2 # SPDX-License-Identifier: GPL-2.0
3 # Copyright (c) 2020 Red Hat, Inc. All Rights Reserved.
7 # Test protected_regular and protected_fifos sysctls
10 seqres=$RESULT_DIR/$seq
11 echo "QA output created by $seq"
15 status=1 # failure is the default!
16 trap "_cleanup; exit \$status" 0 1 2 3 15
21 [ ! -z "$REGULAR_PROTECTION" ] \
22 && sysctl -qw fs.protected_regular=$REGULAR_PROTECTION
23 [ ! -z "$FIFO_PROTECTION" ] \
24 && sysctl -qw fs.protected_fifos=$FIFO_PROTECTION
29 # get standard environment, filters and checks
33 # remove previous $seqres.full before test
36 # real QA test starts here
38 # Modify as appropriate.
41 _require_sysctl_variable fs.protected_regular
42 _require_sysctl_variable fs.protected_fifos
44 # Do this SECOND so that qa_user is fsgqa, and _user_do uses that account
51 # Save current system state to reset when done
52 REGULAR_PROTECTION=`sysctl -n fs.protected_regular`
53 FIFO_PROTECTION=`sysctl -n fs.protected_fifos`
59 # sticky dir is world & group writable:
60 echo "= group & world writable dir"
61 chmod og+w $TEST_DIR/$seq/sticky_dir
62 # "open -f" opens O_CREAT
63 _user_do "$XFS_IO_PROG -c \"open -f $TEST_DIR/$seq/sticky_dir/$FILENAME\""
64 # sticky dir is only group writable:
65 echo "= only group writable dir"
66 chmod o-w $TEST_DIR/$seq/sticky_dir
67 _user_do "$XFS_IO_PROG -c \"open -f $TEST_DIR/$seq/sticky_dir/$FILENAME\""
72 # Create sticky dir owned by $USER2
73 mkdir -p $TEST_DIR/$seq
74 mkdir -p $TEST_DIR/$seq/sticky_dir
75 chmod 1777 $TEST_DIR/$seq/sticky_dir
76 chown $USER2.$USER2 $TEST_DIR/$seq/sticky_dir
78 # Create file & fifo in that dir owned by $USER1, and open
79 # normal read/write privs for world & group
80 $XFS_IO_PROG -c "open -f $TEST_DIR/$seq/sticky_dir/file"
81 chown $USER1.$USER1 $TEST_DIR/$seq/sticky_dir/file
82 chmod o+rw $TEST_DIR/$seq/sticky_dir/file
84 mkfifo $TEST_DIR/$seq/sticky_dir/fifo
85 chown $USER1.$USER1 $TEST_DIR/$seq/sticky_dir/fifo
86 chmod o+rw $TEST_DIR/$seq/sticky_dir/fifo
91 # First test fs.protected_regular
92 # With protection set to 1, O_CREAT opens in a world-writable sticky
93 # directory should fail if the file exists, is owned by another, and
94 # file owner != dir owner
96 # With protection set to 2, the same goes for group-writable
99 echo "== Test file open when owned by another and file owner != dir owner"
100 sysctl -w fs.protected_regular=0
102 sysctl -w fs.protected_regular=1
104 sysctl -w fs.protected_regular=2
109 # Now test fs.protected_fifos
110 # With protection set to 1, O_CREAT opens in a world-writable sticky
111 # directory should fail if the fifo exists, is owned by another, and
112 # file owner != dir owner
114 # With protection set to 2, the same goes for group-writable
116 echo "== Test fifo open when owned by another and fifo owner != dir owner"
117 sysctl -w fs.protected_fifos=0
119 sysctl -w fs.protected_fifos=1
121 sysctl -w fs.protected_fifos=2