fstests: add a filter for the new getcap output

Starting with version 2.41 of libcap, the output of the getcap program
changed and therefore some existing tests fail when the installed version
of libcap is >= 2.41 (the latest version available at the moment is 2.44).

The change was made by the following commit of libcap:

  commit 177cd418031b1acfcf73fe3b1af9f3279828681c
  Author: Andrew G. Morgan <morgan@kernel.org>
  Date:   Tue Jul 21 22:58:05 2020 -0700

      A more compact form for the text representation of capabilities.

      While this does not change anything about the supported range of
      equivalent text specifications for capabilities, as accepted by
      cap_from_text(), this does alter the preferred output format of
      cap_to_text() to be two characters shorter in most cases. That is,
      what used to be summarized as:

         "= cap_foo+..."

      is now converted to the equivalent text:

         "cap_foo=..."

      which is also more intuitive.

So add a filter to change the old format to the new one, an helper that
calls getcap with that filter, make existing tests use the new helper and
update their golden output to match the new output format of getcap.

Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: Eryu Guan <guaneryu@gmail.com>
Signed-off-by: Eryu Guan <guaneryu@gmail.com>

common/filter

@@ -603,5 +603,33 @@ _filter_assert_dmesg()
 	    -e "s#$warn2#Intentional warnings in assfail#"
 }
 
+# With version 2.41 of libcap, the output format of getcap changed.
+# More specifically such change was added by the following commit:
+#
+# commit 177cd418031b1acfcf73fe3b1af9f3279828681c
+# Author: Andrew G. Morgan <morgan@kernel.org>
+# Date:   Tue Jul 21 22:58:05 2020 -0700
+#
+#     A more compact form for the text representation of capabilities.
+#
+#     While this does not change anything about the supported range of
+#     equivalent text specifications for capabilities, as accepted by
+#     cap_from_text(), this does alter the preferred output format of
+#     cap_to_text() to be two characters shorter in most cases. That is,
+#     what used to be summarized as:
+#
+#        "= cap_foo+..."
+#
+#     is now converted to the equivalent text:
+#
+#        "cap_foo=..."
+#
+#     which is also more intuitive.
+#
+_filter_getcap()
+{
+        sed -e "s/= //" -e "s/\+/=/g"
+}
+
 # make sure this script returns success
 /bin/true

common/rc

@@ -4315,6 +4315,12 @@ _require_mknod()
 	rm -f $TEST_DIR/$seq.null
 }
 
+_getcap()
+{
+	$GETCAP_PROG "$@" | _filter_getcap
+	return ${PIPESTATUS[0]}
+}
+
 init_rc
 
 ################################################################################

tests/btrfs/214

@@ -43,7 +43,7 @@ check_capabilities()
 	local ret
 	file="$1"
 	cap="$2"
-	ret=$($GETCAP_PROG "$file")
+	ret=$(_getcap "$file")
 	if [ -z "$ret" ]; then
 		echo "$ret"
 		echo "missing capability in file $file"
@@ -74,7 +74,7 @@ full_nocap_inc_withcap_send()
 	$BTRFS_UTIL_PROG subvolume snapshot -r "$FS1" "$FS1/snap_init" >/dev/null
 	$BTRFS_UTIL_PROG send "$FS1/snap_init" -q | $BTRFS_UTIL_PROG receive "$FS2" -q
 	# ensure that we don't have capabilities set
-	ret=$($GETCAP_PROG "$FS2/snap_init/foo.bar")
+	ret=$(_getcap "$FS2/snap_init/foo.bar")
 	if [ -n "$ret" ]; then
 		echo "File contains capabilities when it shouldn't"
 	fi
@@ -84,7 +84,7 @@ full_nocap_inc_withcap_send()
 	$BTRFS_UTIL_PROG subvolume snapshot -r "$FS1" "$FS1/snap_inc" >/dev/null
 	$BTRFS_UTIL_PROG send -p "$FS1/snap_init" "$FS1/snap_inc" -q | \
 					$BTRFS_UTIL_PROG receive "$FS2" -q
-	check_capabilities "$FS2/snap_inc/foo.bar" "cap_sys_ptrace,cap_sys_nice+ep"
+	check_capabilities "$FS2/snap_inc/foo.bar" "cap_sys_ptrace,cap_sys_nice=ep"
 
