aboutsummaryrefslogtreecommitdiff
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2023 Bruno Victal <mirai@makinata.eu>
;;; Copyright © 2023 Felix Lechner <felix.lechner@lease-up.com>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu tests pam)
  #:use-module (gnu tests)
  #:use-module (gnu services)
  #:use-module (gnu services base)
  #:use-module (gnu system)
  #:use-module (gnu system pam)
  #:use-module (gnu system vm)
  #:use-module (guix gexp)
  #:use-module (ice-9 format)
  #:export (%test-pam-limits))


;;;
;;; pam-limits-service-type
;;;

(define pam-limit-entries
  (list
   ;; make sure the limits apply to root (uid 0)
   (pam-limits-entry ":0" 'both 'rtprio 99)               ;default is 0
   (pam-limits-entry ":0" 'both 'memlock 'unlimited)))    ;default is 8192 kbytes

(define (run-test-pam-limits config)
  "Run tests in a os with pam-limits-service-type configured."
  (define os
    (marionette-operating-system
     (simple-operating-system
      (service pam-limits-service-type config))
     #:imported-modules '((gnu services herd))))

  (define vm
    (virtual-machine os))

  (define name "pam-limits-service")

  (define test
    (with-imported-modules '((gnu build marionette)
                             (guix build syscalls))
      #~(begin
          (use-modules (gnu build marionette)
                       (guix build syscalls)
                       (srfi srfi-64))

          (let ((marionette (make-marionette (list #$vm))))

            (test-runner-current (system-test-runner #$output))

            (test-begin #$name)

            (test-equal "log in on tty1 and read limits"
              '(("99")                  ;real-time priority
                ("unlimited"))          ;max locked memory

              (begin
                ;; Wait for tty1.
                (marionette-eval '(begin
                                    (use-modules (gnu services herd))
                                    (start-service 'term-tty1))
                                 marionette)

                (marionette-control "sendkey ctrl-alt-f1" marionette)

                ;; Now we can type.
                (marionette-type "root\n" marionette)
                (marionette-type "ulimit -r > real-time-priority\n" marionette)
                (marionette-type "ulimit -l > max-locked-memory\n" marionette)

                ;; Read the two files.
                (marionette-eval '(use-modules (rnrs io ports)) marionette)
                (let ((guest-file (lambda (file)
                                    (string-tokenize
                                     (wait-for-file file marionette
                                                    #:read 'get-string-all)))))
                  (list (guest-file "/root/real-time-priority")
                        (guest-file "/root/max-locked-memory")))))

            (test-end)))))

  (gexp->derivation (string-append name "-test") test))

