export CHATTR_PROG="`set_prog_path chattr`"
export DEBUGFS_PROG="`set_prog_path debugfs`"
export UUIDGEN_PROG="`set_prog_path uuidgen`"
+export GETRICHACL_PROG="`set_prog_path getrichacl`"
+export SETRICHACL_PROG="`set_prog_path setrichacl`"
# use 'udevadm settle' or 'udevsettle' to wait for lv to be settled.
# newer systems have udevadm command but older systems like RHEL5 don't.
"$here/src/runas" "$@"
}
+_require_richacl_prog()
+{
+ _require_command "$GETRICHACL_PROG" getrichacl
+ _require_command "$SETRICHACL_PROG" setrichacl
+}
+
+_require_scratch_richacl_xfs()
+{
+ _scratch_mkfs_xfs_supported -m richacl=1 >/dev/null 2>&1 \
+ || _notrun "mkfs.xfs doesn't have richacl feature"
+ _scratch_mkfs_xfs -m richacl=1 >/dev/null 2>&1
+ _scratch_mount >/dev/null 2>&1 \
+ || _notrun "kernel doesn't support richacl feature on $FSTYP"
+ _scratch_unmount
+}
+
+_require_scratch_richacl_ext4()
+{
+ _scratch_mkfs -O richacl >/dev/null 2>&1 \
+ || _notrun "can't mkfs $FSTYP with option -O richacl"
+ _scratch_mount >/dev/null 2>&1 \
+ || _notrun "kernel doesn't support richacl feature on $FSTYP"
+ _scratch_unmount
+}
+
+_require_scratch_richacl_support()
+{
+ _scratch_mount
+ $GETFATTR_PROG -n system.richacl >/dev/null 2>&1 \
+ || _notrun "this test requires richacl support on \$SCRATCH_DEV"
+ _scratch_unmount
+}
+
+_require_scratch_richacl()
+{
+ case "$FSTYP" in
+ xfs) _require_scratch_richacl_xfs
+ ;;
+ ext4) _require_scratch_richacl_ext4
+ ;;
+ nfs*|cifs|overlay)
+ _require_scratch_richacl_support
+ ;;
+ *) _notrun "this test requires richacl support on \$SCRATCH_DEV"
+ ;;
+ esac
+}
+
+_scratch_mkfs_richacl()
+{
+ case "$FSTYP" in
+ xfs) _scratch_mkfs_xfs -m richacl=1
+ ;;
+ ext4) _scratch_mkfs -O richacl
+ ;;
+ nfs*|cifs|overlay)
+ _scratch_mkfs
+ ;;
+ esac
+}
+
# check that a FS on a device is mounted
# if so, return mount point
#
--- /dev/null
+#! /bin/bash
+# FS QA Test 362
+#
+# RichACL apply-masks test
+#
+#-----------------------------------------------------------------------
+# Copyright (c) 2016 Red Hat, Inc. All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it would be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+#-----------------------------------------------------------------------
+#
+
+seq=`basename $0`
+seqres=$RESULT_DIR/$seq
+echo "QA output created by $seq"
+
+here=`pwd`
+tmp=/tmp/$$
+status=1 # failure is the default!
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+_cleanup()
+{
+ cd /
+ rm -f $tmp.*
+}
+
+# get standard environment, filters and checks
+. ./common/rc
+
+# remove previous $seqres.full before test
+rm -f $seqres.full
+
+# real QA test starts here
+
+_supported_fs generic
+_supported_os Linux
+
+_require_scratch
+_require_scratch_richacl
+_require_richacl_prog
+
+_scratch_mkfs_richacl >> $seqres.full
+_scratch_mount
+
+cd $SCRATCH_MNT
+
+touch x
+$SETRICHACL_PROG --set 'owner@:rwp::allow group@:rwp::allow everyone@:r::allow' x
+$GETRICHACL_PROG x
+
+$SETRICHACL_PROG --set 'everyone@:wp::allow owner@:r::allow group@:r::allow' x
+chmod 664 x
+$GETRICHACL_PROG x
+
+$SETRICHACL_PROG --set 'everyone@:wp::deny owner@:rwp::allow group@:rwp::allow' x
+chmod 664 x
+$GETRICHACL_PROG x
+
+$SETRICHACL_PROG --set 'owner@:rwCo::allow' x
+$GETRICHACL_PROG x
+
+$SETRICHACL_PROG --set 'owner@:rwpCo::allow' x
+$GETRICHACL_PROG x
+
+chmod 644 x
+$GETRICHACL_PROG x
