apfs/apfstests
0
0
Fork 0
mirror of https://github.com/linux-apfs/apfstests.git synced 2026-05-01 15:01:44 -07:00
Code Issues Packages Projects Releases Wiki Activity

generic: Add richacl tests

Browse Source 
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Reviewed-by: Eryu Guan <eguan@redhat.com>
Signed-off-by: Eryu Guan <eguan@redhat.com>
This commit is contained in:
Andreas Gruenbacher
2016-06-28 14:47:26 +02:00
committed by Eryu Guan
parent 9d93ce7ddd
commit 73f9e47abd
21 changed files with 1331 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
common/config
+2
View File
@@ -197,6 +197,8 @@ export LVM_PROG="`set_prog_path lvm`"
export CHATTR_PROG="`set_prog_path chattr`"
export DEBUGFS_PROG="`set_prog_path debugfs`"
export UUIDGEN_PROG="`set_prog_path uuidgen`"
export GETRICHACL_PROG="`set_prog_path getrichacl`"
export SETRICHACL_PROG="`set_prog_path setrichacl`"
# use 'udevadm settle' or 'udevsettle' to wait for lv to be settled.
# newer systems have udevadm command but older systems like RHEL5 don't.
common/rc
+61
View File
@@ -2005,6 +2005,67 @@ _runas()
"$here/src/runas" "$@"
}
_require_richacl_prog()
{
_require_command "$GETRICHACL_PROG" getrichacl
_require_command "$SETRICHACL_PROG" setrichacl
}
_require_scratch_richacl_xfs()
{
_scratch_mkfs_xfs_supported -m richacl=1 >/dev/null 2>&1 \
|| _notrun "mkfs.xfs doesn't have richacl feature"
_scratch_mkfs_xfs -m richacl=1 >/dev/null 2>&1
_scratch_mount >/dev/null 2>&1 \
|| _notrun "kernel doesn't support richacl feature on $FSTYP"
_scratch_unmount
}
_require_scratch_richacl_ext4()
{
_scratch_mkfs -O richacl >/dev/null 2>&1 \
|| _notrun "can't mkfs $FSTYP with option -O richacl"
_scratch_mount >/dev/null 2>&1 \
|| _notrun "kernel doesn't support richacl feature on $FSTYP"
_scratch_unmount
}
_require_scratch_richacl_support()
{
_scratch_mount
$GETFATTR_PROG -n system.richacl >/dev/null 2>&1 \
|| _notrun "this test requires richacl support on \$SCRATCH_DEV"
_scratch_unmount
}
_require_scratch_richacl()
{
case "$FSTYP" in
xfs) _require_scratch_richacl_xfs
;;
ext4) _require_scratch_richacl_ext4
;;
nfs*|cifs|overlay)
_require_scratch_richacl_support
;;
*) _notrun "this test requires richacl support on \$SCRATCH_DEV"
;;
esac
}
_scratch_mkfs_richacl()
{
case "$FSTYP" in
xfs) _scratch_mkfs_xfs -m richacl=1
;;
ext4) _scratch_mkfs -O richacl
;;
nfs*|cifs|overlay)
_scratch_mkfs
;;
esac
}
# check that a FS on a device is mounted
# if so, return mount point
#
tests/generic/362
Executable
+125
View File
@@ -0,0 +1,125 @@
#! /bin/bash
# FS QA Test 362
#
# RichACL apply-masks test
#
#-----------------------------------------------------------------------
# Copyright (c) 2016 Red Hat, Inc. All Rights Reserved.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it would be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
#-----------------------------------------------------------------------
#
seq=`basename $0`
seqres=$RESULT_DIR/$seq
echo "QA output created by $seq"
here=`pwd`
tmp=/tmp/$$
status=1 # failure is the default!
