[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/06: tests: pam-limits: Confirm actual ulimits are installed.
|
From: |
guix-commits |
|
Subject: |
01/06: tests: pam-limits: Confirm actual ulimits are installed. |
|
Date: |
Tue, 15 Aug 2023 17:40:10 -0400 (EDT) |
civodul pushed a commit to branch master
in repository guix.
commit 465c328c82345fcd87fcbc7f1a538be009894601
Author: Felix Lechner <felix.lechner@lease-up.com>
AuthorDate: Fri May 12 11:52:47 2023 -0700
tests: pam-limits: Confirm actual ulimits are installed.
This revised system test is superior to the one accepted when #61744 was
closed because it confirms whether the configured limits are actually being
enforced upon login.
The previous test merely validated the serialization of one particular
config
in the config file.
* gnu/tests/pam.scm (pam-limits-service): Revise test to confirm limits on
login.
(%test-pam-limits)[description]: Update.
(%test-pam-limits-deprecated): Remove.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
---
gnu/tests/pam.scm | 72 ++++++++++++++++++++++++++++++-------------------------
1 file changed, 39 insertions(+), 33 deletions(-)
diff --git a/gnu/tests/pam.scm b/gnu/tests/pam.scm
index 1654396e42..fa480e69ff 100644
--- a/gnu/tests/pam.scm
+++ b/gnu/tests/pam.scm
@@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2023 Bruno Victal <mirai@makinata.eu>
+;;; Copyright © 2023 Felix Lechner <felix.lechner@lease-up.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -25,8 +26,7 @@
#:use-module (gnu system vm)
#:use-module (guix gexp)
#:use-module (ice-9 format)
- #:export (%test-pam-limits
- %test-pam-limits-deprecated))
+ #:export (%test-pam-limits))
�
;;;
@@ -35,26 +35,29 @@
(define pam-limit-entries
(list
- (pam-limits-entry "@realtime" 'both 'rtprio 99)
- (pam-limits-entry "@realtime" 'both 'memlock 'unlimited)))
+ ;; make sure the limits apply to root (uid 0)
+ (pam-limits-entry ":0" 'both 'rtprio 99) ;default is 0
+ (pam-limits-entry ":0" 'both 'memlock 'unlimited))) ;default is 8192
kbytes
(define (run-test-pam-limits config)
"Run tests in a os with pam-limits-service-type configured."
(define os
(marionette-operating-system
(simple-operating-system
- (service pam-limits-service-type config))))
+ (service pam-limits-service-type config))
+ #:imported-modules '((gnu services herd))))
(define vm
(virtual-machine os))
- (define name (format #f "pam-limit-service~:[~;-deprecated~]"
- (file-like? config)))
+ (define name "pam-limits-service")
(define test
- (with-imported-modules '((gnu build marionette))
+ (with-imported-modules '((gnu build marionette)
+ (guix build syscalls))
#~(begin
(use-modules (gnu build marionette)
+ (guix build syscalls)
(srfi srfi-64))
(let ((marionette (make-marionette (list #$vm))))
@@ -63,18 +66,32 @@
(test-begin #$name)
- (test-assert "/etc/security/limits.conf ready"
- (wait-for-file "/etc/security/limits.conf" marionette))
-
- (test-equal "/etc/security/limits.conf content matches"
- #$(string-join (map pam-limits-entry->string pam-limit-entries)
- "\n" 'suffix)
- (marionette-eval
- '(begin
- (use-modules (rnrs io ports))
- (call-with-input-file "/etc/security/limits.conf"
- get-string-all))
- marionette))
+ (test-equal "log in on tty1 and read limits"
+ '(("99") ;real-time priority
+ ("unlimited")) ;max locked memory
+
+ (begin
+ ;; Wait for tty1.
+ (marionette-eval '(begin
+ (use-modules (gnu services herd))
+ (start-service 'term-tty1))
+ marionette)
+
+ (marionette-control "sendkey ctrl-alt-f1" marionette)
+
+ ;; Now we can type.
+ (marionette-type "root\n" marionette)
+ (marionette-type "ulimit -r > real-time-priority\n" marionette)
+ (marionette-type "ulimit -l > max-locked-memory\n" marionette)
+
+ ;; Read the two files.
+ (marionette-eval '(use-modules (rnrs io ports)) marionette)
+ (let ((guest-file (lambda (file)
+ (string-tokenize
+ (wait-for-file file marionette
+ #:read 'get-string-all)))))
+ (list (guest-file "/root/real-time-priority")
+ (guest-file "/root/max-locked-memory")))))
(test-end)))))
@@ -83,17 +100,6 @@
(define %test-pam-limits
(system-test
(name "pam-limits-service")
- (description "Test that pam-limits-service can serialize its config
-(as a list) to @file{limits.conf}.")
+ (description "Test that pam-limits-service actually sets the limits as
+configured.")
(value (run-test-pam-limits pam-limit-entries))))
-
-(define %test-pam-limits-deprecated
- (system-test
- (name "pam-limits-service-deprecated")
- (description "Test that pam-limits-service can serialize its config
-(as a file-like object) to @file{limits.conf}.")
- (value (run-test-pam-limits
- (plain-file "limits.conf"
- (string-join (map pam-limits-entry->string
- pam-limit-entries)
- "\n" 'suffix))))))
- branch master updated (6eb0070f08 -> 880ada0bdb), guix-commits, 2023/08/15
- 06/06: gnu: Move stalonetray to (gnu packages xdisorg)., guix-commits, 2023/08/15
- 05/06: gnu: stalonetray: Update to 0.8.5., guix-commits, 2023/08/15
- 04/06: services: Add cachefilesd service., guix-commits, 2023/08/15
- 01/06: tests: pam-limits: Confirm actual ulimits are installed.,
guix-commits <=
- 03/06: services: Use more 'file-append'., guix-commits, 2023/08/15
- 02/06: services: pam-limits: Keep 'limits.conf' in the store., guix-commits, 2023/08/15