody.service | 2 +- test/test-execute/exec-user.service | 2 +- .../exec-workingdirectory-trailing-dot.service | 2 +- test/test-execute/exec-workingdirectory.service | 2 +- 143 files changed, 217 insertions(+), 202 deletions(-) create mode 100644 test/test-execute/exec-personality-s390x.service (limited to 'test/test-execute') diff --git a/test/test-execute/exec-ambientcapabilities-dynuser.service b/test/test-execute/exec-ambientcapabilities-dynuser.service index 560628e..ab815f3 100644 --- a/test/test-execute/exec-ambientcapabilities-dynuser.service +++ b/test/test-execute/exec-ambientcapabilities-dynuser.service @@ -3,8 +3,9 @@ Description=Test for AmbientCapabilities (dynamic user) [Service] -ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000002081"' +ExecStart=sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000002081"' Type=oneshot AmbientCapabilities=CAP_CHOWN CAP_SETUID CAP_NET_RAW DynamicUser=yes PrivateUsers=yes +EnvironmentFile=-/usr/lib/systemd/systemd-asan-env diff --git a/test/test-execute/exec-ambientcapabilities-merge-nfsnobody.service b/test/test-execute/exec-ambientcapabilities-merge-nfsnobody.service index 4960da5..a170b3d 100644 --- a/test/test-execute/exec-ambientcapabilities-merge-nfsnobody.service +++ b/test/test-execute/exec-ambientcapabilities-merge-nfsnobody.service @@ -3,7 +3,7 @@ Description=Test for AmbientCapabilities [Service] -ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000002001"' +ExecStart=sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000002001"' Type=oneshot User=nfsnobody AmbientCapabilities=CAP_CHOWN diff --git a/test/test-execute/exec-ambientcapabilities-merge-nobody.service b/test/test-execute/exec-ambientcapabilities-merge-nobody.service index 4c72b2e..2e21bbc 100644 --- a/test/test-execute/exec-ambientcapabilities-merge-nobody.service +++ b/test/test-execute/exec-ambientcapabilities-merge-nobody.service @@ -3,7 +3,7 @@ Description=Test for AmbientCapabilities [Service] -ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000002001"' +ExecStart=sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000002001"' Type=oneshot User=nobody AmbientCapabilities=CAP_CHOWN diff --git a/test/test-execute/exec-ambientcapabilities-merge.service b/test/test-execute/exec-ambientcapabilities-merge.service index 13a5d45..c4bb21b 100644 --- a/test/test-execute/exec-ambientcapabilities-merge.service +++ b/test/test-execute/exec-ambientcapabilities-merge.service @@ -3,7 +3,7 @@ Description=Test for AmbientCapabilities (daemon) [Service] -ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000002001"' +ExecStart=sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000002001"' Type=oneshot User=daemon AmbientCapabilities=CAP_CHOWN diff --git a/test/test-execute/exec-ambientcapabilities-nfsnobody.service b/test/test-execute/exec-ambientcapabilities-nfsnobody.service index 10cb440..0bf91cc 100644 --- a/test/test-execute/exec-ambientcapabilities-nfsnobody.service +++ b/test/test-execute/exec-ambientcapabilities-nfsnobody.service @@ -3,7 +3,7 @@ Description=Test for AmbientCapabilities [Service] -ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000002001"' +ExecStart=sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000002001"' Type=oneshot User=nfsnobody AmbientCapabilities=CAP_CHOWN CAP_NET_RAW diff --git a/test/test-execute/exec-ambientcapabilities-nobody.service b/test/test-execute/exec-ambientcapabilities-nobody.service index 5400cac..8bd7ac4 100644 --- a/test/test-execute/exec-ambientcapabilities-nobody.service +++ b/test/test-execute/exec-ambientcapabilities-nobody.service @@ -3,7 +3,7 @@ Description=Test for AmbientCapabilities [Service] -ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000002001"' +ExecStart=sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000002001"' Type=oneshot User=nobody AmbientCapabilities=CAP_CHOWN CAP_NET_RAW diff --git a/test/test-execute/exec-ambientcapabilities.service b/test/test-execute/exec-ambientcapabilities.service index 5336bec..1bbc727 100644 --- a/test/test-execute/exec-ambientcapabilities.service +++ b/test/test-execute/exec-ambientcapabilities.service @@ -3,7 +3,7 @@ Description=Test for AmbientCapabilities (daemon) [Service] -ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000002001"' +ExecStart=sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000002001"' Type=oneshot User=daemon AmbientCapabilities=CAP_CHOWN CAP_NET_RAW diff --git a/test/test-execute/exec-bindpaths.service b/test/test-execute/exec-bindpaths.service index bf6968f..12e92e2 100644 --- a/test/test-execute/exec-bindpaths.service +++ b/test/test-execute/exec-bindpaths.service @@ -11,7 +11,7 @@ ExecStart=test -f /tmp/thisisasimpletest # Also, through /tmp/test-exec-bindreadonlypaths ExecStart=test -f /tmp/test-exec-bindreadonlypaths/thisisasimpletest # The file cannot modify through /tmp/test-exec-bindreadonlypaths -ExecStart=/bin/sh -x -c '! touch /tmp/test-exec-bindreadonlypaths/thisisasimpletest' +ExecStart=sh -x -c '! touch /tmp/test-exec-bindreadonlypaths/thisisasimpletest' # Cleanup ExecStart=rm /tmp/thisisasimpletest BindPaths=/tmp:/tmp/test-exec-bindpaths diff --git a/test/test-execute/exec-capabilityboundingset-invert.service b/test/test-execute/exec-capabilityboundingset-invert.service index 1b1217e..14f16c6 100644 --- a/test/test-execute/exec-capabilityboundingset-invert.service +++ b/test/test-execute/exec-capabilityboundingset-invert.service @@ -4,6 +4,6 @@ Description=Test for CapabilityBoundingSet [Service] # sed: remove dropped (cap_xxx-[epi]) and IAB capabilities from the output -ExecStart=/bin/sh -x -c '! capsh --print | sed -re "s/[^ ]+?\-[epi]+//g" -e '/IAB/d' | grep "^Bounding set .*cap_chown"' +ExecStart=sh -x -c '! capsh --print | sed -re "s/[^ ]+?\-[epi]+//g" -e '/IAB/d' | grep "^Bounding set .*cap_chown"' Type=oneshot CapabilityBoundingSet=~CAP_CHOWN diff --git a/test/test-execute/exec-capabilityboundingset-merge.service b/test/test-execute/exec-capabilityboundingset-merge.service index 1ed3ccb..d3a2370 100644 --- a/test/test-execute/exec-capabilityboundingset-merge.service +++ b/test/test-execute/exec-capabilityboundingset-merge.service @@ -3,7 +3,7 @@ Description=Test for CapabilityBoundingSet [Service] -ExecStart=/bin/sh -x -c 'c=$$(capsh --print | grep "Bounding set "); test "$$c" = "Bounding set =cap_chown,cap_fowner,cap_kill"' +ExecStart=sh -x -c 'c=$$(capsh --print | grep "Bounding set "); test "$$c" = "Bounding set =cap_chown,cap_fowner,cap_kill"' Type=oneshot CapabilityBoundingSet=CAP_FOWNER CapabilityBoundingSet=CAP_KILL CAP_CHOWN diff --git a/test/test-execute/exec-capabilityboundingset-reset.service b/test/test-execute/exec-capabilityboundingset-reset.service index 8eb142c..2443951 100644 --- a/test/test-execute/exec-capabilityboundingset-reset.service +++ b/test/test-execute/exec-capabilityboundingset-reset.service @@ -3,7 +3,7 @@ Description=Test for CapabilityBoundingSet [Service] -ExecStart=/bin/sh -x -c 'c=$$(capsh --print | grep "Bounding set "); test "$$c" = "Bounding set ="' +ExecStart=sh -x -c 'c=$$(capsh --print | grep "Bounding set "); test "$$c" = "Bounding set ="' Type=oneshot CapabilityBoundingSet=CAP_FOWNER CAP_KILL CapabilityBoundingSet= diff --git a/test/test-execute/exec-capabilityboundingset-simple.service b/test/test-execute/exec-capabilityboundingset-simple.service index be5a5e5..3df3e6d 100644 --- a/test/test-execute/exec-capabilityboundingset-simple.service +++ b/test/test-execute/exec-capabilityboundingset-simple.service @@ -3,6 +3,6 @@ Description=Test for CapabilityBoundingSet [Service] -ExecStart=/bin/sh -x -c 'c=$$(capsh --print | grep "Bounding set "); test "$$c" = "Bounding set =cap_fowner,cap_kill"' +ExecStart=sh -x -c 'c=$$(capsh --print | grep "Bounding set "); test "$$c" = "Bounding set =cap_fowner,cap_kill"' Type=oneshot CapabilityBoundingSet=CAP_FOWNER CAP_KILL diff --git a/test/test-execute/exec-condition-failed.service b/test/test-execute/exec-condition-failed.service index 342219c..eb136ff 100644 --- a/test/test-execute/exec-condition-failed.service +++ b/test/test-execute/exec-condition-failed.service @@ -9,4 +9,4 @@ Type=oneshot ExecCondition=/bin/sh -c 'exit 255' # This should not get run -ExecStart=/bin/sh -c 'true' +ExecStart=sh -c 'true' diff --git a/test/test-execute/exec-condition-skip.service b/test/test-execute/exec-condition-skip.service index b69e161..4ee58b9 100644 --- a/test/test-execute/exec-condition-skip.service +++ b/test/test-execute/exec-condition-skip.service @@ -13,4 +13,4 @@ ExecCondition=/bin/sh -c 'exit 254' ExecCondition=/bin/sh -c 'exit 255' # This should not get run -ExecStart=/bin/sh -c 'true' +ExecStart=sh -c 'true' diff --git a/test/test-execute/exec-cpuaffinity1.service b/test/test-execute/exec-cpuaffinity1.service index 2a8544a..c0941a5 100644 --- a/test/test-execute/exec-cpuaffinity1.service +++ b/test/test-execute/exec-cpuaffinity1.service @@ -3,5 +3,5 @@ Description=Test for CPUAffinity (simple) [Service] -ExecStart=/bin/sh -c 'test $$(cat /proc/self/status | grep Cpus_allowed: | rev | cut -c 1) = 1' +ExecStart=sh -c 'test $$(cat /proc/self/status | grep Cpus_allowed: | rev | cut -c 1) = 1' CPUAffinity=0 diff --git a/test/test-execute/exec-cpuaffinity2.service b/test/test-execute/exec-cpuaffinity2.service index bed48c8..d699ecc 100644 --- a/test/test-execute/exec-cpuaffinity2.service +++ b/test/test-execute/exec-cpuaffinity2.service @@ -3,7 +3,7 @@ Description=Test for CPUAffinity (reset) [Service] -ExecStart=/bin/sh -c 'test $$(cat /proc/self/status | grep Cpus_allowed: | rev | cut -c 1) = 1' +ExecStart=sh -c 'test $$(cat /proc/self/status | grep Cpus_allowed: | rev | cut -c 1) = 1' CPUAffinity=0-1 3 CPUAffinity= CPUAffinity=0 diff --git a/test/test-execute/exec-cpuaffinity3.service b/test/test-execute/exec-cpuaffinity3.service index 774cd64..8e8f782 100644 --- a/test/test-execute/exec-cpuaffinity3.service +++ b/test/test-execute/exec-cpuaffinity3.service @@ -3,6 +3,6 @@ Description=Test for CPUAffinity (merge) [Service] -ExecStart=/bin/sh -c 'test $$(cat /proc/self/status | grep Cpus_allowed: | rev | cut -c 1) = 7' +ExecStart=sh -c 'test $$(cat /proc/self/status | grep Cpus_allowed: | rev | cut -c 1) = 7' CPUAffinity=0,1 CPUAffinity=1-2 diff --git a/test/test-execute/exec-dynamicuser-fixeduser-adm.service b/test/test-execute/exec-dynamicuser-fixeduser-adm.service index daaed6c..1b7f232 100644 --- a/test/test-execute/exec-dynamicuser-fixeduser-adm.service +++ b/test/test-execute/exec-dynamicuser-fixeduser-adm.service @@ -5,8 +5,8 @@ Description=Test DynamicUser with static User= whose uid and gid are different [Service] Type=oneshot -ExecStart=/bin/sh -x -c 'test "$$(id -nG)" = "adm" && test "$$(id -ng)" = "adm" && test "$$(id -nu)" = "adm"' +ExecStart=sh -x -c 'test "$$(id -nG)" = "adm" && test "$$(id -ng)" = "adm" && test "$$(id -nu)" = "adm"' # Multiple ExecStart= lines causes the issue #9702. -ExecStart=/bin/sh -x -c 'test "$$(id -nG)" = "adm" && test "$$(id -ng)" = "adm" && test "$$(id -nu)" = "adm"' +ExecStart=sh -x -c 'test "$$(id -nG)" = "adm" && test "$$(id -ng)" = "adm" && test "$$(id -nu)" = "adm"' DynamicUser=yes User=adm diff --git a/test/test-execute/exec-dynamicuser-fixeduser-games.service b/test/test-execute/exec-dynamicuser-fixeduser-games.service index db8b88e..b13c23a 100644 --- a/test/test-execute/exec-dynamicuser-fixeduser-games.service +++ b/test/test-execute/exec-dynamicuser-fixeduser-games.service @@ -5,8 +5,8 @@ Description=Test DynamicUser with static User= whose uid and gid are different [Service] Type=oneshot -ExecStart=/bin/sh -x -c 'test "$$(id -nG)" = "games" && test "$$(id -ng)" = "games" && test "$$(id -nu)" = "games"' +ExecStart=sh -x -c 'test "$$(id -nG)" = "games" && test "$$(id -ng)" = "games" && test "$$(id -nu)" = "games"' # Multiple ExecStart= lines causes the issue #9702. -ExecStart=/bin/sh -x -c 'test "$$(id -nG)" = "games" && test "$$(id -ng)" = "games" && test "$$(id -nu)" = "games"' +ExecStart=sh -x -c 'test "$$(id -nG)" = "games" && test "$$(id -ng)" = "games" && test "$$(id -nu)" = "games"' DynamicUser=yes User=games diff --git a/test/test-execute/exec-dynamicuser-fixeduser-one-supplementarygroup.service b/test/test-execute/exec-dynamicuser-fixeduser-one-supplementarygroup.service index bbb1af5..e494c33 100644 --- a/test/test-execute/exec-dynamicuser-fixeduser-one-supplementarygroup.service +++ b/test/test-execute/exec-dynamicuser-fixeduser-one-supplementarygroup.service @@ -3,8 +3,8 @@ Description=Test DynamicUser with User= and SupplementaryGroups= [Service] -ExecStart=/bin/sh -x -c 'for g in $$(id -G); do test "$$g" = "1" && exit 0; done; exit 1' -ExecStart=/bin/sh -x -c 'test "$$(id -g)" = "1" && test "$$(id -u)" = "1"' +ExecStart=sh -x -c 'for g in $$(id -G); do test "$$g" = "1" && exit 0; done; exit 1' +ExecStart=sh -x -c 'test "$$(id -g)" = "1" && test "$$(id -u)" = "1"' Type=oneshot User=1 DynamicUser=yes diff --git a/test/test-execute/exec-dynamicuser-fixeduser.service b/test/test-execute/exec-dynamicuser-fixeduser.service index c5828c2..4ebfc20 100644 --- a/test/test-execute/exec-dynamicuser-fixeduser.service +++ b/test/test-execute/exec-dynamicuser-fixeduser.service @@ -3,8 +3,8 @@ Description=Test DynamicUser with User= [Service] -ExecStart=/bin/sh -x -c 'for g in $$(id -G); do test "$$g" = "1" && exit 0; done; exit 1' -ExecStart=/bin/sh -x -c 'test "$$(id -g)" = "1" && test "$$(id -u)" = "1"' +ExecStart=sh -x -c 'for g in $$(id -G); do test "$$g" = "1" && exit 0; done; exit 1' +ExecStart=sh -x -c 'test "$$(id -g)" = "1" && test "$$(id -u)" = "1"' Type=oneshot User=1 DynamicUser=yes diff --git a/test/test-execute/exec-dynamicuser-runtimedirectory1.service b/test/test-execute/exec-dynamicuser-runtimedirectory1.service index 790279a..59d3bf0 100644 --- a/test/test-execute/exec-dynamicuser-runtimedirectory1.service +++ b/test/test-execute/exec-dynamicuser-runtimedirectory1.service @@ -3,10 +3,11 @@ Description=Test for RuntimeDirectory with RuntimeDirectoryPreserve=yes and DynamicUser=yes [Service] -ExecStart=/bin/sh -x -c 'test -d %t/test-exec_runtimedirectorypreserve' -ExecStart=/bin/sh -x -c 'test "$$RUNTIME_DIRECTORY" = "%t/test-exec_runtimedirectorypreserve"' -ExecStart=/bin/sh -x -c 'touch $$RUNTIME_DIRECTORY/test' +ExecStart=sh -x -c 'test -d %t/test-exec_runtimedirectorypreserve' +ExecStart=sh -x -c 'test "$$RUNTIME_DIRECTORY" = "%t/test-exec_runtimedirectorypreserve"' +ExecStart=sh -x -c 'touch $$RUNTIME_DIRECTORY/test' Type=oneshot RuntimeDirectory=test-exec_runtimedirectorypreserve RuntimeDirectoryPreserve=yes DynamicUser=yes +EnvironmentFile=-/usr/lib/systemd/systemd-asan-env diff --git a/test/test-execute/exec-dynamicuser-runtimedirectory2.service b/test/test-execute/exec-dynamicuser-runtimedirectory2.service index 18df74e..6ff9d75 100644 --- a/test/test-execute/exec-dynamicuser-runtimedirectory2.service +++ b/test/test-execute/exec-dynamicuser-runtimedirectory2.service @@ -3,11 +3,12 @@ Description=Test for RuntimeDirectory with RuntimeDirectoryPreserve=yes and DynamicUser=yes 2nd trial [Service] -ExecStart=/bin/sh -x -c 'test -d %t/test-exec_runtimedirectorypreserve' -ExecStart=/bin/sh -x -c 'test "$$RUNTIME_DIRECTORY" = "%t/test-exec_runtimedirectorypreserve"' -ExecStart=/bin/sh -x -c 'test -f $$RUNTIME_DIRECTORY/test' -ExecStart=/bin/sh -x -c 'touch $$RUNTIME_DIRECTORY/test' +ExecStart=sh -x -c 'test -d %t/test-exec_runtimedirectorypreserve' +ExecStart=sh -x -c 'test "$$RUNTIME_DIRECTORY" = "%t/test-exec_runtimedirectorypreserve"' +ExecStart=sh -x -c 'test -f $$RUNTIME_DIRECTORY/test' +ExecStart=sh -x -c 'touch $$RUNTIME_DIRECTORY/test' Type=oneshot RuntimeDirectory=test-exec_runtimedirectorypreserve RuntimeDirectoryPreserve=yes DynamicUser=yes +EnvironmentFile=-/usr/lib/systemd/systemd-asan-env diff --git a/test/test-execute/exec-dynamicuser-runtimedirectory3.service b/test/test-execute/exec-dynamicuser-runtimedirectory3.service index 831a808..cebb819 100644 --- a/test/test-execute/exec-dynamicuser-runtimedirectory3.service +++ b/test/test-execute/exec-dynamicuser-runtimedirectory3.service @@ -3,10 +3,11 @@ Description=Test for RuntimeDirectory with DynamicUser=yes migrated from RuntimeDirectoryPreserve=yes [Service] -ExecStart=/bin/sh -x -c 'test -d %t/test-exec_runtimedirectorypreserve' -ExecStart=/bin/sh -x -c 'test "$$RUNTIME_DIRECTORY" = "%t/test-exec_runtimedirectorypreserve"' -ExecStart=/bin/sh -x -c 'test -f $$RUNTIME_DIRECTORY/test' -ExecStart=/bin/sh -x -c 'touch $$RUNTIME_DIRECTORY/test' +ExecStart=sh -x -c 'test -d %t/test-exec_runtimedirectorypreserve' +ExecStart=sh -x -c 'test "$$RUNTIME_DIRECTORY" = "%t/test-exec_runtimedirectorypreserve"' +ExecStart=sh -x -c 'test -f $$RUNTIME_DIRECTORY/test' +ExecStart=sh -x -c 'touch $$RUNTIME_DIRECTORY/test' Type=oneshot RuntimeDirectory=test-exec_runtimedirectorypreserve DynamicUser=yes +EnvironmentFile=-/usr/lib/systemd/systemd-asan-env diff --git a/test/test-execute/exec-dynamicuser-statedir-migrate-step1.service b/test/test-execute/exec-dynamicuser-statedir-migrate-step1.service index 2a5a1e1..12375af 100644 --- a/test/test-execute/exec-dynamicuser-statedir-migrate-step1.service +++ b/test/test-execute/exec-dynamicuser-statedir-migrate-step1.service @@ -11,7 +11,7 @@ ExecStart=test -d %S/test-dynamicuser-migrate ExecStart=test -d %S/test-dynamicuser-migrate2/hoge ExecStart=touch %S/test-dynamicuser-migrate/yay ExecStart=touch %S/test-dynamicuser-migrate2/hoge/yayyay -ExecStart=/bin/sh -x -c 'test "$$STATE_DIRECTORY" = "%S/test-dynamicuser-migrate:%S/test-dynamicuser-migrate2/hoge"' +ExecStart=sh -x -c 'test "$$STATE_DIRECTORY" = "%S/test-dynamicuser-migrate:%S/test-dynamicuser-migrate2/hoge"' Type=oneshot DynamicUser=no diff --git a/test/test-execute/exec-dynamicuser-statedir-migrate-step2.service b/test/test-execute/exec-dynamicuser-statedir-migrate-step2.service index e89f0c5..7261f4a 100644 --- a/test/test-execute/exec-dynamicuser-statedir-migrate-step2.service +++ b/test/test-execute/exec-dynamicuser-statedir-migrate-step2.service @@ -19,8 +19,9 @@ ExecStart=touch %S/test-dynamicuser-migrate/yay ExecStart=touch %S/test-dynamicuser-migrate2/hoge/yayyay ExecStart=touch %S/private/test-dynamicuser-migrate/yay ExecStart=touch %S/private/test-dynamicuser-migrate2/hoge/yayyay -ExecStart=/bin/sh -x -c 'test "$$STATE_DIRECTORY" = "%S/test-dynamicuser-migrate:%S/test-dynamicuser-migrate2/hoge"' +ExecStart=sh -x -c 'test "$$STATE_DIRECTORY" = "%S/test-dynamicuser-migrate:%S/test-dynamicuser-migrate2/hoge"' Type=oneshot DynamicUser=yes StateDirectory=test-dynamicuser-migrate test-dynamicuser-migrate2/hoge +EnvironmentFile=-/usr/lib/systemd/systemd-asan-env diff --git a/test/test-execute/exec-dynamicuser-statedir.service b/test/test-execute/exec-dynamicuser-statedir.service index 734fa20..636a702 100644 --- a/test/test-execute/exec-dynamicuser-statedir.service +++ b/test/test-execute/exec-dynamicuser-statedir.service @@ -83,3 +83,4 @@ ExecStart=sh -x -c 'test "$$STATE_DIRECTORY" = "%S/aaa:%S/aaa/bbb:%S/aaa/ccc:%S/ Type=oneshot DynamicUser=yes StateDirectory=waldo quux/pief aaa/bbb aaa aaa/ccc xxx/yyy:aaa/111 xxx:aaa/222 xxx/zzz:aaa/333 abc:d\:ef +EnvironmentFile=-/usr/lib/systemd/systemd-asan-env diff --git a/test/test-execute/exec-dynamicuser-supplementarygroups.service b/test/test-execute/exec-dynamicuser-supplementarygroups.service index d601af2..be1b8f7 100644 --- a/test/test-execute/exec-dynamicuser-supplementarygroups.service +++ b/test/test-execute/exec-dynamicuser-supplementarygroups.service @@ -3,8 +3,9 @@ Description=Test DynamicUser with SupplementaryGroups= [Service] -ExecStart=/bin/sh -x -c 'for g in $$(id -G); do test "$$g" = "1" && exit 0; done; exit 1' -ExecStart=/bin/sh -x -c 'for g in $$(id -G); do test "$$g" = "2" && exit 0; done; exit 1' +ExecStart=sh -x -c 'for g in $$(id -G); do test "$$g" = "1" && exit 0; done; exit 1' +ExecStart=sh -x -c 'for g in $$(id -G); do test "$$g" = "2" && exit 0; done; exit 1' Type=oneshot DynamicUser=yes SupplementaryGroups=1 2 +EnvironmentFile=-/usr/lib/systemd/systemd-asan-env diff --git a/test/test-execute/exec-environment-empty.service b/test/test-execute/exec-environment-empty.service index 6c31186..e5af6ff 100644 --- a/test/test-execute/exec-environment-empty.service +++ b/test/test-execute/exec-environment-empty.service @@ -3,7 +3,7 @@ Description=Test for Environment [Service] -ExecStart=/bin/sh -x -c 'test "$${VAR1-unset}" = "unset" && test "$${VAR2-unset}" = "unset" && test "$${VAR3-unset}" = "unset"' +ExecStart=sh -x -c 'test "$${VAR1-unset}" = "unset" && test "$${VAR2-unset}" = "unset" && test "$${VAR3-unset}" = "unset"' Type=oneshot Environment="VAR1=word1 word2" VAR2=word3 "VAR3=$word 5 6" Environment= diff --git a/test/test-execute/exec-environment-multiple.service b/test/test-execute/exec-environment-multiple.service index d9b8d22..4199a46 100644 --- a/test/test-execute/exec-environment-multiple.service +++ b/test/test-execute/exec-environment-multiple.service @@ -3,7 +3,7 @@ Description=Test for Environment [Service] -ExecStart=/bin/sh -x -c 'test "$$VAR1" = "word1 word2" && test "$$VAR2" = word3 && test "$$VAR3" = foobar' +ExecStart=sh -x -c 'test "$$VAR1" = "word1 word2" && test "$$VAR2" = word3 && test "$$VAR3" = foobar' Type=oneshot Environment="VAR1=word1 word2" VAR2=word3 "VAR3=$word 5 6" Environment="VAR3=foobar" diff --git a/test/test-execute/exec-environment-no-substitute.service b/test/test-execute/exec-environment-no-substitute.service index b5cb2a4..7396576 100644 --- a/test/test-execute/exec-environment-no-substitute.service +++ b/test/test-execute/exec-environment-no-substitute.service @@ -3,7 +3,7 @@ Description=Test for No Environment Variable Substitution [Service] -ExecStart=/bin/sh -x -c 'test "$${VAR1-unset}" = "unset" && test "$${VAR2}" = "word3" && test "$${VAR3-unset}" = \'$word 5 6\'' +ExecStart=sh -x -c 'test "$${VAR1-unset}" = "unset" && test "$${VAR2}" = "word3" && test "$${VAR3-unset}" = \'$word 5 6\'' ExecStart=:/bin/sh -x -c 'test "$${VAR1-unset}" != "unset" && test "$${VAR2}" != "word3" && test "$${VAR3-unset}" != \'$word 5 6\'' Type=oneshot Environment="VAR2=word3" "VAR3=$word 5 6" diff --git a/test/test-execute/exec-environment.service b/test/test-execute/exec-environment.service index 5655be0..7e3cb0e 100644 --- a/test/test-execute/exec-environment.service +++ b/test/test-execute/exec-environment.service @@ -3,6 +3,6 @@ Description=Test for Environment [Service] -ExecStart=/bin/sh -x -c 'test "$$VAR1" = "word1 word2" && test "$$VAR2" = word3 && test "$$VAR3" = "\\$$word 5 6"' +ExecStart=sh -x -c 'test "$$VAR1" = "word1 word2" && test "$$VAR2" = word3 && test "$$VAR3" = "\\$$word 5 6"' Type=oneshot Environment="VAR1=word1 word2" VAR2=word3 "VAR3=$word 5 6" diff --git a/test/test-execute/exec-environmentfile.service b/test/test-execute/exec-environmentfile.service index 4ad5a9b..3f739fa 100644 --- a/test/test-execute/exec-environmentfile.service +++ b/test/test-execute/exec-environmentfile.service @@ -3,6 +3,6 @@ Description=Test for EnvironmentFile [Service] -ExecStart=/bin/sh -x -c 'test "$$VAR1" = "word1 word2" && test "$$VAR2" = word3 && test "$$VAR3" = "\\$$word 5 6" && test "$$VAR4" = "new\nline" && test "$$VAR5" = passwordwithbackslashes' +ExecStart=sh -x -c 'test "$$VAR1" = "word1 word2" && test "$$VAR2" = word3 && test "$$VAR3" = "\\$$word 5 6" && test "$$VAR4" = "new\nline" && test "$$VAR5" = passwordwithbackslashes' Type=oneshot EnvironmentFile=/tmp/test-exec_environmentfile.conf diff --git a/test/test-execute/exec-execsearchpath-environment-path-set.service b/test/test-execute/exec-execsearchpath-environment-path-set.service index 5969cc6..424c4ac 100644 --- a/test/test-execute/exec-execsearchpath-environment-path-set.service +++ b/test/test-execute/exec-execsearchpath-environment-path-set.service @@ -1,6 +1,6 @@ # SPDX-License-Identifier: LGPL-2.1-or-later [Service] -ExecStart=/bin/sh -x -c 'test "$$PATH" = "/usr" && test "$$VAR1" = word3 && test "$$VAR2" = "\\$$word 5 6"' +ExecStart=sh -x -c 'test "$$PATH" = "/usr" && test "$$VAR1" = word3 && test "$$VAR2" = "\\$$word 5 6"' Type=oneshot ExecSearchPath=/tmp:/bin Environment="PATH=/usr" VAR1=word3 "VAR2=$word 5 6" diff --git a/test/test-execute/exec-execsearchpath-environment.service b/test/test-execute/exec-execsearchpath-environment.service index b0fa6a3..5c39d9c 100644 --- a/test/test-execute/exec-execsearchpath-environment.service +++ b/test/test-execute/exec-execsearchpath-environment.service @@ -1,6 +1,6 @@ # SPDX-License-Identifier: LGPL-2.1-or-later [Service] -ExecStart=/bin/sh -x -c 'test "$$VAR1" = "word1 word2" && test "$$VAR2" = word3 && test "$$VAR3" = "\\$$word 5 6" && test "$$PATH" = "/tmp:/bin"' +ExecStart=sh -x -c 'test "$$VAR1" = "word1 word2" && test "$$VAR2" = word3 && test "$$VAR3" = "\\$$word 5 6" && test "$$PATH" = "/tmp:/bin"' Type=oneshot ExecSearchPath=/tmp:/bin Environment="VAR1=word1 word2" VAR2=word3 "VAR3=$word 5 6" diff --git a/test/test-execute/exec-execsearchpath-environmentfile-set.service b/test/test-execute/exec-execsearchpath-environmentfile-set.service index 5f55a4b..8741582 100644 --- a/test/test-execute/exec-execsearchpath-environmentfile-set.service +++ b/test/test-execute/exec-execsearchpath-environmentfile-set.service @@ -3,7 +3,7 @@ Description=Test for