 	_scratch_unmount
 }
@@ -107,25 +107,25 @@ roundtrip_send()
 	$SETCAP_PROG "cap_sys_ptrace+ep cap_sys_nice+ep" "$FS1/foo.bar"
 	$BTRFS_UTIL_PROG subvolume snapshot -r "$FS1" "$FS1/snap_init" >/dev/null
 	$BTRFS_UTIL_PROG send "$FS1/snap_init" -q | $BTRFS_UTIL_PROG receive "$FS2" -q
-	check_capabilities "$FS2/snap_init/foo.bar" "cap_sys_ptrace,cap_sys_nice+ep"
+	check_capabilities "$FS2/snap_init/foo.bar" "cap_sys_ptrace,cap_sys_nice=ep"
 
 	# Test incremental send with different owner/group but same capabilities
 	chgrp 100 "$FS1/foo.bar"
 	$SETCAP_PROG "cap_sys_ptrace+ep cap_sys_nice+ep" "$FS1/foo.bar"
 	$BTRFS_UTIL_PROG subvolume snapshot -r "$FS1" "$FS1/snap_inc" >/dev/null
-	check_capabilities "$FS1/snap_inc/foo.bar" "cap_sys_ptrace,cap_sys_nice+ep"
+	check_capabilities "$FS1/snap_inc/foo.bar" "cap_sys_ptrace,cap_sys_nice=ep"
 	$BTRFS_UTIL_PROG send -p "$FS1/snap_init" "$FS1/snap_inc" -q | \
 				$BTRFS_UTIL_PROG receive "$FS2" -q
-	check_capabilities "$FS2/snap_inc/foo.bar" "cap_sys_ptrace,cap_sys_nice+ep"
+	check_capabilities "$FS2/snap_inc/foo.bar" "cap_sys_ptrace,cap_sys_nice=ep"
 
 	# Test capabilities after incremental send with different group and capabilities
 	chgrp 0 "$FS1/foo.bar"
 	$SETCAP_PROG "cap_sys_time+ep cap_syslog+ep" "$FS1/foo.bar"
 	$BTRFS_UTIL_PROG subvolume snapshot -r "$FS1" "$FS1/snap_inc2" >/dev/null
-	check_capabilities "$FS1/snap_inc2/foo.bar" "cap_sys_time,cap_syslog+ep"
+	check_capabilities "$FS1/snap_inc2/foo.bar" "cap_sys_time,cap_syslog=ep"
 	$BTRFS_UTIL_PROG send -p "$FS1/snap_inc" "$FS1/snap_inc2" -q | \
 				$BTRFS_UTIL_PROG receive "$FS2"  -q
-	check_capabilities "$FS2/snap_inc2/foo.bar" "cap_sys_time,cap_syslog+ep"
+	check_capabilities "$FS2/snap_inc2/foo.bar" "cap_sys_time,cap_syslog=ep"
 
 	_scratch_unmount
 }

tests/generic/093

@@ -51,10 +51,10 @@ touch $file
 
 echo "**** Verifying that appending to file clears capabilities ****"
 $SETCAP_PROG cap_chown+ep $file
-$GETCAP_PROG $file | filefilter
+_getcap $file | filefilter
 echo data1 >> $file
 cat $file
-$GETCAP_PROG $file | filefilter
+_getcap $file | filefilter
 echo
 
 echo "**** Verifying that appending to file doesn't clear other xattrs ****"

tests/generic/093.out

@@ -1,7 +1,7 @@
 QA output created by 093
 
 **** Verifying that appending to file clears capabilities ****
-file = cap_chown+ep
+file cap_chown=ep
 data1
 
 **** Verifying that appending to file doesn't clear other xattrs ****

tests/generic/513

@@ -40,14 +40,14 @@ $XFS_IO_PROG -f -c "pwrite -S 0x20 0 1m" $SCRATCH_MNT/bar >>$seqres.full
 
