2 # SPDX-License-Identifier: GPL-2.0
3 # Copyright (C) 2013 Oracle, Inc. All Rights Reserved.
7 # Check get/set ACLs to/from disk with a user namespace. A new file
8 # will be created and ACLs set on it from both inside a userns and
9 # from init_user_ns. We check that the ACL is is correct from both
10 # inside the userns and also from init_user_ns. We will then unmount
11 # and remount the file system and check the ACL from both inside the
12 # userns and from init_user_ns to show that the correct uid/gid in
13 # the ACL was flushed and brought back from disk.
16 seqres=$RESULT_DIR/$seq
17 echo "QA output created by $seq"
21 status=1 # failure is the default!
26 _scratch_unmount >/dev/null 2>&1
28 trap "_cleanup; exit \$status" 0 1 2 3 15
30 # get standard environment, filters and checks
35 nsexec=$here/src/nsexec
36 file=$SCRATCH_MNT/file1
38 # real QA test starts here
40 # only Linux supports user namespace
51 ns_acl2=`expr $acl2 - $acl1`
52 ns_acl3=`expr $acl3 - $acl1`
54 _getfacl_filter_nsid()
57 -e "s/user:$ns_acl1/user:nsid1/" \
58 -e "s/user:$ns_acl2/user:nsid2/" \
59 -e "s/user:$ns_acl3/user:nsid3/" \
60 -e "s/group:$ns_acl1/group:nsid1/" \
61 -e "s/group:$ns_acl2/group:nsid2/" \
62 -e "s/group:$ns_acl3/group:nsid3/" \
63 -e "s/: $ns_acl1/: nsid1/" \
64 -e "s/: $ns_acl2/: nsid2/" \
65 -e "s/: $ns_acl3/: nsid3/"
70 echo "From init_user_ns"
71 getfacl --absolute-names -n $file 2>/dev/null | _filter_scratch | _getfacl_filter_id
74 $nsexec -U -M "0 $acl1 1000" -G "0 $acl1 1000" getfacl --absolute-names -n $file 2>/dev/null | _filter_scratch | _getfacl_filter_nsid
77 _scratch_unmount >/dev/null 2>&1
78 echo "*** MKFS ***" >>$seqres.full
79 echo "" >>$seqres.full
80 _scratch_mkfs >>$seqres.full 2>&1 || _fail "mkfs failed"
84 chown $acl1.$acl1 $file
86 # set acls from init_user_ns, to be checked from inside the userns
87 setfacl -n -m u:$acl2:rw,g:$acl2:r $file
88 # set acls from inside userns, to be checked from init_user_ns
89 $nsexec -s -U -M "0 $acl1 1000" -G "0 $acl1 1000" setfacl -n -m u:root:rx,g:$ns_acl2:x $file
93 echo "*** Remounting ***"
96 _scratch_cycle_mount >>$seqres.full 2>&1 || _fail "remount failed"
100 _scratch_unmount >/dev/null 2>&1