trap "_cleanup; exit \$status" 0 1 2 3 15
_cleanup()
{
cd /
rm -f $tmp.*
}
# get standard environment, filters and checks
. ./common/rc
# remove previous $seqres.full before test
rm -f $seqres.full
# real QA test starts here
_supported_fs generic
_supported_os Linux
_require_scratch
_require_scratch_richacl
_require_richacl_prog
_scratch_mkfs_richacl >> $seqres.full
_scratch_mount
cd $SCRATCH_MNT
touch x
$SETRICHACL_PROG --set 'owner@:rwp::allow group@:rwp::allow everyone@:r::allow' x
$GETRICHACL_PROG x
$SETRICHACL_PROG --set 'everyone@:wp::allow owner@:r::allow group@:r::allow' x
chmod 664 x
$GETRICHACL_PROG x
$SETRICHACL_PROG --set 'everyone@:wp::deny owner@:rwp::allow group@:rwp::allow' x
chmod 664 x
$GETRICHACL_PROG x
$SETRICHACL_PROG --set 'owner@:rwCo::allow' x
$GETRICHACL_PROG x
$SETRICHACL_PROG --set 'owner@:rwpCo::allow' x
$GETRICHACL_PROG x
chmod 644 x
$GETRICHACL_PROG x
$SETRICHACL_PROG --set 'u:77:rwp::allow' x
chmod 664 x
$GETRICHACL_PROG x
chmod 644 x
$GETRICHACL_PROG --numeric-ids x
chmod 664 x
$GETRICHACL_PROG x
$SETRICHACL_PROG --set 'u:77:rwp::allow everyone@:r::allow' x
chmod 664 x
$GETRICHACL_PROG x
$SETRICHACL_PROG --set 'u:77:r::allow everyone@:rwp::allow' x
chmod 664 x
$GETRICHACL_PROG x
$SETRICHACL_PROG --set 'u:77:wp::deny everyone@:rwp::allow' x
chmod 664 x
$GETRICHACL_PROG x
$SETRICHACL_PROG --set 'u:77:rwp::allow u:77:wp::deny everyone@:rwp::allow' x
chmod 664 x
$GETRICHACL_PROG x
$SETRICHACL_PROG --set 'everyone@:rwp::allow' x
chmod 066 x
$GETRICHACL_PROG x
chmod 006 x
$GETRICHACL_PROG x
chmod 606 x
$GETRICHACL_PROG x
$SETRICHACL_PROG --set 'u:77:rwp::allow everyone@:rwp::allow' x
chmod 606 x
$GETRICHACL_PROG x
chmod 646 x
$GETRICHACL_PROG x
# success, all done
status=0
exit
tests/generic/362.out
+94
View File
@@ -0,0 +1,94 @@
QA output created by 362
x:
owner@:rwp----------::allow
group@:rwp----------::allow
everyone@:r------------::allow
x:
owner@:rwp----------::allow
group@:rwp----------::allow
everyone@:r------------::allow
x:
owner@:rwp----------::allow
group@:rwp----------::allow
everyone@:r------------::allow
x:
owner@:rw-------Co--::allow
x:
owner@:rwp----------::allow
x:
owner@:rwp----------::allow
everyone@:r------------::allow
x:
owner@:rwp----------::allow
user:77:rwp----------::allow
group@:r------------::deny
everyone@:r------------::allow
x:
owner@:rwp----------::allow
user:77:r------------::allow
group@:r------------::deny
everyone@:r------------::allow
x:
owner@:rwp----------::allow
user:77:rwp----------::allow
group@:r------------::deny
everyone@:r------------::allow
x:
owner@:rwp----------::allow
user:77:rwp----------::allow
everyone@:r------------::allow
x:
user:77:rwp----------::allow
owner@:rwp----------::allow
group@:rwp----------::allow
everyone@:r------------::allow
x:
owner@:rwp----------::allow
user:77:-wp----------::deny
group@:rwp----------::allow
everyone@:r------------::allow
x:
owner@:rwp----------::allow
user:77:rwp----------::allow
user:77:-wp----------::deny
group@:rwp----------::allow
everyone@:r------------::allow
x:
owner@:rwp----------::deny
everyone@:rwp----------::allow
x:
owner@:rwp----------::deny
group@:rwp----------::deny
everyone@:rwp----------::allow
x:
owner@:rwp----------::allow
group@:rwp----------::deny
everyone@:rwp----------::allow
x:
owner@:rwp----------::allow
group@:rwp----------::deny
everyone@:rwp----------::allow
x:
user:77:r------------::allow
owner@:rwp----------::allow
group@:-wp----------::deny
user:77:-wp----------::deny
everyone@:rwp----------::allow
tests/generic/363
Executable
+118
View File
@@ -0,0 +1,118 @@
#! /bin/bash
# FS QA Test 363
#
# RichACL auto-inheritance test
#
#-----------------------------------------------------------------------
# Copyright (c) 2016 Red Hat, Inc. All Rights Reserved.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it would be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
#-----------------------------------------------------------------------
#
seq=`basename $0`
seqres=$RESULT_DIR/$seq
echo "QA output created by $seq"
here=`pwd`
tmp=/tmp/$$
status=1 # failure is the default!