+
+$SETRICHACL_PROG --set 'u:77:rwp::allow' x
+chmod 664 x
+$GETRICHACL_PROG x
+
+chmod 644 x
+$GETRICHACL_PROG --numeric-ids x
+
+chmod 664 x
+$GETRICHACL_PROG x
+
+$SETRICHACL_PROG --set 'u:77:rwp::allow everyone@:r::allow' x
+chmod 664 x
+$GETRICHACL_PROG x
+
+$SETRICHACL_PROG --set 'u:77:r::allow everyone@:rwp::allow' x
+chmod 664 x
+$GETRICHACL_PROG x
+
+$SETRICHACL_PROG --set 'u:77:wp::deny everyone@:rwp::allow' x
+chmod 664 x
+$GETRICHACL_PROG x
+
+$SETRICHACL_PROG --set 'u:77:rwp::allow u:77:wp::deny everyone@:rwp::allow' x
+chmod 664 x
+$GETRICHACL_PROG x
+
+$SETRICHACL_PROG --set 'everyone@:rwp::allow' x
+chmod 066 x
+$GETRICHACL_PROG x
+
+chmod 006 x
+$GETRICHACL_PROG x
+
+chmod 606 x
+$GETRICHACL_PROG x
+
+$SETRICHACL_PROG --set 'u:77:rwp::allow everyone@:rwp::allow' x
+chmod 606 x
+$GETRICHACL_PROG x
+
+chmod 646 x
+$GETRICHACL_PROG x
+
+# success, all done
+status=0
+exit
--- /dev/null
+QA output created by 362
+x:
+ owner@:rwp----------::allow
+ group@:rwp----------::allow
+ everyone@:r------------::allow
+
+x:
+ owner@:rwp----------::allow
+ group@:rwp----------::allow
+ everyone@:r------------::allow
+
+x:
+ owner@:rwp----------::allow
+ group@:rwp----------::allow
+ everyone@:r------------::allow
+
+x:
+ owner@:rw-------Co--::allow
+
+x:
+ owner@:rwp----------::allow
+
+x:
+ owner@:rwp----------::allow
+ everyone@:r------------::allow
+
+x:
+ owner@:rwp----------::allow
+ user:77:rwp----------::allow
+ group@:r------------::deny
+ everyone@:r------------::allow
+
+x:
+ owner@:rwp----------::allow
+ user:77:r------------::allow
+ group@:r------------::deny
+ everyone@:r------------::allow
+
+x:
+ owner@:rwp----------::allow
+ user:77:rwp----------::allow
+ group@:r------------::deny
+ everyone@:r------------::allow
+
+x:
+ owner@:rwp----------::allow
+ user:77:rwp----------::allow
+ everyone@:r------------::allow
+
+x:
+ user:77:rwp----------::allow
+ owner@:rwp----------::allow
+ group@:rwp----------::allow
+ everyone@:r------------::allow
+
+x:
+ owner@:rwp----------::allow
+ user:77:-wp----------::deny
+ group@:rwp----------::allow
+ everyone@:r------------::allow
+
+x:
+ owner@:rwp----------::allow
+ user:77:rwp----------::allow
+ user:77:-wp----------::deny
+ group@:rwp----------::allow
+ everyone@:r------------::allow
+
+x:
+ owner@:rwp----------::deny
+ everyone@:rwp----------::allow
+
+x:
+ owner@:rwp----------::deny
+ group@:rwp----------::deny
+ everyone@:rwp----------::allow
+
+x:
+ owner@:rwp----------::allow
+ group@:rwp----------::deny
+ everyone@:rwp----------::allow
+
+x:
+ owner@:rwp----------::allow
+ group@:rwp----------::deny
+ everyone@:rwp----------::allow
+
+x:
+ user:77:r------------::allow
+ owner@:rwp----------::allow
+ group@:-wp----------::deny
+ user:77:-wp----------::deny
+ everyone@:rwp----------::allow
+
--- /dev/null
+#! /bin/bash
+# FS QA Test 363
+#
+# RichACL auto-inheritance test
+#
+#-----------------------------------------------------------------------
+# Copyright (c) 2016 Red Hat, Inc. All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it would be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+#-----------------------------------------------------------------------
+#
+
+seq=`basename $0`
+seqres=$RESULT_DIR/$seq
+echo "QA output created by $seq"
+
+here=`pwd`
+tmp=/tmp/$$
+status=1 # failure is the default!
