fstests: add a filter for the new getcap output
authorFilipe Manana <fdmanana@suse.com>
Sun, 11 Oct 2020 12:38:52 +0000 (13:38 +0100)
committerEryu Guan <guaneryu@gmail.com>
Sun, 11 Oct 2020 13:17:06 +0000 (21:17 +0800)
Starting with version 2.41 of libcap, the output of the getcap program
changed and therefore some existing tests fail when the installed version
of libcap is >= 2.41 (the latest version available at the moment is 2.44).

The change was made by the following commit of libcap:

  commit 177cd418031b1acfcf73fe3b1af9f3279828681c
  Author: Andrew G. Morgan <morgan@kernel.org>
  Date:   Tue Jul 21 22:58:05 2020 -0700

      A more compact form for the text representation of capabilities.

      While this does not change anything about the supported range of
      equivalent text specifications for capabilities, as accepted by
      cap_from_text(), this does alter the preferred output format of
      cap_to_text() to be two characters shorter in most cases. That is,
      what used to be summarized as:

         "= cap_foo+..."

      is now converted to the equivalent text:

         "cap_foo=..."

      which is also more intuitive.

So add a filter to change the old format to the new one, an helper that
calls getcap with that filter, make existing tests use the new helper and
update their golden output to match the new output format of getcap.

Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: Eryu Guan <guaneryu@gmail.com>
Signed-off-by: Eryu Guan <guaneryu@gmail.com>
common/filter
common/rc
tests/btrfs/214
tests/generic/093
tests/generic/093.out
tests/generic/513
tests/overlay/064
tests/overlay/064.out
tests/xfs/296
tests/xfs/296.out

index 2477f3860151cc3bcbc7d0247109699514b5b068..a8b3882f298b03c971e2969a4bd4601bae0c2e96 100644 (file)
@@ -603,5 +603,33 @@ _filter_assert_dmesg()
            -e "s#$warn2#Intentional warnings in assfail#"
 }
 
+# With version 2.41 of libcap, the output format of getcap changed.
+# More specifically such change was added by the following commit:
+#
+# commit 177cd418031b1acfcf73fe3b1af9f3279828681c
+# Author: Andrew G. Morgan <morgan@kernel.org>
+# Date:   Tue Jul 21 22:58:05 2020 -0700
+#
+#     A more compact form for the text representation of capabilities.
+#
+#     While this does not change anything about the supported range of
+#     equivalent text specifications for capabilities, as accepted by
+#     cap_from_text(), this does alter the preferred output format of
+#     cap_to_text() to be two characters shorter in most cases. That is,
+#     what used to be summarized as:
+#
+#        "= cap_foo+..."
+#
+#     is now converted to the equivalent text:
+#
+#        "cap_foo=..."
+#
+#     which is also more intuitive.
+#
+_filter_getcap()
+{
+        sed -e "s/= //" -e "s/\+/=/g"
+}
+
 # make sure this script returns success
 /bin/true
index 23095d4f2db5cc194554684f1e15e42ddf85ba98..27a27ea36f75336556250e53ad1c52072b71273c 100644 (file)
--- a/common/rc
+++ b/common/rc
@@ -4315,6 +4315,12 @@ _require_mknod()
        rm -f $TEST_DIR/$seq.null
 }
 
+_getcap()
+{
+       $GETCAP_PROG "$@" | _filter_getcap
+       return ${PIPESTATUS[0]}
+}
+
 init_rc
 
 ################################################################################
index 35c4656c98a06c07e7770b8b8214f14212811917..123c4cbf72a81ff3ae52640b4356b7e6c6268755 100755 (executable)
@@ -43,7 +43,7 @@ check_capabilities()
        local ret
        file="$1"
        cap="$2"
-       ret=$($GETCAP_PROG "$file")
+       ret=$(_getcap "$file")
        if [ -z "$ret" ]; then
                echo "$ret"
                echo "missing capability in file $file"
@@ -74,7 +74,7 @@ full_nocap_inc_withcap_send()
        $BTRFS_UTIL_PROG subvolume snapshot -r "$FS1" "$FS1/snap_init" >/dev/null
        $BTRFS_UTIL_PROG send "$FS1/snap_init" -q | $BTRFS_UTIL_PROG receive "$FS2" -q
        # ensure that we don't have capabilities set
-       ret=$($GETCAP_PROG "$FS2/snap_init/foo.bar")
+       ret=$(_getcap "$FS2/snap_init/foo.bar")
        if [ -n "$ret" ]; then
                echo "File contains capabilities when it shouldn't"
        fi
@@ -84,7 +84,7 @@ full_nocap_inc_withcap_send()
        $BTRFS_UTIL_PROG subvolume snapshot -r "$FS1" "$FS1/snap_inc" >/dev/null
        $BTRFS_UTIL_PROG send -p "$FS1/snap_init" "$FS1/snap_inc" -q | \
                                        $BTRFS_UTIL_PROG receive "$FS2" -q
-       check_capabilities "$FS2/snap_inc/foo.bar" "cap_sys_ptrace,cap_sys_nice+ep"
+       check_capabilities "$FS2/snap_inc/foo.bar" "cap_sys_ptrace,cap_sys_nice=ep"
 
