diff options
author | Goldwyn Rodrigues <rgoldwyn@suse.de> | 2022-09-22 10:56:39 +0100 |
---|---|---|
committer | Zorro Lang <zlang@kernel.org> | 2022-09-23 22:47:19 +0800 |
commit | e5555e75ba199d153f4dfb81496a891263ec9bdd (patch) | |
tree | 594700f695b0eef586bb01706efc0d26fe57c094 | |
parent | 42cc53859ca1198c97a2ca88d4b6589592cfa50c (diff) |
btrfs: test xattr changes for RO btrfs propertyv2022.09.25
Test creation, modification and deletion of xattr for a BTRFS filesystem
which has the read-only property set to true.
Re-test the same after read-only property is set to false.
This tests the bug for "security.*" modifications which escape
xattr_permission(), because security parameters are usually let through
in xattr_permission, without checking
inode_permission()->btrfs_permission().
This resulted in being able to change a security xattr on a RO subvolume
until it got fixed by kernel commit b51111271b03 ("btrfs: check if root
is readonly while setting security xattr").
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Goldwyn Rodrigues <rgoldwyn@suse.com>
Reviewed-by: Zorro Lang <zlang@redhat.com>
Signed-off-by: Zorro Lang <zlang@kernel.org>
-rwxr-xr-x | tests/btrfs/275 | 88 | ||||
-rw-r--r-- | tests/btrfs/275.out | 39 |
2 files changed, 127 insertions, 0 deletions
diff --git a/tests/btrfs/275 b/tests/btrfs/275 new file mode 100755 index 00000000..b34fbda0 --- /dev/null +++ b/tests/btrfs/275 @@ -0,0 +1,88 @@ +#! /bin/bash +# SPDX-License-Identifier: GPL-2.0 +# Copyright (C) 2022 SUSE Linux Products GmbH. All Rights Reserved. +# +# FS QA Test No. 275 +# +# Test that no xattr can be changed once btrfs property is set to RO. +# +. ./common/preamble +_begin_fstest auto quick attr + +# Import common functions. +. ./common/filter +. ./common/attr + +# real QA test starts here +_supported_fs btrfs +_fixed_by_kernel_commit b51111271b03 \ + "btrfs: check if root is readonly while setting security xattr" +_require_attrs +_require_btrfs_command "property" +_require_scratch + +_scratch_mkfs >> $seqres.full 2>&1 +_scratch_mount + +FILENAME=$SCRATCH_MNT/foo + +set_xattr() +{ + local value=$1 + $SETFATTR_PROG -n "user.one" -v $value $FILENAME 2>&1 | _filter_scratch + $SETFATTR_PROG -n "security.one" -v $value $FILENAME 2>&1 | _filter_scratch + $SETFATTR_PROG -n "trusted.one" -v $value $FILENAME 2>&1 | _filter_scratch +} + +get_xattr() +{ + _getfattr --absolute-names -n "user.one" $FILENAME 2>&1 | _filter_scratch + _getfattr --absolute-names -n "security.one" $FILENAME 2>&1 | _filter_scratch + _getfattr --absolute-names -n "trusted.one" $FILENAME 2>&1 | _filter_scratch +} + +del_xattr() +{ + $SETFATTR_PROG -x "user.one" $FILENAME 2>&1 | _filter_scratch + $SETFATTR_PROG -x "security.one" $FILENAME 2>&1 | _filter_scratch + $SETFATTR_PROG -x "trusted.one" $FILENAME 2>&1 | _filter_scratch +} + +# Create a test file. +echo "hello world" > $FILENAME + +set_xattr 1 + +$BTRFS_UTIL_PROG property set $SCRATCH_MNT ro true +$BTRFS_UTIL_PROG property get $SCRATCH_MNT ro + +# Attempt to change values of RO (property) filesystem. +set_xattr 2 + +# Check the values of RO (property) filesystem are not changed. +get_xattr + +# Attempt to remove xattr from RO (property) filesystem. +del_xattr + +# Check if xattr still exist. +get_xattr + +# Change filesystem property RO to false +$BTRFS_UTIL_PROG property set $SCRATCH_MNT ro false +$BTRFS_UTIL_PROG property get $SCRATCH_MNT ro + +# Change the xattrs after RO is false. +set_xattr 2 + +# Get the changed values. +get_xattr + +# Remove xattr. +del_xattr + +# check if the xattrs are really deleted. +get_xattr + +status=0 +exit diff --git a/tests/btrfs/275.out b/tests/btrfs/275.out new file mode 100644 index 00000000..fb8f02f8 --- /dev/null +++ b/tests/btrfs/275.out @@ -0,0 +1,39 @@ +QA output created by 275 +ro=true +setfattr: SCRATCH_MNT/foo: Read-only file system +setfattr: SCRATCH_MNT/foo: Read-only file system +setfattr: SCRATCH_MNT/foo: Read-only file system +# file: SCRATCH_MNT/foo +user.one="1" + +# file: SCRATCH_MNT/foo +security.one="1" + +# file: SCRATCH_MNT/foo +trusted.one="1" + +setfattr: SCRATCH_MNT/foo: Read-only file system +setfattr: SCRATCH_MNT/foo: Read-only file system +setfattr: SCRATCH_MNT/foo: Read-only file system +# file: SCRATCH_MNT/foo +user.one="1" + +# file: SCRATCH_MNT/foo +security.one="1" + +# file: SCRATCH_MNT/foo +trusted.one="1" + +ro=false +# file: SCRATCH_MNT/foo +user.one="2" + +# file: SCRATCH_MNT/foo +security.one="2" + +# file: SCRATCH_MNT/foo +trusted.one="2" + +SCRATCH_MNT/foo: user.one: No such attribute +SCRATCH_MNT/foo: security.one: No such attribute +SCRATCH_MNT/foo: trusted.one: No such attribute |