From: Kevin Wolf <kwolf@redhat.com>
To: Max Reitz <mreitz@redhat.com>
Cc: qemu-devel@nongnu.org, qemu-block@nongnu.org
Subject: Re: [PATCH v2 6/6] iotests/fuse-allow-other: Test allow-other
Date: Wed, 7 Jul 2021 12:40:22 +0200 [thread overview]
Message-ID: <YOWElpoQUfM1R559@redhat.com> (raw)
In-Reply-To: <20210625142317.271673-7-mreitz@redhat.com>
Am 25.06.2021 um 16:23 hat Max Reitz geschrieben:
> Signed-off-by: Max Reitz <mreitz@redhat.com>
> ---
> tests/qemu-iotests/tests/fuse-allow-other | 175 ++++++++++++++++++
> tests/qemu-iotests/tests/fuse-allow-other.out | 88 +++++++++
> 2 files changed, 263 insertions(+)
> create mode 100755 tests/qemu-iotests/tests/fuse-allow-other
> create mode 100644 tests/qemu-iotests/tests/fuse-allow-other.out
>
> diff --git a/tests/qemu-iotests/tests/fuse-allow-other b/tests/qemu-iotests/tests/fuse-allow-other
> new file mode 100755
> index 0000000000..a513dbce66
> --- /dev/null
> +++ b/tests/qemu-iotests/tests/fuse-allow-other
> @@ -0,0 +1,175 @@
> +#!/usr/bin/env bash
> +# group: rw
> +#
> +# Test FUSE exports' allow-other option
> +#
> +# Copyright (C) 2021 Red Hat, Inc.
> +#
> +# This program is free software; you can redistribute it and/or modify
> +# it under the terms of the GNU General Public License as published by
> +# the Free Software Foundation; either version 2 of the License, or
> +# (at your option) any later version.
> +#
> +# This program is distributed in the hope that it will be useful,
> +# but WITHOUT ANY WARRANTY; without even the implied warranty of
> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> +# GNU General Public License for more details.
> +#
> +# You should have received a copy of the GNU General Public License
> +# along with this program. If not, see <http://www.gnu.org/licenses/>.
> +#
> +
> +seq=$(basename "$0")
> +echo "QA output created by $seq"
> +
> +status=1 # failure is the default!
> +
> +_cleanup()
> +{
> + _cleanup_qemu
> + _cleanup_test_img
> + rm -f "$EXT_MP"
> +}
> +trap "_cleanup; exit \$status" 0 1 2 3 15
> +
> +# get standard environment, filters and checks
> +. ../common.rc
> +. ../common.filter
> +. ../common.qemu
> +
> +_supported_fmt generic
> +
> +_supported_proto file # We create the FUSE export manually
> +
> +sudo -n -u nobody true || \
> + _notrun 'Password-less sudo as nobody required to test allow_other'
> +
> +# $1: Export ID
> +# $2: Options (beyond the node-name and ID)
> +# $3: Expected return value (defaults to 'return')
> +# $4: Node to export (defaults to 'node-format')
> +fuse_export_add()
> +{
> + allow_other_not_supported='option allow_other only allowed if'
> +
> + output=$(
> + success_or_failure=yes _send_qemu_cmd $QEMU_HANDLE \
> + "{'execute': 'block-export-add',
> + 'arguments': {
> + 'type': 'fuse',
> + 'id': '$1',
> + 'node-name': '${4:-node-format}',
> + $2
> + } }" \
> + "${3:-return}" \
> + "$allow_other_not_supported" \
> + | _filter_imgfmt
> + )
> +
> + if echo "$output" | grep -q "$allow_other_not_supported"; then
> + # Shut down qemu gracefully so it can unmount the export
> + _send_qemu_cmd $QEMU_HANDLE \
> + "{'execute': 'quit'}" \
> + 'return'
> +
> + wait=yes _cleanup_qemu
> +
> + _notrun "allow_other not supported"
> + fi
> +
> + echo "$output"
> +}
> +
> +EXT_MP="$TEST_DIR/fuse-export"
> +
> +_make_test_img 64k
> +touch "$EXT_MP"
> +
> +echo
> +echo '=== Test permissions ==='
> +
> +# Test that you can only change permissions on the export with allow-other=true.
> +# We cannot really test the primary reason behind allow-other (i.e. to allow
> +# users other than the current one access to the export), because for that we
> +# would need sudo, which realistically nobody will allow this test to use.
> +# What we can do is test that allow-other=true also enables default_permissions,
> +# i.e. whether we can still read from the file if we remove the read permission.
I don't think this comment is accurate any more now that you're actually
using sudo.
> +# $1: allow-other value ('true' or 'false')
on/off/auto, actually.
I can fix this up while applying, removing the comment block above, and
adjusting this line.
Kevin
next prev parent reply other threads:[~2021-07-07 10:41 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-25 14:23 [PATCH v2 0/6] export/fuse: Allow other users access to the export Max Reitz
2021-06-25 14:23 ` [PATCH v2 1/6] export/fuse: Pass default_permissions for mount Max Reitz
2021-06-25 14:23 ` [PATCH v2 2/6] export/fuse: Add allow-other option Max Reitz
2021-07-07 10:37 ` Kevin Wolf
2021-06-25 14:23 ` [PATCH v2 3/6] export/fuse: Give SET_ATTR_SIZE its own branch Max Reitz
2021-06-25 14:23 ` [PATCH v2 4/6] export/fuse: Let permissions be adjustable Max Reitz
2021-06-25 14:23 ` [PATCH v2 5/6] iotests/308: Test +w on read-only FUSE exports Max Reitz
2021-06-25 14:23 ` [PATCH v2 6/6] iotests/fuse-allow-other: Test allow-other Max Reitz
2021-07-07 10:40 ` Kevin Wolf [this message]
2021-07-07 11:03 ` [PATCH v2 0/6] export/fuse: Allow other users access to the export Kevin Wolf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YOWElpoQUfM1R559@redhat.com \
--to=kwolf@redhat.com \
--cc=mreitz@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.