2 # SPDX-License-Identifier: GPL-2.0
3 # Copyright (c) 2020 Red Hat, Inc. All Rights Reserved.
7 # Test protected_regular and protected_fifos sysctls
10 seqres=$RESULT_DIR/$seq
11 echo "QA output created by $seq"
15 status=1 # failure is the default!
16 trap "_cleanup; exit \$status" 0 1 2 3 15
21 [ ! -z "$REGULAR_PROTECTION" ] \
22 && sysctl -qw fs.protected_regular=$REGULAR_PROTECTION
23 [ ! -z "$FIFO_PROTECTION" ] \
24 && sysctl -qw fs.protected_fifos=$FIFO_PROTECTION
29 # get standard environment, filters and checks
33 # remove previous $seqres.full before test
36 # real QA test starts here
38 # Modify as appropriate.
41 _require_sysctl_variable fs.protected_regular
42 _require_sysctl_variable fs.protected_fifos
44 # Do this SECOND so that qa_user is fsgqa, and _user_do uses that account
50 # Save current system state to reset when done
51 REGULAR_PROTECTION=`sysctl -n fs.protected_regular`
52 FIFO_PROTECTION=`sysctl -n fs.protected_fifos`
58 # sticky dir is world & group writable:
59 echo "= group & world writable dir"
60 chmod og+w $TEST_DIR/$seq/sticky_dir
61 # "open -f" opens O_CREAT
62 _user_do "$XFS_IO_PROG -c \"open -f $TEST_DIR/$seq/sticky_dir/$FILENAME\""
63 # sticky dir is only group writable:
64 echo "= only group writable dir"
65 chmod o-w $TEST_DIR/$seq/sticky_dir
66 _user_do "$XFS_IO_PROG -c \"open -f $TEST_DIR/$seq/sticky_dir/$FILENAME\""
71 # Create sticky dir owned by $USER2
72 mkdir -p $TEST_DIR/$seq
73 mkdir -p $TEST_DIR/$seq/sticky_dir
74 chmod 1777 $TEST_DIR/$seq/sticky_dir
75 chown $USER2.$USER2 $TEST_DIR/$seq/sticky_dir
77 # Create file & fifo in that dir owned by $USER1, and open
78 # normal read/write privs for world & group
79 $XFS_IO_PROG -c "open -f $TEST_DIR/$seq/sticky_dir/file"
80 chown $USER1.$USER1 $TEST_DIR/$seq/sticky_dir/file
81 chmod o+rw $TEST_DIR/$seq/sticky_dir/file
83 mkfifo $TEST_DIR/$seq/sticky_dir/fifo
84 chown $USER1.$USER1 $TEST_DIR/$seq/sticky_dir/fifo
85 chmod o+rw $TEST_DIR/$seq/sticky_dir/fifo
90 # First test fs.protected_regular
91 # With protection set to 1, O_CREAT opens in a world-writable sticky
92 # directory should fail if the file exists, is owned by another, and
93 # file owner != dir owner
95 # With protection set to 2, the same goes for group-writable
98 echo "== Test file open when owned by another and file owner != dir owner"
99 sysctl -w fs.protected_regular=0
101 sysctl -w fs.protected_regular=1
103 sysctl -w fs.protected_regular=2
108 # Now test fs.protected_fifos
109 # With protection set to 1, O_CREAT opens in a world-writable sticky
110 # directory should fail if the fifo exists, is owned by another, and
111 # file owner != dir owner
113 # With protection set to 2, the same goes for group-writable
115 echo "== Test fifo open when owned by another and fifo owner != dir owner"
116 sysctl -w fs.protected_fifos=0
118 sysctl -w fs.protected_fifos=1
120 sysctl -w fs.protected_fifos=2