ExecSearchPath with EnvironmentFile where EnvironmentFile sets PATH [Service] -ExecStart=/bin/sh -x -c 'test "$$VAR1" = "word1 word2" && test "$$VAR2" = word3 && test "$$VAR3" = "\\$$word 5 6" && test "$$VAR4" = "new\nline" && test "$$VAR5" = passwordwithbackslashes && test "$$PATH" = /usr' +ExecStart=sh -x -c 'test "$$VAR1" = "word1 word2" && test "$$VAR2" = word3 && test "$$VAR3" = "\\$$word 5 6" && test "$$VAR4" = "new\nline" && test "$$VAR5" = passwordwithbackslashes && test "$$PATH" = /usr' Type=oneshot EnvironmentFile=/tmp/test-exec_execsearchpath_environmentfile-set.conf ExecSearchPath=/tmp:/bin diff --git a/test/test-execute/exec-execsearchpath-environmentfile.service b/test/test-execute/exec-execsearchpath-environmentfile.service index b8335bc..53cede8 100644 --- a/test/test-execute/exec-execsearchpath-environmentfile.service +++ b/test/test-execute/exec-execsearchpath-environmentfile.service @@ -3,7 +3,7 @@ Description=Test for ExecSearchPath with EnvironmentFile where EnvironmentFile does not set PATH [Service] -ExecStart=/bin/sh -x -c 'test "$$VAR1" = "word1 word2" && test "$$VAR2" = word3 && test "$$VAR3" = "\\$$word 5 6" && test "$$VAR4" = "new\nline" && test "$$VAR5" = passwordwithbackslashes && test "$$PATH" = "/tmp:/bin"' +ExecStart=sh -x -c 'test "$$VAR1" = "word1 word2" && test "$$VAR2" = word3 && test "$$VAR3" = "\\$$word 5 6" && test "$$VAR4" = "new\nline" && test "$$VAR5" = passwordwithbackslashes && test "$$PATH" = "/tmp:/bin"' Type=oneshot ExecSearchPath=/tmp:/bin EnvironmentFile=/tmp/test-exec_execsearchpath_environmentfile.conf diff --git a/test/test-execute/exec-execsearchpath-passenvironment-set.service b/test/test-execute/exec-execsearchpath-passenvironment-set.service index a151161..2d4e75a 100644 --- a/test/test-execute/exec-execsearchpath-passenvironment-set.service +++ b/test/test-execute/exec-execsearchpath-passenvironment-set.service @@ -3,7 +3,7 @@ Description=Test for PassEnvironment with ExecSearchPath with PATH set by user [Service] -ExecStart=/bin/sh -x -c 'test "$$VAR1" = "word1 word2" && test "$$VAR2" = word3 && test "$$VAR3" = "\\$$word 5 6" && test "$$VAR4" = "new\nline" && test "$$VAR5" = passwordwithbackslashes && test "$$PATH" = "/usr"' +ExecStart=sh -x -c 'test "$$VAR1" = "word1 word2" && test "$$VAR2" = word3 && test "$$VAR3" = "\\$$word 5 6" && test "$$VAR4" = "new\nline" && test "$$VAR5" = passwordwithbackslashes && test "$$PATH" = "/usr"' Type=oneshot PassEnvironment=VAR1 VAR2 VAR3 VAR4 VAR5 PATH ExecSearchPath=/tmp:/bin diff --git a/test/test-execute/exec-execsearchpath-passenvironment.service b/test/test-execute/exec-execsearchpath-passenvironment.service index d8a41c1..5bdab47 100644 --- a/test/test-execute/exec-execsearchpath-passenvironment.service +++ b/test/test-execute/exec-execsearchpath-passenvironment.service @@ -3,7 +3,7 @@ Description=Test for PassEnvironment with ExecSearchPath with PATH not set by user [Service] -ExecStart=/bin/sh -x -c 'test "$$VAR1" = "word1 word2" && test "$$VAR2" = word3 && test "$$VAR3" = "\\$$word 5 6" && test "$$VAR4" = "new\nline" && test "$$VAR5" = passwordwithbackslashes && test "$$PATH" = "/tmp:/bin"' +ExecStart=sh -x -c 'test "$$VAR1" = "word1 word2" && test "$$VAR2" = word3 && test "$$VAR3" = "\\$$word 5 6" && test "$$VAR4" = "new\nline" && test "$$VAR5" = passwordwithbackslashes && test "$$PATH" = "/tmp:/bin"' Type=oneshot PassEnvironment=VAR1 VAR2 VAR3 VAR4 VAR5 ExecSearchPath=/tmp:/bin diff --git a/test/test-execute/exec-execsearchpath-unit-specifier.service b/test/test-execute/exec-execsearchpath-unit-specifier.service index 30d6b32..a2037e9 100644 --- a/test/test-execute/exec-execsearchpath-unit-specifier.service +++ b/test/test-execute/exec-execsearchpath-unit-specifier.service @@ -5,4 +5,4 @@ Description=Test for specifiers with exec search path [Service] Type=oneshot ExecSearchPath=/tmp:/bin:/usr/bin:%V -ExecStart=/bin/sh -x -c 'test %V = /var/tmp && test "$$PATH" = "/tmp:/bin:/usr/bin:/var/tmp"' +ExecStart=sh -x -c 'test %V = /var/tmp && test "$$PATH" = "/tmp:/bin:/usr/bin:/var/tmp"' diff --git a/test/test-execute/exec-group-nfsnobody.service b/test/test-execute/exec-group-nfsnobody.service index a1e59c5..aebb198 100644 --- a/test/test-execute/exec-group-nfsnobody.service +++ b/test/test-execute/exec-group-nfsnobody.service @@ -3,6 +3,6 @@ Description=Test for Group [Service] -ExecStart=/bin/sh -x -c 'test "$$(id -n -g)" = "nfsnobody"' +ExecStart=sh -x -c 'test "$$(id -n -g)" = "nfsnobody"' Type=oneshot Group=nfsnobody diff --git a/test/test-execute/exec-group-nobody.service b/test/test-execute/exec-group-nobody.service index 58dce1e..cf283cb 100644 --- a/test/test-execute/exec-group-nobody.service +++ b/test/test-execute/exec-group-nobody.service @@ -3,6 +3,6 @@ Description=Test for Group [Service] -ExecStart=/bin/sh -x -c 'test "$$(id -n -g)" = "nobody"' +ExecStart=sh -x -c 'test "$$(id -n -g)" = "nobody"' Type=oneshot Group=nobody diff --git a/test/test-execute/exec-group-nogroup.service b/test/test-execute/exec-group-nogroup.service index 7f16729..46c3dd3 100644 --- a/test/test-execute/exec-group-nogroup.service +++ b/test/test-execute/exec-group-nogroup.service @@ -3,6 +3,6 @@ Description=Test for Group [Service] -ExecStart=/bin/sh -x -c 'test "$$(id -n -g)" = "nogroup"' +ExecStart=sh -x -c 'test "$$(id -n -g)" = "nogroup"' Type=oneshot Group=nogroup diff --git a/test/test-execute/exec-group.service b/test/test-execute/exec-group.service index 9f21557..bd5ac2d 100644 --- a/test/test-execute/exec-group.service +++ b/test/test-execute/exec-group.service @@ -3,6 +3,6 @@ Description=Test for Group (daemon) [Service] -ExecStart=/bin/sh -x -c 'test "$$(id -n -g)" = "daemon"' +ExecStart=sh -x -c 'test "$$(id -n -g)" = "daemon"' Type=oneshot Group=daemon diff --git a/test/test-execute/exec-ignoresigpipe-no.service b/test/test-execute/exec-ignoresigpipe-no.service index e972481..ce8b258 100644 --- a/test/test-execute/exec-ignoresigpipe-no.service +++ b/test/test-execute/exec-ignoresigpipe-no.service @@ -3,6 +3,6 @@ Description=Test for IgnoreSIGPIPE=no [Service] -ExecStart=/bin/sh -x -c 'kill -PIPE 0' +ExecStart=sh -x -c 'kill -PIPE 0' Type=oneshot IgnoreSIGPIPE=no diff --git a/test/test-execute/exec-ignoresigpipe-yes.service b/test/test-execute/exec-ignoresigpipe-yes.service index ee3aa9a..a26f53c 100644 --- a/test/test-execute/exec-ignoresigpipe-yes.service +++ b/test/test-execute/exec-ignoresigpipe-yes.service @@ -3,6 +3,6 @@ Description=Test for IgnoreSIGPIPE=yes [Service] -ExecStart=/bin/sh -x -c 'kill -PIPE 0' +ExecStart=sh -x -c 'kill -PIPE 0' Type=oneshot IgnoreSIGPIPE=yes diff --git a/test/test-execute/exec-inaccessiblepaths-mount-propagation.service b/test/test-execute/exec-inaccessiblepaths-mount-propagation.service index 520bc53..8580f52 100644 --- a/test/test-execute/exec-inaccessiblepaths-mount-propagation.service +++ b/test/test-execute/exec-inaccessiblepaths-mount-propagation.service @@ -4,5 +4,5 @@ Description=Test to make sure that InaccessiblePaths= disconnect mount propagati [Service] InaccessiblePaths=-/i-dont-exist -ExecStart=/bin/sh -x -c 'd=$$(mktemp -d -p /tmp); trap "umount \'$$d\' && rmdir \'$$d\'" EXIT; mount -t tmpfs tmpfs "$$d"; grep "$$d" /proc/self/mountinfo && ! grep "$$d" /proc/$${PPID}/mountinfo && ! grep "$$d" /proc/1/mountinfo' +ExecStart=sh -x -c 'd=$$(mktemp -d -p /tmp); trap "umount \'$$d\' && rmdir \'$$d\'" EXIT; mount -t tmpfs tmpfs "$$d"; grep "$$d" /proc/self/mountinfo && ! grep "$$d" /proc/$${PPID}/mountinfo && ! grep "$$d" /proc/1/mountinfo' Type=oneshot diff --git a/test/test-execute/exec-inaccessiblepaths-sys.service b/test/test-execute/exec-inaccessiblepaths-sys.service index 0d64aa1..64a570c 100644 --- a/test/test-execute/exec-inaccessiblepaths-sys.service +++ b/test/test-execute/exec-inaccessiblepaths-sys.service @@ -4,5 +4,5 @@ Description=Test to make sure that mount namespace setup works properly with the [Service] InaccessiblePaths=/sys -ExecStart=/bin/sh -x -c 'test "$$(stat -c %%a /sys)" = "0"' +ExecStart=sh -x -c 'test "$$(stat -c %%a /sys)" = "0"' Type=oneshot diff --git a/test/test-execute/exec-ioschedulingclass-best-effort.service b/test/test-execute/exec-ioschedulingclass-best-effort.service index 3b946b7..569183f 100644 --- a/test/test-execute/exec-ioschedulingclass-best-effort.service +++ b/test/test-execute/exec-ioschedulingclass-best-effort.service @@ -3,6 +3,6 @@ Description=Test for IOSchedulingClass=best-effort [Service] -ExecStart=/bin/sh -x -c 'c=$$(LC_ALL=C ionice); test "$${c%%:*}" = "best-effort"' +ExecStart=sh -x -c 'c=$$(LC_ALL=C ionice); test "$${c%%:*}" = "best-effort"' Type=oneshot IOSchedulingClass=best-effort diff --git a/test/test-execute/exec-ioschedulingclass-idle.service b/test/test-execute/exec-ioschedulingclass-idle.service index b1e64bb..93377ea 100644 --- a/test/test-execute/exec-ioschedulingclass-idle.service +++ b/test/test-execute/exec-ioschedulingclass-idle.service @@ -3,6 +3,6 @@ Description=Test for IOSchedulingClass=idle [Service] -ExecStart=/bin/sh -x -c 'c=$$(LC_ALL=C ionice); test "$${c%%:*}" = "idle"' +ExecStart=sh -x -c 'c=$$(LC_ALL=C ionice); test "$${c%%:*}" = "idle"' Type=oneshot IOSchedulingClass=idle diff --git a/test/test-execute/exec-ioschedulingclass-none.service b/test/test-execute/exec-ioschedulingclass-none.service index 0494d45..b8198d1 100644 --- a/test/test-execute/exec-ioschedulingclass-none.service +++ b/test/test-execute/exec-ioschedulingclass-none.service @@ -4,6 +4,6 @@ Description=Test for IOSchedulingClass=none [Service] # Old kernels might report "none" here, new kernels "best-effort". -ExecStart=/bin/sh -x -c 'c=$$(LC_ALL=C ionice); test "$${c%%:*}" = "none" -o "$${c%%:*}" = "best-effort"' +ExecStart=sh -x -c 'c=$$(LC_ALL=C ionice); test "$${c%%:*}" = "none" -o "$${c%%:*}" = "best-effort"' Type=oneshot IOSchedulingClass=none diff --git a/test/test-execute/exec-ioschedulingclass-realtime.service b/test/test-execute/exec-ioschedulingclass-realtime.service index ef8e2eb..a7edb6d 100644 --- a/test/test-execute/exec-ioschedulingclass-realtime.service +++ b/test/test-execute/exec-ioschedulingclass-realtime.service @@ -3,6 +3,6 @@ Description=Test for IOSchedulingClass=realtime [Service] -ExecStart=/bin/sh -x -c 'c=$$(LC_ALL=C ionice); test "$${c%%:*}" = "realtime"' +ExecStart=sh -x -c 'c=$$(LC_ALL=C ionice); test "$${c%%:*}" = "realtime"' Type=oneshot IOSchedulingClass=realtime diff --git a/test/test-execute/exec-load-credential.service b/test/test-execute/exec-load-credential.service index 3a29b6d..9da19e6 100644 --- a/test/test-execute/exec-load-credential.service +++ b/test/test-execute/exec-load-credential.service @@ -3,9 +3,9 @@ Description=Test for LoadCredential= [Service] -ExecStart=/bin/sh -x -c 'test "$$(cat %d/test-execute.load-credential)" = "foo"' -ExecStartPost=/bin/sh -x -c 'test "$$(cat %d/test-execute.load-credential)" = "foo"' -ExecStop=/bin/sh -x -c 'test "$$(cat %d/test-execute.load-credential)" = "foo"' -ExecStopPost=/bin/sh -x -c 'test "$$(cat %d/test-execute.load-credential)" = "foo"' +ExecStart=sh -x -c 'test "$$(cat %d/test-execute.load-credential)" = "foo"' +ExecStartPost=sh -x -c 'test "$$(cat %d/test-execute.load-credential)" = "foo"' +ExecStop=sh -x -c 'test "$$(cat %d/test-execute.load-credential)" = "foo"' +ExecStopPost=sh -x -c 'test "$$(cat %d/test-execute.load-credential)" = "foo"' Type=oneshot LoadCredential=test-execute.load-credential diff --git a/test/test-execute/exec-networknamespacepath-privatemounts-no.service b/test/test-execute/exec-networknamespacepath-privatemounts-no.service index 49277e3..07c0525 100644 --- a/test/test-execute/exec-networknamespacepath-privatemounts-no.service +++ b/test/test-execute/exec-networknamespacepath-privatemounts-no.service @@ -3,14 +3,14 @@ Description=Test for NetworkNamespacePath= without mount namespacing [Service] -ExecStart=/bin/sh -x -c '! ip link show dummy-test-exec' -ExecStart=/bin/sh -x -c 'test ! -e /proc/sys/net/ipv4/conf/dummy-test-exec' +ExecStart=sh -x -c '! ip link show dummy-test-exec' +ExecStart=sh -x -c 'test ! -e /proc/sys/net/ipv4/conf/dummy-test-exec' # Without mount namespacing, we can access the dummy-test-exec interface through sysfs. -ExecStart=/bin/sh -x -c 'test -e /sys/class/net/dummy-test-exec' -ExecStart=/bin/sh -x -c 'ip link show dummy-test-ns' -ExecStart=/bin/sh -x -c 'test -e /proc/sys/net/ipv4/conf/dummy-test-ns' +ExecStart=sh -x -c 'test -e /sys/class/net/dummy-test-exec' +ExecStart=sh -x -c 'ip link show dummy-test-ns' +ExecStart=sh -x -c 'test -e /proc/sys/net/ipv4/conf/dummy-test-ns' # Without mount namespacing, we cannot access the dummy-test-ns interface