4 # Check get/set ACLs to/from disk with a user namespace. A new file
5 # will be created and ACLs set on it from both inside a userns and
6 # from init_user_ns. We check that the ACL is is correct from both
7 # inside the userns and also from init_user_ns. We will then unmount
8 # and remount the file system and check the ACL from both inside the
9 # userns and from init_user_ns to show that the correct uid/gid in
10 # the ACL was flushed and brought back from disk.
12 #-----------------------------------------------------------------------
13 # Copyright (C) 2013 Oracle, Inc. All Rights Reserved.
15 # This program is free software; you can redistribute it and/or
16 # modify it under the terms of the GNU General Public License as
17 # published by the Free Software Foundation.
19 # This program is distributed in the hope that it would be useful,
20 # but WITHOUT ANY WARRANTY; without even the implied warranty of
21 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 # GNU General Public License for more details.
24 # You should have received a copy of the GNU General Public License
25 # along with this program; if not, write the Free Software Foundation,
26 # Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
27 #-----------------------------------------------------------------------
31 seqres=$RESULT_DIR/$seq
32 echo "QA output created by $seq"
36 status=1 # failure is the default!
41 umount $SCRATCH_DEV >/dev/null 2>&1
43 trap "_cleanup; exit \$status" 0 1 2 3 15
45 # get standard environment, filters and checks
50 nsexec=$here/src/nsexec
51 file=$SCRATCH_MNT/file1
53 # real QA test starts here
55 # only Linux supports user namespace
58 [ -x $nsexec ] || _notrun "$nsexec executable not found"
67 ns_acl2=`expr $acl2 - $acl1`
68 ns_acl3=`expr $acl3 - $acl1`
70 _getfacl_filter_nsid()
73 -e "s/user:$ns_acl1/user:nsid1/" \
74 -e "s/user:$ns_acl2/user:nsid2/" \
75 -e "s/user:$ns_acl3/user:nsid3/" \
76 -e "s/group:$ns_acl1/group:nsid1/" \
77 -e "s/group:$ns_acl2/group:nsid2/" \
78 -e "s/group:$ns_acl3/group:nsid3/" \
79 -e "s/: $ns_acl1/: nsid1/" \
80 -e "s/: $ns_acl2/: nsid2/" \
81 -e "s/: $ns_acl3/: nsid3/"
86 echo "From init_user_ns"
87 getfacl --absolute-names -n $file 2>/dev/null | _filter_scratch | _getfacl_filter_id
90 $nsexec -U -M "0 $acl1 1000" -G "0 $acl1 1000" getfacl --absolute-names -n $file 2>/dev/null | _filter_scratch | _getfacl_filter_nsid
93 umount $SCRATCH_DEV >/dev/null 2>&1
94 echo "*** MKFS ***" >>$seqres.full
95 echo "" >>$seqres.full
96 _scratch_mkfs >>$seqres.full 2>&1 || _fail "mkfs failed"
97 _scratch_mount >>$seqres.full 2>&1 || _fail "mount failed"
100 chown $acl1.$acl1 $file
102 # set acls from init_user_ns, to be checked from inside the userns
103 setfacl -n -m u:$acl2:rw,g:$acl2:r $file
104 # set acls from inside userns, to be checked from init_user_ns
105 $nsexec -s -U -M "0 $acl1 1000" -G "0 $acl1 1000" setfacl -n -m u:root:rx,g:$ns_acl2:x $file
109 echo "*** Remounting ***"
112 umount $SCRATCH_MNT >>$seqres.full 2>&1
113 _scratch_mount >>$seqres.full 2>&1 || _fail "mount failed"
117 umount $SCRATCH_DEV >/dev/null 2>&1