diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 741813d8..1e8a26f3 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -156,82 +156,6 @@ Centos7: - ./*.log - ./tests/*.log -RPM/epel7: - stage: deploy - image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS7_BUILD - script: - - git submodule update --init - - autoreconf -fvi - - ./configure - - touch ChangeLog - - make dist - - CURDIR=$(pwd) - - TARFILE=$(find ./ -name '*.tar.xz') - - RPMVERSION=$(cat /usr/local/rpms/ocserv/*.spec|grep ^Version|awk '{print $2}') - - sed -i 's/XFAIL_TESTS=test-sighup-key-change//' /usr/local/rpms/ocserv/ocserv.spec - - NEWVERSION=$(echo $TARFILE|sed -e 's/ocserv-//' -e 's/\.tar\.xz//' -e 's|./||') - - echo "tarfile $TARFILE" && echo "rpm $RPMVERSION" && echo "new $NEWVERSION" - - cp $TARFILE /usr/local/rpms/ocserv - - cd /usr/local/rpms/ocserv - - sed -i -e "s/$RPMVERSION/$NEWVERSION/" -e 's/have_gpgv2 1/have_gpgv2 0/g' *.spec - - ( test "$RPMVERSION" != "$NEWVERSION" && cat sources|grep -v "ocserv-$RPMVERSION" >sources.tmp ) || /bin/true - - sha512sum --tag ocserv-$NEWVERSION.tar.xz >>sources.tmp - - mv sources.tmp sources - - touch ocserv-$NEWVERSION.tar.xz.sig - - fedpkg --release el7 local - - cd $CURDIR - - find /usr/local/rpms/ocserv -name '*.rpm' -exec cp '{}' ./ ';' - tags: - - shared - - linux - except: - - tags - - schedules - artifacts: - expire_in: 1 week - when: on_success - paths: - - ./*.rpm - -RPM/epel8: - stage: deploy - image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS8_BUILD - script: - - git submodule update --init - - autoreconf -fvi - - ./configure - - touch ChangeLog - - make dist - - CURDIR=$(pwd) - - TARFILE=$(find ./ -name '*.tar.xz') - - RPMVERSION=$(cat /usr/local/rpms/ocserv/*.spec|grep ^Version|awk '{print $2}') - - sed -i 's/XFAIL_TESTS=test-sighup-key-change//' /usr/local/rpms/ocserv/ocserv.spec - - NEWVERSION=$(echo $TARFILE|sed -e 's/ocserv-//' -e 's/\.tar\.xz//' -e 's|./||') - - echo "tarfile $TARFILE" && echo "rpm $RPMVERSION" && echo "new $NEWVERSION" - - cp $TARFILE /usr/local/rpms/ocserv - - cd /usr/local/rpms/ocserv - - sed -i -e "s/Patch0:\t\tocserv-1.1.2-tests.patch//" *.spec - - sed -i -e "s/$RPMVERSION/$NEWVERSION/" -e 's/have_gpgv2 1/have_gpgv2 0/g' *.spec - - ( test "$RPMVERSION" != "$NEWVERSION" && cat sources|grep -v "ocserv-$RPMVERSION" >sources.tmp ) || /bin/true - - sha512sum --tag ocserv-$NEWVERSION.tar.xz >>sources.tmp - - mv sources.tmp sources - - touch ocserv-$NEWVERSION.tar.xz.sig - - export OCSERV_ALLOW_BROKEN_CLIENTS=1 - - fedpkg --release el8 local - - cd $CURDIR - - find /usr/local/rpms/ocserv -name '*.rpm' -exec cp '{}' ./ ';' - tags: - - shared - - linux - except: - - tags - - schedules - artifacts: - expire_in: 1 week - when: on_success - paths: - - ./*.rpm - Coverity: stage: testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS8_BUILD diff --git a/src/worker-privs.c b/src/worker-privs.c index 3e516b5a..e3cc5082 100644 --- a/src/worker-privs.c +++ b/src/worker-privs.c @@ -110,7 +110,6 @@ int disable_system_calls(struct worker_st *ws) /* Socket wrapper tests use additional syscalls; only enable * them when socket wrapper is active */ if (getenv("SOCKET_WRAPPER_DIR") != NULL) { - ADD_SYSCALL(stat64, 0); ADD_SYSCALL(readlink, 0); } @@ -175,6 +174,8 @@ int disable_system_calls(struct worker_st *ws) ADD_SYSCALL(openat, 0); ADD_SYSCALL(fstat, 0); + ADD_SYSCALL(stat, 0); + ADD_SYSCALL(stat64, 0); ADD_SYSCALL(newfstatat, 0); ADD_SYSCALL(lseek, 0); @@ -186,8 +187,6 @@ int disable_system_calls(struct worker_st *ws) /* we need to open files when we have an xml_config_file setup on any vhost */ list_for_each(ws->vconfig, vhost, list) { if (vhost->perm_config.config->xml_config_file) { - ADD_SYSCALL(stat, 0); - ADD_SYSCALL(stat64, 0); ADD_SYSCALL(open, 0); ADD_SYSCALL(openat, 0); break; diff --git a/tests/test-user-config b/tests/test-user-config index 21df4531..1c7f5182 100755 --- a/tests/test-user-config +++ b/tests/test-user-config @@ -37,7 +37,7 @@ rm -f ${TMPFILE1} rm -f ${TMPFILE2} update_config test-user-config.config -launch_simple_server -d 1 -f -c "${CONFIG}" +launch_simple_server -d 3 -f -c "${CONFIG}" PID=$! wait_server $PID