apfs/apfstests
0
0
Fork 0
mirror of https://github.com/linux-apfs/apfstests.git synced 2026-05-01 15:01:44 -07:00
Code Issues Packages Projects Releases Wiki Activity
Files
a12a56fb24c26e4abe0e95106e3282e8162f6e25
apfstests/tests/generic/317
T
Dwight Engen 4818302fbf xfstests: generic/317 use relative paths to avoid traversal permission problems 
On Wed, 30 Oct 2013 09:24:41 -0700
Christoph Hellwig <hch@infradead.org> wrote:

> On Wed, Oct 30, 2013 at 09:19:55AM -0700, Christoph Hellwig wrote:
> > On Mon, Oct 28, 2013 at 11:43:28AM -0400, Dwight Engen wrote:
> > > Hi Cristoph, on my system (where fsgqa is id 501) the one liner
> > > the test is running is:
> > > 
> > > # ./src/nsexec -s -U -M "0 501 1000" -G "0 501 1000" ./src/lstat64
> > > Usage: lstat64 [-t] filename ...
> > 
> > The id here is 1000 and the following works just fine:
> > 
> > /src/nsexec -s -U -M "0 1000 1000" -G "0 1000 1000" ./src/lstat64
> > Usage: lstat64 [-t] filename ...
> 
> But:
> 
> ./src/nsexec -s -U -M "0 1000 1000" -G "0 501
> 1000" /root/xfstests/src/lstat64 execvp: Permission denied
> 
> 
> Which is probably due to:
> root@vm:~/xfstests# ls -ld ~ 
> drwx------ 6 root root 4096 Oct 30 16:24 /root
> 
> 
> Guess we need a relative path here?

Yep, that makes sense. I modeled this on 219 which was using
$here/src/lstat64 but didn't think about the fact that in my test fsgqa
might have traversal problems. I see plenty of other tests are using
relative paths so the following patch should (hopefully) fix 317 for you.
Thanks for tracking it down.

Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Rich Johnston <rjohnston@sgi.com>
2013-11-04 14:33:04 -06:00

107 lines
2.9 KiB
Bash
Executable File
Raw Blame History

#! /bin/bash
# FS QA Test No. 317
#
# Check uid/gid to/from disk with a user namespace. A new file
# will be created from inside a userns. We check that the uid/gid
# is correct from both inside the userns and also from init_user_ns.
# We will then unmount and remount the file system and check the
# uid/gid from both inside the userns and from init_user_ns to show
# that the correct uid was flushed and brought back from disk.
#
#-----------------------------------------------------------------------
# Copyright (C) 2013 Oracle, Inc. All Rights Reserved.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it would be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
#-----------------------------------------------------------------------
#
seq=`basename $0`
seqres=$RESULT_DIR/$seq
echo "QA output created by $seq"
here=`pwd`
tmp=/tmp/$$
status=1 # failure is the default!
_cleanup()
{
cd /
umount $SCRATCH_DEV >/dev/null 2>&1
}
trap "_cleanup; exit \$status" 0 1 2 3 15
# get standard environment, filters and checks
. ./common/rc
. ./common/filter
. ./common/attr
file=$SCRATCH_MNT/file1
# real QA test starts here
_supported_fs generic
# only Linux supports user namespace
_supported_os Linux
[ -x $nsexec ] || _notrun "$nsexec executable not found"
[ -x $lstat64 ] || _notrun "$lstat64 executable not found"
rm -f $seqres.full
_require_scratch
_need_to_be_root
_require_user
_require_ugid_map
qa_user_id=`grep $qa_user /etc/passwd |awk -F: '{print $3}'`
_filter_output()
{
sed \
-e "s/$qa_user_id/qa_user/g" \
-e "s!$SCRATCH_MNT!\$SCRATCH_MNT!"
}
_print_numeric_uid()
{
echo "From init_user_ns"
src/lstat64 $file |head -3 |_filter_output
echo "From user_ns"
src/nsexec -s -U -M "0 $qa_user_id 1000" -G "0 $qa_user_id 1000" src/lstat64 $file |head -3 |_filter_output
}
umount $SCRATCH_DEV >/dev/null 2>&1
echo "*** MKFS ***" >>$seqres.full
echo "" >>$seqres.full
_scratch_mkfs >>$seqres.full 2>&1 || _fail "mkfs failed"
_scratch_mount >>$seqres.full 2>&1 || _fail "mount failed"
chmod 777 $SCRATCH_MNT
# create $file as "root" in userns, which is $qa_user in parent namespace
src/nsexec -s -U -M "0 $qa_user_id 1000" -G "0 $qa_user_id 1000" touch $file
_print_numeric_uid
echo ""
echo "*** Remounting ***"
echo ""
sync
umount $SCRATCH_MNT >>$seqres.full 2>&1
_scratch_mount >>$seqres.full 2>&1 || _fail "mount failed"
_print_numeric_uid
umount $SCRATCH_DEV >/dev/null 2>&1
status=0
exit
Reference in New Issue View Git Blame Copy Permalink