trap "_cleanup; exit \$status" 0 1 2 3 15
_cleanup()
{
cd /
rm -f $tmp.*
}
# get standard environment, filters and checks
. ./common/rc
# remove previous $seqres.full before test
rm -f $seqres.full
# real QA test starts here
_supported_fs generic
_supported_os Linux
_require_scratch
_require_scratch_richacl
_require_richacl_prog
_scratch_mkfs_richacl >> $seqres.full
_scratch_mount
cd $SCRATCH_MNT
umask 022
mkdir d1
$SETRICHACL_PROG --modify owner@:rwpxd:fd:allow,u:101:rw:fd:deny d1
$SETRICHACL_PROG --modify u:102:rw:f:deny d1
$SETRICHACL_PROG --modify u:103:rw:d:deny d1
$SETRICHACL_PROG --modify g:101:rw:fdi:deny d1
$SETRICHACL_PROG --modify flags:a d1
$GETRICHACL_PROG --numeric --raw d1
mkdir d1/d2
touch d1/d3
# Mode bits derived from inherited ACEs
$GETRICHACL_PROG --numeric --raw d1/d2
$GETRICHACL_PROG --numeric --raw d1/d3
mkdir d1/d2/d4
touch d1/d2/d4/d5
# Protected files
mkdir d1/d6
touch d1/d7
$GETRICHACL_PROG --numeric --raw d1/d2/d4
$GETRICHACL_PROG --numeric --raw d1/d2/d4/d5
# Clear protected flag from all the ACLs
$SETRICHACL_PROG --modify flags:a d1/d2
$SETRICHACL_PROG --modify flags:a d1/d3
$SETRICHACL_PROG --modify flags:a d1/d2/d4
$SETRICHACL_PROG --modify flags:a d1/d2/d4/d5
$GETRICHACL_PROG --numeric d1 | sed -e 's/:fd:deny/:fd:allow/' > acl.txt
cat acl.txt
$SETRICHACL_PROG --set-file acl.txt d1
$GETRICHACL_PROG --numeric --raw d1
$GETRICHACL_PROG --numeric --raw d1/d2
$GETRICHACL_PROG --numeric --raw d1/d3
$GETRICHACL_PROG --numeric --raw d1/d2/d4
$GETRICHACL_PROG --numeric --raw d1/d2/d4/d5
# No automatic inheritance for protected files
$GETRICHACL_PROG --numeric --raw d1/d6
$GETRICHACL_PROG --numeric --raw d1/d7
# success, all done
status=0
exit
tests/generic/363.out
+139
View File
@@ -0,0 +1,139 @@
QA output created by 363
d1:
flags:a
owner:rwpxd-----------::mask
group:r--x------------::mask
other:r--x------------::mask
user:101:rw--------------:fd:deny
user:102:rw--------------:f:deny
user:103:rw--------------:d:deny
group:101:rw--------------:fdi:deny
owner@:rwpxd-----------:fd:allow
everyone@:r--x------------::allow
d1/d2:
flags:map
owner:rwpxd-----------::mask
group:----------------::mask
other:----------------::mask
user:101:rw--------------:fda:deny
user:102:rw--------------:fia:deny
user:103:rw--------------:da:deny
group:101:rw--------------:fda:deny
owner@:rwpxd-----------:fda:allow
d1/d3:
flags:map
owner:rwp-------------::mask
group:----------------::mask
other:----------------::mask
user:101:rw--------------:a:deny
user:102:rw--------------:a:deny
group:101:rw--------------:a:deny
owner@:rwpx------------:a:allow
d1/d2/d4:
flags:map
owner:rwpxd-----------::mask
group:----------------::mask
other:----------------::mask
user:101:rw--------------:fda:deny
user:102:rw--------------:fia:deny
user:103:rw--------------:da:deny
group:101:rw--------------:fda:deny
owner@:rwpxd-----------:fda:allow
d1/d2/d4/d5:
flags:map