(define %test-pam-limits
  (system-test
   (name "pam-limits-service")
   (description "Test that pam-limits-service actually sets the limits as
configured.")
   (value (run-test-pam-limits pam-limit-entries))))
generated by cgit
file-systems: Remove 'title' field and add <file-system-label>....The 'title' field was easily overlooked and was an endless source of confusion. Now, the value of the 'device' field is self-contained. * gnu/system/file-systems.scm (<file-system>): Change constructor name to '%file-system'. [title]: Remove. (<file-system-label>): New record type with printer. (report-deprecation, device-expression) (process-file-system-declaration, file-system): New macros. (file-system-title): New procedure. (file-system->spec, spec->file-system): Adjust to handle <file-system-label>. * gnu/system.scm (bootable-kernel-arguments): Add case for 'file-system-label?'. (read-boot-parameters): Likewise. (mapped-device-user): Avoid 'file-system-title'. (fs->boot-device): Remove. (operating-system-boot-parameters): Use 'file-system-device' instead of 'fs->boot-device'. (device->sexp): Add case for 'file-system-label?'. * gnu/bootloader/grub.scm (grub-root-search): Add case for 'file-system-label?'. * gnu/system/examples/bare-bones.tmpl, gnu/system/examples/beaglebone-black.tmpl, gnu/system/examples/lightweight-desktop.tmpl, gnu/system/examples/vm-image.tmpl: Remove uses of 'title'. * gnu/system/vm.scm (virtualized-operating-system): Remove uses of 'file-system-title'. * guix/scripts/system.scm (check-file-system-availability): Likewise, and adjust fix-it hint. (check-initrd-modules)[file-system-/dev]: Likewise. * gnu/build/file-systems.scm (canonicalize-device-spec): Remove 'title' parameter. [canonical-title]: Remove. Match on SPEC's type rather than on CANONICAL-TITLE. (mount-file-system): Adjust caller. * gnu/build/linux-boot.scm (boot-system): Interpret ROOT here. * gnu/services/base.scm (file-system->fstab-entry): Remove use of 'file-system-title'. * doc/guix.texi (File Systems): Remove documentation of the 'title' field. Rewrite documentation of 'device' and document 'file-system-label'. Ludovic Courtès 2018-05-19file-systems: Do not export <file-system>....* gnu/system/file-systems.scm (<file-system>): Do not export. * gnu/system.scm (operating-system-root-file-system): Use an accessor instead of 'match'. Ludovic Courtès 2018-04-29file-systems: Expound '%pseudo-file-system-types'....Reported by Tobias Geerinckx-Rice <me@tobias.gr>. * gnu/system/file-systems.scm (%pseudo-file-system-types): Add "debugfs", "efivarfs", "hugetlbfs", "overlay", and "securityfs". Ludovic Courtès 2018-04-27guix system: Report wrong file system 'device' fields....Previously, if you wrote (device "my-label") without (title 'label), you'd get: guix system: error: stat: No such file or directory: "my-label" Now you get a proper error and a hint. Reported by Pierre-Antoine Rouby. * guix/scripts/system.scm (check-file-system-availability)[literal]: New variable. Loop over LITERAL. * gnu/system/file-systems.scm (%pseudo-file-system-types): New variable. * guix/ui.scm (display-hint): Make public. Ludovic Courtès 2017-12-22file-systems: Move %control-groups from %base-file-systems to...%elogind-file-systems. * gnu/system/file-systems.scm (%base-file-systems): Move %control-groups from here, to ... (%elogind-file-systems): ... here. Mathieu Othacehe 2017-12-22file-systems: Do not mount hugetlb cgroup filesystem....On ARM32 without LPAE support, hugetlb control group is not supported. As it is not needed by elogind, remove it for all platforms. * gnu/system/file-systems.scm (%control-groups): Remove hugetlb from control groups platforms. Mathieu Othacehe 2017-10-11file-systems: Preserve UUID types when serializing....Reported by Roel Janssen <roel@gnu.org> at <https://lists.gnu.org/archive/html/help-guix/2017-09/msg00094.html>. * gnu/system/file-systems.scm (file-system->spec): When DEVICE is a UUID, serialize it in a way that preserves its type. (spec->file-system): Adjust accordingly. * gnu/build/file-systems.scm (canonicalize-device-spec): Add case for when SPEC is 'uuid?'. Ludovic Courtès 2017-10-05file-systems: Add a 'location' field to <file-system>....