New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SupplementaryGroups= inherits from /etc/group (or: "test-execute" unit test fails on Arch) #9881
Comments
yeah, i think the test should be corrected to not choke on these additional group memberships. |
Hmmm, but given In other words, shouldn't |
I don't think it should... I mean, the main usecase is to give a service access to extra resources, and not so much to take it away... And to keep things simply I'd just focus on that and not bother with resetting memberships explicitly, but just add some |
If /etc/group is set up in a way that additional groups will be used for the test users, accept that `id -G` will return them in addition to the supplementary groups configured in the unit. For example, in Arch Linux user with uid 1 is in these groups by default: $ id 1 uid=1(bin) gid=1(bin) groups=1(bin),2(daemon),3(sys) Fixes systemd#9881
If /etc/group is set up in a way that additional groups will be used for the test users, accept that `id -G` will return them in addition to the supplementary groups configured in the unit. For example, in Arch Linux user with uid 1 is in these groups by default: $ id 1 uid=1(bin) gid=1(bin) groups=1(bin),2(daemon),3(sys) Tested: by adding my "bin" user to groups "daemon" and "sys" and running the test cases with `ninja -C build/ test`. Also works without the additional groups. Fixes systemd#9881.
systemd version the issue has been seen with
Used distribution
Expected behaviour you didn't see
Unexpected behaviour you saw
Steps to reproduce the problem
Run
ninja test
as root on an Arch Linux-based system.The relevant snippet from the output of
ninja test
is:The relevant test unit says
It then tries to verify that the service is run with GID 1 as the only group. This fails because it inherits the supplementary groups of UID 1 ("bin") as configured in
/etc/group
by /usr/lib/sysusers.d/arch.conf.Reading the documentation, it isn't entirely clear to me that
SupplementaryGroups=
is supposed to disregard/etc/group
, but that seems to be what this unit test is testing for, so I'm accepting that disregarding/etc/group
is the desired behavior. If it's not, then the unit-test should be corrected.The text was updated successfully, but these errors were encountered: