apfs/apfstests
0
0
Fork 0
mirror of https://github.com/linux-apfs/apfstests.git synced 2026-05-01 15:01:44 -07:00
Code Issues Packages Projects Releases Wiki Activity

xfstests generic/318: user namespace uid/gids in an ACL

Browse Source 
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Reviewed-by: Rich Johnston <rjohnston@sgi.com>
Signed-off-by: Rich Johnston <rjohnston@sgi.com>
This commit is contained in:
Dwight Engen
2013-08-19 17:34:42 +00:00
committed by Rich Johnston
parent 531a2473ce
commit 511f9be259
4 changed files with 168 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
common/attr
+14
View File
@@ -54,6 +54,20 @@ _acl_filter_id()
-e "s/ $acl3 / id3 /" -e "s/ $acl3 / id3 /"
} }
_getfacl_filter_id()
{
sed \
-e "s/user:$acl1/user:id1/" \
-e "s/user:$acl2/user:id2/" \
-e "s/user:$acl3/user:id3/" \
-e "s/group:$acl1/group:id1/" \
-e "s/group:$acl2/group:id2/" \
-e "s/group:$acl3/group:id3/" \
-e "s/: $acl1/: id1/" \
-e "s/: $acl2/: id2/" \
-e "s/: $acl3/: id3/"
}
# filtered ls # filtered ls
# #
_acl_ls() _acl_ls()
tests/generic/318
Executable
+102
View File
@@ -0,0 +1,102 @@
#! /bin/bash
# FS QA Test No. 318
#
# Check get/set ACLs to/from disk with a user namespace. A new file
# will be created and ACLs set on it from both inside a userns and
# from init_user_ns. We check that the ACL is is correct from both
# inside the userns and also from init_user_ns. We will then unmount
# and remount the file system and check the ACL from both inside the
# userns and from init_user_ns to show that the correct uid/gid in
# the ACL was flushed and brought back from disk.
#
#-----------------------------------------------------------------------
# Copyright (C) 2013 Oracle, Inc. All Rights Reserved.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it would be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
#-----------------------------------------------------------------------
#
seq=`basename $0`
seqres=$RESULT_DIR/$seq
echo "QA output created by $seq"
here=`pwd`
tmp=/tmp/$$
status=1 # failure is the default!
_cleanup()
{
cd /
umount $SCRATCH_DEV >/dev/null 2>&1
}
trap "_cleanup; exit \$status" 0 1 2 3 15
# get standard environment, filters and checks
. ./common/rc
. ./common/filter
. ./common/attr
nsexec=$here/src/nsexec
file=$SCRATCH_MNT/file1
# real QA test starts here
_supported_fs generic
# only Linux supports user namespace
_supported_os Linux
[ -x $nsexec ] || _notrun "$nsexec executable not found"
rm -f $seqres.full
_require_scratch
_need_to_be_root
_acl_setup_ids
_require_acls
_print_getfacls()
{
echo "From init_user_ns"
getfacl --absolute-names -n $file 2>/dev/null | _filter_scratch | _getfacl_filter_id
echo "From user_ns"
$nsexec -U -M "0 $acl1 1000" -G "0 $acl2 1000" getfacl --absolute-names -n $file 2>/dev/null | _filter_scratch | _getfacl_filter_id
}
umount $SCRATCH_DEV >/dev/null 2>&1
echo "*** MKFS ***" >>$seqres.full
echo "" >>$seqres.full
_scratch_mkfs >>$seqres.full 2>&1 || _fail "mkfs failed"
_scratch_mount >>$seqres.full 2>&1 || _fail "mount failed"
touch $file
chown $acl1.$acl1 $file
# set acls from init_user_ns, to be checked from inside the userns
setfacl -n -m u:$acl2:rw,g:$acl2:r $file
# set acls from inside userns, to be checked from init_user_ns
$nsexec -s -U -M "0 $acl1 1000" -G "0 $acl2 1000" setfacl -n -m u:root:rx,g:root:x $file
_print_getfacls
echo "*** Remounting ***"
echo ""
sync
umount $SCRATCH_MNT >>$seqres.full 2>&1
_scratch_mount >>$seqres.full 2>&1 || _fail "mount failed"
_print_getfacls
umount $SCRATCH_DEV >/dev/null 2>&1
status=0
exit
tests/generic/318.out
+51
View File
@@ -0,0 +1,51 @@
QA output created by 318
From init_user_ns
# file: SCRATCH_MNT/file1
# owner: id1
# group: id1
user::rw-
user:id1:r-x #effective:r--
user:id2:rw- #effective:r--
group::r--
group:id2:--x #effective:---
mask::r--
other::r--
From user_ns
# file: SCRATCH_MNT/file1
# owner: 0
# group: 65534
user::rw-
user:0:r-x #effective:r--
user:1:rw- #effective:r--
group::r--
group:0:--x #effective:---
mask::r--
other::r--
*** Remounting ***
From init_user_ns
# file: SCRATCH_MNT/file1
# owner: id1
# group: id1
user::rw-
user:id1:r-x #effective:r--
user:id2:rw- #effective:r--
group::r--
group:id2:--x #effective:---
mask::r--
other::r--
From user_ns
# file: SCRATCH_MNT/file1
# owner: 0
# group: 65534
user::rw-
user:0:r-x #effective:r--
user:1:rw- #effective:r--
group::r--
group:0:--x #effective:---
mask::r--
other::r--
tests/generic/group
+1
View File
@@ -120,3 +120,4 @@
315 auto quick rw prealloc 315 auto quick rw prealloc
316 auto quick 316 auto quick
317 auto metadata quick 317 auto metadata quick
318 acl attr auto quick