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+_cleanup()
+{
+ cd /
+ rm -f $tmp.*
+}
+
+# get standard environment, filters and checks
+. ./common/rc
+
+# remove previous $seqres.full before test
+rm -f $seqres.full
+
+# real QA test starts here
+
+_supported_fs generic
+_supported_os Linux
+
+_require_scratch
+_require_scratch_richacl
+_require_richacl_prog
+
+_scratch_mkfs_richacl >> $seqres.full
+_scratch_mount
+
+cd $SCRATCH_MNT
+
+umask 022
+
+mkdir d1
+$SETRICHACL_PROG --modify owner@:rwpxd:fd:allow,u:101:rw:fd:deny d1
+$SETRICHACL_PROG --modify u:102:rw:f:deny d1
+$SETRICHACL_PROG --modify u:103:rw:d:deny d1
+$SETRICHACL_PROG --modify g:101:rw:fdi:deny d1
+
+$SETRICHACL_PROG --modify flags:a d1
+
+$GETRICHACL_PROG --numeric --raw d1
+
+mkdir d1/d2
+touch d1/d3
+
+# Mode bits derived from inherited ACEs
+$GETRICHACL_PROG --numeric --raw d1/d2
+
+$GETRICHACL_PROG --numeric --raw d1/d3
+
+mkdir d1/d2/d4
+touch d1/d2/d4/d5
+
+# Protected files
+mkdir d1/d6
+touch d1/d7
+
+$GETRICHACL_PROG --numeric --raw d1/d2/d4
+
+$GETRICHACL_PROG --numeric --raw d1/d2/d4/d5
+
+# Clear protected flag from all the ACLs
+$SETRICHACL_PROG --modify flags:a d1/d2
+$SETRICHACL_PROG --modify flags:a d1/d3
+$SETRICHACL_PROG --modify flags:a d1/d2/d4
+$SETRICHACL_PROG --modify flags:a d1/d2/d4/d5
+
+$GETRICHACL_PROG --numeric d1 | sed -e 's/:fd:deny/:fd:allow/' > acl.txt
+cat acl.txt
+
+$SETRICHACL_PROG --set-file acl.txt d1
+
+$GETRICHACL_PROG --numeric --raw d1
+
+$GETRICHACL_PROG --numeric --raw d1/d2
+
+$GETRICHACL_PROG --numeric --raw d1/d3
+
+$GETRICHACL_PROG --numeric --raw d1/d2/d4
+
+$GETRICHACL_PROG --numeric --raw d1/d2/d4/d5
+
+# No automatic inheritance for protected files
+$GETRICHACL_PROG --numeric --raw d1/d6
+
+$GETRICHACL_PROG --numeric --raw d1/d7
+
+# success, all done
+status=0
+exit
--- /dev/null
+QA output created by 363
+d1:
+ flags:a
+ owner:rwpxd-----------::mask
+ group:r--x------------::mask
+ other:r--x------------::mask
+ user:101:rw--------------:fd:deny
+ user:102:rw--------------:f:deny
+ user:103:rw--------------:d:deny
+ group:101:rw--------------:fdi:deny
+ owner@:rwpxd-----------:fd:allow
+ everyone@:r--x------------::allow
+
+d1/d2:
+ flags:map
+ owner:rwpxd-----------::mask
+ group:----------------::mask
+ other:----------------::mask
+ user:101:rw--------------:fda:deny
+ user:102:rw--------------:fia:deny
+ user:103:rw--------------:da:deny
+ group:101:rw--------------:fda:deny
+ owner@:rwpxd-----------:fda:allow
+
+d1/d3:
+ flags:map
+ owner:rwp-------------::mask
+ group:----------------::mask
+ other:----------------::mask
+ user:101:rw--------------:a:deny
+ user:102:rw--------------:a:deny
+ group:101:rw--------------:a:deny
+ owner@:rwpx------------:a:allow
+
+d1/d2/d4:
+ flags:map
+ owner:rwpxd-----------::mask
+ group:----------------::mask
+ other:----------------::mask
+ user:101:rw--------------:fda:deny
+ user:102:rw--------------:fia:deny
+ user:103:rw--------------:da:deny
+ group:101:rw--------------:fda:deny
+ owner@:rwpxd-----------:fda:allow
+
+d1/d2/d4/d5:
+ flags:map
+ owner:rwp-------------::mask
+ group:----------------::mask
+ other:----------------::mask
+ user:101:rw--------------:a:deny
+ user:102:rw--------------:a:deny
+ group:101:rw--------------:a:deny
+ owner@:rwpx------------:a:allow
+
+d1:
+ flags:a
+ user:101:rw-----------:fd:allow
+ user:102:rw-----------:f:deny
