From: Eric Biggers Date: Fri, 21 Jul 2017 04:22:04 +0000 (-0700) Subject: tests: port generic/093 to Linux X-Git-Tag: v2022.05.01~1956 X-Git-Url: http://git.apps.os.sepia.ceph.com/?p=xfstests-dev.git;a=commitdiff_plain;h=f5413189dbd5d23c1194d7a94fe26db2df41ea90;ds=sidebyside tests: port generic/093 to Linux This IRIX-specific test mainly tested whether a file's capabilities are cleared when it is written to. Port the test to the Linux libcap tools and update it to expect the Linux semantics which are a little simpler: capabilities are always cleared even if the program is root (or has CAP_FSETID). The test also tests that chmod doesn't affect open file descriptors; this is mostly unrelated, but keep it in for now. [eguan: add _require_test_program rule for src/writemod] Signed-off-by: Eric Biggers Reviewed-by: Eryu Guan Signed-off-by: Eryu Guan --- diff --git a/src/writemod.c b/src/writemod.c index 0c9ff1a5..16b3fa0c 100644 --- a/src/writemod.c +++ b/src/writemod.c @@ -35,7 +35,7 @@ main(int argc, char* argv[]) { char *path; int fd; - char *buf = "hi there"; + char *buf = "hi there\n"; ssize_t x; int sts; @@ -59,7 +59,7 @@ main(int argc, char* argv[]) return 1; } printf("write to the file\n"); - x = write(fd, buf, strlen(buf)+1); + x = write(fd, buf, strlen(buf)); if (x == -1) { perror("write"); return 1; diff --git a/tests/generic/093 b/tests/generic/093 index 824e9b27..197e6722 100755 --- a/tests/generic/093 +++ b/tests/generic/093 @@ -1,13 +1,11 @@ #! /bin/bash # FS QA Test No. 093 # -# Test out for IRIX the removal of file capabilities when -# writing to the file (when it doesn't have CAP_FSETID & CAP_SETFCAP) -# i.e. not root. -# Test out fix for pv#901019 +# Test clearing of capabilities on write. # #----------------------------------------------------------------------- # Copyright (c) 2000-2004 Silicon Graphics, Inc. All Rights Reserved. +# Copyright (c) 2017 Google, Inc. All Rights Reserved. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License as @@ -43,23 +41,19 @@ _cleanup() [ -n "$TEST_DIR" ] && rm -f $file } -_testfilter() +filefilter() { - sed -e "s#$TEST_DIR#TESTDIR#g" -} - -_filefilter() -{ - sed -e "s#$tmp##" -e "s#$file#file#" + sed -e "s#$file#file#" } # real QA test starts here _supported_fs generic -_supported_os IRIX +_supported_os Linux _require_test _require_attrs -_require_runas +_require_user +_require_test_program "writemod" rm -f $seqres.full @@ -67,91 +61,31 @@ echo "QA output created by $seq" echo "" file=$TEST_DIR/$seq.file -user=`grep ':all=:all=' /etc/capability | tail -1 | $AWK_PROG -F: '{print $1}'` -uid=`_cat_passwd | grep $user | $AWK_PROG -F: '{print $3}'` - -cat >$tmp.append <>$file -EOF -chmod ugo+x $tmp.append - -echo "touch file" +rm -f $file touch $file -chmod ugo+w $file - -echo "chcap on file" -chcap CAP_CHOWN+p $file - -echo "ls -P on file" -ls -P $file | _testfilter - -echo "append to file as root" -$tmp.append - -echo "ls -P on file" -ls -P $file | _testfilter - -echo "cat file" -echo "----" -cat $file -echo "----" - -echo "append to file as user without caps" -# in particular user doesn't have FSETID or SETFCAP -_runas -u $uid $tmp.append -echo "cat file" -echo "----" +echo "**** Verifying that appending to file clears capabilities ****" +setcap cap_chown+ep $file +getcap $file | filefilter +echo data1 >> $file cat $file -echo "----" +getcap $file | filefilter +echo -echo "ls -P on file" -ls -P $file | _testfilter - -# try again when it doesn't have the EA -echo "append to file as user without caps a 2nd time" -_runas -u $uid $tmp.append - -echo "ls -P on file" -ls -P $file | _testfilter - -echo "cat file" -echo "----" +echo "**** Verifying that appending to file doesn't clear other xattrs ****" +setcap cap_chown+ep $file +$SETFATTR_PROG -n trusted.name -v value $file +echo data2 >> $file cat $file -echo "----" - -echo "only let root write to file" -chmod 700 $file -chown root $file - -echo "as non-root try to append to file" -_runas -u $uid $tmp.append 2>&1 | _filefilter - -echo "restore perms on file" -chmod 777 $file +$GETFATTR_PROG -m '^trusted\.*' --absolute-names $file | filefilter -echo "set a root EA on file" -${ATTR_PROG} -R -s test -V testval $file | _filefilter - -echo "list EA on file" -${ATTR_PROG} -R -l $file | _filefilter - -echo "as non-root try to append to file" -_runas -u $uid $tmp.append 2>&1 | _filefilter - -echo "list EA on file" -${ATTR_PROG} -R -l $file | _filefilter - -chown $uid $file +echo "**** Verifying that chmod doesn't affect open file descriptors ****" +rm -f $file +touch $file +chown $qa_user $file chmod ugo+w $TEST_DIR -echo "as non-root call writemod" -_runas -u $uid src/writemod $file 2>&1 | _filefilter - -echo "cat file" -echo "----" +su $qa_user -c "src/writemod $file" | filefilter cat $file -echo "----" # success, all done status=0 diff --git a/tests/generic/093.out b/tests/generic/093.out index 0113a48c..cb29153e 100644 Binary files a/tests/generic/093.out and b/tests/generic/093.out differ diff --git a/tests/generic/group b/tests/generic/group index a04cc900..490948cb 100644 --- a/tests/generic/group +++ b/tests/generic/group @@ -95,7 +95,7 @@ 090 metadata auto quick 091 rw auto quick 092 auto quick prealloc -093 attr cap udf auto +093 attr cap auto 094 auto quick prealloc 095 auto rw stress 096 auto prealloc quick zero