tests - fix Linux systemd bug when writing to /tmp folder

.github/workflows/build-bunkerized-nginx.yml

@@ -17,11 +17,6 @@ jobs:
       - name: Temp build to check security issues
         run: docker build -t bunkerized-nginx .
    
-      # Temp ignore CVE-2021-36159
-      #- name: Temp add .trivyignore
-      #  run: |
-      #    echo "CVE-2021-36159" > .trivyignore
-
       - name: Run Trivy security scanner
         uses: aquasecurity/trivy-action@master
         with:
@@ -31,10 +26,6 @@ jobs:
           ignore-unfixed: true
           severity: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL'
 
-      #- name: Temp remove .trivyignore
-      #  run: |
-      #    rm -f .trivyignore
-
       - name: Run autotest
         run: docker run bunkerized-nginx test
 

.github/workflows/linux-bunkerized-nginx.yml

@@ -16,6 +16,8 @@ jobs:
         run: docker build -t debian-systemd -f tests/Dockerfile-debian .
       - name: Build Ubuntu with systemd
         run: docker build -t ubuntu-systemd -f tests/Dockerfile-ubuntu .
+      - name: Build CentOS with systemd
+        run: docker build -t centos-systemd -f tests/Dockerfile-centos .
       - name: Build Fedora with systemd
         run: docker build -t fedora-systemd -f tests/Dockerfile-fedora .
       - name: Debian test
@@ -23,6 +25,6 @@ jobs:
       - name: Ubuntu test
         run: ./tests/linux-run.sh ubuntu-systemd test-ubuntu
       - name: CentOS test
-        run: ./tests/linux-run.sh centos:7 test-centos
+        run: ./tests/linux-run.sh centos-systemd test-centos
       - name: Fedora test
         run: ./tests/linux-run.sh fedora-systemd test-fedora

tests/Dockerfile-centos

@@ -0,0 +1,11 @@
+FROM centos:7
+
+
+RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \
+rm -f /lib/systemd/system/multi-user.target.wants/*;\
+rm -f /etc/systemd/system/*.wants/*;\
+rm -f /lib/systemd/system/local-fs.target.wants/*; \
+rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
+rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
+rm -f /lib/systemd/system/basic.target.wants/*;\
+rm -f /lib/systemd/system/anaconda.target.wants/*;

tests/Dockerfile-debian

@@ -1,3 +1,12 @@
 FROM debian:buster-slim
 
 RUN apt update && apt install -y systemd
+
+RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \
+rm -f /lib/systemd/system/multi-user.target.wants/*;\
+rm -f /etc/systemd/system/*.wants/*;\
+rm -f /lib/systemd/system/local-fs.target.wants/*; \
+rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
+rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
+rm -f /lib/systemd/system/basic.target.wants/*;\
+rm -f /lib/systemd/system/anaconda.target.wants/*;

tests/Dockerfile-fedora

@@ -1,3 +1,12 @@
 FROM fedora:34
 
 RUN dnf install -y systemd
+
+RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \
+rm -f /lib/systemd/system/multi-user.target.wants/*;\
+rm -f /etc/systemd/system/*.wants/*;\
+rm -f /lib/systemd/system/local-fs.target.wants/*; \
+rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
+rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
+rm -f /lib/systemd/system/basic.target.wants/*;\
+rm -f /lib/systemd/system/anaconda.target.wants/*;

tests/Dockerfile-ubuntu

@@ -1,3 +1,12 @@
 FROM ubuntu:focal
 
 RUN apt update && apt install -y systemd
+
+RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \
+rm -f /lib/systemd/system/multi-user.target.wants/*;\
+rm -f /etc/systemd/system/*.wants/*;\
+rm -f /lib/systemd/system/local-fs.target.wants/*; \
+rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
+rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
+rm -f /lib/systemd/system/basic.target.wants/*;\
+rm -f /lib/systemd/system/anaconda.target.wants/*;