* [LTP] [PATCH] fs/acls: fix some permission issue in the testcase
@ 2015-03-09 9:43 Li Wang
2015-03-09 12:19 ` wangli
2015-03-10 2:22 ` Zeng Linggang
0 siblings, 2 replies; 4+ messages in thread
From: Li Wang @ 2015-03-09 9:43 UTC (permalink / raw)
To: ltp-list
hi,
The acl_test01 failed with a series of permission issue when runing on RHEL:
useradd: cannot set SELinux context for home directory
/mnt/testarea/ltp-KIK01kZbbL/tacl/mount-ext3/acltest1
Could not add test user acltest1.
/dev/loop1 on /mnt/testarea/ltp-KIK01kZbbL/tacl/mount-ext3
type ext3 (rw,relatime,seclabel,data=ordered)
...
A proposal fixed patch and test results as below:
TESTING ACLS FOR USER root
Trying extended acls for files
Extended acls for files (PASSED)
Trying extended acls for file links
Extended acls for links (PASSED)
TESTING ACLS FOR 2ND USER acltest1
Trying extended acls for files
Extended acls for files (PASSED)
Trying extended acls for file links
Extended acls for links (PASSED)
...
Thanks.
Signed-off-by: Li Wang <liwang@redhat.com>
---
testcases/kernel/fs/acls/acl_test01 | 25 +++++++++++++++++++++++--
1 file changed, 23 insertions(+), 2 deletions(-)
diff --git a/testcases/kernel/fs/acls/acl_test01 b/testcases/kernel/fs/acls/acl_test01
index af65213..5aa5823 100755
--- a/testcases/kernel/fs/acls/acl_test01
+++ b/testcases/kernel/fs/acls/acl_test01
@@ -52,15 +52,30 @@ FILE_ACL="$TMP/tacl/mount-ext3/test_file"
FILE_ACL_LINK="$TMP/tacl/mount-ext3/test_file_link"
TCbin=`pwd`
+SESTATUS=`/usr/sbin/sestatus |grep "SELinux status"|awk '{print $3}'`
+if [ "$SESTATUS" = "enabled" ]; then
+ export SELINUX=`getenforce`
+else
+ export SELINUX="disabled"
+
+fi
+
#-----------------------------------------------------------------------
# FUNCTION: do_setup
#-----------------------------------------------------------------------
do_setup(){
+ tst_require_root
+
rm -f $FILE_ACL
rm -f $FILE_ACL_LINK
+ if [ "$SELINUX" = "Enforcing" ]; then
+ echo "set the SElinux to Permissive."
+ setenforce 0
+ fi
+
if [ "x$TEST_USER1_HOMEDIR" = "x" ]; then
echo "Could not find user $TEST_USER1's home directory."
exit 1
@@ -91,6 +106,11 @@ do_cleanup() {
mount | grep "$TMP/tacl/mount-ext3" && umount -d $TMP/tacl/mount-ext3
[ "x$LOOP_DEV" != x ] && losetup -d $LOOP_DEV
rm -rf $TMP/tacl
+
+ if [ "$SELNUX" = "Enforcing" ]; then
+ echo "set the SElinux to Enforcing."
+ setenforce 1
+ fi
}
#-----------------------------------------------------------------------
@@ -177,7 +197,7 @@ then
setfacl -m u:$TEST_USER1:r $FILE_ACL
echo "Trying extended acls for files"
- ${TCbin}/acl_file_test $FILE_ACL
+ $TMP/tacl/mount-ext3/acl_file_test $FILE_ACL
if [ $? -ne 0 ]
then
EXIT_CODE=1
@@ -187,7 +207,7 @@ then
fi
echo "Trying extended acls for file links"
- ${TCbin}/acl_link_test $FILE_ACL_LINK
+ $TMP/tacl/mount-ext3/acl_link_test $FILE_ACL_LINK
if [ $? -ne 0 ]
then
EXIT_CODE=1
@@ -227,6 +247,7 @@ else
echo "Extended acls for links (PASSED)"
fi
+ cp ${TCbin}/acl_link_test ${TCbin}/acl_file_test $TMP/tacl/mount-ext3/
chown $TEST_USER1 $FILE_ACL
chown $TEST_USER1 $FILE_ACL_LINK
--
1.8.3.1
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [LTP] [PATCH] fs/acls: fix some permission issue in the testcase
2015-03-09 9:43 [LTP] [PATCH] fs/acls: fix some permission issue in the testcase Li Wang
@ 2015-03-09 12:19 ` wangli
2015-03-10 2:22 ` Zeng Linggang
1 sibling, 0 replies; 4+ messages in thread
From: wangli @ 2015-03-09 12:19 UTC (permalink / raw)
To: ltp-list
On Mon, 2015-03-09 at 17:43 +0800, Li Wang wrote:
> hi,
>
> The acl_test01 failed with a series of permission issue when runing on RHEL:
> useradd: cannot set SELinux context for home directory
> /mnt/testarea/ltp-KIK01kZbbL/tacl/mount-ext3/acltest1
> Could not add test user acltest1.