through sysfs. -ExecStart=/bin/sh -x -c 'test ! -e /sys/class/net/dummy-test-ns' +ExecStart=sh -x -c 'test ! -e /sys/class/net/dummy-test-ns' Type=oneshot NetworkNamespacePath=/run/netns/test-execute-netns PrivateMounts=no diff --git a/test/test-execute/exec-networknamespacepath-privatemounts-yes.service b/test/test-execute/exec-networknamespacepath-privatemounts-yes.service index 078fba8..10bc192 100644 --- a/test/test-execute/exec-networknamespacepath-privatemounts-yes.service +++ b/test/test-execute/exec-networknamespacepath-privatemounts-yes.service @@ -3,14 +3,14 @@ Description=Test for NetworkNamespacePath= with mount namespacing [Service] -ExecStart=/bin/sh -x -c '! ip link show dummy-test-exec' -ExecStart=/bin/sh -x -c 'test ! -e /proc/sys/net/ipv4/conf/dummy-test-exec' +ExecStart=sh -x -c '! ip link show dummy-test-exec' +ExecStart=sh -x -c 'test ! -e /proc/sys/net/ipv4/conf/dummy-test-exec' # With mount namespacing, we cannot access the dummy-test-exec interface through sysfs. -ExecStart=/bin/sh -x -c 'test ! -e /sys/class/net/dummy-test-exec' -ExecStart=/bin/sh -x -c 'ip link show dummy-test-ns' -ExecStart=/bin/sh -x -c 'test -e /proc/sys/net/ipv4/conf/dummy-test-ns' +ExecStart=sh -x -c 'test ! -e /sys/class/net/dummy-test-exec' +ExecStart=sh -x -c 'ip link show dummy-test-ns' +ExecStart=sh -x -c 'test -e /proc/sys/net/ipv4/conf/dummy-test-ns' # With mount namespacing, we can access the dummy-test-ns interface through sysfs. -ExecStart=/bin/sh -x -c 'test -e /sys/class/net/dummy-test-ns' +ExecStart=sh -x -c 'test -e /sys/class/net/dummy-test-ns' Type=oneshot NetworkNamespacePath=/run/netns/test-execute-netns # NetworkNamespacePath= implies PrivateMounts=yes diff --git a/test/test-execute/exec-noexecpaths-simple.service b/test/test-execute/exec-noexecpaths-simple.service index 5d954da..503be5a 100644 --- a/test/test-execute/exec-noexecpaths-simple.service +++ b/test/test-execute/exec-noexecpaths-simple.service @@ -7,5 +7,5 @@ Type=oneshot # This should work, as we explicitly disable the effect of NoExecPaths= ExecStart=+/bin/sh -c '/bin/cat /dev/null' # This should also work, as we do not disable the effect of NoExecPaths= but invert the exit code -ExecStart=/bin/sh -x -c '! /bin/cat /dev/null' +ExecStart=sh -x -c '! /bin/cat /dev/null' NoExecPaths=/bin/cat diff --git a/test/test-execute/exec-oomscoreadjust-negative.service b/test/test-execute/exec-oomscoreadjust-negative.service index 25b5f1f..5656030 100644 --- a/test/test-execute/exec-oomscoreadjust-negative.service +++ b/test/test-execute/exec-oomscoreadjust-negative.service @@ -3,6 +3,6 @@ Description=Test for OOMScoreAdjust [Service] -ExecStart=/bin/sh -x -c 'c=$$(cat /proc/self/oom_score_adj); test "$$c" -eq -100' +ExecStart=sh -x -c 'c=$$(cat /proc/self/oom_score_adj); test "$$c" -eq -100' Type=oneshot OOMScoreAdjust=-100 diff --git a/test/test-execute/exec-oomscoreadjust-positive.service b/test/test-execute/exec-oomscoreadjust-positive.service index ea6c23f..a2079b8 100644 --- a/test/test-execute/exec-oomscoreadjust-positive.service +++ b/test/test-execute/exec-oomscoreadjust-positive.service @@ -3,6 +3,6 @@ Description=Test for OOMScoreAdjust [Service] -ExecStart=/bin/sh -x -c 'c=$$(cat /proc/self/oom_score_adj); test "$$c" -eq 100' +ExecStart=sh -x -c 'c=$$(cat /proc/self/oom_score_adj); test "$$c" -eq 100' Type=oneshot OOMScoreAdjust=100 diff --git a/test/test-execute/exec-passenvironment-absent.service b/test/test-execute/exec-passenvironment-absent.service index 6b19a12..b2e5c20 100644 --- a/test/test-execute/exec-passenvironment-absent.service +++ b/test/test-execute/exec-passenvironment-absent.service @@ -3,6 +3,6 @@ Description=Test for PassEnvironment with variables absent from the execution environment [Service] -ExecStart=/bin/sh -x -c 'test "$${VAR1-unset}" = "unset" && test "$${VAR2-unset}" = "unset" && test "$${VAR3-unset}" = "unset" && test "$${VAR4-unset}" = "unset" && test "$${VAR5-unset}" = "unset"' +ExecStart=sh -x -c 'test "$${VAR1-unset}" = "unset" && test "$${VAR2-unset}" = "unset" && test "$${VAR3-unset}" = "unset" && test "$${VAR4-unset}" = "unset" && test "$${VAR5-unset}" = "unset"' Type=oneshot PassEnvironment=VAR1 VAR2 VAR3 VAR4 VAR5 diff --git a/test/test-execute/exec-passenvironment-empty.service b/test/test-execute/exec-passenvironment-empty.service index 6ffc5e7..a5fd092 100644 --- a/test/test-execute/exec-passenvironment-empty.service +++ b/test/test-execute/exec-passenvironment-empty.service @@ -3,7 +3,7 @@ Description=Test for PassEnvironment and erasing the variable list [Service] -ExecStart=/bin/sh -x -c 'test "$${VAR1-unset}" = "unset" && test "$${VAR2-unset}" = "unset" && test "$${VAR3-unset}" = "unset" && test "$${VAR4-unset}" = "unset" && test "$${VAR5-unset}" = "unset"' +ExecStart=sh -x -c 'test "$${VAR1-unset}" = "unset" && test "$${VAR2-unset}" = "unset" && test "$${VAR3-unset}" = "unset" && test "$${VAR4-unset}" = "unset" && test "$${VAR5-unset}" = "unset"' Type=oneshot PassEnvironment=VAR1 VAR2 VAR3 VAR4 VAR5 PassEnvironment= diff --git a/test/test-execute/exec-passenvironment-repeated.service b/test/test-execute/exec-passenvironment-repeated.service index b8e904f..f3b886c 100644 --- a/test/test-execute/exec-passenvironment-repeated.service +++ b/test/test-execute/exec-passenvironment-repeated.service @@ -3,7 +3,7 @@ Description=Test for PassEnvironment with a variable name repeated [Service] -ExecStart=/bin/sh -x -c 'test "$$VAR1" = "word1 word2" && test "$$VAR2" = word3 && test "$$VAR3" = "\\$$word 5 6" && test "$$VAR4" = "new\nline" && test "$$VAR5" = passwordwithbackslashes' +ExecStart=sh -x -c 'test "$$VAR1" = "word1 word2" && test "$$VAR2" = word3 && test "$$VAR3" = "\\$$word 5 6" && test "$$VAR4" = "new\nline" && test "$$VAR5" = passwordwithbackslashes' Type=oneshot PassEnvironment=VAR1 VAR2 PassEnvironment=VAR1 VAR3 diff --git a/test/test-execute/exec-passenvironment.service b/test/test-execute/exec-passenvironment.service index b69592a..1dcbcf9 100644 --- a/test/test-execute/exec-passenvironment.service +++ b/test/test-execute/exec-passenvironment.service @@ -3,6 +3,6 @@ Description=Test for PassEnvironment [Service] -ExecStart=/bin/sh -x -c 'test "$$VAR1" = "word1 word2" && test "$$VAR2" = word3 && test "$$VAR3" = "\\$$word 5 6" && test "$$VAR4" = "new\nline" && test "$$VAR5" = passwordwithbackslashes' +ExecStart=sh -x -c 'test "$$VAR1" = "word1 word2" && test "$$VAR2" = word3 && test "$$VAR3" = "\\$$word 5 6" && test "$$VAR4" = "new\nline" && test "$$VAR5" = passwordwithbackslashes' Type=oneshot PassEnvironment=VAR1 VAR2 VAR3 VAR4 VAR5 diff --git a/test/test-execute/exec-personality-aarch64.service b/test/test-execute/exec-personality-aarch64.service index 0783a87..e4ea294 100644 --- a/test/test-execute/exec-personality-aarch64.service +++ b/test/test-execute/exec-personality-aarch64.service @@ -3,6 +3,6 @@ Description=Test for Personality=aarch64 [Service] -ExecStart=/bin/sh -c 'echo $(uname -m); exit $(test $(uname -m) = "aarch64")' +ExecStart=sh -c 'echo $(uname -m); exit $(test $(uname -m) = "aarch64")' Type=oneshot Personality=aarch64 diff --git a/test/test-execute/exec-personality-loongarch64.service b/test/test-execute/exec-personality-loongarch64.service index 0531ad1..31c6b25 100644 --- a/test/test-execute/exec-personality-loongarch64.service +++ b/test/test-execute/exec-personality-loongarch64.service @@ -2,6 +2,6 @@ Description=Test for Personality=loongarch64 [Service] -ExecStart=/bin/sh -c 'echo $(uname -m); exit $(test $(uname -m) = "loongarch64")' +ExecStart=sh -c 'echo $(uname -m); exit $(test $(uname -m) = "loongarch64")' Type=oneshot Personality=loongarch64 diff --git a/test/test-execute/exec-personality-ppc64.service b/test/test-execute/exec-personality-ppc64.service index 72f063a..dd83bf6 100644 --- a/test/test-execute/exec-personality-ppc64.service +++ b/test/test-execute/exec-personality-ppc64.service @@ -3,6 +3,6 @@ Description=Test for Personality=ppc64 [Service] -ExecStart=/bin/sh -c 'echo $(uname -m); exit $(test $(uname -m) = "ppc64")' +ExecStart=sh -c 'echo $(uname -m); exit $(test $(uname -m) = "ppc64")' Type=oneshot Personality=ppc64 diff --git a/test/test-execute/exec-personality-ppc64le.service b/test/test-execute/exec-personality-ppc64le.service index 5e38029..3f19d82 100644 --- a/test/test-execute/exec-personality-ppc64le.service +++ b/test/test-execute/exec-personality-ppc64le.service @@ -3,6 +3,6 @@ Description=Test for Personality=ppc64le [Service] -ExecStart=/bin/sh -c 'echo $(uname -m); exit $(test $(uname -m) = "ppc64le")' +ExecStart=sh -c 'echo $(uname -m); exit $(test $(uname -m) = "ppc64le")' Type=oneshot Personality=ppc64le diff --git a/test/test-execute/exec-personality-s390.service b/test/test-execute/exec-personality-s390.service index 439dc5f..7d120cd 100644 --- a/test/test-execute/exec-personality-s390.service +++ b/test/test-execute/exec-personality-s390.service @@ -3,6 +3,6 @@ Description=Test for Personality=s390 [Service] -ExecStart=/bin/sh -x -c 'c=$$(uname -m); test "$$c" = "s390"' +ExecStart=sh -x -c 'c=$$(uname -m); test "$$c" = "s390"' Type=oneshot Personality=s390 diff --git a/test/test-execute/exec-personality-s390x.service b/test/test-execute/exec-personality-s390x.service new file mode 100644 index 0000000..4545dee --- /dev/null +++ b/test/test-execute/exec-personality-s390x.service @@ -0,0 +1,8 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +[Unit] +Description=Test for Personality=s390x + +[Service] +ExecStart=sh -x -c 'c=$$(uname -m); test "$$c" = "s390x"' +Type=oneshot +Personality=s390x diff --git a/test/test-execute/exec-personality-x86-64.service b/test/test-execute/exec-personality-x86-64.service index c6a0a40..e7b945c 100644 --- a/test/test-execute/exec-personality-x86-64.service +++ b/test/test-execute/exec-personality-x86-64.service @@ -3,6 +3,6 @@ Description=Test for Personality=x86-64 [Service] -ExecStart=/bin/sh -x -c 'c=$$(uname -m); test "$$c" = "x86_64"' +ExecStart=sh -x -c 'c=$$(uname -m); test "$$c" = "x86_64"' Type=oneshot Personality=x86-64 diff --git a/test/test-execute/exec-personality-x86.service b/test/test-execute/exec-personality-x86.service index 8b820b3..95ec353 100644 --- a/test/test-execute/exec-personality-x86.service +++ b/test/test-execute/exec-personality-x86.service @@ -3,6 +3,6 @@ Description=Test for Personality=x86 [Service] -ExecStart=/bin/sh -x -c 'c=$$(uname -m); test "$$c" = "i686" -o "$$c" = "x86_64"' +ExecStart=sh -x -c 'c=$$(uname -m); test "$$c" = "i686" -o "$$c" = "x86_64"' Type=oneshot Personality=x86 diff --git a/test/test-execute/exec-privatedevices-bind.service b/test/test-execute/exec-privatedevices-bind.service index dbbbb4e..c2229a4 100644 --- a/test/test-execute/exec-privatedevices-bind.service +++ b/test/test-execute/exec-privatedevices-bind.service @@ -3,8 +3,8 @@ Description=Test for PrivateDevices=yes with a bind mounted device [Service] -ExecStart=/bin/sh -c 'test -c /dev/kmsg' -ExecStart=/bin/sh -c 'test ! -w /dev/' +ExecStart=sh -c 'test -c /dev/kmsg' +ExecStart=sh -c 'test ! -w /dev/' Type=oneshot PrivateDevices=yes BindPaths=/dev/kmsg diff --git a/test/test-execute/exec-privatedevices-disabled-by-prefix.service b/test/test-execute/exec-privatedevices-disabled-by-prefix.service index 021cadf..8f09c4a 100644 --- a/test/test-execute/exec-privatedevices-disabled-by-prefix.service +++ b/test/test-execute/exec-privatedevices-disabled-by-prefix.service @@ -3,7 +3,7 @@ Description=Test for PrivateDevices=yes with prefix [Service] -ExecStart=/bin/sh -x -c '! test -c /dev/kmsg' +ExecStart=sh -x -c '! test -c /dev/kmsg' ExecStart=+/bin/sh -x -c 'test -c /dev/kmsg' Type=oneshot PrivateDevices=yes diff --git a/test/test-execute/exec-privatedevices-no-capability-mknod.service b/test/test-execute/exec-privatedevices-no-capability-mknod.service index a07e822..811f4ad 100644 --- a/test/test-execute/exec-privatedevices-no-capability-mknod.service +++ b/test/test-execute/exec-privatedevices-no-capability-mknod.service @@ -5,5 +5,5 @@ Description=Test CAP_MKNOD capability for PrivateDevices=no [Service] PrivateDevices=no # sed: remove dropped (cap_xxx-[epi]) and IAB capabilities from the output -ExecStart=/bin/sh -x -c 'capsh --print | sed -re "s/[^ ]+?\-[epi]+//g" -e '/IAB/d' | grep cap_mknod' +ExecStart=sh -x -c 'capsh --print | sed -re "s/[^ ]+?