        _scratch_unmount
 }
@@ -107,25 +107,25 @@ roundtrip_send()
        $SETCAP_PROG "cap_sys_ptrace+ep cap_sys_nice+ep" "$FS1/foo.bar"
        $BTRFS_UTIL_PROG subvolume snapshot -r "$FS1" "$FS1/snap_init" >/dev/null
        $BTRFS_UTIL_PROG send "$FS1/snap_init" -q | $BTRFS_UTIL_PROG receive "$FS2" -q
-       check_capabilities "$FS2/snap_init/foo.bar" "cap_sys_ptrace,cap_sys_nice+ep"
+       check_capabilities "$FS2/snap_init/foo.bar" "cap_sys_ptrace,cap_sys_nice=ep"
 
        # Test incremental send with different owner/group but same capabilities
        chgrp 100 "$FS1/foo.bar"
        $SETCAP_PROG "cap_sys_ptrace+ep cap_sys_nice+ep" "$FS1/foo.bar"
        $BTRFS_UTIL_PROG subvolume snapshot -r "$FS1" "$FS1/snap_inc" >/dev/null
-       check_capabilities "$FS1/snap_inc/foo.bar" "cap_sys_ptrace,cap_sys_nice+ep"
+       check_capabilities "$FS1/snap_inc/foo.bar" "cap_sys_ptrace,cap_sys_nice=ep"
        $BTRFS_UTIL_PROG send -p "$FS1/snap_init" "$FS1/snap_inc" -q | \
                                $BTRFS_UTIL_PROG receive "$FS2" -q
-       check_capabilities "$FS2/snap_inc/foo.bar" "cap_sys_ptrace,cap_sys_nice+ep"
+       check_capabilities "$FS2/snap_inc/foo.bar" "cap_sys_ptrace,cap_sys_nice=ep"
 
        # Test capabilities after incremental send with different group and capabilities
        chgrp 0 "$FS1/foo.bar"
        $SETCAP_PROG "cap_sys_time+ep cap_syslog+ep" "$FS1/foo.bar"
        $BTRFS_UTIL_PROG subvolume snapshot -r "$FS1" "$FS1/snap_inc2" >/dev/null
-       check_capabilities "$FS1/snap_inc2/foo.bar" "cap_sys_time,cap_syslog+ep"
+       check_capabilities "$FS1/snap_inc2/foo.bar" "cap_sys_time,cap_syslog=ep"
        $BTRFS_UTIL_PROG send -p "$FS1/snap_inc" "$FS1/snap_inc2" -q | \
                                $BTRFS_UTIL_PROG receive "$FS2"  -q
-       check_capabilities "$FS2/snap_inc2/foo.bar" "cap_sys_time,cap_syslog+ep"
+       check_capabilities "$FS2/snap_inc2/foo.bar" "cap_sys_time,cap_syslog=ep"
 
        _scratch_unmount
 }
index 0f835e7eca1ddf48b4a8cc72290fc6f2a575c61e..48ffec5c99363934a60c72d169f21d944d9f892e 100755 (executable)
@@ -51,10 +51,10 @@ touch $file
 
 echo "**** Verifying that appending to file clears capabilities ****"
 $SETCAP_PROG cap_chown+ep $file
-$GETCAP_PROG $file | filefilter
+_getcap $file | filefilter
 echo data1 >> $file
 cat $file
-$GETCAP_PROG $file | filefilter
+_getcap $file | filefilter
 echo
 
 echo "**** Verifying that appending to file doesn't clear other xattrs ****"
index cb29153ebfb94b066e2c1c77eebb4a1c097dbd0d..fe6dfe5c11d01b43b4ed17838bce1ed8c4988df3 100644 (file)
@@ -1,7 +1,7 @@
 QA output created by 093
 
 **** Verifying that appending to file clears capabilities ****
-file = cap_chown+ep
+file cap_chown=ep
 data1
 
 **** Verifying that appending to file doesn't clear other xattrs ****
index 15b4aded616a6afe65636428ede3a1e5299e1154..7068787779c0dc74a62b092b20d61b9d807f5cc3 100755 (executable)
@@ -40,14 +40,14 @@ $XFS_IO_PROG -f -c "pwrite -S 0x20 0 1m" $SCRATCH_MNT/bar >>$seqres.full
 