 $SETCAP_PROG cap_setgid,cap_setuid+ep $SCRATCH_MNT/bar
 
-before_cap="$($GETCAP_PROG -v $SCRATCH_MNT/bar)"
+before_cap="$(_getcap -v $SCRATCH_MNT/bar)"
 before_ctime="$(stat -c '%z' $SCRATCH_MNT/bar)"
 
 sleep 1
 
 $XFS_IO_PROG -c "reflink $SCRATCH_MNT/foo" $SCRATCH_MNT/bar >> $seqres.full 2>&1
 
-after_cap="$($GETCAP_PROG -v $SCRATCH_MNT/bar)"
+after_cap="$(_getcap -v $SCRATCH_MNT/bar)"
 after_ctime="$(stat -c '%z' $SCRATCH_MNT/bar)"
 
 echo "$before_cap $before_ctime" >> $seqres.full

tests/overlay/064

@@ -55,7 +55,7 @@ _scratch_mount "-o metacopy=on"
 $XFS_IO_PROG -c "stat" ${SCRATCH_MNT}/file1 >>$seqres.full
 
 # Make sure cap_setuid is still there
-$GETCAP_PROG ${SCRATCH_MNT}/file1 | _filter_scratch
+_getcap ${SCRATCH_MNT}/file1 | _filter_scratch
 
 # Trigger metadata only copy-up
 chmod 000 ${SCRATCH_MNT}/file2
@@ -64,7 +64,7 @@ chmod 000 ${SCRATCH_MNT}/file2
 $XFS_IO_PROG -c "stat" ${SCRATCH_MNT}/file2 >>$seqres.full
 
 # Make sure cap_setuid is still there
-$GETCAP_PROG ${SCRATCH_MNT}/file2 | _filter_scratch
+_getcap ${SCRATCH_MNT}/file2 | _filter_scratch
 
 # success, all done
 status=0

tests/overlay/064.out

@@ -1,3 +1,3 @@
 QA output created by 064
-SCRATCH_MNT/file1 = cap_setuid+ep
+SCRATCH_MNT/file1 cap_setuid=ep
-SCRATCH_MNT/file2 = cap_setuid+ep
+SCRATCH_MNT/file2 cap_setuid=ep

tests/xfs/296

@@ -49,7 +49,7 @@ $SETCAP_PROG cap_setgid,cap_setuid+ep $dump_dir/testfile
 echo "Checking for xattr on source file"
 getfattr --absolute-names -m user.name $dump_dir/testfile | _dir_filter
 echo "Checking for capability on source file"
-$GETCAP_PROG $dump_dir/testfile | _dir_filter
+_getcap $dump_dir/testfile | _dir_filter
 getfattr --absolute-names -m security.capability $dump_dir/testfile | _dir_filter
 
 _do_dump_file -f $tmp.df.0
@@ -62,7 +62,7 @@ _diff_compare
 echo "Checking for xattr on restored file"
 getfattr --absolute-names -m user.name $restore_dir/$dump_sdir/testfile | _dir_filter
 echo "Checking for capability on restored file"
-$GETCAP_PROG $restore_dir/$dump_sdir/testfile | _dir_filter
+_getcap $restore_dir/$dump_sdir/testfile | _dir_filter
 getfattr --absolute-names -m security.capability $restore_dir/$dump_sdir/testfile | _dir_filter
 
 status=0

tests/xfs/296.out

@@ -4,7 +4,7 @@ Checking for xattr on source file
 user.name
 
 Checking for capability on source file
-DUMP_DIR/testfile = cap_setgid,cap_setuid+ep
+DUMP_DIR/testfile cap_setgid,cap_setuid=ep
 # file: DUMP_DIR/testfile
 security.capability
 
@@ -50,7 +50,7 @@ Checking for xattr on restored file
 user.name
 
 Checking for capability on restored file
-RESTORE_DIR/DUMP_SUBDIR/testfile = cap_setgid,cap_setuid+ep
+RESTORE_DIR/DUMP_SUBDIR/testfile cap_setgid,cap_setuid=ep
 # file: RESTORE_DIR/DUMP_SUBDIR/testfile
 security.capability