2 # SPDX-License-Identifier: GPL-2.0
3 # Copyright 2018 Google LLC
5 # FS QA Test generic/573
7 # Test access controls on the fs-verity ioctls. FS_IOC_MEASURE_VERITY is
8 # allowed on any file, whereas FS_IOC_ENABLE_VERITY requires write access.
11 seqres=$RESULT_DIR/$seq
12 echo "QA output created by $seq"
16 status=1 # failure is the default!
17 trap "_cleanup; exit \$status" 0 1 2 3 15
22 _restore_fsverity_signatures
26 # get standard environment, filters and checks
31 # remove previous $seqres.full before test
34 # real QA test starts here
36 _require_scratch_verity
39 _disable_fsverity_signatures
41 _scratch_mkfs_verity &>> $seqres.full
43 fsv_file=$SCRATCH_MNT/file.fsv
45 _fsv_scratch_begin_subtest "FS_IOC_ENABLE_VERITY doesn't require root"
48 _user_do "$FSVERITY_PROG enable $fsv_file"
50 _fsv_scratch_begin_subtest "FS_IOC_ENABLE_VERITY requires write access"
51 echo foo > $fsv_file >> $seqres.full
53 _user_do "$FSVERITY_PROG enable $fsv_file" |& _filter_scratch
55 _fsv_scratch_begin_subtest "FS_IOC_ENABLE_VERITY requires !append-only"
56 echo foo > $fsv_file >> $seqres.full
57 $CHATTR_PROG +a $fsv_file
58 $FSVERITY_PROG enable $fsv_file |& _filter_scratch
59 $CHATTR_PROG -a $fsv_file
61 _fsv_scratch_begin_subtest "FS_IOC_ENABLE_VERITY requires !immutable"
62 echo foo > $fsv_file >> $seqres.full
63 $CHATTR_PROG +i $fsv_file
64 $FSVERITY_PROG enable $fsv_file |& _filter_scratch
65 $CHATTR_PROG -i $fsv_file
67 _fsv_scratch_begin_subtest "FS_IOC_MEASURE_VERITY doesn't require root"
68 _fsv_create_enable_file $fsv_file >> $seqres.full
70 su $qa_user -c "$FSVERITY_PROG measure $fsv_file" >> $seqres.full