| #! /bin/bash |
| # SPDX-License-Identifier: GPL-2.0 |
| # Copyright (c) 2022 Oracle. All Rights Reserved. |
| # |
| # FS QA Test No. 673 |
| # |
| # Functional test for dropping suid and sgid bits as part of a reflink. |
| # |
| . ./common/preamble |
| _begin_fstest auto clone quick |
| |
| # Import common functions. |
| . ./common/filter |
| . ./common/reflink |
| |
| # real QA test starts here |
| |
| # Modify as appropriate. |
| _supported_fs generic |
| _require_user |
| _require_scratch_reflink |
| |
| _scratch_mkfs >> $seqres.full |
| _scratch_mount |
| chmod a+rw $SCRATCH_MNT/ |
| |
| setup_testfile() { |
| rm -f $SCRATCH_MNT/a $SCRATCH_MNT/b |
| _pwrite_byte 0x58 0 1m $SCRATCH_MNT/a >> $seqres.full |
| _pwrite_byte 0x57 0 1m $SCRATCH_MNT/b >> $seqres.full |
| chmod a+r $SCRATCH_MNT/b |
| sync |
| } |
| |
| commit_and_check() { |
| local user="$1" |
| |
| md5sum $SCRATCH_MNT/a | _filter_scratch |
| stat -c '%a %A %n' $SCRATCH_MNT/a | _filter_scratch |
| |
| local cmd="$XFS_IO_PROG -c 'reflink $SCRATCH_MNT/b 0 0 1m' $SCRATCH_MNT/a" |
| if [ -n "$user" ]; then |
| su - "$user" -c "$cmd" >> $seqres.full |
| else |
| $SHELL -c "$cmd" >> $seqres.full |
| fi |
| |
| _scratch_cycle_mount |
| md5sum $SCRATCH_MNT/a | _filter_scratch |
| stat -c '%a %A %n' $SCRATCH_MNT/a | _filter_scratch |
| |
| # Blank line in output |
| echo |
| } |
| |
| # Commit to a non-exec file by an unprivileged user clears suid and sgid |
| echo "Test 1 - qa_user, non-exec file" |
| setup_testfile |
| chmod a+rws $SCRATCH_MNT/a |
| commit_and_check "$qa_user" |
| |
| # Commit to a group-exec file by an unprivileged user clears suid and sgid. |
| echo "Test 2 - qa_user, group-exec file" |
| setup_testfile |
| chmod g+x,a+rws $SCRATCH_MNT/a |
| commit_and_check "$qa_user" |
| |
| # Commit to a user-exec file by an unprivileged user clears suid and sgid. |
| echo "Test 3 - qa_user, user-exec file" |
| setup_testfile |
| chmod u+x,a+rws,g-x $SCRATCH_MNT/a |
| commit_and_check "$qa_user" |
| |
| # Commit to a all-exec file by an unprivileged user clears suid and sgid. |
| echo "Test 4 - qa_user, all-exec file" |
| setup_testfile |
| chmod a+rwxs $SCRATCH_MNT/a |
| commit_and_check "$qa_user" |
| |
| # Commit to a non-exec file by root leaves suid and sgid. |
| echo "Test 5 - root, non-exec file" |
| setup_testfile |
| chmod a+rws $SCRATCH_MNT/a |
| commit_and_check |
| |
| # Commit to a group-exec file by root leaves suid and sgid. |
| echo "Test 6 - root, group-exec file" |
| setup_testfile |
| chmod g+x,a+rws $SCRATCH_MNT/a |
| commit_and_check |
| |
| # Commit to a user-exec file by root leaves suid and sgid. |
| echo "Test 7 - root, user-exec file" |
| setup_testfile |
| chmod u+x,a+rws,g-x $SCRATCH_MNT/a |
| commit_and_check |
| |
| # Commit to a all-exec file by root leaves suid and sgid. |
| echo "Test 8 - root, all-exec file" |
| setup_testfile |
| chmod a+rwxs $SCRATCH_MNT/a |
| commit_and_check |
| |
| #Commit to a non-exec file by an unprivileged user leaves sgid. |
| echo "Test 9 - qa_user, non-exec file, only sgid" |
| setup_testfile |
| chmod a+rw,g+rws $SCRATCH_MNT/a |
| commit_and_check "$qa_user" |
| |
| #Commit to a group-exec file by an unprivileged user clears sgid |
| echo "Test 10 - qa_user, group-exec file, only sgid" |
| setup_testfile |
| chmod a+rw,g+rwxs $SCRATCH_MNT/a |
| commit_and_check "$qa_user" |
| |
| #Commit to a user-exec file by an unprivileged user clears sgid |
| echo "Test 11 - qa_user, user-exec file, only sgid" |
| setup_testfile |
| chmod a+rw,u+x,g+rws $SCRATCH_MNT/a |
| commit_and_check "$qa_user" |
| |
| #Commit to a all-exec file by an unprivileged user clears sgid. |
| echo "Test 12 - qa_user, all-exec file, only sgid" |
| setup_testfile |
| chmod a+rwx,g+rwxs $SCRATCH_MNT/a |
| commit_and_check "$qa_user" |
| |
| # success, all done |
| status=0 |
| exit |
