This IRIX-specific test mainly tested whether a file's capabilities are
cleared when it is written to. Port the test to the Linux libcap tools
and update it to expect the Linux semantics which are a little simpler:
capabilities are always cleared even if the program is root (or has
CAP_FSETID). The test also tests that chmod doesn't affect open file
descriptors; this is mostly unrelated, but keep it in for now.
[eguan: add _require_test_program rule for src/writemod]
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Eryu Guan <eguan@redhat.com>
Signed-off-by: Eryu Guan <eguan@redhat.com>
- char *buf = "hi there";
+ char *buf = "hi there\n";
return 1;
}
printf("write to the file\n");
return 1;
}
printf("write to the file\n");
- x = write(fd, buf, strlen(buf)+1);
+ x = write(fd, buf, strlen(buf));
if (x == -1) {
perror("write");
return 1;
if (x == -1) {
perror("write");
return 1;
#! /bin/bash
# FS QA Test No. 093
#
#! /bin/bash
# FS QA Test No. 093
#
-# Test out for IRIX the removal of file capabilities when
-# writing to the file (when it doesn't have CAP_FSETID & CAP_SETFCAP)
-# i.e. not root.
-# Test out fix for pv#901019
+# Test clearing of capabilities on write.
#
#-----------------------------------------------------------------------
# Copyright (c) 2000-2004 Silicon Graphics, Inc. All Rights Reserved.
#
#-----------------------------------------------------------------------
# Copyright (c) 2000-2004 Silicon Graphics, Inc. All Rights Reserved.
+# Copyright (c) 2017 Google, Inc. All Rights Reserved.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
[ -n "$TEST_DIR" ] && rm -f $file
}
[ -n "$TEST_DIR" ] && rm -f $file
}
- sed -e "s#$TEST_DIR#TESTDIR#g"
-}
-
-_filefilter()
-{
- sed -e "s#$tmp##" -e "s#$file#file#"
}
# real QA test starts here
_supported_fs generic
}
# real QA test starts here
_supported_fs generic
_require_test
_require_attrs
_require_test
_require_attrs
+_require_user
+_require_test_program "writemod"
echo ""
file=$TEST_DIR/$seq.file
echo ""
file=$TEST_DIR/$seq.file
-user=`grep ':all=:all=' /etc/capability | tail -1 | $AWK_PROG -F: '{print $1}'`
-uid=`_cat_passwd | grep $user | $AWK_PROG -F: '{print $3}'`
-
-cat >$tmp.append <<EOF
-#!/bin/bash
-echo data >>$file
-EOF
-chmod ugo+x $tmp.append
-
-echo "touch file"
-chmod ugo+w $file
-
-echo "chcap on file"
-chcap CAP_CHOWN+p $file
-
-echo "ls -P on file"
-ls -P $file | _testfilter
-
-echo "append to file as root"
-$tmp.append
-
-echo "ls -P on file"
-ls -P $file | _testfilter
-
-echo "cat file"
-echo "----"
-cat $file
-echo "----"
-
-echo "append to file as user without caps"
-# in particular user doesn't have FSETID or SETFCAP
-_runas -u $uid $tmp.append
-echo "cat file"
-echo "----"
+echo "**** Verifying that appending to file clears capabilities ****"
+setcap cap_chown+ep $file
+getcap $file | filefilter
+echo data1 >> $file
+getcap $file | filefilter
+echo
-echo "ls -P on file"
-ls -P $file | _testfilter
-
-# try again when it doesn't have the EA
-echo "append to file as user without caps a 2nd time"
-_runas -u $uid $tmp.append
-
-echo "ls -P on file"
-ls -P $file | _testfilter
-
-echo "cat file"
-echo "----"
+echo "**** Verifying that appending to file doesn't clear other xattrs ****"
+setcap cap_chown+ep $file
+$SETFATTR_PROG -n trusted.name -v value $file
+echo data2 >> $file
-echo "----"
-
-echo "only let root write to file"
-chmod 700 $file
-chown root $file
-
-echo "as non-root try to append to file"
-_runas -u $uid $tmp.append 2>&1 | _filefilter
-
-echo "restore perms on file"
-chmod 777 $file
+$GETFATTR_PROG -m '^trusted\.*' --absolute-names $file | filefilter
-echo "set a root EA on file"
-${ATTR_PROG} -R -s test -V testval $file | _filefilter
-
-echo "list EA on file"
-${ATTR_PROG} -R -l $file | _filefilter
-
-echo "as non-root try to append to file"
-_runas -u $uid $tmp.append 2>&1 | _filefilter
-
-echo "list EA on file"
-${ATTR_PROG} -R -l $file | _filefilter
-
-chown $uid $file
+echo "**** Verifying that chmod doesn't affect open file descriptors ****"
+rm -f $file
+touch $file
+chown $qa_user $file
-echo "as non-root call writemod"
-_runas -u $uid src/writemod $file 2>&1 | _filefilter
-
-echo "cat file"
-echo "----"
+su $qa_user -c "src/writemod $file" | filefilter
# success, all done
status=0
# success, all done
status=0
090 metadata auto quick
091 rw auto quick
092 auto quick prealloc
090 metadata auto quick
091 rw auto quick
092 auto quick prealloc
094 auto quick prealloc
095 auto rw stress
096 auto prealloc quick zero
094 auto quick prealloc
095 auto rw stress
096 auto prealloc quick zero