owner:rwp-------------::mask
group:----------------::mask
other:----------------::mask
user:101:rw--------------:a:deny
user:102:rw--------------:a:deny
group:101:rw--------------:a:deny
owner@:rwpx------------:a:allow
d1:
flags:a
user:101:rw-----------:fd:allow
user:102:rw-----------:f:deny
user:103:rw-----------:d:deny
group:101:rw-----------:fdi:deny
owner@:rwpxd--------:fd:allow
everyone@:r--x---------::allow
d1:
flags:a
owner:rwpxd-----------::mask
group:rw-x------------::mask
other:r--x------------::mask
user:101:rw--------------:fd:allow
user:102:rw--------------:f:deny
user:103:rw--------------:d:deny
group:101:rw--------------:fdi:deny
owner@:rwpxd-----------:fd:allow
everyone@:r--x------------::allow
d1/d2:
flags:a
owner:rwpxd-----------::mask
group:rw--------------::mask
other:----------------::mask
user:101:rw--------------:fda:allow
user:102:rw--------------:fia:deny
user:103:rw--------------:da:deny
group:101:rw--------------:fda:deny
owner@:rwpxd-----------:fda:allow
d1/d3:
flags:a
owner:rwpx------------::mask
group:rw--------------::mask
other:----------------::mask
user:101:rw--------------:a:allow
user:102:rw--------------:a:deny
group:101:rw--------------:a:deny
owner@:rwpx------------:a:allow
d1/d2/d4:
flags:a
owner:rwpxd-----------::mask
group:rw--------------::mask
other:----------------::mask
user:101:rw--------------:fda:allow
user:102:rw--------------:fia:deny
user:103:rw--------------:da:deny
group:101:rw--------------:fda:deny
owner@:rwpxd-----------:fda:allow
d1/d2/d4/d5:
flags:a
owner:rwpx------------::mask
group:rw--------------::mask
other:----------------::mask
user:101:rw--------------:a:allow
user:102:rw--------------:a:deny
group:101:rw--------------:a:deny
owner@:rwpx------------:a:allow
d1/d6:
flags:map
owner:rwpxd-----------::mask
group:----------------::mask
other:----------------::mask
user:101:rw--------------:fda:deny
user:102:rw--------------:fia:deny
user:103:rw--------------:da:deny
group:101:rw--------------:fda:deny
owner@:rwpxd-----------:fda:allow
d1/d7:
flags:map
owner:rwp-------------::mask
group:----------------::mask
other:----------------::mask
user:101:rw--------------:a:deny
user:102:rw--------------:a:deny
group:101:rw--------------:a:deny
owner@:rwpx------------:a:allow
tests/generic/364
Executable
+98
View File
@@ -0,0 +1,98 @@
#! /bin/bash
# FS QA Test 364
#
# RichACL basic test
#
#-----------------------------------------------------------------------
# Copyright (c) 2016 Red Hat, Inc. All Rights Reserved.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it would be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
#-----------------------------------------------------------------------
#
seq=`basename $0`
seqres=$RESULT_DIR/$seq
echo "QA output created by $seq"
here=`pwd`
tmp=/tmp/$$
status=1 # failure is the default!
trap "_cleanup; exit \$status" 0 1 2 3 15
_cleanup()