+ user:103:rw-----------:d:deny
+ group:101:rw-----------:fdi:deny
+ owner@:rwpxd--------:fd:allow
+ everyone@:r--x---------::allow
+
+d1:
+ flags:a
+ owner:rwpxd-----------::mask
+ group:rw-x------------::mask
+ other:r--x------------::mask
+ user:101:rw--------------:fd:allow
+ user:102:rw--------------:f:deny
+ user:103:rw--------------:d:deny
+ group:101:rw--------------:fdi:deny
+ owner@:rwpxd-----------:fd:allow
+ everyone@:r--x------------::allow
+
+d1/d2:
+ flags:a
+ owner:rwpxd-----------::mask
+ group:rw--------------::mask
+ other:----------------::mask
+ user:101:rw--------------:fda:allow
+ user:102:rw--------------:fia:deny
+ user:103:rw--------------:da:deny
+ group:101:rw--------------:fda:deny
+ owner@:rwpxd-----------:fda:allow
+
+d1/d3:
+ flags:a
+ owner:rwpx------------::mask
+ group:rw--------------::mask
+ other:----------------::mask
+ user:101:rw--------------:a:allow
+ user:102:rw--------------:a:deny
+ group:101:rw--------------:a:deny
+ owner@:rwpx------------:a:allow
+
+d1/d2/d4:
+ flags:a
+ owner:rwpxd-----------::mask
+ group:rw--------------::mask
+ other:----------------::mask
+ user:101:rw--------------:fda:allow
+ user:102:rw--------------:fia:deny
+ user:103:rw--------------:da:deny
+ group:101:rw--------------:fda:deny
+ owner@:rwpxd-----------:fda:allow
+
+d1/d2/d4/d5:
+ flags:a
+ owner:rwpx------------::mask
+ group:rw--------------::mask
+ other:----------------::mask
+ user:101:rw--------------:a:allow
+ user:102:rw--------------:a:deny
+ group:101:rw--------------:a:deny
+ owner@:rwpx------------:a:allow
+
+d1/d6:
+ flags:map
+ owner:rwpxd-----------::mask
+ group:----------------::mask
+ other:----------------::mask
+ user:101:rw--------------:fda:deny
+ user:102:rw--------------:fia:deny
+ user:103:rw--------------:da:deny
+ group:101:rw--------------:fda:deny
+ owner@:rwpxd-----------:fda:allow
+
+d1/d7:
+ flags:map
+ owner:rwp-------------::mask
+ group:----------------::mask
+ other:----------------::mask
+ user:101:rw--------------:a:deny
+ user:102:rw--------------:a:deny
+ group:101:rw--------------:a:deny
+ owner@:rwpx------------:a:allow
+
--- /dev/null
+#! /bin/bash
+# FS QA Test 364
+#
+# RichACL basic test
+#
+#-----------------------------------------------------------------------
+# Copyright (c) 2016 Red Hat, Inc. All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it would be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+#-----------------------------------------------------------------------
+#
+
+seq=`basename $0`
+seqres=$RESULT_DIR/$seq
+echo "QA output created by $seq"
+
+here=`pwd`
+tmp=/tmp/$$
+status=1 # failure is the default!
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+_cleanup()
+{
+ cd /
+ rm -f $tmp.*
+}
+
+# get standard environment, filters and checks
+. ./common/rc
+
+# remove previous $seqres.full before test
+rm -f $seqres.full
+
+# real QA test starts here
+
+_supported_fs generic
+_supported_os Linux
+
+_require_scratch
+_require_scratch_richacl
+_require_richacl_prog
+
+_scratch_mkfs_richacl >> $seqres.full
+_scratch_mount
+
+cd $SCRATCH_MNT
+
+umask 022
+
+touch x
+
+$SETRICHACL_PROG --set 'everyone@:rwp::allow' x
+stat -c %A x
+$GETRICHACL_PROG x
+
+chmod 664 x
+stat -c %A x
+$GETRICHACL_PROG x
+
+# Note that unlike how the test cases look at first sight, we do *not* require
+# a richacl-enabled version of ls here ...
