2 # SPDX-License-Identifier: GPL-2.0
3 # Copyright (c) 2020 Red Hat, Inc. All Rights Reserved.
7 # Test protected_regular and protected_fifos sysctls
10 _begin_fstest auto quick perms
12 # Override the default cleanup function.
16 [ ! -z "$REGULAR_PROTECTION" ] \
17 && sysctl -qw fs.protected_regular=$REGULAR_PROTECTION
18 [ ! -z "$FIFO_PROTECTION" ] \
19 && sysctl -qw fs.protected_fifos=$FIFO_PROTECTION
24 # Import common functions.
27 # real QA test starts here
29 # Modify as appropriate.
32 _require_sysctl_variable fs.protected_regular
33 _require_sysctl_variable fs.protected_fifos
35 # Do this SECOND so that qa_user is fsgqa, and _user_do uses that account
42 # Save current system state to reset when done
43 REGULAR_PROTECTION=`sysctl -n fs.protected_regular`
44 FIFO_PROTECTION=`sysctl -n fs.protected_fifos`
50 # sticky dir is world & group writable:
51 echo "= group & world writable dir"
52 chmod og+w $TEST_DIR/$seq/sticky_dir
53 # "open -f" opens O_CREAT
54 _user_do "$XFS_IO_PROG -c \"open -f $TEST_DIR/$seq/sticky_dir/$FILENAME\""
55 # sticky dir is only group writable:
56 echo "= only group writable dir"
57 chmod o-w $TEST_DIR/$seq/sticky_dir
58 _user_do "$XFS_IO_PROG -c \"open -f $TEST_DIR/$seq/sticky_dir/$FILENAME\""
63 # Create sticky dir owned by $USER2
64 mkdir -p $TEST_DIR/$seq
65 mkdir -p $TEST_DIR/$seq/sticky_dir
66 chmod 1777 $TEST_DIR/$seq/sticky_dir
67 chown $USER2.$USER2 $TEST_DIR/$seq/sticky_dir
69 # Create file & fifo in that dir owned by $USER1, and open
70 # normal read/write privs for world & group
71 $XFS_IO_PROG -c "open -f $TEST_DIR/$seq/sticky_dir/file"
72 chown $USER1.$USER1 $TEST_DIR/$seq/sticky_dir/file
73 chmod o+rw $TEST_DIR/$seq/sticky_dir/file
75 mkfifo $TEST_DIR/$seq/sticky_dir/fifo
76 chown $USER1.$USER1 $TEST_DIR/$seq/sticky_dir/fifo
77 chmod o+rw $TEST_DIR/$seq/sticky_dir/fifo
82 # First test fs.protected_regular
83 # With protection set to 1, O_CREAT opens in a world-writable sticky
84 # directory should fail if the file exists, is owned by another, and
85 # file owner != dir owner
87 # With protection set to 2, the same goes for group-writable
90 echo "== Test file open when owned by another and file owner != dir owner"
91 sysctl -w fs.protected_regular=0
93 sysctl -w fs.protected_regular=1
95 sysctl -w fs.protected_regular=2
100 # Now test fs.protected_fifos
101 # With protection set to 1, O_CREAT opens in a world-writable sticky
102 # directory should fail if the fifo exists, is owned by another, and
103 # file owner != dir owner
105 # With protection set to 2, the same goes for group-writable
107 echo "== Test fifo open when owned by another and fifo owner != dir owner"
108 sysctl -w fs.protected_fifos=0
110 sysctl -w fs.protected_fifos=1
112 sysctl -w fs.protected_fifos=2