> /dev/loop1 on /mnt/testarea/ltp-KIK01kZbbL/tacl/mount-ext3
> type ext3 (rw,relatime,seclabel,data=ordered)
> ...
>
> A proposal fixed patch and test results as below:
>
> TESTING ACLS FOR USER root
> Trying extended acls for files
> Extended acls for files (PASSED)
> Trying extended acls for file links
> Extended acls for links (PASSED)
>
> TESTING ACLS FOR 2ND USER acltest1
> Trying extended acls for files
> Extended acls for files (PASSED)
> Trying extended acls for file links
> Extended acls for links (PASSED)
> ...
>
> Thanks.
>
> Signed-off-by: Li Wang <liwang@redhat.com>
> ---
> testcases/kernel/fs/acls/acl_test01 | 25 +++++++++++++++++++++++--
> 1 file changed, 23 insertions(+), 2 deletions(-)
>
> diff --git a/testcases/kernel/fs/acls/acl_test01 b/testcases/kernel/fs/acls/acl_test01
> index af65213..5aa5823 100755
> --- a/testcases/kernel/fs/acls/acl_test01
> +++ b/testcases/kernel/fs/acls/acl_test01
> @@ -52,15 +52,30 @@ FILE_ACL="$TMP/tacl/mount-ext3/test_file"
> FILE_ACL_LINK="$TMP/tacl/mount-ext3/test_file_link"
> TCbin=`pwd`
>
> +SESTATUS=`/usr/sbin/sestatus |grep "SELinux status"|awk '{print $3}'`
> +if [ "$SESTATUS" = "enabled" ]; then
> + export SELINUX=`getenforce`
> +else
> + export SELINUX="disabled"
> +
> +fi
> +
> #-----------------------------------------------------------------------
> # FUNCTION: do_setup
> #-----------------------------------------------------------------------
>
> do_setup(){
>
> + tst_require_root
> +
> rm -f $FILE_ACL
> rm -f $FILE_ACL_LINK
>
> + if [ "$SELINUX" = "Enforcing" ]; then
> + echo "set the SElinux to Permissive."
> + setenforce 0
> + fi
> +
> if [ "x$TEST_USER1_HOMEDIR" = "x" ]; then
> echo "Could not find user $TEST_USER1's home directory."
> exit 1
> @@ -91,6 +106,11 @@ do_cleanup() {
> mount | grep "$TMP/tacl/mount-ext3" && umount -d $TMP/tacl/mount-ext3
> [ "x$LOOP_DEV" != x ] && losetup -d $LOOP_DEV
> rm -rf $TMP/tacl
> +
> + if [ "$SELNUX" = "Enforcing" ]; then
> + echo "set the SElinux to Enforcing."
