2 # SPDX-License-Identifier: GPL-2.0
3 # Copyright (c) 2000-2004 Silicon Graphics, Inc. All Rights Reserved.
4 # Copyright (c) 2017 Google, Inc. All Rights Reserved.
8 # Test clearing of capabilities on write.
11 seqres=$RESULT_DIR/$seq
15 status=1 # FAILure is the default!
16 trap "_cleanup; exit \$status" 0 1 2 3 15
18 # get standard environment, filters and checks
25 [ -n "$TEST_DIR" ] && rm -f $file
30 sed -e "s#$file#file#"
33 # real QA test starts here
37 _require_attrs security
39 _require_test_program "writemod"
40 _require_command "$SETCAP_PROG" "setcap"
41 _require_command "$GETCAP_PROG" "getcap"
45 echo "QA output created by $seq"
47 file=$TEST_DIR/$seq.file
52 echo "**** Verifying that appending to file clears capabilities ****"
53 $SETCAP_PROG cap_chown+ep $file
54 _getcap $file | filefilter
57 _getcap $file | filefilter
60 echo "**** Verifying that appending to file doesn't clear other xattrs ****"
61 $SETCAP_PROG cap_chown+ep $file
62 $SETFATTR_PROG -n trusted.name -v value $file
65 _getfattr -m '^trusted\.*' --absolute-names $file | filefilter
67 echo "**** Verifying that chmod doesn't affect open file descriptors ****"
72 # don't use $here/src/writemod, as we're running it as a regular user, and
73 # $here may contain path component that a regular user doesn't have search
75 su $qa_user -c "src/writemod $file" | filefilter