\-[epi]+//g" -e '/IAB/d' | grep cap_mknod' Type=oneshot diff --git a/test/test-execute/exec-privatedevices-no-capability-sys-rawio.service b/test/test-execute/exec-privatedevices-no-capability-sys-rawio.service index b0ce2d4..47be622 100644 --- a/test/test-execute/exec-privatedevices-no-capability-sys-rawio.service +++ b/test/test-execute/exec-privatedevices-no-capability-sys-rawio.service @@ -5,5 +5,5 @@ Description=Test CAP_SYS_RAWIO capability for PrivateDevices=no [Service] PrivateDevices=no # sed: remove dropped (cap_xxx-[epi]) and IAB capabilities from the output -ExecStart=/bin/sh -x -c 'capsh --print | sed -re "s/[^ ]+?\-[epi]+//g" -e '/IAB/d' | grep cap_sys_rawio' +ExecStart=sh -x -c 'capsh --print | sed -re "s/[^ ]+?\-[epi]+//g" -e '/IAB/d' | grep cap_sys_rawio' Type=oneshot diff --git a/test/test-execute/exec-privatedevices-no.service b/test/test-execute/exec-privatedevices-no.service index 31a5e3c..5b8a051 100644 --- a/test/test-execute/exec-privatedevices-no.service +++ b/test/test-execute/exec-privatedevices-no.service @@ -3,6 +3,6 @@ Description=Test for PrivateDevices=no [Service] -ExecStart=/bin/sh -x -c 'test -c /dev/kmsg' +ExecStart=sh -x -c 'test -c /dev/kmsg' Type=oneshot PrivateDevices=no diff --git a/test/test-execute/exec-privatedevices-yes-capability-mknod.service b/test/test-execute/exec-privatedevices-yes-capability-mknod.service index f798f31..3d29a9c 100644 --- a/test/test-execute/exec-privatedevices-yes-capability-mknod.service +++ b/test/test-execute/exec-privatedevices-yes-capability-mknod.service @@ -5,5 +5,5 @@ Description=Test CAP_MKNOD capability for PrivateDevices=yes [Service] PrivateDevices=yes # sed: remove dropped (cap_xxx-[epi]) and IAB capabilities from the output -ExecStart=/bin/sh -x -c '! capsh --print | sed -re "s/[^ ]+?\-[epi]+//g" -e '/IAB/d' | grep cap_mknod' +ExecStart=sh -x -c '! capsh --print | sed -re "s/[^ ]+?\-[epi]+//g" -e '/IAB/d' | grep cap_mknod' Type=oneshot diff --git a/test/test-execute/exec-privatedevices-yes-capability-sys-rawio.service b/test/test-execute/exec-privatedevices-yes-capability-sys-rawio.service index d902c23..b1c0617 100644 --- a/test/test-execute/exec-privatedevices-yes-capability-sys-rawio.service +++ b/test/test-execute/exec-privatedevices-yes-capability-sys-rawio.service @@ -5,5 +5,5 @@ Description=Test CAP_SYS_RAWIO capability for PrivateDevices=yes [Service] PrivateDevices=yes # sed: remove dropped (cap_xxx-[epi]) and IAB capabilities from the output -ExecStart=/bin/sh -x -c '! capsh --print | sed -re "s/[^ ]+?\-[epi]+//g" -e '/IAB/d' | grep cap_sys_rawio' +ExecStart=sh -x -c '! capsh --print | sed -re "s/[^ ]+?\-[epi]+//g" -e '/IAB/d' | grep cap_sys_rawio' Type=oneshot diff --git a/test/test-execute/exec-privatedevices-yes-with-group.service b/test/test-execute/exec-privatedevices-yes-with-group.service index a39ae0f..094ac22 100644 --- a/test/test-execute/exec-privatedevices-yes-with-group.service +++ b/test/test-execute/exec-privatedevices-yes-with-group.service @@ -8,10 +8,10 @@ Group=daemon Type=oneshot # Check the group applied -ExecStart=/bin/sh -x -c 'test "$$(id -n -g)" = "daemon"' +ExecStart=sh -x -c 'test "$$(id -n -g)" = "daemon"' # Check that the namespace applied -ExecStart=/bin/sh -c 'test ! -c /dev/kmsg' +ExecStart=sh -c 'test ! -c /dev/kmsg' # Check that the owning group of a node is not daemon (should be the host root) -ExecStart=/bin/sh -x -c 'test ! "$$(stat -c %%G /dev/stderr)" = "daemon"' +ExecStart=sh -x -c 'test ! "$$(stat -c %%G /dev/stderr)" = "daemon"' diff --git a/test/test-execute/exec-privatedevices-yes.service b/test/test-execute/exec-privatedevices-yes.service index 564e958..2d32753 100644 --- a/test/test-execute/exec-privatedevices-yes.service +++ b/test/test-execute/exec-privatedevices-yes.service @@ -3,6 +3,6 @@ Description=Test for PrivateDevices=yes [Service] -ExecStart=/bin/sh -c 'test ! -c /dev/kmsg' +ExecStart=sh -c 'test ! -c /dev/kmsg' Type=oneshot PrivateDevices=yes diff --git a/test/test-execute/exec-privatenetwork-yes-privatemounts-no.service b/test/test-execute/exec-privatenetwork-yes-privatemounts-no.service index 83708df..c16102d 100644 --- a/test/test-execute/exec-privatenetwork-yes-privatemounts-no.service +++ b/test/test-execute/exec-privatenetwork-yes-privatemounts-no.service @@ -3,10 +3,10 @@ Description=Test for PrivateNetwork= without mount namespacing [Service] -ExecStart=/bin/sh -x -c '! ip link show dummy-test-exec' -ExecStart=/bin/sh -x -c 'test ! -e /proc/sys/net/ipv4/conf/dummy-test-exec' +ExecStart=sh -x -c '! ip link show dummy-test-exec' +ExecStart=sh -x -c 'test ! -e /proc/sys/net/ipv4/conf/dummy-test-exec' # Without mount namespacing, we can access the dummy-test-exec interface through sysfs -ExecStart=/bin/sh -x -c 'test -d /sys/class/net/dummy-test-exec' +ExecStart=sh -x -c 'test -d /sys/class/net/dummy-test-exec' Type=oneshot PrivateNetwork=yes PrivateMounts=no diff --git a/test/test-execute/exec-privatenetwork-yes-privatemounts-yes.service b/test/test-execute/exec-privatenetwork-yes-privatemounts-yes.service index 874f100..eb48d6e 100644 --- a/test/test-execute/exec-privatenetwork-yes-privatemounts-yes.service +++ b/test/test-execute/exec-privatenetwork-yes-privatemounts-yes.service @@ -3,10 +3,10 @@ Description=Test for PrivateNetwork= with mount namespacing [Service] -ExecStart=/bin/sh -x -c '! ip link show dummy-test-exec' -ExecStart=/bin/sh -x -c 'test ! -e /proc/sys/net/ipv4/conf/dummy-test-exec' +ExecStart=sh -x -c '! ip link show dummy-test-exec' +ExecStart=sh -x -c 'test ! -e /proc/sys/net/ipv4/conf/dummy-test-exec' # With mount namespacing, we cannot access the dummy-test-exec interface through sysfs. -ExecStart=/bin/sh -x -c 'test ! -e /sys/class/net/dummy-test-exec' +ExecStart=sh -x -c 'test ! -e /sys/class/net/dummy-test-exec' Type=oneshot PrivateNetwork=yes # PrivateNetwork=yes implies PrivateMounts=yes diff --git a/test/test-execute/exec-privatetmp-disabled-by-prefix.service b/test/test-execute/exec-privatetmp-disabled-by-prefix.service index f67afee..9dfcecc 100644 --- a/test/test-execute/exec-privatetmp-disabled-by-prefix.service +++ b/test/test-execute/exec-privatetmp-disabled-by-prefix.service @@ -3,7 +3,7 @@ Description=Test for PrivateTmp=yes with prefix [Service] -ExecStart=/bin/sh -x -c 'test ! -f /tmp/test-exec_privatetmp' +ExecStart=sh -x -c 'test ! -f /tmp/test-exec_privatetmp' ExecStart=+/bin/sh -x -c 'test -f /tmp/test-exec_privatetmp' Type=oneshot PrivateTmp=yes diff --git a/test/test-execute/exec-privatetmp-no.service b/test/test-execute/exec-privatetmp-no.service index 6a8a3fc..599203a 100644 --- a/test/test-execute/exec-privatetmp-no.service +++ b/test/test-execute/exec-privatetmp-no.service @@ -3,6 +3,6 @@ Description=Test for PrivateTmp=no [Service] -ExecStart=/bin/sh -x -c 'test -f /tmp/test-exec_privatetmp' +ExecStart=sh -x -c 'test -f /tmp/test-exec_privatetmp' Type=oneshot PrivateTmp=no diff --git a/test/test-execute/exec-privatetmp-yes.service b/test/test-execute/exec-privatetmp-yes.service index 6395be0..5ea5263 100644 --- a/test/test-execute/exec-privatetmp-yes.service +++ b/test/test-execute/exec-privatetmp-yes.service @@ -3,6 +3,6 @@ Description=Test for PrivateTmp=yes [Service] -ExecStart=/bin/sh -x -c 'test ! -f /tmp/test-exec_privatetmp' +ExecStart=sh -x -c 'test ! -f /tmp/test-exec_privatetmp' Type=oneshot PrivateTmp=yes diff --git a/test/test-execute/exec-protecthome-tmpfs-vs-protectsystem-strict.service b/test/test-execute/exec-protecthome-tmpfs-vs-protectsystem-strict.service index f84e6b6..c51cacf 100644 --- a/test/test-execute/exec-protecthome-tmpfs-vs-protectsystem-strict.service +++ b/test/test-execute/exec-protecthome-tmpfs-vs-protectsystem-strict.service @@ -7,4 +7,4 @@ Description=Test ProtectHome=tmpfs vs ProtectSystem=strict ProtectHome=tmpfs ProtectSystem=strict Type=oneshot -ExecStart=/bin/sh -x -c 'test "$$(stat -fc %%T /home)" = "tmpfs"' +ExecStart=sh -x -c 'test "$$(stat -fc %%T /home)" = "tmpfs"' diff --git a/test/test-execute/exec-protectkernellogs-no-capabilities.service b/test/test-execute/exec-protectkernellogs-no-capabilities.service index 5478962..be64c58 100644 --- a/test/test-execute/exec-protectkernellogs-no-capabilities.service +++ b/test/test-execute/exec-protectkernellogs-no-capabilities.service @@ -5,5 +5,5 @@ Description=Test CAP_SYSLOG for ProtectKernelLogs=no [Service] ProtectKernelLogs=no # sed: remove dropped (cap_xxx-[epi]) and IAB capabilities from the output -ExecStart=/bin/sh -x -c 'capsh --print | sed -re "s/[^ ]+?\-[epi]+//g" -e '/IAB/d' | grep cap_syslog' +ExecStart=sh -x -c 'capsh --print | sed -re "s/[^ ]+?\-[epi]+//g" -e '/IAB/d' | grep cap_syslog' Type=oneshot diff --git a/test/test-execute/exec-protectkernellogs-yes-capabilities.service b/test/test-execute/exec-protectkernellogs-yes-capabilities.service index 6fe1241..646ff75 100644 --- a/test/test-execute/exec-protectkernellogs-yes-capabilities.service +++ b/test/test-execute/exec-protectkernellogs-yes-capabilities.service @@ -5,5 +5,5 @@ Description=Test CAP_SYSLOG for ProtectKernelLogs=yes [Service] ProtectKernelLogs=yes # sed: remove dropped (cap_xxx-[epi]) and IAB capabilities from the output -ExecStart=/bin/sh -x -c '! capsh --print | sed -re "s/[^ ]+?\-[epi]+//g" -e '/IAB/d' | grep cap_syslog' +ExecStart=sh -x -c '! capsh --print | sed -re "s/[^ ]+?\-[epi]+//g" -e '/IAB/d' | grep cap_syslog' Type=oneshot diff --git a/test/test-execute/exec-protectkernelmodules-no-capabilities.service b/test/test-execute/exec-protectkernelmodules-no-capabilities.service index 7236af2..cefdb60 100644 --- a/test/test-execute/exec-protectkernelmodules-no-capabilities.service +++ b/test/test-execute/exec-protectkernelmodules-no-capabilities.service @@ -5,5 +5,5 @@ Description=Test CAP_SYS_MODULE ProtectKernelModules=no [Service] ProtectKernelModules=no # sed: remove dropped (cap_xxx-[epi]) and IAB capabilities from the output -ExecStart=/bin/sh -x -c 'capsh --print | sed -re "s/[^ ]+?\-[epi]+//g" -e '/IAB/d' | grep cap_sys_module' +ExecStart=sh -x -c 'capsh --print | sed -re "s/[^ ]+?\-[epi]+//g" -e '/IAB/d' | grep cap_sys_module' Type=oneshot diff --git a/test/test-execute/exec-protectkernelmodules-yes-capabilities.service b/test/test-execute/exec-protectkernelmodules-yes-capabilities.service index e40160d..1f327a2 100644 --- a/test/test-execute/exec-protectkernelmodules-yes-capabilities.service +++ b/test/test-execute/exec-protectkernelmodules-yes-capabilities.service @@ -5,5 +5,5 @@ Description=Test CAP_SYS_MODULE for ProtectKernelModules=yes [Service] ProtectKernelModules=yes # sed: remove dropped (cap_xxx-[epi]) and IAB capabilities from the output -ExecStart=/bin/sh -x -c '! capsh --print | sed -re "s/[^ ]+?\-[epi]+//g" -e '/IAB/d' | grep cap_sys_module' +ExecStart=sh -x -c '! capsh --print | sed -re "s/[^ ]+?\-[epi]+//g" -e '/IAB/d' | grep cap_sys_module' Type=oneshot diff --git a/test/test-execute/exec-protectkernelmodules-yes-mount-propagation.service b/test/test-execute/exec-protectkernelmodules-yes-mount-propagation.service index 0ecf1a2..16399bd 100644 --- a/test/test-execute/exec-protectkernelmodules-yes-mount-propagation.service +++ b/test/test-execute/exec-protectkernelmodules-yes-mount-propagation.service @@ -4,5 +4,5 @@ Description=Test to make sure that passing ProtectKernelModules=yes disconnect m [Service] ProtectKernelModules=yes -ExecStart=/bin/sh -x -c 'd=$$(mktemp -d -p /tmp); trap "umount \'$$d\' && rmdir \'$$d\'" EXIT; mount -t tmpfs tmpfs "$$d"; grep "$$d" /proc/self/mountinfo && ! grep "$$d" /proc/$${PPID}/mountinfo && ! grep "$$d" /proc/1/mountinfo' +ExecStart=sh -x -c 'd=$$(mktemp -d -p /tmp); trap "umount \'$$d\' && rmdir \'$$d\'" EXIT; mount -t tmpfs tmpfs "$$d"; grep "$$d" /proc/self/mountinfo && ! grep "$$d" /proc/$${PPID}/mountinfo && ! grep "$$d" /proc/1/mountinfo' Type=oneshot diff --git a/test/test-execute/exec-readonlypaths-mount-propagation.service b/test/test-execute/exec-readonlypaths-mount-propagation.service index abc180b..e896bac 100644 --- a/test/test-execute/exec-readonlypaths-mount-propagation.service +++ b/test/test-execute/exec-readonlypaths-mount-propagation.service @@ -4,5 +4,5 @@ Description=Test to make sure that passing ReadOnlyPaths= disconnect mount propa [Service] ReadOnlyPaths=-/i-dont-exist -ExecStart=/bin/sh -x -c 'd=$$(mktemp -d -p /tmp); trap "umount \'$$d\' && rmdir \'$$d\'" EXIT; mount -t tmpfs tmpfs "$$d"; grep "$$d" /proc/self/mountinfo && ! grep "$$d" /proc/$${PPID}/mountinfo && ! grep "$$d" /proc/1/mountinfo' +ExecStart=sh -x -c 'd=$$(mktemp -d -p /tmp); trap "umount \'$$d\' && rmdir \'$$d\'" EXIT; mount -t tmpfs tmpfs "$$d"; grep "$$d" /proc/self/mountinfo && ! grep "$$d" /proc/$${PPID}/mountinfo && ! grep "$$d" /proc/1/mountinfo' Type=oneshot diff --git a/test/test-execute/exec-readonlypaths-simple.service b/test/test-execute/exec-readonlypaths-simple.service index 5587e8d..80e6c83 100644 --- a/test/test-execute/exec-readonlypaths-simple.service +++ b/test/test-execute/exec-readonlypaths-simple.service @@ -7,6 +7,6 @@ Type=oneshot # This should work, as we explicitly disable the effect of ReadOnlyPaths= ExecStart=+/bin/sh -c 'touch /tmp/thisisasimpletest' # This should also work, as we do not disable the effect of ReadOnlyPaths= but invert the exit code -ExecStart=/bin/sh -x -c '! touch /tmp/thisisasimpletest' +ExecStart=sh -x -c '! touch /tmp/thisisasimpletest' ExecStart=+/bin/sh -c 'rm /tmp/thisisasimpletest' ReadOnlyPaths=/tmp diff --git a/test/test-execute/exec-readonlypaths-with-bindpaths.service b/test/test-execute/exec-readonlypaths-with-bindpaths.service index 71c7e7b..7a18367 100644 --- a/test/test-execute/exec-readonlypaths-with-bindpaths.service +++ b/test/test-execute/exec-readonlypaths-with-bindpaths.service @@ -5,5 +5,5 @@ Description=Test for ReadOnlyPaths= [Service] ReadOnlyPaths=/etc -/i-dont-exist /usr BindPaths=/etc:/tmp/etc2 -ExecStart=/bin/sh -x -c 'test ! -w /etc && test ! -w /usr && test ! -e /i-dont-exist && test -w /var' +ExecStart=sh -x -c 'test ! -w /etc && test ! -w /usr && test ! -e /i-dont-exist && test -w /var' Type=oneshot diff --git a/test/test-execute/exec-readonlypaths.service b/test/test-execute/exec-readonlypaths.service index 21814c2..a0eff8b 100644 --- a/test/test-execute/exec-readonlypaths.service +++ b/test/test-execute/exec-readonlypaths.service @@ -5,6 +5,6 @@ Description=Test for ReadOnlyPaths= [Service] ReadOnlyPaths=/usr /etc /sys /dev -/i-dont-exist PrivateDevices=yes -ExecStart=/bin/sh -x -c 'test ! -w /usr && test ! -w /etc && test ! -w /sys && test ! -w /sys/fs/cgroup' -ExecStart=/bin/sh -x -c 'test ! -w /dev && test ! -w /dev/shm && test ! -e /i-dont-exist && test -w /var' +ExecStart=sh -x -c 'test ! -w /usr && test ! -w /etc && test ! -w /sys && test ! -w /sys/fs/cgroup' +ExecStart=sh -x -c 'test ! -w /dev && test ! -w /dev/shm && test ! -e /i-dont-exist && test -w /var' Type=oneshot diff --git a/test/test-execute/exec-readwritepaths-mount-propagation.service b/test/test-execute/exec-readwritepaths-mount-propagation.service index 35e736f..9b844cf 100644 --- a/test/test-execute/exec-readwritepaths-mount-propagation.service +++ b/test/test-execute/exec-readwritepaths-mount-propagation.service @@ -4,5 +4,5 @@ Description=Test to make sure that passing ReadWritePaths= disconnect mount prop [Service] ReadWritePaths=-/i-dont-exist -ExecStart=/bin/sh -x -c 'd=$$(mktemp -d -p /tmp); trap "umount \'$$d\' && rmdir \'$$d\'" EXIT; mount -t tmpfs tmpfs "$$d"; grep "$$d" /proc/self/mountinfo && ! grep "$$d" /proc/$${PPID}/mountinfo && ! grep "$$d" /proc/1/mountinfo' +ExecStart=sh -x -c 'd=$$(mktemp -d -p /tmp); trap "umount \'$$d\' && rmdir \'$$d\'" EXIT; mount -t tmpfs tmpfs "$$d"; grep "$$d" /proc/self/mountinfo && ! grep "$$d" /proc/$${PPID}/mountinfo && ! grep "$$d" /proc/1/mountinfo' Type=oneshot diff --git a/test/test-execute/exec-runtimedirectory-mode.service b/test/test-execute/exec-runtimedirectory-mode.service index 580bac9..e75e0d2 100644 --- a/test/test-execute/exec-runtimedirectory-mode.service +++ b/test/test-execute/exec-runtimedirectory-mode.service @@ -3,8 +3,8 @@ Description=Test for RuntimeDirectoryMode [Service] -ExecStart=/bin/sh -x -c 'mode=$$(stat -c %%a %t/test-exec_runtimedirectory-mode); test "$$mode" = "750"' -ExecStart=/bin/sh -x -c 'test "$$RUNTIME_DIRECTORY" = "%t/test-exec_runtimedirectory-mode"' +ExecStart=sh -x -c 'mode=$$(stat -c %%a %t/test-exec_runtimedirectory-mode); test "$$mode" = "750"' +ExecStart=sh -x -c 'test "$$RUNTIME_DIRECTORY" = "%t/test-exec_runtimedirectory-mode"' Type=oneshot RuntimeDirectory=test-exec_runtimedirectory-mode RuntimeDirectoryMode=0750 diff --git a/test/test-execute/exec-runtimedirectory-owner-nfsnobody.service b/test/test-execute/exec-runtimedirectory-owner-nfsnobody.service index 79bebc4..4bc3361 100644 --- a/test/test-execute/exec-runtimedirectory-owner-nfsnobody.service +++ b/test/test-execute/exec-runtimedirectory-owner-nfsnobody.service @@ -3,7 +3,7 @@ Description=Test for RuntimeDirectory owner (must not be the default group of the user if Group is set) [Service] -ExecStart=/bin/sh -x -c 'group=$$(stat -c %%G %t/test-exec_runtimedirectory-owner); test "$$group" = "nfsnobody"' +ExecStart=sh -x -c 'group=$$(stat -c %%G %t/test-exec_runtimedirectory-owner); test "$$group" = "nfsnobody"' Type=oneshot Group=nfsnobody User=root diff --git a/test/test-execute/exec-runtimedirectory-owner-nobody.service b/test/test-execute/exec-runtimedirectory-owner-nobody.service index 3b42a9f..5f94bf9 100644 --- a/test/test-execute/exec-runtimedirectory-owner-nobody.service +++ b/test/test-execute/exec-runtimedirectory-owner-nobody.service @@ -3,7 +3,7 @@ Description=Test for RuntimeDirectory owner (must not be the default group of the user if Group is set) [Service] -ExecStart=/bin/sh -x -c 'group=$$(stat -c %%G %t/test-exec_runtimedirectory-owner); test "$$group" = "nobody"' +ExecStart=sh -x -c 'group=$$(stat -c %%G %t/test-exec_runtimedirectory-owner); test "$$group" = "nobody"' Type=oneshot Group=nobody User=root diff --git a/test/test-execute/exec-runtimedirectory-owner-nogroup.service b/test/test-execute/exec-runtimedirectory-owner-nogroup.service index 804048e..6d50895 100644 --- a/test/test-execute/exec-runtimedirectory-owner-nogroup.service +++ b/test/test-execute/exec-runtimedirectory-owner-nogroup.service @@ -3,7 +3,7 @@ Description=Test for RuntimeDirectory owner (must not be the default group of the user if Group is set) [Service] -ExecStart=/bin/sh -x -c 'group=$$(stat -c %%G %t/test-exec_runtimedirectory-owner); test "$$group" = "nogroup"' +ExecStart=sh -x -c 'group=$$(stat -c %%G %t/test-exec_runtimedirectory-owner); test "$$group" = "nogroup"' Type=oneshot Group=nogroup User=root diff --git a/test/test-execute/exec-runtimedirectory-owner.service b/test/test-execute/exec-runtimedirectory-owner.service index e2c0890..64d66b3 100644 --- a/test/test-execute/exec-runtimedirectory-owner.service +++ b/test/test-execute/exec-runtimedirectory-owner.service @@ -3,7 +3,7 @@ Description=Test for RuntimeDirectory owner (must not be the default group of the user if Group is set) [Service] -ExecStart=/bin/sh -x -c 'group=$$(stat -c %%G %t/test-exec_runtimedirectory-owner-daemon); test "$$group" = "daemon"' +ExecStart=sh -x -c 'group=$$(stat -c %%G %t/test-exec_runtimedirectory-owner-daemon); test "$$group" = "daemon"' Type=oneshot Group=daemon User=root diff --git a/test/test-execute/exec-runtimedirectory.service b/test/test-execute/exec-runtimedirectory.service index 1928c57..f60110a 100644 --- a/test/test-execute/exec-runtimedirectory.service +++ b/test/test-execute/exec-runtimedirectory.service @@ -3,9 +3,9 @@ Description=Test for RuntimeDirectory [Service] -ExecStart=/bin/sh -x -c 'test -d %t/test-exec_runtimedirectory' -ExecStart=/bin/sh -x -c 'test -d %t/test-exec_runtimedirectory2/hogehoge' -ExecStart=/bin/sh -x -c 'test "$$RUNTIME_DIRECTORY" = "%t/test-exec_runtimedirectory:%t/test-exec_runtimedirectory2/hogehoge"' +ExecStart=sh -x -c 'test -d %t/test-exec_runtimedirectory' +ExecStart=sh -x -c 'test -d %t/test-exec_runtimedirectory2/hogehoge' +ExecStart=sh -x -c 'test "$$RUNTIME_DIRECTORY" = "%t/test-exec_runtimedirectory:%t/test-exec_runtimedirectory2/hogehoge"' Type=oneshot RuntimeDirectory=test-exec_runtimedirectory RuntimeDirectory=./test-exec_runtimedirectory2///./hogehoge/. diff --git a/test/test-execute/exec-set-credential.service b/test/test-execute/exec-set-credential.service index 9db6c5f..2263436 100644 --- a/test/test-execute/exec-set-credential.service +++ b/test/test-execute/exec-set-credential.service @@ -3,9 +3,9 @@ Description=Test for SetCredential= [Service] -ExecStart=/bin/sh -x -c 'test "$$(cat %d/test-execute.set-credential)" = "hoge"' -ExecStartPost=/bin/sh -x -c 'test "$$(cat %d/test-execute.set-credential)" = "hoge"' -ExecStop=/bin/sh -x -c 'test "$$(cat %d/test-execute.set-credential)" = "hoge"' -ExecStopPost=/bin/sh -x -c 'test "$$(cat %d/test-execute.set-credential)" = "hoge"' +ExecStart=sh -x -c 'test "$$(cat %d/test-execute.set-credential)" = "hoge"' +ExecStartPost=sh -x -c 'test "$$(cat %d/test-execute.set-credential)" = "hoge"' +ExecStop=sh -x -c 'test "$$(cat %d/test-execute.set-credential)" = "hoge"' +ExecStopPost=sh -x -c 'test "$$(cat %d/test-execute.set-credential)" = "hoge"' Type=oneshot SetCredential=test-execute.set-credential:hoge diff --git a/test/test-execute/exec-specifier-interpolation.service b/test/test-execute/exec-specifier-interpolation.service index 2e8882c..aa0ecdf 100644 --- a/test/test-execute/exec-specifier-interpolation.service +++ b/test/test-execute/exec-specifier-interpolation.service @@ -4,4 +4,4 @@ Description=https://github.com/systemd/systemd/issues/2637 [Service] Type=oneshot -ExecStart=/bin/bash -x -c "[[ %%U == ?U ]]" +ExecStart=bash -x -c "[[ %%U == ?U ]]" diff --git a/test/test-execute/exec-standardinput-data.service b/test/test-execute/exec-standardinput-data.service index 838fea7..fd56f7e 100644 --- a/test/test-execute/exec-standardinput-data.service +++ b/test/test-execute/exec-standardinput-data.service @@ -3,7 +3,7 @@ Description=Test for StandardInputText= and StandardInputData= [Service] -ExecStart=/bin/sh -x -c 'd=$$(mktemp -d -p /tmp); echo -e "this is a test\nand this is more\nsomething encoded!\nsomething in multiple lines\nand some more\nand a more bas64 data\nsomething with strange\nembedded\tcharacters\nand something with a exec-stdin-data.service specifier" >$d/text ; cmp $d/text ; rm -rf $d' +ExecStart=sh -x -c 'd=$$(mktemp -d -p /tmp); echo -e "this is a test\nand this is more\nsomething encoded!\nsomething in multiple lines\nand some more\nand a more bas64 data\nsomething with strange\nembedded\tcharacters\nand something with a exec-stdin-data.service specifier" >$d/text ; cmp $d/text ; rm -rf $d' Type=oneshot StandardInput=data StandardInputText=this is a test diff --git a/test/test-execute/exec-supplementarygroups-multiple-groups-default-group-user.service b/test/test-execute/exec-supplementarygroups-multiple-groups-default-group-user.service index 0ecc344..3c90124 100644 --- a/test/test-execute/exec-supplementarygroups-multiple-groups-default-group-user.service +++ b/test/test-execute/exec-supplementarygroups-multiple-groups-default-group-user.service @@ -3,9 +3,9 @@ Description=Test for Supplementary Group with multiple groups without Group and User [Service] -ExecStart=/bin/sh -x -c 'for g in $$(id -G); do test "$$g" = "%G" && exit 0; done; exit 1' -ExecStart=/bin/sh -x -c 'for g in $$(id -G); do test "$$g" = "1" && exit 0; done; exit 1' -ExecStart=/bin/sh -x -c 'for g in $$(id -G); do test "$$g" = "2" && exit 0; done; exit 1' -ExecStart=/bin/sh -x -c 'test "$$(id -g)" = "%G" && test "$$(id -u)" = "%U"' +ExecStart=sh -x -c 'for g in $$(id -G); do test "$$g" = "%G" && exit 0; done; exit 1' +ExecStart=sh -x -c 'for g in $$(id -G); do test "$$g" = "1" && exit 0; done; exit 1' +ExecStart=sh -x -c 'for g in $$(id -G); do test "$$g" = "2" && exit 0; done; exit 1' +ExecStart=sh -x -c 'test "$$(id -g)" = "%G" && test "$$(id -u)" = "%U"' Type=oneshot SupplementaryGroups=1 2 diff --git a/test/test-execute/exec-supplementarygroups-multiple-groups-withgid.service b/test/test-execute/exec-supplementarygroups-multiple-groups-withgid.service index cd1021b..0fd1c62 100644 --- a/test/test-execute/exec-supplementarygroups-multiple-groups-withgid.service +++ b/test/test-execute/exec-supplementarygroups-multiple-groups-withgid.service @@ -3,9 +3,9 @@ Description=Test for Supplementary Group with multiple groups and Group=1 [Service] -ExecStart=/bin/sh -x -c 'for g in $$(id -G); do test "$$g" = "1" && exit 0; done; exit 1' -ExecStart=/bin/sh -x -c 'for g in $$(id -G); do test "$$g" = "2" && exit 0; done; exit 1' -ExecStart=/bin/sh -x -c 'test "$$(id -g)" = "1" && test "$$(id -u)" = "%U"' +ExecStart=sh -x -c 'for g in $$(id -G); do test "$$g" = "1" && exit 0; done; exit 1' +ExecStart=sh -x -c 'for g in $$(id -G); do test "$$g" = "2" && exit 0; done; exit 1' +ExecStart=sh -x -c 'test "$$(id -g)" = "1" && test "$$(id -u)" = "%U"' Type=oneshot Group=1 SupplementaryGroups=1 2 diff --git a/test/test-execute/exec-supplementarygroups-multiple-groups-withuid.service b/test/test-execute/exec-supplementarygroups-multiple-groups-withuid.service index 7913a2c..c430e54 100644 --- a/test/test-execute/exec-supplementarygroups-multiple-groups-withuid.service +++ b/test/test-execute/exec-supplementarygroups-multiple-groups-withuid.service @@ -3,8 +3,8 @@ Description=Test for Supplementary Group with multiple groups and Uid=1 [Service] -ExecStart=/bin/sh -x -c 'for g in $$(id -G); do test "$$g" = "1" && exit 0; done; exit 1' -ExecStart=/bin/sh -x -c 'for g in $$(id -G); do test "$$g" = "2" && exit 0; done; exit 1' +ExecStart=sh -x -c 'for g in $$(id -G); do test "$$g" = "1" && exit 0; done; exit 1' +ExecStart=sh -x -c 'for g in $$(id -G); do test "$$g" = "2" && exit 0; done; exit 1' Type=oneshot User=1 SupplementaryGroups=1 2 diff --git a/test/test-execute/exec-supplementarygroups-single-group-user.service b/test/test-execute/exec-supplementarygroups-single-group-user.service index ee4017e..20a3561 100644 --- a/test/test-execute/exec-supplementarygroups-single-group-user.service +++ b/test/test-execute/exec-supplementarygroups-single-group-user.service @@ -3,8 +3,8 @@ Description=Test for Supplementary Group with only one group and uid 1 [Service] -ExecStart=/bin/sh -x -c 'for g in $$(id -G); do test "$$g" = "1" && exit 0; done; exit 1' -ExecStart=/bin/sh -x -c 'test "$$(id -g)" = "1" && test "$$(id -u)" = "1"' +ExecStart=sh -x -c 'for g in $$(id -G); do test "$$g" = "1" && exit 0; done; exit 1' +ExecStart=sh -x -c 'test "$$(id -g)" = "1" && test "$$(id -u)" = "1"' Type=oneshot User=1 Group=1 diff --git a/test/test-execute/exec-supplementarygroups-single-group.service b/test/test-execute/exec-supplementarygroups-single-group.service index 6227520..8c81257 100644 --- a/test/test-execute/exec-supplementarygroups-single-group.service +++ b/test/test-execute/exec-supplementarygroups-single-group.service @@ -3,8 +3,8 @@ Description=Test for Supplementary Group with only one group [Service] -ExecStart=/bin/sh -x -c 'for g in $$(id -G); do test "$$g" = "1" && exit 0; done; exit 1' -ExecStart=/bin/sh -x -c 'test "$$(id -g)" = "1" && test "$$(id -u)" = "0"' +ExecStart=sh -x -c 'for g in $$(id -G); do test "$$g" = "1" && exit 0; done; exit 1' +ExecStart=sh -x -c 'test "$$(id -g)" = "1" && test "$$(id -u)" = "0"' Type=oneshot Group=1 SupplementaryGroups=1 diff --git a/test/test-execute/exec-supplementarygroups.service b/test/test-execute/exec-supplementarygroups.service index 03406c3..0a3d370 100644 --- a/test/test-execute/exec-supplementarygroups.service +++ b/test/test-execute/exec-supplementarygroups.service @@ -3,7 +3,7 @@ Description=Test for Supplementary Group [Service] -ExecStart=/bin/sh -x -c 'for g in $$(id -G); do test "$$g" = "%G" && exit 0; done; exit 1' -ExecStart=/bin/sh -x -c 'for g in $$(id -G); do test "$$g" = "1" && exit 0; done; exit 1' +ExecStart=sh -x -c 'for g in $$(id -G); do test "$$g" = "%G" && exit 0; done; exit 1' +ExecStart=sh -x -c 'for g in $$(id -G); do test "$$g" = "1" && exit 0; done; exit 1' Type=oneshot SupplementaryGroups=1 diff --git a/test/test-execute/exec-systemcallerrornumber-name.service b/test/test-execute/exec-systemcallerrornumber-name.service index f2be600..00a4508 100644 --- a/test/test-execute/exec-systemcallerrornumber-name.service +++ b/test/test-execute/exec-systemcallerrornumber-name.service @@ -3,7 +3,7 @@ Description=Test for SystemCallErrorNumber [Service] -ExecStart=/usr/bin/python3 -c 'import os\ntry: os.uname()\nexcept Exception as e: exit(e.errno)' +ExecStart=python3 -c 'import os\ntry: os.uname()\nexcept Exception as e: exit(e.errno)' Type=oneshot SystemCallFilter=~uname SystemCallErrorNumber=EACCES diff --git a/test/test-execute/exec-systemcallerrornumber-number.service b/test/test-execute/exec-systemcallerrornumber-number.service index 5d99a97..3b5fb6e 100644 --- a/test/test-execute/exec-systemcallerrornumber-number.service +++ b/test/test-execute/exec-systemcallerrornumber-number.service @@ -3,7 +3,7 @@ Description=Test for SystemCallErrorNumber [Service] -ExecStart=/usr/bin/python3 -c 'import os\ntry: os.uname()\nexcept Exception as e: exit(e.errno)' +ExecStart=python3 -c 'import os\ntry: os.uname()\nexcept Exception as e: exit(e.errno)' Type=oneshot SystemCallFilter=~uname SystemCallErrorNumber=255 diff --git a/test/test-execute/exec-systemcallfilter-failing.service b/test/test-execute/exec-systemcallfilter-failing.service index 3aad372..7437d30 100644 --- a/test/test-execute/exec-systemcallfilter-failing.service +++ b/test/test-execute/exec-systemcallfilter-failing.service @@ -3,7 +3,7 @@ Description=Test for SystemCallFilter [Service] -ExecStart=/bin/sh -c '/bin/echo "This should not be seen"' +ExecStart=sh -c '/bin/echo "This should not be seen"' Type=oneshot LimitCORE=0 SystemCallFilter=ioperm diff --git a/test/test-execute/exec-systemcallfilter-failing2.service b/test/test-execute/exec-systemcallfilter-failing2.service index 8cdb8de..92672d1 100644 --- a/test/test-execute/exec-systemcallfilter-failing2.service +++ b/test/test-execute/exec-systemcallfilter-failing2.service @@ -3,7 +3,7 @@ Description=Test for SystemCallFilter [Service] -ExecStart=/bin/sh -c '/bin/echo "This should not be seen"' +ExecStart=sh -c '/bin/echo "This should not be seen"' Type=oneshot LimitCORE=0 SystemCallFilter=~write open execve fexecve execveat exit_group close mmap munmap fstat DONOTEXIST diff --git a/test/test-execute/exec-systemcallfilter-failing3.service b/test/test-execute/exec-systemcallfilter-failing3.service index 98c88fd..4e7b812 100644 --- a/test/test-execute/exec-systemcallfilter-failing3.service +++ b/test/test-execute/exec-systemcallfilter-failing3.service @@ -3,7 +3,7 @@ Description=Test for SystemCallFilter [Service] -ExecStart=/bin/sh -c '/bin/echo "This should not be seen"' +ExecStart=sh -c '/bin/echo "This should not be seen"' Type=oneshot LimitCORE=0 SystemCallArchitectures=native diff --git a/test/test-execute/exec-systemcallfilter-nonewprivileges-bounding1.service b/test/test-execute/exec-systemcallfilter-nonewprivileges-bounding1.service index 8f8192c..eaa75df 100644 --- a/test/test-execute/exec-systemcallfilter-nonewprivileges-bounding1.service +++ b/test/test-execute/exec-systemcallfilter-nonewprivileges-bounding1.service @@ -3,7 +3,7 @@ Description=Test bounding set is right with SystemCallFilter and non-root user [Service] -ExecStart=/bin/sh -x -c 'c=$$(capsh --print | grep "Bounding set "); test "$$c" = "Bounding set =cap_net_bind_service"' +ExecStart=sh -x -c 'c=$$(capsh --print | grep "Bounding set "); test "$$c" = "Bounding set =cap_net_bind_service"' Type=oneshot User=1 SystemCallFilter=@system-service diff --git a/test/test-execute/exec-systemcallfilter-nonewprivileges-bounding2.service b/test/test-execute/exec-systemcallfilter-nonewprivileges-bounding2.service index d78c323..fd0e3a2 100644 --- a/test/test-execute/exec-systemcallfilter-nonewprivileges-bounding2.service +++ b/test/test-execute/exec-systemcallfilter-nonewprivileges-bounding2.service @@ -3,7 +3,7 @@ Description=Test bounding set is right with SystemCallFilter and non-root user [Service] -ExecStart=/bin/sh -x -c 'c=$$(capsh --print | grep "Bounding set "); test "$$c" = "Bounding set =cap_setpcap,cap_net_bind_service,cap_sys_admin"' +ExecStart=sh -x -c 'c=$$(capsh --print | grep "Bounding set "); test "$$c" = "Bounding set =cap_setpcap,cap_net_bind_service,cap_sys_admin"' Type=oneshot User=1 SystemCallFilter=@system-service diff --git a/test/test-execute/exec-systemcallfilter-nonewprivileges-protectclock.service b/test/test-execute/exec-systemcallfilter-nonewprivileges-protectclock.service index f33a2a0..76b028c 100644 --- a/test/test-execute/exec-systemcallfilter-nonewprivileges-protectclock.service +++ b/test/test-execute/exec-systemcallfilter-nonewprivileges-protectclock.service @@ -3,7 +3,7 @@ Description=Test no_new_privs is unset for ProtectClock and non-root user [Service] -ExecStart=/bin/sh -x -c 'c=$$(cat /proc/self/status | grep "NoNewPrivs: "); test "$$c" = "NoNewPrivs: 0"' +ExecStart=sh -x -c 'c=$$(cat /proc/self/status | grep "NoNewPrivs: "); test "$$c" = "NoNewPrivs: 0"' Type=oneshot User=1 ProtectClock=yes diff --git a/test/test-execute/exec-systemcallfilter-nonewprivileges.service b/test/test-execute/exec-systemcallfilter-nonewprivileges.service index 8bfd0a7..2091b71 100644 --- a/test/test-execute/exec-systemcallfilter-nonewprivileges.service +++ b/test/test-execute/exec-systemcallfilter-nonewprivileges.service @@ -3,7 +3,7 @@ Description=Test no_new_privs is unset for SystemCallFilter and non-root user [Service] -ExecStart=/bin/sh -x -c 'c=$$(cat /proc/self/status | grep "NoNewPrivs: "); test "$$c" = "NoNewPrivs: 0"' +ExecStart=sh -x -c 'c=$$(cat /proc/self/status | grep "NoNewPrivs: "); test "$$c" = "NoNewPrivs: 0"' Type=oneshot User=1 SystemCallFilter=@system-service diff --git a/test/test-execute/exec-systemcallfilter-not-failing.service b/test/test-execute/exec-systemcallfilter-not-failing.service index c7eddea..bb2ea55 100644 --- a/test/test-execute/exec-systemcallfilter-not-failing.service +++ b/test/test-execute/exec-systemcallfilter-not-failing.service @@ -3,7 +3,7 @@ Description=Test for SystemCallFilter [Service] -ExecStart=/bin/sh -c 'echo "Foo bar"' +ExecStart=sh -c 'echo "Foo bar"' Type=oneshot SystemCallFilter=~read write open execve ioperm SystemCallFilter=ioctl diff --git a/test/test-execute/exec-systemcallfilter-not-failing2.service b/test/test-execute/exec-systemcallfilter-not-failing2.service index 96eaf16..d9f0a37 100644 --- a/test/test-execute/exec-systemcallfilter-not-failing2.service +++ b/test/test-execute/exec-systemcallfilter-not-failing2.service @@ -3,6 +3,6 @@ Description=Test for SystemCallFilter [Service] -ExecStart=/bin/sh -c 'echo "Foo bar"' +ExecStart=sh -c 'echo "Foo bar"' Type=oneshot SystemCallFilter= diff --git a/test/test-execute/exec-systemcallfilter-not-failing3.service b/test/test-execute/exec-systemcallfilter-not-failing3.service index f8f4092..df4e662 100644 --- a/test/test-execute/exec-systemcallfilter-not-failing3.service +++ b/test/test-execute/exec-systemcallfilter-not-failing3.service @@ -3,7 +3,7 @@ Description=Test for SystemCallFilter [Service] -ExecStart=/bin/sh -c 'echo "Foo bar"' +ExecStart=sh -c 'echo "Foo bar"' Type=oneshot SystemCallArchitectures=native SystemCallFilter= diff --git a/test/test-execute/exec-systemcallfilter-override-error-action.service b/test/test-execute/exec-systemcallfilter-override-error-action.service index de2c6ad..6107d11 100644 --- a/test/test-execute/exec-systemcallfilter-override-error-action.service +++ b/test/test-execute/exec-systemcallfilter-override-error-action.service @@ -3,7 +3,7 @@ Description=Test for SystemCallFilter with specific kill action overriding default errno action [Service] -ExecStart=/usr/bin/python3 -c 'import os\ntry: os.uname()\nexcept Exception as e: exit(e.errno)' +ExecStart=python3 -c 'import os\ntry: os.uname()\nexcept Exception as e: exit(e.errno)' Type=oneshot SystemCallFilter=~uname:kill SystemCallErrorNumber=EILSEQ diff --git a/test/test-execute/exec-systemcallfilter-override-error-action2.service b/test/test-execute/exec-systemcallfilter-override-error-action2.service index ffa35e6..e049275 100644 --- a/test/test-execute/exec-systemcallfilter-override-error-action2.service +++ b/test/test-execute/exec-systemcallfilter-override-error-action2.service @@ -3,7 +3,7 @@ Description=Test for SystemCallFilter with specific errno action overriding default kill action [Service] -ExecStart=/usr/bin/python3 -c 'import os\ntry: os.uname()\nexcept Exception as e: exit(e.errno)' +ExecStart=python3 -c 'import os\ntry: os.uname()\nexcept Exception as e: exit(e.errno)' Type=oneshot SystemCallFilter=~uname:EILSEQ SystemCallErrorNumber=kill diff --git a/test/test-execute/exec-systemcallfilter-system-user-nfsnobody.service b/test/test-execute/exec-systemcallfilter-system-user-nfsnobody.service index deba154..1912286 100644 --- a/test/test-execute/exec-systemcallfilter-system-user-nfsnobody.service +++ b/test/test-execute/exec-systemcallfilter-system-user-nfsnobody.service @@ -3,7 +3,7 @@ Description=Test for SystemCallFilter in system mode with User set [Service] -ExecStart=/bin/sh -c 'echo "Foo bar"' +ExecStart=sh -c 'echo "Foo bar"' Type=oneshot User=nfsnobody SystemCallFilter=~read write open execve ioperm diff --git a/test/test-execute/exec-systemcallfilter-system-user-nobody.service b/test/test-execute/exec-systemcallfilter-system-user-nobody.service index 43fb9c3..0c2ebdd 100644 --- a/test/test-execute/exec-systemcallfilter-system-user-nobody.service +++ b/test/test-execute/exec-systemcallfilter-system-user-nobody.service @@ -3,7 +3,7 @@ Description=Test for SystemCallFilter in system mode with User set [Service] -ExecStart=/bin/sh -c 'echo "Foo bar"' +ExecStart=sh -c 'echo "Foo bar"' Type=oneshot User=nobody SystemCallFilter=~read write open execve ioperm diff --git a/test/test-execute/exec-systemcallfilter-system-user.service b/test/test-execute/exec-systemcallfilter-system-user.service index 