+
+mkdir sub
+$SETRICHACL_PROG --set 'everyone@:rwpxd:fd:allow' sub
+stat -c %A+ sub
+$GETFATTR_PROG -m system\.richacl sub
+
+chmod 775 sub
+stat -c %A+ sub
+$GETFATTR_PROG -m system\.richacl sub
+$GETRICHACL_PROG sub
+
+touch sub/f
+stat -c %A sub/f
+$GETRICHACL_PROG sub/f
+
+mkdir sub/sub2
+stat -c %A+ sub/sub2
+$GETRICHACL_PROG sub/sub2
+
+mkdir -m 750 sub/sub3
+stat -c %A+ sub/sub3
+$GETRICHACL_PROG sub/sub3
+
+# success, all done
+status=0
+exit
--- /dev/null
+QA output created by 364
+-rw-rw-rw-
+x:
+ everyone@:rwp----------::allow
+
+-rw-rw-r--
+x:
+ owner@:rwp----------::allow
+ group@:rwp----------::allow
+ everyone@:r------------::allow
+
+drwxrwxrwx+
+# file: sub
+system.richacl
+
+drwxrwxr-x+
+# file: sub
+system.richacl
+
+sub:
+ owner@:rwpxd--------::allow
+ group@:rwpxd--------::allow
+ everyone@:rwpxd--------:fdi:allow
+ everyone@:r--x---------::allow
+
+-rw-rw-rw-
+sub/f:
+ everyone@:rwp----------::allow
+
+drwxrwxrwx+
+sub/sub2:
+ everyone@:rwpxd--------:fd:allow
+
+drwxr-x---+
+sub/sub3:
+ owner@:rwpxd--------::allow
+ group@:r--x---------::allow
+ everyone@:rwpxd--------:fdi:allow
+
--- /dev/null
+#! /bin/bash
+# FS QA Test 365
+#
+# RichACL chmod test
+#
+#-----------------------------------------------------------------------
+# Copyright (c) 2016 Red Hat, Inc. All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it would be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+#-----------------------------------------------------------------------
+#
+
+seq=`basename $0`
+seqres=$RESULT_DIR/$seq
+echo "QA output created by $seq"
+
+here=`pwd`
+tmp=/tmp/$$
+status=1 # failure is the default!
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+_cleanup()
+{
+ cd /
+ rm -f $tmp.*
+}
+
+# get standard environment, filters and checks
+. ./common/rc
+
+# remove previous $seqres.full before test
+rm -f $seqres.full
+
+# real QA test starts here
+
+_supported_fs generic
+_supported_os Linux
+
+_require_scratch
+_require_scratch_richacl
+_require_richacl_prog
+_require_runas
+
+_scratch_mkfs_richacl >> $seqres.full
+_scratch_mount
+
+cd $SCRATCH_MNT
+
+r()
+{
+ echo "--- runas -u 99 -g 99 $*"
+ _runas -u 99 -g 99 -- "$@"
+}
+
+s()
+{
+ echo "--- runas -u 99 -g 99 setrichacl $*"
+ _runas -u 99 -g 99 -- $SETRICHACL_PROG "$@"
+}
+
+# Create file as root
+touch a
+
+# We cannot set the acl as another user
+s --set 'u:99:rwc::allow' a
+
+# We cannot chmod as another user
+r chmod 666 a
+
+# Give user 99 the write_acl permission
+$SETRICHACL_PROG --set 'u:99:rwpC::allow' a
+
+# Now user 99 can setrichacl and chmod ...
+s --set 'u:99:rwpC::allow' a
+r chmod 666 a
+
+# ... but chmod disables the write_acl permission
+s --set 'u:99:rwpC::allow' a
+
+# success, all done
+status=0
+exit
--- /dev/null
+QA output created by 365
+--- runas -u 99 -g 99 setrichacl --set u:99:rwc::allow a
+a: Operation not permitted
+--- runas -u 99 -g 99 chmod 666 a
+chmod: changing permissions of 'a': Operation not permitted
+--- runas -u 99 -g 99 setrichacl --set u:99:rwpC::allow a
+--- runas -u 99 -g 99 chmod 666 a
+--- runas -u 99 -g 99 setrichacl --set u:99:rwpC::allow a
+a: Operation not permitted
--- /dev/null
+#! /bin/bash
+# FS QA Test 366
+#
+# RichACL chown test
+#
+#-----------------------------------------------------------------------
+# Copyright (c) 2016 Red Hat, Inc. All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it would be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+#-----------------------------------------------------------------------
+#
+
+seq=`basename $0`
+seqres=$RESULT_DIR/$seq
+echo "QA output created by $seq"
+
+here=`pwd`
+tmp=/tmp/$$
+status=1 # failure is the default!