* gnu/system/file-systems.scm (<file-system>)[location]: New field. Ludovic Courtès 2017-09-11system: Introduce a disjoint UUID type....Conceptually a UUID is just a bytevector. However, there's software out there such as GRUB that relies on the string representation of different UUID types (e.g., the string representation of DCE UUIDs differs from that of ISO-9660 UUIDs, even if they are actually bytevectors of the same length). This new <uuid> record type allows us to preserve information about the type of UUID so we can eventually convert it to a string using the right representation. * gnu/system/uuid.scm (<uuid>): New record type. (bytevector->uuid): New procedure. (uuid): Return calls to 'make-uuid'. (uuid->string): Rewrite using 'match-lambda*' to accept a single 'uuid?' argument. * gnu/bootloader/grub.scm (grub-root-search): Check for 'uuid?' instead of 'bytevector?'. * gnu/system.scm (bootable-kernel-arguments): Check whether ROOT-DEVICE is 'uuid?'. (read-boot-parameters): Use 'bytevector->uuid' when the store device is a bytevector. (read-boot-parameters-file): Check for 'uuid?' instead of 'bytevector?'. (device->sexp): New procedure. (operating-system-boot-parameters-file): Use it for 'root-device' and 'store'. (operating-system-bootcfg): Remove conditional in definition of 'root-device'. * gnu/system/file-systems.scm (file-system->spec): Check for 'uuid?' on DEVICE and take its bytevector. * gnu/system/mapped-devices.scm (open-luks-device): Likewise. * gnu/system/vm.scm (iso9660-image): Call 'uuid-bytevector' for the #:volume-uuid argument. Ludovic Courtès 2017-09-11file-systems: Introduce (gnu system uuid)....* gnu/build/file-systems.scm (sub-bytevector) (latin1->string, %fat32-endianness, fat32-uuid->string) (%iso9660-uuid-rx, string->iso9660-uuid) (iso9660-uuid->string, %network-byte-order) (dce-uuid->string, %uuid-rx, string->dce-uuid) (string->ext2-uuid, string->ext3-uuid, string->ext4-uuid) (vhashq, %uuid-parsers, %uuid-printers, string->uuid) (uuid->string): Move to... * gnu/system/uuid.scm: ... here. New file. * gnu/system/file-systems.scm (uuid): Move to the above file. * gnu/system/vm.scm: Adjust accordingly. * gnu/local.mk (GNU_SYSTEM_MODULES): Add uuid.scm. Ludovic Courtès 2017-03-21file-systems: Add missing docstring....* gnu/system/file-systems.scm (file-system-type-predicate): Add docstring. Ludovic Courtès 2017-03-21file-systems: Do not use (gnu packages …)....Fixes a regression introduced in 7208995426714c9fc3ad59cadc3cc0f52df0f018 whereby (gnu system file-systems) would pull in (gnu packages …) module, which in turn breaks when importing things like (gnu build shepherd). * gnu/system/file-systems.scm (file-system-type-predicate): Export. (file-system-packages): Move to... * gnu/system/linux-initrd.scm (file-system-packages): ... here. Add docstring. * gnu/services/base.scm: Use it. * tests/file-systems.scm ("does not pull (gnu packages …)"): New test. Ludovic Courtès 2017-03-18file-systems: Factorize file-system-packages....* gnu/system/linux-initrd.scm (base-initrd): Move helper-packages body to ... * gnu/system/file-systems.scm (file-system-packages): ... here. New variable. Also export it. Danny Milosavljevic 2017-02-07file-systems: Add '%network-configuration-files' and '%network-file-mappings'....* gnu/system/file-systems.scm (%network-configuration-files) (%network-file-mappings): New variables. * guix/scripts/environment.scm (%network-configuration-files): Remove. (launch-environment/container): Refer to '%network-file-mappings' instead of calling 'filter-map'. Ludovic Courtès 2017-02-04file-systems: Remove dependency on (guix store)....(gnu system file-systems) is used on the "build" side since commit 5970e8e248f6327c41c83b86bb2c89be7c3b1b4e. * gnu/system/file-systems.scm: Remove dependency on (guix store). (%store-prefix): New procedure. * tests/file-systems.scm ("does not pull (guix config)"): New test. Ludovic Courtès 2017-02-03file-systems: Add 'file-system-mapping->bind-mount'....* gnu/system/file-systems.scm (file-system-mapping->bind-mount): New procedure. * gnu/system/linux-container.scm (mapping->file-system): Remove. (containerized-operating-system)[mapping->fs]: Use 'file-system-mapping->bind-mount' instead of 'mapping->file-system'. * guix/scripts/environment.scm (launch-environment/container): Likewise. Ludovic Courtès 2017-01-16file-systems: 'file-system-needed-for-boot?' is #t for parents of the store....Suggested by John Darrington <john@darrington.wattle.id.au>. * gnu/system/file-systems.scm (%not-slash): New variable. (file-prefix?): New procedure. (file-system-needed-for-boot?): Use it to check whether FS holds the store. * tests/file-systems.scm ("file-system-needed-for-boot?"): New test. * gnu/tests/install.scm (%separate-store-os)[file-systems]: Remove 'needed-for-boot?' field for "/gnu". Ludovic Courtès 2016-11-10container: Pass a list of <file-system> objects as things to mount....