 $SETCAP_PROG cap_setgid,cap_setuid+ep $SCRATCH_MNT/bar
 
-before_cap="$($GETCAP_PROG -v $SCRATCH_MNT/bar)"
+before_cap="$(_getcap -v $SCRATCH_MNT/bar)"
 before_ctime="$(stat -c '%z' $SCRATCH_MNT/bar)"
 
 sleep 1
 
 $XFS_IO_PROG -c "reflink $SCRATCH_MNT/foo" $SCRATCH_MNT/bar >> $seqres.full 2>&1
 
-after_cap="$($GETCAP_PROG -v $SCRATCH_MNT/bar)"
+after_cap="$(_getcap -v $SCRATCH_MNT/bar)"
 after_ctime="$(stat -c '%z' $SCRATCH_MNT/bar)"
 
 echo "$before_cap $before_ctime" >> $seqres.full
index f5d5df1b03e8921ab4fa42bb57ff1799b7cd7c96..8d3d1e4c8dc16f0997eb7d8f6b939f07894e9f57 100755 (executable)
@@ -55,7 +55,7 @@ _scratch_mount "-o metacopy=on"
 $XFS_IO_PROG -c "stat" ${SCRATCH_MNT}/file1 >>$seqres.full
 
 # Make sure cap_setuid is still there
-$GETCAP_PROG ${SCRATCH_MNT}/file1 | _filter_scratch
+_getcap ${SCRATCH_MNT}/file1 | _filter_scratch
 
 # Trigger metadata only copy-up
 chmod 000 ${SCRATCH_MNT}/file2
@@ -64,7 +64,7 @@ chmod 000 ${SCRATCH_MNT}/file2
 $XFS_IO_PROG -c "stat" ${SCRATCH_MNT}/file2 >>$seqres.full
 
 # Make sure cap_setuid is still there
-$GETCAP_PROG ${SCRATCH_MNT}/file2 | _filter_scratch
+_getcap ${SCRATCH_MNT}/file2 | _filter_scratch
 
 # success, all done
 status=0
index cdd3064db5b58c4e1c27323c7fd139591e10d7b4..07f89fbd776652c6c01bd2ad2b6a283f91f9cae7 100644 (file)
@@ -1,3 +1,3 @@
 QA output created by 064
-SCRATCH_MNT/file1 = cap_setuid+ep
-SCRATCH_MNT/file2 = cap_setuid+ep
+SCRATCH_MNT/file1 cap_setuid=ep
+SCRATCH_MNT/file2 cap_setuid=ep
index 915ffa0c432a708761f94773db244953e12acf2d..77726e54bb8479d0fd7c131353eca5849760103c 100755 (executable)
@@ -49,7 +49,7 @@ $SETCAP_PROG cap_setgid,cap_setuid+ep $dump_dir/testfile
 echo "Checking for xattr on source file"
 getfattr --absolute-names -m user.name $dump_dir/testfile | _dir_filter
 echo "Checking for capability on source file"
-$GETCAP_PROG $dump_dir/testfile | _dir_filter
+_getcap $dump_dir/testfile | _dir_filter
 getfattr --absolute-names -m security.capability $dump_dir/testfile | _dir_filter
 
 _do_dump_file -f $tmp.df.0
@@ -62,7 +62,7 @@ _diff_compare
 echo "Checking for xattr on restored file"
 getfattr --absolute-names -m user.name $restore_dir/$dump_sdir/testfile | _dir_filter
 echo "Checking for capability on restored file"
-$GETCAP_PROG $restore_dir/$dump_sdir/testfile | _dir_filter
+_getcap $restore_dir/$dump_sdir/testfile | _dir_filter
 getfattr --absolute-names -m security.capability $restore_dir/$dump_sdir/testfile | _dir_filter
 
 status=0
index c279465c346856f930cf6f6870a7caf12c11d117..f5cc624ea0265076b74e116fdc2f4d85e46fc34b 100644 (file)
@@ -4,7 +4,7 @@ Checking for xattr on source file
 user.name
 
 Checking for capability on source file
-DUMP_DIR/testfile = cap_setgid,cap_setuid+ep
+DUMP_DIR/testfile cap_setgid,cap_setuid=ep
 # file: DUMP_DIR/testfile
 security.capability
 
@@ -50,7 +50,7 @@ Checking for xattr on restored file
 user.name
 
 Checking for capability on restored file
-RESTORE_DIR/DUMP_SUBDIR/testfile = cap_setgid,cap_setuid+ep
+RESTORE_DIR/DUMP_SUBDIR/testfile cap_setgid,cap_setuid=ep
 # file: RESTORE_DIR/DUMP_SUBDIR/testfile
 security.capability