> + setenforce 1
> + fi
> }
>
> #-----------------------------------------------------------------------
> @@ -177,7 +197,7 @@ then
> setfacl -m u:$TEST_USER1:r $FILE_ACL
>
> echo "Trying extended acls for files"
> - ${TCbin}/acl_file_test $FILE_ACL
> + $TMP/tacl/mount-ext3/acl_file_test $FILE_ACL
> if [ $? -ne 0 ]
> then
> EXIT_CODE=1
> @@ -187,7 +207,7 @@ then
> fi
>
> echo "Trying extended acls for file links"
> - ${TCbin}/acl_link_test $FILE_ACL_LINK
> + $TMP/tacl/mount-ext3/acl_link_test $FILE_ACL_LINK
> if [ $? -ne 0 ]
> then
> EXIT_CODE=1
> @@ -227,6 +247,7 @@ else
> echo "Extended acls for links (PASSED)"
> fi
>
> + cp ${TCbin}/acl_link_test ${TCbin}/acl_file_test $TMP/tacl/mount-ext3/
Oops! the mistake I made here is copy these files to new place. seems
there is no need to do this. Since I just realized that I shouldn't run
the case under /root directory. Absolutely the new account acltest1 dose
not have the permission to perform acl_file_test.
And please ignore this patch directly. Sorry for making noise here!
Li Wang
> chown $TEST_USER1 $FILE_ACL
> chown $TEST_USER1 $FILE_ACL_LINK
>
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [LTP] [PATCH] fs/acls: fix some permission issue in the testcase
2015-03-09 9:43 [LTP] [PATCH] fs/acls: fix some permission issue in the testcase Li Wang
2015-03-09 12:19 ` wangli
@ 2015-03-10 2:22 ` Zeng Linggang
2015-03-10 3:04 ` Li Wang
1 sibling, 1 reply; 4+ messages in thread
From: Zeng Linggang @ 2015-03-10 2:22 UTC (permalink / raw)
To: Li Wang; +Cc: ltp-list
On Mon, 2015-03-09 at 17:43 +0800, Li Wang wrote:
> hi,
>
> The acl_test01 failed with a series of permission issue when runing on RHEL:
> useradd: cannot set SELinux context for home directory
> /mnt/testarea/ltp-KIK01kZbbL/tacl/mount-ext3/acltest1
> Could not add test user acltest1.
> /dev/loop1 on /mnt/testarea/ltp-KIK01kZbbL/tacl/mount-ext3
> type ext3 (rw,relatime,seclabel,data=ordered)
> ...
>
> A proposal fixed patch and test results as below:
>
> TESTING ACLS FOR USER root
> Trying extended acls for files
> Extended acls for files (PASSED)
> Trying extended acls for file links
> Extended acls for links (PASSED)
>
> TESTING ACLS FOR 2ND USER acltest1
> Trying extended acls for files
> Extended acls for files (PASSED)
> Trying extended acls for file links
> Extended acls for links (PASSED)
> ...
>
> Thanks.
>
> Signed-off-by: Li Wang <liwang@redhat.com>
> ---
> testcases/kernel/fs/acls/acl_test01 | 25 +++++++++++++++++++++++--
> 1 file changed, 23 insertions(+), 2 deletions(-)
>
> diff --git a/testcases/kernel/fs/acls/acl_test01 b/testcases/kernel/fs/acls/acl_test01
> index af65213..5aa5823 100755
> --- a/testcases/kernel/fs/acls/acl_test01
> +++ b/testcases/kernel/fs/acls/acl_test01
> @@ -52,15 +52,30 @@ FILE_ACL="$TMP/tacl/mount-ext3/test_file"
> FILE_ACL_LINK="$TMP/tacl/mount-ext3/test_file_link"
> TCbin=`pwd`
>
> +SESTATUS=`/usr/sbin/sestatus |grep "SELinux status"|awk '{print $3}'`
> +if [ "$SESTATUS" = "enabled" ]; then
> + export SELINUX=`getenforce`
> +else
> + export SELINUX="disabled"
> +
> +fi
> +
> #-----------------------------------------------------------------------
> # FUNCTION: do_setup
> #-----------------------------------------------------------------------
>
> do_setup(){
>
> + tst_require_root
> +
> rm -f $FILE_ACL
> rm -f $FILE_ACL_LINK
>
> + if [ "$SELINUX" = "Enforcing" ]; then
> + echo "set the SElinux to Permissive."
> + setenforce 0
> + fi
> +
> if [ "x$TEST_USER1_HOMEDIR" = "x" ]; then
> echo "Could not find user $TEST_USER1's home directory."