* gnu/build/linux-container.scm (mount-file-systems): 'mounts' is now a list of <file-system> objects instead of a list of lists ("specs"). Add call to 'file-system->spec' as the argument to 'mount-file-system'. (run-container, call-with-container): Adjust docstring accordingly. * gnu/system/file-systems.scm (spec->file-system): New procedure. * gnu/system/linux-container.scm (container-script)[script]: Call 'spec->file-system' inside gexp. * guix/scripts/environment.scm (launch-environment/container): Remove call to 'file-system->spec'. * tests/containers.scm ("call-with-container, mnt namespace") ("call-with-container, mnt namespace, wrong bind mount"): Pass a list of <file-system> objects. Ludovic Courtès 2016-09-27Add missing exports....Reported by Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com> at <https://lists.gnu.org/archive/html/guix-devel/2016-09/msg01686.html>. * gnu/system/file-systems.scm (%tty-gid): Export. * guix/build-system/python.scm (default-python, default-python2): Export. Ludovic Courtès 2016-09-01Reinstate "services: elogind: Provide '%elogind-file-systems' by extension."...This reverts commit 17073dafc59d62fb8cbb8b94d61d3ecc488ac59f. Ludovic Courtès 2016-08-22Revert "services: elogind: Provide '%elogind-file-systems' by extension."...This reverts commit 3cf319a3f8e23831960a0f1320122cc514188a37. Mark H Weaver 2016-08-22services: elogind: Provide '%elogind-file-systems' by extension....* gnu/system/file-systems.scm (%base-file-systems): Remove %ELOGIND-FILE-SYSTEMS. * gnu/services/desktop.scm (elogind-service-type): Extend FILE-SYSTEM-SERVICE-TYPE to provide %ELOGIND-FILE-SYSTEMS. Ludovic Courtès 2016-08-04ui: Remove dependency on (gnu system file-systems)....* guix/ui.scm (specification->file-system-mapping): Move to... * gnu/system/file-systems.scm (specification->file-system-mapping): ... here. Ludovic Courtès 2016-06-06file-systems: Remove unneeded import....* gnu/system/file-systems.scm: Remove import of (guix gexp), unneeded since commit 060d62a740fc1932a3be505534feff099b59ac9f. Ludovic Courtès 2016-04-18system: Add (gnu system mapped-devices)....* gnu/system/file-systems.scm (<mapped-device>, <mapped-device-type>): Move to... * gnu/system/mapped-devices.scm: ... here. New file. * gnu/system.scm, gnu/services/base.scm, gnu/system/linux-initrd.scm: Use it. * gnu-system.am (GNU_SYSTEM_MODULES): Add it. * gnu.scm (%public-modules): Add it. Ludovic Courtès 2016-03-07gnu: system: Add elogind cgroup mount....* gnu/system/file-systems.scm (%elogind-file-systems): Add elogind cgroup mount. Andy Wingo 2016-01-01file-systems: Move 'string->uuid' to the build side....* gnu/system/file-systems.scm (%uuid-rx, string->uuid): Move to... * gnu/build/file-systems.scm (%uuid-rx, string->uuid): ... here. New variables. Ludovic Courtès 2015-12-22file-systems: Add a 'mount?' field....Fixes <http://bugs.gnu.org/22176>. Reported by Florian Paul Schmidt <mista.tapas@gmx.net>. * gnu/system/file-systems.scm (<file-system>)[mount?]: New field. (file-system->spec): Adjust accordingly. * gnu/services/base.scm (file-system-dmd-service): Return the empty list when FILE-SYSTEM has 'mount?' set to false. (user-processes-service): Select the subset of FILE-SYSTEMS that matches 'file-system-mount?'. * doc/guix.texi (File Systems): Document it. Ludovic Courtès 2015-10-29system: File systems depend on their corresponding device mappings....Fixes a regression introduced in commit 0adfe95. * gnu/system.scm (other-file-system-services)[requirements]: Remove. [add-dependencies]: New procedure. Use it. * gnu/system/file-systems.scm (<file-system>)[dependencies]: Update comment. * gnu/services/base.scm (mapped-device->dmd-service-name, dependency->dmd-service-name): New procedures. (file-system-service-type): Use it. Ludovic Courtès 2015-09-20linux-boot: Mount /dev as a devtmpfs from the start....Suggested by Petter <petter@mykolab.ch> and Mark H Weaver <mhw@netris.org>. Reported by Duncan Keall <duncan@duncankeall.com>. Partly fixes <http://bugs.gnu.org/19190> by populating /dev/mapper early enough. * gnu/build/linux-boot.scm (mount-essential-file-systems): Mount /dev as a devtmpfs. (move-essential-file-systems): Add /dev. (mount-root-file-system): Mount /rw-root/dev as a devtmpfs instead of calling 'make-essential-device-nodes'. (boot-system): Remove call to 'make-essential-device-nodes'. * gnu/system/file-systems.scm (%devtmpfs-file-system): Remove. * doc/guix.texi (File Systems): Adjust accordingly. Ludovic Courtès 2015-09-10file-systems: Add %elogind-file-systems; add it to %base-file-systems....* gnu/system/file-systems.scm (%elogind-file-systems): New variable. (%base-file-systems): Add %elogind-file-systems. Mark H Weaver