From: Eric Sandeen Date: Fri, 4 Jan 2013 00:05:23 +0000 (-0600) Subject: xfstests: test dump/restore of file capabilities X-Git-Tag: v2022.05.01~3546 X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=8322038f2ba9d0fca910f54113e8536fd57bb1fd;p=users%2Fhch%2Fxfstests-dev.git xfstests: test dump/restore of file capabilities xfsrestore isn't properly restoring file capabilities; it restores them, but then chowns the file, which removes the caps: Call Trace: [] xfs_xattr_set+0x118/0x120 [xfs] [] generic_removexattr+0x80/0x90 [] cap_inode_killpriv+0x28/0x30 [] security_inode_killpriv+0x16/0x20 [] notify_change+0x18f/0x330 [] chown_common+0x60/0xa0 [] sys_fchown+0x80/0xd0 [] system_call_fastpath+0x16/0x1b This test demonstrates the problem. Reported-by: fugazzi® Signed-off-by: Eric Sandeen Reviewed-by: Ben Myers Signed-off-by: Ben Myers --- diff --git a/296 b/296 new file mode 100644 index 000000000..efcfb09df --- /dev/null +++ b/296 @@ -0,0 +1,83 @@ +#! /bin/bash +# FS QA Test No. 296 +# +# Test that xfsdump/restore preserves file capabilities +# +#----------------------------------------------------------------------- +# Copyright (c) 2013 Red Hat, Inc. All Rights Reserved. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it would be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write the Free Software Foundation, +# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA +#----------------------------------------------------------------------- +# +# creator +owner=sandeen@sandeen.net + +seq=`basename $0` +echo "QA output created by $seq" + +here=`pwd` +tmp=/tmp/$$ +status=1 # failure is the default! +trap "_cleanup; exit \$status" 0 1 2 3 15 + +_cleanup() +{ + cd / + rm -f $tmp.* +} + +# get standard environment, filters and checks +. ./common.rc +. ./common.filter +. ./common.dump + +# real QA test starts here + +# Modify as appropriate. +_supported_fs xfs +_supported_os Linux +_require_scratch + +rm -f $seq.full + +_wipe_fs + +mkdir -p $dump_dir +echo test > $dump_dir/testfile +# Set a generic xattr +setfattr -n user.name -v value $dump_dir/testfile +# Now set the cap (which is also an xattr) +setcap cap_setgid,cap_setuid+ep $dump_dir/testfile +# And make sure they are there on the source +echo "Checking for xattr on source file" +getfattr --absolute-names -m user.name $dump_dir/testfile | _dir_filter +echo "Checking for capability on source file" +getcap $dump_dir/testfile | _dir_filter +getfattr --absolute-names -m security.capability $dump_dir/testfile | _dir_filter + +_do_dump_file -f $tmp.df.0 +_prepare_restore_dir +_do_restore_file +# Basic dump/restore checks first - the file is there, right? +_ls_compare_sub +_diff_compare + +echo "Checking for xattr on restored file" +getfattr --absolute-names -m user.name $restore_dir/$dump_sdir/testfile | _dir_filter +echo "Checking for capability on restored file" +getcap $restore_dir/$dump_sdir/testfile | _dir_filter +getfattr --absolute-names -m security.capability $restore_dir/$dump_sdir/testfile | _dir_filter + +status=0 +exit diff --git a/296.out b/296.out new file mode 100644 index 000000000..1fb1b69e3 --- /dev/null +++ b/296.out @@ -0,0 +1,55 @@ +QA output created by 296 +Checking for xattr on source file +# file: DUMP_DIR/testfile +user.name + +Checking for capability on source file +DUMP_DIR/testfile = cap_setgid,cap_setuid+ep +# file: DUMP_DIR/testfile +security.capability + +Dumping to file... +xfsdump -f DUMP_FILE -M stress_tape_media -L stress_296 SCRATCH_MNT +xfsdump: using file dump (drive_simple) strategy +xfsdump: level 0 dump of HOSTNAME:SCRATCH_MNT +xfsdump: dump date: DATE +xfsdump: session id: ID +xfsdump: session label: "stress_296" +xfsdump: ino map +xfsdump: ino map construction complete +xfsdump: estimated dump size: NUM bytes +xfsdump: /var/xfsdump/inventory created +xfsdump: creating dump session media file 0 (media 0, file 0) +xfsdump: dumping ino map +xfsdump: dumping directories +xfsdump: dumping non-directory files +xfsdump: ending media file +xfsdump: media file size NUM bytes +xfsdump: dump size (non-dir files) : NUM bytes +xfsdump: dump complete: SECS seconds elapsed +xfsdump: Dump Status: SUCCESS +Restoring from file... +xfsrestore -f DUMP_FILE -L stress_296 RESTORE_DIR +xfsrestore: using file dump (drive_simple) strategy +xfsrestore: using online session inventory +xfsrestore: searching media for directory dump +xfsrestore: examining media file 0 +xfsrestore: reading directories +xfsrestore: 2 directories and 2 entries processed +xfsrestore: directory post-processing +xfsrestore: restoring non-directory files +xfsrestore: restore complete: SECS seconds elapsed +xfsrestore: Restore Status: SUCCESS +Comparing listing of dump directory with restore directory +Files TMP.dump_dir and TMP.restore_dir are identical +Comparing dump directory with restore directory +Files DUMP_DIR/testfile and RESTORE_DIR/DUMP_SUBDIR/testfile are identical +Only in SCRATCH_MNT: RESTORE_SUBDIR +Checking for xattr on restored file +# file: RESTORE_DIR/DUMP_SUBDIR/testfile +user.name + +Checking for capability on restored file +RESTORE_DIR/DUMP_SUBDIR/testfile cap_setgid,cap_setuid+ep +# file: RESTORE_DIR/DUMP_SUBDIR/testfile +security.capability diff --git a/group b/group index ba3502c1e..eb4f3752c 100644 --- a/group +++ b/group @@ -414,3 +414,4 @@ deprecated 293 auto quick 294 auto quick 295 auto logprint quick +296 dump auto quick