{
cd /
rm -f $tmp.*
}
# get standard environment, filters and checks
. ./common/rc
# remove previous $seqres.full before test
rm -f $seqres.full
# real QA test starts here
_supported_fs generic
_supported_os Linux
_require_scratch
_require_scratch_richacl
_require_richacl_prog
_scratch_mkfs_richacl >> $seqres.full
_scratch_mount
cd $SCRATCH_MNT
umask 022
touch x
$SETRICHACL_PROG --set 'everyone@:rwp::allow' x
stat -c %A x
$GETRICHACL_PROG x
chmod 664 x
stat -c %A x
$GETRICHACL_PROG x
# Note that unlike how the test cases look at first sight, we do *not* require
# a richacl-enabled version of ls here ...
mkdir sub
$SETRICHACL_PROG --set 'everyone@:rwpxd:fd:allow' sub
stat -c %A+ sub
$GETFATTR_PROG -m system\.richacl sub
chmod 775 sub
stat -c %A+ sub
$GETFATTR_PROG -m system\.richacl sub
$GETRICHACL_PROG sub
touch sub/f
stat -c %A sub/f
$GETRICHACL_PROG sub/f
mkdir sub/sub2
stat -c %A+ sub/sub2
$GETRICHACL_PROG sub/sub2
mkdir -m 750 sub/sub3
stat -c %A+ sub/sub3
$GETRICHACL_PROG sub/sub3
# success, all done
status=0
exit
tests/generic/364.out
+39
View File
@@ -0,0 +1,39 @@
QA output created by 364
-rw-rw-rw-
x:
everyone@:rwp----------::allow
-rw-rw-r--
x:
owner@:rwp----------::allow
group@:rwp----------::allow
everyone@:r------------::allow
drwxrwxrwx+
# file: sub
system.richacl
drwxrwxr-x+
# file: sub
system.richacl
sub:
owner@:rwpxd--------::allow
group@:rwpxd--------::allow
everyone@:rwpxd--------:fdi:allow
everyone@:r--x---------::allow
-rw-rw-rw-
sub/f:
everyone@:rwp----------::allow
drwxrwxrwx+
sub/sub2:
everyone@:rwpxd--------:fd:allow
drwxr-x---+
sub/sub3:
owner@:rwpxd--------::allow
group@:r--x---------::allow
everyone@:rwpxd--------:fdi:allow
tests/generic/365
Executable
+93
View File
@@ -0,0 +1,93 @@
#! /bin/bash
# FS QA Test 365
#
# RichACL chmod test
#
#-----------------------------------------------------------------------
# Copyright (c) 2016 Red Hat, Inc. All Rights Reserved.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it would be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
#-----------------------------------------------------------------------
#
seq=`basename $0`
seqres=$RESULT_DIR/$seq
echo "QA output created by $seq"
here=`pwd`
tmp=/tmp/$$
status=1 # failure is the default!
trap "_cleanup; exit \$status" 0 1 2 3 15
_cleanup()
{
cd /
rm -f $tmp.*
}
# get standard environment, filters and checks
. ./common/rc
# remove previous $seqres.full before test
rm -f $seqres.full
# real QA test starts here
_supported_fs generic
_supported_os Linux
_require_scratch
_require_scratch_richacl
_require_richacl_prog
_require_runas
_scratch_mkfs_richacl >> $seqres.full
_scratch_mount
cd $SCRATCH_MNT
r()
{
echo "--- runas -u 99 -g 99 $*"
_runas -u 99 -g 99 -- "$@"
}
s()
{
echo "--- runas -u 99 -g 99 setrichacl $*"
_runas -u 99 -g 99 -- $SETRICHACL_PROG "$@"
}
# Create file as root
touch a
# We cannot set the acl as another user
s --set 'u:99:rwc::allow' a
# We cannot chmod as another user
r chmod 666 a
# Give user 99 the write_acl permission
$SETRICHACL_PROG --set 'u:99:rwpC::allow' a
# Now user 99 can setrichacl and chmod ...
s --set 'u:99:rwpC::allow' a
r chmod 666 a
# ... but chmod disables the write_acl permission
s --set 'u:99:rwpC::allow' a
# success, all done
status=0
exit
tests/generic/365.out
+9
View File
@@ -0,0 +1,9 @@
QA output created by 365
--- runas -u 99 -g 99 setrichacl --set u:99:rwc::allow a
a: Operation not permitted
--- runas -u 99 -g 99 chmod 666 a
chmod: changing permissions of 'a': Operation not permitted
--- runas -u 99 -g 99 setrichacl --set u:99:rwpC::allow a
--- runas -u 99 -g 99 chmod 666 a
--- runas -u 99 -g 99 setrichacl --set u:99:rwpC::allow a
a: Operation not permitted
tests/generic/366
Executable
+86
View File
@@ -0,0 +1,86 @@
#! /bin/bash
# FS QA Test 366
#
# RichACL chown test
#
#-----------------------------------------------------------------------
# Copyright (c) 2016 Red Hat, Inc. All Rights Reserved.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it would be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
#-----------------------------------------------------------------------
#
seq=`basename $0`
seqres=$RESULT_DIR/$seq
echo "QA output created by $seq"
here=`pwd`
tmp=/tmp/$$
status=1 # failure is the default!