> exit 1
> @@ -91,6 +106,11 @@ do_cleanup() {
> mount | grep "$TMP/tacl/mount-ext3" && umount -d $TMP/tacl/mount-ext3
> [ "x$LOOP_DEV" != x ] && losetup -d $LOOP_DEV
> rm -rf $TMP/tacl
> +
> + if [ "$SELNUX" = "Enforcing" ]; then
At the begin, SELINUX is Enforcing.
Then you set SELINUX to Permissive.
Here $SELINUX(`getenforce`) is also Permissive, not Enforcing.
Now you could not set it to Enforcing.
How about:
1.
SELINUX=$(getenforce)
2.
# We could not consider whether the SElinux is Disabled or Permissive.
# We only set it to Permissive when it is Enforcing.
if [ "${SELINUX} = "Enforcing" ]; then
echo "set the SElinux to Permissive."
setenforce 0
fi
...
3.
# We set it back to Enforcing.
if [ "${SELINUX} = "Enforcing" ]; then
setenforce 1
fi
...
Thanks,
Zeng
> + echo "set the SElinux to Enforcing."
> + setenforce 1
> + fi
> }
>
> #-----------------------------------------------------------------------
> @@ -177,7 +197,7 @@ then
> setfacl -m u:$TEST_USER1:r $FILE_ACL
>
> echo "Trying extended acls for files"
> - ${TCbin}/acl_file_test $FILE_ACL
> + $TMP/tacl/mount-ext3/acl_file_test $FILE_ACL
> if [ $? -ne 0 ]
> then
> EXIT_CODE=1
> @@ -187,7 +207,7 @@ then
> fi
>
> echo "Trying extended acls for file links"
> - ${TCbin}/acl_link_test $FILE_ACL_LINK
> + $TMP/tacl/mount-ext3/acl_link_test $FILE_ACL_LINK
> if [ $? -ne 0 ]
> then
> EXIT_CODE=1
> @@ -227,6 +247,7 @@ else
> echo "Extended acls for links (PASSED)"
> fi
>
> + cp ${TCbin}/acl_link_test ${TCbin}/acl_file_test $TMP/tacl/mount-ext3/
> chown $TEST_USER1 $FILE_ACL
> chown $TEST_USER1 $FILE_ACL_LINK
>
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [LTP] [PATCH] fs/acls: fix some permission issue in the testcase
2015-03-10 2:22 ` Zeng Linggang
@ 2015-03-10 3:04 ` Li Wang
0 siblings, 0 replies; 4+ messages in thread
From: Li Wang @ 2015-03-10 3:04 UTC (permalink / raw)
To: Zeng Linggang; +Cc: ltp-list
hi,
On Tue, 2015-03-10 at 10:22 +0800, Zeng Linggang wrote:
> On Mon, 2015-03-09 at 17:43 +0800, Li Wang wrote:
> > hi,
> >
> > The acl_test01 failed with a series of permission issue when runing on RHEL:
> > useradd: cannot set SELinux context for home directory
> > /mnt/testarea/ltp-KIK01kZbbL/tacl/mount-ext3/acltest1
> > Could not add test user acltest1.
> > /dev/loop1 on /mnt/testarea/ltp-KIK01kZbbL/tacl/mount-ext3
> > type ext3 (rw,relatime,seclabel,data=ordered)
> > ...
> >
> > A proposal fixed patch and test results as below:
> >
> > TESTING ACLS FOR USER root
> > Trying extended acls for files
> > Extended acls for files (PASSED)
> > Trying extended acls for file links
> > Extended acls for links (PASSED)
> >
> > TESTING ACLS FOR 2ND USER acltest1
> > Trying extended acls for files
> > Extended acls for files (PASSED)
> > Trying extended acls for file links
> > Extended acls for links (PASSED)
> > ...
> >
> > Thanks.
