2 # SPDX-License-Identifier: GPL-2.0
3 # Copyright 2018 Google LLC
5 # FS QA Test generic/573
7 # Test access controls on the fs-verity ioctls. FS_IOC_MEASURE_VERITY is
8 # allowed on any file, whereas FS_IOC_ENABLE_VERITY requires write access.
11 seqres=$RESULT_DIR/$seq
12 echo "QA output created by $seq"
16 status=1 # failure is the default!
17 trap "_cleanup; exit \$status" 0 1 2 3 15
25 # get standard environment, filters and checks
30 # remove previous $seqres.full before test
33 # real QA test starts here
36 _require_scratch_verity
40 _scratch_mkfs_verity &>> $seqres.full
42 fsv_file=$SCRATCH_MNT/file.fsv
44 _fsv_scratch_begin_subtest "FS_IOC_ENABLE_VERITY doesn't require root"
47 _user_do "$FSVERITY_PROG enable $fsv_file"
49 _fsv_scratch_begin_subtest "FS_IOC_ENABLE_VERITY requires write access"
50 echo foo > $fsv_file >> $seqres.full
52 _user_do "$FSVERITY_PROG enable $fsv_file" |& _filter_scratch
54 _fsv_scratch_begin_subtest "FS_IOC_ENABLE_VERITY requires !append-only"
55 echo foo > $fsv_file >> $seqres.full
56 $CHATTR_PROG +a $fsv_file
57 $FSVERITY_PROG enable $fsv_file |& _filter_scratch
58 $CHATTR_PROG -a $fsv_file
60 _fsv_scratch_begin_subtest "FS_IOC_ENABLE_VERITY requires !immutable"
61 echo foo > $fsv_file >> $seqres.full
62 $CHATTR_PROG +i $fsv_file
63 $FSVERITY_PROG enable $fsv_file |& _filter_scratch
64 $CHATTR_PROG -i $fsv_file
66 _fsv_scratch_begin_subtest "FS_IOC_MEASURE_VERITY doesn't require root"
67 _fsv_create_enable_file $fsv_file >> $seqres.full
69 su $qa_user -c "$FSVERITY_PROG measure $fsv_file" >> $seqres.full