2 # SPDX-License-Identifier: GPL-2.0
3 # Copyright 2018 Google LLC
5 # FS QA Test generic/573
7 # Test access controls on the fs-verity ioctls. FS_IOC_MEASURE_VERITY is
8 # allowed on any file, whereas FS_IOC_ENABLE_VERITY requires write access.
11 _begin_fstest auto quick verity
13 # Override the default cleanup function.
17 _restore_fsverity_signatures
21 # Import common functions.
25 # real QA test starts here
27 _require_scratch_verity
30 _disable_fsverity_signatures
32 _scratch_mkfs_verity &>> $seqres.full
34 fsv_file=$SCRATCH_MNT/file.fsv
36 _fsv_scratch_begin_subtest "FS_IOC_ENABLE_VERITY doesn't require root"
39 _user_do "$FSVERITY_PROG enable $fsv_file"
41 _fsv_scratch_begin_subtest "FS_IOC_ENABLE_VERITY requires write access"
42 echo foo > $fsv_file >> $seqres.full
44 _user_do "$FSVERITY_PROG enable $fsv_file" |& _filter_scratch
46 _fsv_scratch_begin_subtest "FS_IOC_ENABLE_VERITY requires !append-only"
47 echo foo > $fsv_file >> $seqres.full
48 $CHATTR_PROG +a $fsv_file
49 $FSVERITY_PROG enable $fsv_file |& _filter_scratch
50 $CHATTR_PROG -a $fsv_file
52 _fsv_scratch_begin_subtest "FS_IOC_ENABLE_VERITY requires !immutable"
53 echo foo > $fsv_file >> $seqres.full
54 $CHATTR_PROG +i $fsv_file
55 $FSVERITY_PROG enable $fsv_file |& _filter_scratch
56 $CHATTR_PROG -i $fsv_file
58 _fsv_scratch_begin_subtest "FS_IOC_MEASURE_VERITY doesn't require root"
59 _fsv_create_enable_file $fsv_file >> $seqres.full
61 su $qa_user -c "$FSVERITY_PROG measure $fsv_file" >> $seqres.full