| #! /bin/bash |
| # SPDX-License-Identifier: GPL-2.0 |
| # Copyright (c) 2020 Red Hat, Inc. All Rights Reserved. |
| # |
| # FS QA Test No. 598 |
| # |
| # Test protected_regular and protected_fifos sysctls |
| # |
| seq=`basename $0` |
| seqres=$RESULT_DIR/$seq |
| echo "QA output created by $seq" |
| |
| here=`pwd` |
| tmp=/tmp/$$ |
| status=1 # failure is the default! |
| trap "_cleanup; exit \$status" 0 1 2 3 15 |
| |
| _cleanup() |
| { |
| rm -rf $TEST_DIR/$seq |
| [ ! -z "$REGULAR_PROTECTION" ] \ |
| && sysctl -qw fs.protected_regular=$REGULAR_PROTECTION |
| [ ! -z "$FIFO_PROTECTION" ] \ |
| && sysctl -qw fs.protected_fifos=$FIFO_PROTECTION |
| cd / |
| rm -f $tmp.* |
| } |
| |
| # get standard environment, filters and checks |
| . ./common/rc |
| . ./common/filter |
| |
| # remove previous $seqres.full before test |
| rm -f $seqres.full |
| |
| # real QA test starts here |
| |
| # Modify as appropriate. |
| _supported_fs generic |
| _require_test |
| _require_sysctl_variable fs.protected_regular |
| _require_sysctl_variable fs.protected_fifos |
| _require_user fsgqa2 |
| # Do this SECOND so that qa_user is fsgqa, and _user_do uses that account |
| _require_user fsgqa |
| _require_chmod |
| |
| USER1=fsgqa2 |
| USER2=fsgqa |
| |
| # Save current system state to reset when done |
| REGULAR_PROTECTION=`sysctl -n fs.protected_regular` |
| FIFO_PROTECTION=`sysctl -n fs.protected_fifos` |
| |
| test_access() |
| { |
| FILENAME=$1 |
| |
| # sticky dir is world & group writable: |
| echo "= group & world writable dir" |
| chmod og+w $TEST_DIR/$seq/sticky_dir |
| # "open -f" opens O_CREAT |
| _user_do "$XFS_IO_PROG -c \"open -f $TEST_DIR/$seq/sticky_dir/$FILENAME\"" |
| # sticky dir is only group writable: |
| echo "= only group writable dir" |
| chmod o-w $TEST_DIR/$seq/sticky_dir |
| _user_do "$XFS_IO_PROG -c \"open -f $TEST_DIR/$seq/sticky_dir/$FILENAME\"" |
| } |
| |
| setup_tree() |
| { |
| # Create sticky dir owned by $USER2 |
| mkdir -p $TEST_DIR/$seq |
| mkdir -p $TEST_DIR/$seq/sticky_dir |
| chmod 1777 $TEST_DIR/$seq/sticky_dir |
| chown $USER2.$USER2 $TEST_DIR/$seq/sticky_dir |
| |
| # Create file & fifo in that dir owned by $USER1, and open |
| # normal read/write privs for world & group |
| $XFS_IO_PROG -c "open -f $TEST_DIR/$seq/sticky_dir/file" |
| chown $USER1.$USER1 $TEST_DIR/$seq/sticky_dir/file |
| chmod o+rw $TEST_DIR/$seq/sticky_dir/file |
| |
| mkfifo $TEST_DIR/$seq/sticky_dir/fifo |
| chown $USER1.$USER1 $TEST_DIR/$seq/sticky_dir/fifo |
| chmod o+rw $TEST_DIR/$seq/sticky_dir/fifo |
| } |
| |
| setup_tree |
| |
| # First test fs.protected_regular |
| # With protection set to 1, O_CREAT opens in a world-writable sticky |
| # directory should fail if the file exists, is owned by another, and |
| # file owner != dir owner |
| # |
| # With protection set to 2, the same goes for group-writable |
| # sticky directories |
| |
| echo "== Test file open when owned by another and file owner != dir owner" |
| sysctl -w fs.protected_regular=0 |
| test_access file |
| sysctl -w fs.protected_regular=1 |
| test_access file |
| sysctl -w fs.protected_regular=2 |
| test_access file |
| |
| echo |
| |
| # Now test fs.protected_fifos |
| # With protection set to 1, O_CREAT opens in a world-writable sticky |
| # directory should fail if the fifo exists, is owned by another, and |
| # file owner != dir owner |
| # |
| # With protection set to 2, the same goes for group-writable |
| # sticky directories |
| echo "== Test fifo open when owned by another and fifo owner != dir owner" |
| sysctl -w fs.protected_fifos=0 |
| test_access fifo |
| sysctl -w fs.protected_fifos=1 |
| test_access fifo |
| sysctl -w fs.protected_fifos=2 |
| test_access fifo |
| |
| # success, all done |
| status=0 |
| exit |