#! /bin/bash
# SPDX-License-Identifier: GPL-2.0
# Copyright (C) 2019 CTERA Networks. All Rights Reserved.
#
# FS QA Test No. 555
#
# Check that we can't set FS_XFLAG_APPEND and FS_XFLAG_IMMUTABLE inode
# flags without capbility CAP_LINUX_IMMUTABLE.
#
# This test uses xfs_io chattr, rather than the (e2fsprogs) chattr
# program to exercise the FS_IOC_FSSETXATTR ioctl.
#
seq=`basename $0`
seqres=$RESULT_DIR/$seq
echo "QA output created by $seq"

here=`pwd`
tmp=/tmp/$$
status=1    # failure is the default!
trap "_cleanup; exit \$status" 0 1 2 3 15

_cleanup()
{
	# Cleanup of flags on both file in case test is aborted
	# (i.e. CTRL-C), so we have no immutable/append-only files
	$XFS_IO_PROG -f -r -c "chattr -ia" $workdir/file1 >/dev/null 2>&1
	$XFS_IO_PROG -f -r -c "chattr -ia" $workdir/file2 >/dev/null 2>&1

	cd /
	rm -rf $tmp.* $workdir
}

# get standard environment, filters and checks
. ./common/rc
. ./common/filter
. ./common/attr

# real QA test starts here
_supported_fs generic

_require_test
_require_xfs_io_command "chattr" "ia"
_require_command "$CAPSH_PROG" "capsh"

workdir="$TEST_DIR/test-$seq"
rm -rf $workdir
mkdir $workdir

echo "Create the original files"
touch $workdir/file1
touch $workdir/file2

do_filter_output()
{
	grep -o "Operation not permitted"
}

echo "Try to xfs_io chattr +ia with capabilities CAP_LINUX_IMMUTABLE"
$XFS_IO_PROG -f -c "chattr +ia" $workdir/file1

echo "Try to xfs_io chattr +ia/-ia without capability CAP_LINUX_IMMUTABLE"
$CAPSH_PROG --drop=cap_linux_immutable -- -c "$XFS_IO_PROG -f -c 'chattr +a' $workdir/file2" 2>&1 | do_filter_output
$CAPSH_PROG --drop=cap_linux_immutable -- -c "$XFS_IO_PROG -f -c 'chattr +i' $workdir/file2" 2>&1 | do_filter_output

$CAPSH_PROG --drop=cap_linux_immutable -- -c "$XFS_IO_PROG -f -r -c 'chattr -i' $workdir/file1" 2>&1 | do_filter_output
$CAPSH_PROG --drop=cap_linux_immutable -- -c "$XFS_IO_PROG -f -r -c 'chattr -a' $workdir/file1" 2>&1 | do_filter_output

echo "Try to xfs_io chattr -ia with capability CAP_LINUX_IMMUTABLE"
$XFS_IO_PROG -f -r -c "chattr -ia" $workdir/file1

# success, all done
status=0
exit