trap "_cleanup; exit \$status" 0 1 2 3 15
_cleanup()
{
cd /
rm -f $tmp.*
}
# get standard environment, filters and checks
. ./common/rc
# remove previous $seqres.full before test
rm -f $seqres.full
# real QA test starts here
_supported_fs generic
_supported_os Linux
_require_scratch
_require_scratch_richacl
_require_richacl_prog
_require_runas
_scratch_mkfs_richacl >> $seqres.full
_scratch_mount
cd $SCRATCH_MNT
r()
{
echo "--- runas -u 99 -g 99 $*"
_runas -u 99 -g 99 -- "$@"
}
# Create file as root
touch a
# Chown and chgrp with no take ownership permission fails
r chown 99 a
r chgrp 99 a
# Add the take_ownership permission
$SETRICHACL_PROG --set 'u:99:rwpo::allow' a
# Chown and chgrp to a user or group the process is not in fails
r chown 100 a
r chgrp 100 a
# Chown and chgrp to a user and group the process is in succeeds
r chown 99 a
r chgrp 99 a
# success, all done
status=0
exit
tests/generic/366.out
+11
View File
@@ -0,0 +1,11 @@
QA output created by 366
--- runas -u 99 -g 99 chown 99 a
chown: changing ownership of 'a': Operation not permitted
--- runas -u 99 -g 99 chgrp 99 a
chgrp: changing group of 'a': Operation not permitted
--- runas -u 99 -g 99 chown 100 a
chown: changing ownership of 'a': Operation not permitted
--- runas -u 99 -g 99 chgrp 100 a
chgrp: changing group of 'a': Operation not permitted
--- runas -u 99 -g 99 chown 99 a
--- runas -u 99 -g 99 chgrp 99 a
tests/generic/367
Executable
+85
View File
@@ -0,0 +1,85 @@
#! /bin/bash
# FS QA Test 367
#
# RichACL create test
#
#-----------------------------------------------------------------------
# Copyright (c) 2016 Red Hat, Inc. All Rights Reserved.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it would be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
#-----------------------------------------------------------------------
#
seq=`basename $0`
seqres=$RESULT_DIR/$seq
echo "QA output created by $seq"
here=`pwd`
tmp=/tmp/$$
status=1 # failure is the default!
trap "_cleanup; exit \$status" 0 1 2 3 15
_cleanup()
{
cd /
rm -f $tmp.*
}
# get standard environment, filters and checks
. ./common/rc
# remove previous $seqres.full before test
rm -f $seqres.full
# real QA test starts here
_supported_fs generic
_supported_os Linux
_require_scratch
_require_scratch_richacl
_require_richacl_prog
_require_runas
_scratch_mkfs_richacl >> $seqres.full
_scratch_mount
cd $SCRATCH_MNT
r()
{
echo "--- runas -u 99 -g 99 $*"
_runas -u 99 -g 99 -- "$@"
}
# Create directories as root with different permissions
mkdir d1 d2 d3
$SETRICHACL_PROG --set 'u:99:wx::allow' d2
$SETRICHACL_PROG --set 'u:99:px::allow' d3
# Cannot create files or directories without permissions
r touch d1/f
r mkdir d1/d
# Can create files with add_file (w) permission
r touch d2/f
r mkdir d2/d
# Can create directories with add_subdirectory (p) permission
r touch d3/f
r mkdir d3/d
# success, all done
status=0
exit
tests/generic/367.out
+11
View File
@@ -0,0 +1,11 @@
QA output created by 367
--- runas -u 99 -g 99 touch d1/f
touch: cannot touch 'd1/f': Permission denied
--- runas -u 99 -g 99 mkdir d1/d
mkdir: cannot create directory 'd1/d': Permission denied
--- runas -u 99 -g 99 touch d2/f
--- runas -u 99 -g 99 mkdir d2/d
mkdir: cannot create directory 'd2/d': Permission denied
--- runas -u 99 -g 99 touch d3/f
touch: cannot touch 'd3/f': Permission denied
--- runas -u 99 -g 99 mkdir d3/d
tests/generic/368
Executable
+85
View File
@@ -0,0 +1,85 @@
#! /bin/bash
# FS QA Test 368
#
# RichACL ctime test
#
#-----------------------------------------------------------------------
# Copyright (c) 2016 Red Hat, Inc. All Rights Reserved.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it would be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
#-----------------------------------------------------------------------
#
seq=`basename $0`
seqres=$RESULT_DIR/$seq
echo "QA output created by $seq"
here=`pwd`
tmp=/tmp/$$
status=1 # failure is the default!
