blob: 71ee76666700a2cdc8cc34212d8ba0b58294c802 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
#! /bin/bash
# SPDX-License-Identifier: GPL-2.0
# Copyright (C) 2013 Oracle, Inc. All Rights Reserved.
#
# FS QA Test No. 318
#
# Check get/set ACLs to/from disk with a user namespace. A new file
# will be created and ACLs set on it from both inside a userns and
# from init_user_ns. We check that the ACL is is correct from both
# inside the userns and also from init_user_ns. We will then unmount
# and remount the file system and check the ACL from both inside the
# userns and from init_user_ns to show that the correct uid/gid in
# the ACL was flushed and brought back from disk.
#
. ./common/preamble
_begin_fstest acl attr auto quick perms
# Override the default cleanup function.
_cleanup()
{
cd /
_scratch_unmount >/dev/null 2>&1
}
# Import common functions.
. ./common/filter
. ./common/attr
nsexec=$here/src/nsexec
file=$SCRATCH_MNT/file1
# real QA test starts here
_supported_fs generic
# only Linux supports user namespace
_require_scratch
_acl_setup_ids
_require_acls
_require_ugid_map
_require_userns
ns_acl1=0
ns_acl2=`expr $acl2 - $acl1`
ns_acl3=`expr $acl3 - $acl1`
_getfacl_filter_nsid()
{
sed \
-e "s/user:$ns_acl1/user:nsid1/" \
-e "s/user:$ns_acl2/user:nsid2/" \
-e "s/user:$ns_acl3/user:nsid3/" \
-e "s/group:$ns_acl1/group:nsid1/" \
-e "s/group:$ns_acl2/group:nsid2/" \
-e "s/group:$ns_acl3/group:nsid3/" \
-e "s/: $ns_acl1/: nsid1/" \
-e "s/: $ns_acl2/: nsid2/" \
-e "s/: $ns_acl3/: nsid3/"
}
_print_getfacls()
{
echo "From init_user_ns"
getfacl --absolute-names -n $file 2>/dev/null | _filter_scratch | _getfacl_filter_id
echo "From user_ns"
$nsexec -U -M "0 $acl1 1000" -G "0 $acl1 1000" getfacl --absolute-names -n $file 2>/dev/null | _filter_scratch | _getfacl_filter_nsid
}
_scratch_unmount >/dev/null 2>&1
echo "*** MKFS ***" >>$seqres.full
echo "" >>$seqres.full
_scratch_mkfs >>$seqres.full 2>&1 || _fail "mkfs failed"
_scratch_mount
touch $file
chown $acl1:$acl1 $file
# set acls from init_user_ns, to be checked from inside the userns
setfacl -n -m u:$acl2:rw,g:$acl2:r $file
# set acls from inside userns, to be checked from init_user_ns
$nsexec -s -U -M "0 $acl1 1000" -G "0 $acl1 1000" setfacl -n -m u:root:rx,g:$ns_acl2:x $file
_print_getfacls
echo "*** Remounting ***"
echo ""
sync
_scratch_cycle_mount >>$seqres.full 2>&1 || _fail "remount failed"
_print_getfacls
_scratch_unmount >/dev/null 2>&1
status=0
exit
|