005c4ac..6de3964 100644 --- a/test/test-execute/exec-systemcallfilter-system-user.service +++ b/test/test-execute/exec-systemcallfilter-system-user.service @@ -3,7 +3,7 @@ Description=Test for SystemCallFilter in system mode with User set (daemon) [Service] -ExecStart=/bin/sh -c 'echo "Foo bar"' +ExecStart=sh -c 'echo "Foo bar"' Type=oneshot User=daemon SystemCallFilter=~read write open execve ioperm diff --git a/test/test-execute/exec-systemcallfilter-with-errno-in-allow-list.service b/test/test-execute/exec-systemcallfilter-with-errno-in-allow-list.service index c7a4c4a..a8dc10f 100644 --- a/test/test-execute/exec-systemcallfilter-with-errno-in-allow-list.service +++ b/test/test-execute/exec-systemcallfilter-with-errno-in-allow-list.service @@ -3,7 +3,7 @@ Description=Test for SystemCallFilter with errno name (for issue #18916) [Service] -ExecStart=/usr/bin/python3 -c 'import os\ntry: os.uname()\nexcept Exception as e: exit(e.errno)' +ExecStart=python3 -c 'import os\ntry: os.uname()\nexcept Exception as e: exit(e.errno)' Type=oneshot SystemCallFilter=@system-service SystemCallFilter=~uname:EILSEQ diff --git a/test/test-execute/exec-systemcallfilter-with-errno-multi.service b/test/test-execute/exec-systemcallfilter-with-errno-multi.service index 2678323..224df01 100644 --- a/test/test-execute/exec-systemcallfilter-with-errno-multi.service +++ b/test/test-execute/exec-systemcallfilter-with-errno-multi.service @@ -4,7 +4,7 @@ Description=Test for SystemCallFilter updating errno # test for issue #9939 which is fixed by a5404992cc7724ebf7572a0aa89d9fdb26ce0b62 (#9942) [Service] -ExecStart=/usr/bin/python3 -c 'import os\ntry: os.uname()\nexcept Exception as e: exit(e.errno)' +ExecStart=python3 -c 'import os\ntry: os.uname()\nexcept Exception as e: exit(e.errno)' Type=oneshot SystemCallFilter=~uname:ENOENT uname:EILSEQ SystemCallErrorNumber=EACCES diff --git a/test/test-execute/exec-systemcallfilter-with-errno-name.service b/test/test-execute/exec-systemcallfilter-with-errno-name.service index a902331..bed7961 100644 --- a/test/test-execute/exec-systemcallfilter-with-errno-name.service +++ b/test/test-execute/exec-systemcallfilter-with-errno-name.service @@ -3,7 +3,7 @@ Description=Test for SystemCallFilter with errno name [Service] -ExecStart=/usr/bin/python3 -c 'import os\ntry: os.uname()\nexcept Exception as e: exit(e.errno)' +ExecStart=python3 -c 'import os\ntry: os.uname()\nexcept Exception as e: exit(e.errno)' Type=oneshot SystemCallFilter=~uname:EILSEQ SystemCallErrorNumber=EACCES diff --git a/test/test-execute/exec-systemcallfilter-with-errno-number.service b/test/test-execute/exec-systemcallfilter-with-errno-number.service index ffbc84a..8db2281 100644 --- a/test/test-execute/exec-systemcallfilter-with-errno-number.service +++ b/test/test-execute/exec-systemcallfilter-with-errno-number.service @@ -3,7 +3,7 @@ Description=Test for SystemCallFilter with errno number [Service] -ExecStart=/usr/bin/python3 -c 'import os\ntry: os.uname()\nexcept Exception as e: exit(e.errno)' +ExecStart=python3 -c 'import os\ntry: os.uname()\nexcept Exception as e: exit(e.errno)' Type=oneshot SystemCallFilter=~uname:255 SystemCallErrorNumber=EACCES diff --git a/test/test-execute/exec-temporaryfilesystem-options.service b/test/test-execute/exec-temporaryfilesystem-options.service index 1610c63..b000301 100644 --- a/test/test-execute/exec-temporaryfilesystem-options.service +++ b/test/test-execute/exec-temporaryfilesystem-options.service @@ -10,8 +10,8 @@ Type=oneshot TemporaryFileSystem=/var:ro,mode=0700,nostrictatime # Check /proc/self/mountinfo -ExecStart=/bin/sh -x -c 'test "$$(awk \'$$5 == "/var" && $$11 !~ /(^|,)mode=700(,|$$)/ { print $$6 }\' /proc/self/mountinfo)" = ""' +ExecStart=sh -x -c 'test "$$(awk \'$$5 == "/var" && $$11 !~ /(^|,)mode=700(,|$$)/ { print $$6 }\' /proc/self/mountinfo)" = ""' -ExecStart=/bin/sh -x -c 'test "$$(awk \'$$5 == "/var" && $$6 !~ /(^|,)ro(,|$$)/ { print $$6 }\' /proc/self/mountinfo)" = ""' -ExecStart=/bin/sh -x -c 'test "$$(awk \'$$5 == "/var" && $$6 !~ /(^|,)nodev(,|$$)/ { print $$6 }\' /proc/self/mountinfo)" = ""' -ExecStart=/bin/sh -x -c 'test "$$(awk \'$$5 == "/var" && $$6 ~ /(^|,)strictatime(,|$$)/ { print $$6 }\' /proc/self/mountinfo)" = ""' +ExecStart=sh -x -c 'test "$$(awk \'$$5 == "/var" && $$6 !~ /(^|,)ro(,|$$)/ { print $$6 }\' /proc/self/mountinfo)" = ""' +ExecStart=sh -x -c 'test "$$(awk \'$$5 == "/var" && $$6 !~ /(^|,)nodev(,|$$)/ { print $$6 }\' /proc/self/mountinfo)" = ""' +ExecStart=sh -x -c 'test "$$(awk \'$$5 == "/var" && $$6 ~ /(^|,)strictatime(,|$$)/ { print $$6 }\' /proc/self/mountinfo)" = ""' diff --git a/test/test-execute/exec-temporaryfilesystem-ro.service b/test/test-execute/exec-temporaryfilesystem-ro.service index 2ee5c26..0a4b0f2 100644 --- a/test/test-execute/exec-temporaryfilesystem-ro.service +++ b/test/test-execute/exec-temporaryfilesystem-ro.service @@ -6,31 +6,31 @@ Description=Test for TemporaryFileSystem with read-only mode Type=oneshot # Check directories exist -ExecStart=/bin/sh -c 'test -d /var/test-exec-temporaryfilesystem/rw && test -d /var/test-exec-temporaryfilesystem/ro' +ExecStart=sh -c 'test -d /var/test-exec-temporaryfilesystem/rw && test -d /var/test-exec-temporaryfilesystem/ro' # Check TemporaryFileSystem= are empty -ExecStart=/bin/sh -c 'for i in $$(ls -A /var); do test $$i = test-exec-temporaryfilesystem || false; done' +ExecStart=sh -c 'for i in $$(ls -A /var); do test $$i = test-exec-temporaryfilesystem || false; done' # Check default mode ExecStart=sh -x -c 'test "$$(stat -c %%a /var)" = "755"' # Cannot create a file in /var -ExecStart=/bin/sh -c '! touch /var/hoge' +ExecStart=sh -c '! touch /var/hoge' # Create a file in /var/test-exec-temporaryfilesystem/rw -ExecStart=/bin/sh -c 'touch /var/test-exec-temporaryfilesystem/rw/thisisasimpletest-temporaryfilesystem' +ExecStart=sh -c 'touch /var/test-exec-temporaryfilesystem/rw/thisisasimpletest-temporaryfilesystem' # Then, the file can be access through /tmp -ExecStart=/bin/sh -c 'test -f /tmp/thisisasimpletest-temporaryfilesystem' +ExecStart=sh -c 'test -f /tmp/thisisasimpletest-temporaryfilesystem' # Also, through /var/test-exec-temporaryfilesystem/ro -ExecStart=/bin/sh -c 'test -f /var/test-exec-temporaryfilesystem/ro/thisisasimpletest-temporaryfilesystem' +ExecStart=sh -c 'test -f /var/test-exec-temporaryfilesystem/ro/thisisasimpletest-temporaryfilesystem' # The file cannot modify through /var/test-exec-temporaryfilesystem/ro -ExecStart=/bin/sh -c '! touch /var/test-exec-temporaryfilesystem/ro/thisisasimpletest-temporaryfilesystem' +ExecStart=sh -c '! touch /var/test-exec-temporaryfilesystem/ro/thisisasimpletest-temporaryfilesystem' # Cleanup -ExecStart=/bin/sh -c 'rm /tmp/thisisasimpletest-temporaryfilesystem' +ExecStart=sh -c 'rm /tmp/thisisasimpletest-temporaryfilesystem' TemporaryFileSystem=/var:ro BindPaths=/tmp:/var/test-exec-temporaryfilesystem/rw diff --git a/test/test-execute/exec-temporaryfilesystem-usr.service b/test/test-execute/exec-temporaryfilesystem-usr.service index f62ce1a..455344e 100644 --- a/test/test-execute/exec-temporaryfilesystem-usr.service +++ b/test/test-execute/exec-temporaryfilesystem-usr.service @@ -6,11 +6,11 @@ Description=Test for TemporaryFileSystem on /usr Type=oneshot # Check TemporaryFileSystem= are empty -ExecStart=/bin/sh -c 'for i in $$(ls -A /usr); do test $$i = lib -o $$i = lib64 -o $$i = bin -o $$i = sbin || false; done' +ExecStart=sh -c 'for i in $$(ls -A /usr); do test $$i = lib -o $$i = lib64 -o $$i = bin -o $$i = sbin || false; done' # Cannot create files under /usr -ExecStart=/bin/sh -c '! touch /usr/hoge' -ExecStart=/bin/sh -c '! touch /usr/bin/hoge' +ExecStart=sh -c '! touch /usr/hoge' +ExecStart=sh -c '! touch /usr/bin/hoge' TemporaryFileSystem=/usr:ro BindReadOnlyPaths=-/usr/lib -/usr/lib64 /usr/bin /usr/sbin diff --git a/test/test-execute/exec-umask-0177.service b/test/test-execute/exec-umask-0177.service index 380cb82..de9ac5a 100644 --- a/test/test-execute/exec-umask-0177.service +++ b/test/test-execute/exec-umask-0177.service @@ -3,7 +3,7 @@ Description=Test for UMask [Service] -ExecStart=/bin/sh -x -c 'rm /tmp/test-exec-umask; touch /tmp/test-exec-umask; mode=$$(stat -c %%a /tmp/test-exec-umask); test "$$mode" = "600"' +ExecStart=sh -x -c 'rm /tmp/test-exec-umask; touch /tmp/test-exec-umask; mode=$$(stat -c %%a /tmp/test-exec-umask); test "$$mode" = "600"' Type=oneshot UMask=0177 PrivateTmp=yes diff --git a/test/test-execute/exec-umask-default.service b/test/test-execute/exec-umask-default.service index b28023d..6d13c0b 100644 --- a/test/test-execute/exec-umask-default.service +++ b/test/test-execute/exec-umask-default.service @@ -3,6 +3,6 @@ Description=Test for UMask default [Service] -ExecStart=/bin/sh -x -c 'rm /tmp/test-exec-umask; touch /tmp/test-exec-umask; mode=$$(stat -c %%a /tmp/test-exec-umask); test "$$mode" = "644"' +ExecStart=sh -x -c 'rm /tmp/test-exec-umask; touch /tmp/test-exec-umask; mode=$$(stat -c %%a /tmp/test-exec-umask); test "$$mode" = "644"' Type=oneshot PrivateTmp=yes diff --git a/test/test-execute/exec-umask-namespace.service b/test/test-execute/exec-umask-namespace.service index 8419c86..aac1dad 100644 --- a/test/test-execute/exec-umask-namespace.service +++ b/test/test-execute/exec-umask-namespace.service @@ -3,7 +3,7 @@ Description=Test for UMask= + namespacing [Service] -ExecStart=/bin/ls -lahd /tmp/subdir +ExecStart=ls -lahd /tmp/subdir Type=oneshot User=65534 Group=65534 diff --git a/test/test-execute/exec-unsetenvironment.service b/test/test-execute/exec-unsetenvironment.service index b79e3d4..9c5e277 100644 --- a/test/test-execute/exec-unsetenvironment.service +++ b/test/test-execute/exec-unsetenvironment.service @@ -3,7 +3,7 @@ Description=Test for UnsetEnvironment [Service] -ExecStart=/bin/sh -x -c 'test "$$FOO" = "bar" && test "$${QUUX-X}" = "X" && test "$$VAR3" = "value3" && test "$${VAR4-X}" = "X" && test "$$VAR5" = "value5" && test "$${X%b-X}" = "X"' +ExecStart=sh -x -c 'test "$$FOO" = "bar" && test "$${QUUX-X}" = "X" && test "$$VAR3" = "value3" && test "$${VAR4-X}" = "X" && test "$$VAR5" = "value5" && test "$${X%b-X}" = "X"' Type=oneshot Environment=FOO=bar QUUX=waldo VAR3=value3 VAR4=value4 VAR5=value5 X%b=%U UnsetEnvironment=QUUX=waldo VAR3=somethingelse VAR4 X%b=%U diff --git a/test/test-execute/exec-user-nfsnobody.service b/test/test-execute/exec-user-nfsnobody.service index 8f0943c..1ce5f08 100644 --- a/test/test-execute/exec-user-nfsnobody.service +++ b/test/test-execute/exec-user-nfsnobody.service @@ -3,6 +3,6 @@ Description=Test for User [Service] -ExecStart=/bin/sh -x -c 'test "$$USER" = "nfsnobody"' +ExecStart=sh -x -c 'test "$$USER" = "nfsnobody"' Type=oneshot User=nfsnobody diff --git a/test/test-execute/exec-user-nobody.service b/test/test-execute/exec-user-nobody.service index 834d11a..003b873 100644 --- a/test/test-execute/exec-user-nobody.service +++ b/test/test-execute/exec-user-nobody.service @@ -3,6 +3,6 @@ Description=Test for User [Service] -ExecStart=/bin/sh -x -c 'test "$$USER" = "nobody"' +ExecStart=sh -x -c 'test "$$USER" = "nobody"' Type=oneshot User=nobody diff --git a/test/test-execute/exec-user.service b/test/test-execute/exec-user.service index b9863d2..696c7e5 100644 --- a/test/test-execute/exec-user.service +++ b/test/test-execute/exec-user.service @@ -3,6 +3,6 @@ Description=Test for User (daemon) [Service] -ExecStart=/bin/sh -x -c 'test "$$USER" = "daemon"' +ExecStart=sh -x -c 'test "$$USER" = "daemon"' Type=oneshot User=daemon diff --git a/test/test-execute/exec-workingdirectory-trailing-dot.service b/test/test-execute/exec-workingdirectory-trailing-dot.service index 130d9d5..3c4869d 100644 --- a/test/test-execute/exec-workingdirectory-trailing-dot.service +++ b/test/test-execute/exec-workingdirectory-trailing-dot.service @@ -3,6 +3,6 @@ Description=Test for WorkingDirectory with trailing dot [Service] -ExecStart=/bin/sh -x -c 'test "$$PWD" = "/tmp/test-exec_workingdirectory"' +ExecStart=sh -x -c 'test "$$PWD" = "/tmp/test-exec_workingdirectory"' Type=oneshot WorkingDirectory=/tmp///./test-exec_workingdirectory/. diff --git a/test/test-execute/exec-workingdirectory.service b/test/test-execute/exec-workingdirectory.service index b53bf60..4c40faf 100644 --- a/test/test-execute/exec-workingdirectory.service +++ b/test/test-execute/exec-workingdirectory.service @@ -3,6 +3,6 @@ Description=Test for WorkingDirectory [Service] -ExecStart=/bin/sh -x -c 'test "$$PWD" = "/tmp/test-exec_workingdirectory"' +ExecStart=sh -x -c 'test "$$PWD" = "/tmp/test-exec_workingdirectory"' Type=oneshot WorkingDirectory=/tmp/test-exec_workingdirectory -- cgit v1.2.3