trap "_cleanup; exit \$status" 0 1 2 3 15
_cleanup()
{
cd /
rm -f $tmp.*
}
# get standard environment, filters and checks
. ./common/rc
# remove previous $seqres.full before test
rm -f $seqres.full
# real QA test starts here
_supported_fs generic
_supported_os Linux
_require_scratch
_require_scratch_richacl
_require_richacl_prog
_require_runas
_scratch_mkfs_richacl >> $seqres.full
_scratch_mount
cd $SCRATCH_MNT
r()
{
echo "--- runas -u 99 -g 99 $*"
_runas -u 99 -g 99 -- "$@"
}
touch a
# Without write access, the ctime cannot be changed
r touch a
$SETRICHACL_PROG --set 'u:99:rw::allow' a
# With write access, the ctime can be set to the current time, but not to
# any other time
r touch a
r touch -d '1 hour ago' a
$SETRICHACL_PROG --set 'u:99:rwA::allow' a
# With set_attributes access, the ctime can be set to an arbitrary time
r touch -d '1 hour ago' a
# success, all done
status=0
exit
tests/generic/368.out
+7
View File
@@ -0,0 +1,7 @@
QA output created by 368
--- runas -u 99 -g 99 touch a
touch: cannot touch 'a': Permission denied
--- runas -u 99 -g 99 touch a
--- runas -u 99 -g 99 touch -d 1 hour ago a
touch: setting times of 'a': Operation not permitted
--- runas -u 99 -g 99 touch -d 1 hour ago a
tests/generic/369
Executable
+126
View File
@@ -0,0 +1,126 @@
#! /bin/bash
# FS QA Test 369
#
# RichACL delete test
#
#-----------------------------------------------------------------------
# Copyright (c) 2016 Red Hat, Inc. All Rights Reserved.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it would be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
#-----------------------------------------------------------------------
#
seq=`basename $0`
seqres=$RESULT_DIR/$seq
echo "QA output created by $seq"
here=`pwd`
tmp=/tmp/$$
status=1 # failure is the default!
trap "_cleanup; exit \$status" 0 1 2 3 15
_cleanup()
{
cd /
rm -f $tmp.*
}
# get standard environment, filters and checks
. ./common/rc
# remove previous $seqres.full before test
rm -f $seqres.full
# real QA test starts here
_supported_fs generic
_supported_os Linux
_require_scratch
_require_scratch_richacl
_require_richacl_prog
_require_runas
_scratch_mkfs_richacl >> $seqres.full
_scratch_mount
cd $SCRATCH_MNT
r()
{
echo "--- runas -u 99 -g 99 $*"
_runas -u 99 -g 99 -- "$@"
}
umask 022
chmod go+w .
