apfs/apfstests
0
0
Fork 0
mirror of https://github.com/linux-apfs/apfstests.git synced 2026-05-01 15:01:44 -07:00
Code Issues Packages Projects Releases Wiki Activity
Files
f877833cf75ac970e56fd0cda3c1c44373638e79
apfstests/tests/generic/317
T
Zhihao Cheng 220b7e35fe generic/317: Use relative paths to avoid traversal permission problems 
generic/317 will fail because execvp(cmd) is executed without permission,
where cmd is '$here/src/lstat64 $file', which is called by
  $here/src/nsexec -s -U -M "0 $qa_user_id 1000" -G "0 $qa_user_id 1000"\
  $here/src/lstat64 $file

So, you will see following output:
  From user_ns
  ...
  +execvp: Permission denied

nsexec runs the instruction '$here/src/lstat64 $file' as a regular user,
the regular user may not have permission to access path in '$here'.

Actually, it has been fixed in 4818302fbf ("xfstests: generic/317 use
relative paths..."), which then been modified by b7cecbea22 ("fstests:
Add path $here before src/<file>").

Fixes: b7cecbea22 ("fstests: Add path $here before src/<file>")
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Reviewed-by: Eryu Guan <guaneryu@gmail.com>
Signed-off-by: Eryu Guan <guaneryu@gmail.com>
2019-11-03 22:32:35 +08:00

93 lines
2.2 KiB
Bash
Executable File
Raw Blame History

#! /bin/bash
# SPDX-License-Identifier: GPL-2.0
# Copyright (C) 2013 Oracle, Inc. All Rights Reserved.
#
# FS QA Test No. 317
#
# Check uid/gid to/from disk with a user namespace. A new file
# will be created from inside a userns. We check that the uid/gid
# is correct from both inside the userns and also from init_user_ns.
# We will then unmount and remount the file system and check the
# uid/gid from both inside the userns and from init_user_ns to show
# that the correct uid was flushed and brought back from disk.
#
seq=`basename $0`
seqres=$RESULT_DIR/$seq
echo "QA output created by $seq"
here=`pwd`
tmp=/tmp/$$
status=1 # failure is the default!
_cleanup()
{
cd /
_scratch_unmount >/dev/null 2>&1
}
trap "_cleanup; exit \$status" 0 1 2 3 15
# get standard environment, filters and checks
. ./common/rc
. ./common/filter
. ./common/attr
file=$SCRATCH_MNT/file1
# real QA test starts here
_supported_fs generic
# only Linux supports user namespace
_supported_os Linux
[ -x $lstat64 ] || _notrun "$lstat64 executable not found"
rm -f $seqres.full
_require_scratch
_require_user
_require_ugid_map
_require_userns
qa_user_id=`id -u $qa_user`
_filter_output()
{
sed \
-e "s/$qa_user_id/qa_user/g" \
-e "s!$SCRATCH_MNT!\$SCRATCH_MNT!"
}
_print_numeric_uid()
{
echo "From init_user_ns"
$here/src/lstat64 $file |head -3 |_filter_output
echo "From user_ns"
# don't use $here/src/lstat64, as we're running cmd(src/lstat64) in
# nsexec as a regular user, and $here may contain path component that
# a regular user doesn't have search permission
$here/src/nsexec -s -U -M "0 $qa_user_id 1000" -G "0 $qa_user_id 1000" src/lstat64 $file |head -3 |_filter_output
}
_scratch_unmount >/dev/null 2>&1
echo "*** MKFS ***" >>$seqres.full
echo "" >>$seqres.full
_scratch_mkfs >>$seqres.full 2>&1 || _fail "mkfs failed"
_scratch_mount
chmod 777 $SCRATCH_MNT
# create $file as "root" in userns, which is $qa_user in parent namespace
$here/src/nsexec -s -U -M "0 $qa_user_id 1000" -G "0 $qa_user_id 1000" touch $file
_print_numeric_uid
echo ""
echo "*** Remounting ***"
echo ""
sync
_scratch_cycle_mount >>$seqres.full 2>&1 || _fail "remount failed"
_print_numeric_uid
_scratch_unmount >/dev/null 2>&1
status=0
exit
Reference in New Issue View Git Blame Copy Permalink