> >
> > Signed-off-by: Li Wang <liwang@redhat.com>
> > ---
> > testcases/kernel/fs/acls/acl_test01 | 25 +++++++++++++++++++++++--
> > 1 file changed, 23 insertions(+), 2 deletions(-)
> >
> > diff --git a/testcases/kernel/fs/acls/acl_test01 b/testcases/kernel/fs/acls/acl_test01
> > index af65213..5aa5823 100755
> > --- a/testcases/kernel/fs/acls/acl_test01
> > +++ b/testcases/kernel/fs/acls/acl_test01
> > @@ -52,15 +52,30 @@ FILE_ACL="$TMP/tacl/mount-ext3/test_file"
> > FILE_ACL_LINK="$TMP/tacl/mount-ext3/test_file_link"
> > TCbin=`pwd`
> >
> > +SESTATUS=`/usr/sbin/sestatus |grep "SELinux status"|awk '{print $3}'`
> > +if [ "$SESTATUS" = "enabled" ]; then
> > + export SELINUX=`getenforce`
> > +else
> > + export SELINUX="disabled"
> > +
> > +fi
> > +
> > #-----------------------------------------------------------------------
> > # FUNCTION: do_setup
> > #-----------------------------------------------------------------------
> >
> > do_setup(){
> >
> > + tst_require_root
> > +
> > rm -f $FILE_ACL
> > rm -f $FILE_ACL_LINK
> >
> > + if [ "$SELINUX" = "Enforcing" ]; then
> > + echo "set the SElinux to Permissive."
> > + setenforce 0
> > + fi
> > +
> > if [ "x$TEST_USER1_HOMEDIR" = "x" ]; then
> > echo "Could not find user $TEST_USER1's home directory."
> > exit 1
> > @@ -91,6 +106,11 @@ do_cleanup() {
> > mount | grep "$TMP/tacl/mount-ext3" && umount -d $TMP/tacl/mount-ext3
> > [ "x$LOOP_DEV" != x ] && losetup -d $LOOP_DEV
> > rm -rf $TMP/tacl
> > +
> > + if [ "$SELNUX" = "Enforcing" ]; then
>
> At the begin, SELINUX is Enforcing.
> Then you set SELINUX to Permissive.
> Here $SELINUX(`getenforce`) is also Permissive, not Enforcing.
> Now you could not set it to Enforcing.
>
> How about:
> 1.
> SELINUX=$(getenforce)
Yeah, we needn't to consider the Disabled and Permissive situation.
thanks for reviewing, I will post a V2.
Li Wang
>
> 2.
> # We could not consider whether the SElinux is Disabled or Permissive.
> # We only set it to Permissive when it is Enforcing.
> if [ "${SELINUX} = "Enforcing" ]; then
> echo "set the SElinux to Permissive."
> setenforce 0
> fi
>
> ...
>
> 3.
> # We set it back to Enforcing.
> if [ "${SELINUX} = "Enforcing" ]; then
> setenforce 1
> fi
>
> ...
>
> Thanks,
> Zeng
>
> > + echo "set the SElinux to Enforcing."
> > + setenforce 1
> > + fi
> > }
> >
> > #-----------------------------------------------------------------------
> > @@ -177,7 +197,7 @@ then
> > setfacl -m u:$TEST_USER1:r $FILE_ACL
> >
> > echo "Trying extended acls for files"
> > - ${TCbin}/acl_file_test $FILE_ACL
> > + $TMP/tacl/mount-ext3/acl_file_test $FILE_ACL
> > if [ $? -ne 0 ]
> > then
> > EXIT_CODE=1
> > @@ -187,7 +207,7 @@ then
> > fi
> >
> > echo "Trying extended acls for file links"
> > - ${TCbin}/acl_link_test $FILE_ACL_LINK
> > + $TMP/tacl/mount-ext3/acl_link_test $FILE_ACL_LINK
> > if [ $? -ne 0 ]
> > then
> > EXIT_CODE=1
> > @@ -227,6 +247,7 @@ else
> > echo "Extended acls for links (PASSED)"
> > fi
> >
> > + cp ${TCbin}/acl_link_test ${TCbin}/acl_file_test $TMP/tacl/mount-ext3/
> > chown $TEST_USER1 $FILE_ACL
> > chown $TEST_USER1 $FILE_ACL_LINK
> >
>
>
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-03-10 3:04 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-03-09 9:43 [LTP] [PATCH] fs/acls: fix some permission issue in the testcase Li Wang
2015-03-09 12:19 ` wangli
2015-03-10 2:22 ` Zeng Linggang
2015-03-10 3:04 ` Li Wang
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.