mkdir d1 d2 d3 d4 d5 d6 d7
touch d1/f d1/g d2/f d3/f d4/f d5/f d6/f d7/f d7/g d7/h
chmod o+w d1/g
chown 99 d2
chgrp 99 d3
chmod g+w d3
$SETRICHACL_PROG --set 'u:99:wx::allow' d4
$SETRICHACL_PROG --set 'u:99:d::allow' d5
$SETRICHACL_PROG --set 'u:99:xd::allow' d6
$SETRICHACL_PROG --set 'u:99:D::allow' d7/f d7/g d7/h
chmod 664 d7/g
mkdir s2 s3 s4 s5 s6 s7
chmod +t s2 s3 s4 s5 s6 s7
touch s2/f s3/f s4/f s5/f s6/f s7/f s7/g s7/h
chown 99 s2
chgrp 99 s3
chmod g+w s3
$SETRICHACL_PROG --set 'u:99:wx::allow' s4
$SETRICHACL_PROG --set 'u:99:d::allow' s5
$SETRICHACL_PROG --set 'u:99:xd::allow' s6
$SETRICHACL_PROG --set 'u:99:D::allow' s7/f s7/g s7/h
chmod 664 s7/g
# Cannot delete files with no or only with write permissions on the directory
r rm -f d1/f d1/g
# Can delete files in directories we own
r rm -f d2/f s2/f
# Can delete files in non-sticky directories we have write access to
r rm -f d3/f s3/f
# "Write_data/execute" access does not include delete_child access, so deleting
# is not allowed:
r rm -f d4/f s4/f
# "Delete_child" access alone also is not sufficient
r rm -f d5/f s5/f
# "Execute/delete_child" access is sufficient for non-sticky directories
r rm -f d6/f s6/f
# "Delete" access on the child is sufficient, even in sticky directories.
r rm -f d7/f s7/f
# Regression: Delete access must not override add_file / add_subdirectory
# access.
r touch h
r mv -f h d7/
r mv -f h s7/
# A chmod turns off the "delete" permission
r rm -f d7/g s7/g
# success, all done
status=0
exit
tests/generic/369.out
+24
View File
@@ -0,0 +1,24 @@
QA output created by 369
--- runas -u 99 -g 99 rm -f d1/f d1/g
rm: cannot remove 'd1/f': Permission denied
rm: cannot remove 'd1/g': Permission denied
--- runas -u 99 -g 99 rm -f d2/f s2/f
--- runas -u 99 -g 99 rm -f d3/f s3/f
rm: cannot remove 's3/f': Operation not permitted
--- runas -u 99 -g 99 rm -f d4/f s4/f
rm: cannot remove 'd4/f': Permission denied
rm: cannot remove 's4/f': Permission denied
--- runas -u 99 -g 99 rm -f d5/f s5/f
rm: cannot remove 'd5/f': Permission denied
rm: cannot remove 's5/f': Permission denied
--- runas -u 99 -g 99 rm -f d6/f s6/f
rm: cannot remove 's6/f': Operation not permitted
--- runas -u 99 -g 99 rm -f d7/f s7/f
--- runas -u 99 -g 99 touch h
--- runas -u 99 -g 99 mv -f h d7/
mv: cannot move 'h' to 'd7/h': Permission denied
--- runas -u 99 -g 99 mv -f h s7/
mv: cannot move 'h' to 's7/h': Permission denied
--- runas -u 99 -g 99 rm -f d7/g s7/g
rm: cannot remove 'd7/g': Permission denied
rm: cannot remove 's7/g': Permission denied
tests/generic/370
Executable
+90
View File
@@ -0,0 +1,90 @@
#! /bin/bash
# FS QA Test 370
#
# RichACL write-vs-append test
#
#-----------------------------------------------------------------------
# Copyright (c) 2016 Red Hat, Inc. All Rights Reserved.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it would be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
#-----------------------------------------------------------------------
#
seq=`basename $0`
seqres=$RESULT_DIR/$seq
echo "QA output created by $seq"
here=`pwd`
tmp=/tmp/$$
status=1 # failure is the default!
trap "_cleanup; exit \$status" 0 1 2 3 15
_cleanup()
{
cd /
rm -f $tmp.*
}
# get standard environment, filters and checks
. ./common/rc
# remove previous $seqres.full before test
rm -f $seqres.full
# real QA test starts here
_supported_fs generic
_supported_os Linux
_require_scratch
_require_scratch_richacl
_require_richacl_prog
_require_runas
_scratch_mkfs_richacl >> $seqres.full
_scratch_mount
cd $SCRATCH_MNT
r()
{
echo "--- runas -u 99 -g 99 $*"
_runas -u 99 -g 99 -- "$@"
}
touch a b c d e f
$SETRICHACL_PROG --set 'owner@:rwp::allow' a
$SETRICHACL_PROG --set 'owner@:rwp::allow u:99:w::allow' b
$SETRICHACL_PROG --set 'owner@:rwp::allow u:99:p::allow' c
$SETRICHACL_PROG --set 'owner@:rwp::allow u:99:wp::allow' d
$SETRICHACL_PROG --set 'u:99:a::deny owner@:rwp::allow u:99:w::allow' e
$SETRICHACL_PROG --set 'u:99:w::deny owner@:rwp::allow u:99:p::allow' f
r sh -c 'echo a > a'
r sh -c 'echo b > b'
r sh -c 'echo c > c'
r sh -c 'echo d > d'
r sh -c 'echo e > e'
r sh -c 'echo f > f'
r sh -c 'echo A >> a'
r sh -c 'echo B >> b'
r sh -c 'echo C >> c'
r sh -c 'echo D >> d'
r sh -c 'echo E >> e'
r sh -c 'echo F >> f'
# success, all done
status=0
exit
tests/generic/370.out
+19
View File
@@ -0,0 +1,19 @@
QA output created by 370
--- runas -u 99 -g 99 sh -c echo a > a
sh: a: Permission denied
--- runas -u 99 -g 99 sh -c echo b > b
--- runas -u 99 -g 99 sh -c echo c > c
sh: c: Permission denied
--- runas -u 99 -g 99 sh -c echo d > d
--- runas -u 99 -g 99 sh -c echo e > e
--- runas -u 99 -g 99 sh -c echo f > f
sh: f: Permission denied
--- runas -u 99 -g 99 sh -c echo A >> a
sh: a: Permission denied
--- runas -u 99 -g 99 sh -c echo B >> b
sh: b: Permission denied
--- runas -u 99 -g 99 sh -c echo C >> c
--- runas -u 99 -g 99 sh -c echo D >> d
--- runas -u 99 -g 99 sh -c echo E >> e
sh: e: Permission denied
--- runas -u 99 -g 99 sh -c echo F >> f

Some files were not shown because too many files have changed in this diff Show More