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+_cleanup()
+{
+ cd /
+ rm -f $tmp.*
+}
+
+# get standard environment, filters and checks
+. ./common/rc
+
+# remove previous $seqres.full before test
+rm -f $seqres.full
+
+# real QA test starts here
+
+_supported_fs generic
+_supported_os Linux
+
+_require_scratch
+_require_scratch_richacl
+_require_richacl_prog
+_require_runas
+
+_scratch_mkfs_richacl >> $seqres.full
+_scratch_mount
+
+cd $SCRATCH_MNT
+
+r()
+{
+ echo "--- runas -u 99 -g 99 $*"
+ _runas -u 99 -g 99 -- "$@"
+}
+
+# Create file as root
+touch a
+
+# Chown and chgrp with no take ownership permission fails
+r chown 99 a
+r chgrp 99 a
+
+# Add the take_ownership permission
+$SETRICHACL_PROG --set 'u:99:rwpo::allow' a
+
+# Chown and chgrp to a user or group the process is not in fails
+r chown 100 a
+r chgrp 100 a
+
+# Chown and chgrp to a user and group the process is in succeeds
+r chown 99 a
+r chgrp 99 a
+
+# success, all done
+status=0
+exit
--- /dev/null
+QA output created by 366
+--- runas -u 99 -g 99 chown 99 a
+chown: changing ownership of 'a': Operation not permitted
+--- runas -u 99 -g 99 chgrp 99 a
+chgrp: changing group of 'a': Operation not permitted
+--- runas -u 99 -g 99 chown 100 a
+chown: changing ownership of 'a': Operation not permitted
+--- runas -u 99 -g 99 chgrp 100 a
+chgrp: changing group of 'a': Operation not permitted
+--- runas -u 99 -g 99 chown 99 a
+--- runas -u 99 -g 99 chgrp 99 a
--- /dev/null
+#! /bin/bash
+# FS QA Test 367
+#
+# RichACL create test
+#
+#-----------------------------------------------------------------------
+# Copyright (c) 2016 Red Hat, Inc. All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it would be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+#-----------------------------------------------------------------------
+#
+
+seq=`basename $0`
+seqres=$RESULT_DIR/$seq
+echo "QA output created by $seq"
+
+here=`pwd`
+tmp=/tmp/$$
+status=1 # failure is the default!
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+_cleanup()
+{
+ cd /
+ rm -f $tmp.*
+}
+
+# get standard environment, filters and checks
+. ./common/rc
+
+# remove previous $seqres.full before test
+rm -f $seqres.full
+
+# real QA test starts here
+
+_supported_fs generic
+_supported_os Linux
+
+_require_scratch
+_require_scratch_richacl
+_require_richacl_prog
+_require_runas
+
+_scratch_mkfs_richacl >> $seqres.full
+_scratch_mount
+
+cd $SCRATCH_MNT
+
+r()
+{
+ echo "--- runas -u 99 -g 99 $*"
+ _runas -u 99 -g 99 -- "$@"
+}
+
+# Create directories as root with different permissions
+mkdir d1 d2 d3
+$SETRICHACL_PROG --set 'u:99:wx::allow' d2
+$SETRICHACL_PROG --set 'u:99:px::allow' d3
+
+# Cannot create files or directories without permissions
+r touch d1/f
+r mkdir d1/d
+
+# Can create files with add_file (w) permission
+r touch d2/f
+r mkdir d2/d
+
+# Can create directories with add_subdirectory (p) permission
+r touch d3/f
+r mkdir d3/d
+
+# success, all done
+status=0
+exit
--- /dev/null
+QA output created by 367
+--- runas -u 99 -g 99 touch d1/f
+touch: cannot touch 'd1/f': Permission denied
+--- runas -u 99 -g 99 mkdir d1/d
+mkdir: cannot create directory 'd1/d': Permission denied
+--- runas -u 99 -g 99 touch d2/f
+--- runas -u 99 -g 99 mkdir d2/d
+mkdir: cannot create directory 'd2/d': Permission denied
+--- runas -u 99 -g 99 touch d3/f
+touch: cannot touch 'd3/f': Permission denied
+--- runas -u 99 -g 99 mkdir d3/d
--- /dev/null
+#! /bin/bash
+# FS QA Test 368
+#
+# RichACL ctime test
+#
+#-----------------------------------------------------------------------
+# Copyright (c) 2016 Red Hat, Inc. All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it would be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+#-----------------------------------------------------------------------
+#
+
+seq=`basename $0`
+seqres=$RESULT_DIR/$seq
+echo "QA output created by $seq"
+
+here=`pwd`
+tmp=/tmp/$$
+status=1 # failure is the default!
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+_cleanup()
+{
+ cd /
+ rm -f $tmp.*
+}
+
+# get standard environment, filters and checks
+. ./common/rc
+
+# remove previous $seqres.full before test
+rm -f $seqres.full
+
+# real QA test starts here
+
+_supported_fs generic
+_supported_os Linux
+
+_require_scratch
+_require_scratch_richacl
+_require_richacl_prog
+_require_runas
+
+_scratch_mkfs_richacl >> $seqres.full
+_scratch_mount
+
+cd $SCRATCH_MNT
+
+r()
+{
+ echo "--- runas -u 99 -g 99 $*"
+ _runas -u 99 -g 99 -- "$@"
+}
+
+touch a
+
+# Without write access, the ctime cannot be changed
+r touch a
+
+$SETRICHACL_PROG --set 'u:99:rw::allow' a
+
+# With write access, the ctime can be set to the current time, but not to
+# any other time
+r touch a
+r touch -d '1 hour ago' a
+
+$SETRICHACL_PROG --set 'u:99:rwA::allow' a
+
+# With set_attributes access, the ctime can be set to an arbitrary time
+r touch -d '1 hour ago' a
+
+# success, all done
+status=0
+exit
--- /dev/null
+QA output created by 368
+--- runas -u 99 -g 99 touch a
+touch: cannot touch 'a': Permission denied
+--- runas -u 99 -g 99 touch a
+--- runas -u 99 -g 99 touch -d 1 hour ago a
+touch: setting times of 'a': Operation not permitted
+--- runas -u 99 -g 99 touch -d 1 hour ago a
--- /dev/null
+#! /bin/bash
+# FS QA Test 369
+#
+# RichACL delete test
+#
+#-----------------------------------------------------------------------
+# Copyright (c) 2016 Red Hat, Inc. All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it would be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+#-----------------------------------------------------------------------
+#
+
+seq=`basename $0`
+seqres=$RESULT_DIR/$seq
+echo "QA output created by $seq"
+
+here=`pwd`
+tmp=/tmp/$$
+status=1 # failure is the default!
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+_cleanup()
+{
+ cd /
+ rm -f $tmp.*
+}
+
+# get standard environment, filters and checks
+. ./common/rc
+
+# remove previous $seqres.full before test
+rm -f $seqres.full
+
+# real QA test starts here
+
+_supported_fs generic
+_supported_os Linux
+
+_require_scratch
+_require_scratch_richacl
+_require_richacl_prog
+_require_runas
+
+_scratch_mkfs_richacl >> $seqres.full
+_scratch_mount
+
+cd $SCRATCH_MNT
+
+r()
+{
+ echo "--- runas -u 99 -g 99 $*"
+ _runas -u 99 -g 99 -- "$@"
+}
+
+umask 022
+
+chmod go+w .
+mkdir d1 d2 d3 d4 d5 d6 d7
+touch d1/f d1/g d2/f d3/f d4/f d5/f d6/f d7/f d7/g d7/h
+chmod o+w d1/g
+chown 99 d2
+chgrp 99 d3
+chmod g+w d3
+$SETRICHACL_PROG --set 'u:99:wx::allow' d4
+$SETRICHACL_PROG --set 'u:99:d::allow' d5
+$SETRICHACL_PROG --set 'u:99:xd::allow' d6
+$SETRICHACL_PROG --set 'u:99:D::allow' d7/f d7/g d7/h
+chmod 664 d7/g
+
+mkdir s2 s3 s4 s5 s6 s7
+chmod +t s2 s3 s4 s5 s6 s7
+touch s2/f s3/f s4/f s5/f s6/f s7/f s7/g s7/h
+chown 99 s2
+chgrp 99 s3
+chmod g+w s3
+$SETRICHACL_PROG --set 'u:99:wx::allow' s4
+$SETRICHACL_PROG --set 'u:99:d::allow' s5
+$SETRICHACL_PROG --set 'u:99:xd::allow' s6
+$SETRICHACL_PROG --set 'u:99:D::allow' s7/f s7/g s7/h
+chmod 664 s7/g
+
+# Cannot delete files with no or only with write permissions on the directory
+r rm -f d1/f d1/g
+
+# Can delete files in directories we own
+r rm -f d2/f s2/f
+
+# Can delete files in non-sticky directories we have write access to
+r rm -f d3/f s3/f
+
+# "Write_data/execute" access does not include delete_child access, so deleting
+# is not allowed:
+r rm -f d4/f s4/f
+
+# "Delete_child" access alone also is not sufficient
+r rm -f d5/f s5/f
+
+# "Execute/delete_child" access is sufficient for non-sticky directories
+r rm -f d6/f s6/f
+
+# "Delete" access on the child is sufficient, even in sticky directories.
+r rm -f d7/f s7/f
+
+# Regression: Delete access must not override add_file / add_subdirectory
+# access.
+r touch h
+r mv -f h d7/
+r mv -f h s7/
+
+# A chmod turns off the "delete" permission
+r rm -f d7/g s7/g
+
+# success, all done
+status=0
+exit
--- /dev/null
+QA output created by 369
+--- runas -u 99 -g 99 rm -f d1/f d1/g
+rm: cannot remove 'd1/f': Permission denied
+rm: cannot remove 'd1/g': Permission denied
+--- runas -u 99 -g 99 rm -f d2/f s2/f
+--- runas -u 99 -g 99 rm -f d3/f s3/f
+rm: cannot remove 's3/f': Operation not permitted
+--- runas -u 99 -g 99 rm -f d4/f s4/f
+rm: cannot remove 'd4/f': Permission denied
+rm: cannot remove 's4/f': Permission denied
+--- runas -u 99 -g 99 rm -f d5/f s5/f
+rm: cannot remove 'd5/f': Permission denied
+rm: cannot remove 's5/f': Permission denied
+--- runas -u 99 -g 99 rm -f d6/f s6/f
+rm: cannot remove 's6/f': Operation not permitted
+--- runas -u 99 -g 99 rm -f d7/f s7/f
+--- runas -u 99 -g 99 touch h
+--- runas -u 99 -g 99 mv -f h d7/
+mv: cannot move 'h' to 'd7/h': Permission denied
+--- runas -u 99 -g 99 mv -f h s7/
+mv: cannot move 'h' to 's7/h': Permission denied
+--- runas -u 99 -g 99 rm -f d7/g s7/g
+rm: cannot remove 'd7/g': Permission denied
+rm: cannot remove 's7/g': Permission denied
--- /dev/null
+#! /bin/bash
+# FS QA Test 370
+#
+# RichACL write-vs-append test
+#
+#-----------------------------------------------------------------------
+# Copyright (c) 2016 Red Hat, Inc. All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it would be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+#-----------------------------------------------------------------------
+#
+
+seq=`basename $0`
+seqres=$RESULT_DIR/$seq
+echo "QA output created by $seq"
+
+here=`pwd`
+tmp=/tmp/$$
+status=1 # failure is the default!
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+_cleanup()
+{
+ cd /
+ rm -f $tmp.*
+}
+
+# get standard environment, filters and checks
+. ./common/rc
+
+# remove previous $seqres.full before test
+rm -f $seqres.full
+
+# real QA test starts here
+
+_supported_fs generic
+_supported_os Linux
+
+_require_scratch
+_require_scratch_richacl
+_require_richacl_prog
+_require_runas
+
+_scratch_mkfs_richacl >> $seqres.full
+_scratch_mount
+
+cd $SCRATCH_MNT
+
+r()
+{
+ echo "--- runas -u 99 -g 99 $*"
+ _runas -u 99 -g 99 -- "$@"
+}
+
+touch a b c d e f
+$SETRICHACL_PROG --set 'owner@:rwp::allow' a
+$SETRICHACL_PROG --set 'owner@:rwp::allow u:99:w::allow' b
+$SETRICHACL_PROG --set 'owner@:rwp::allow u:99:p::allow' c
+$SETRICHACL_PROG --set 'owner@:rwp::allow u:99:wp::allow' d
+$SETRICHACL_PROG --set 'u:99:a::deny owner@:rwp::allow u:99:w::allow' e
+$SETRICHACL_PROG --set 'u:99:w::deny owner@:rwp::allow u:99:p::allow' f
+
+r sh -c 'echo a > a'
+r sh -c 'echo b > b'
+r sh -c 'echo c > c'
+r sh -c 'echo d > d'
+r sh -c 'echo e > e'
+r sh -c 'echo f > f'
+
+r sh -c 'echo A >> a'
+r sh -c 'echo B >> b'
+r sh -c 'echo C >> c'
+r sh -c 'echo D >> d'
+r sh -c 'echo E >> e'
+r sh -c 'echo F >> f'
+
+# success, all done
+status=0
+exit
--- /dev/null
+QA output created by 370
+--- runas -u 99 -g 99 sh -c echo a > a
+sh: a: Permission denied
+--- runas -u 99 -g 99 sh -c echo b > b
+--- runas -u 99 -g 99 sh -c echo c > c
+sh: c: Permission denied
+--- runas -u 99 -g 99 sh -c echo d > d
+--- runas -u 99 -g 99 sh -c echo e > e
+--- runas -u 99 -g 99 sh -c echo f > f
+sh: f: Permission denied
+--- runas -u 99 -g 99 sh -c echo A >> a
+sh: a: Permission denied
+--- runas -u 99 -g 99 sh -c echo B >> b
+sh: b: Permission denied
+--- runas -u 99 -g 99 sh -c echo C >> c
+--- runas -u 99 -g 99 sh -c echo D >> d
+--- runas -u 99 -g 99 sh -c echo E >> e
+sh: e: Permission denied
+--- runas -u 99 -g 99 sh -c echo F >> f
359 auto quick clone
360 auto quick metadata
361 auto quick
+362 auto quick richacl
+363 auto quick richacl
+364 auto quick richacl
+365 auto quick richacl
+366 auto quick richacl
+367 auto quick richacl
+368 auto quick richacl
+369 auto quick richacl
+370 auto quick richacl
projects / xfstests-dev.git / commitdiff