All of lore.kernel.org
 help / color / mirror / Atom feed
From: David Howells <dhowells@redhat.com>
To: fstests@vger.kernel.org
Cc: dhowells@redhat.com, linux-afs@lists.infradead.org
Subject: [PATCH 5/9] generic/123, generic/128, afs: Allow for an fs that does its own perm management
Date: Tue, 25 May 2021 14:34:22 +0100	[thread overview]
Message-ID: <162194966265.4011860.229488885734976223.stgit@warthog.procyon.org.uk> (raw)
In-Reply-To: <162194962878.4011860.5561077785368723619.stgit@warthog.procyon.org.uk>

The AFS filesystem has its own distributed permission management system
that's based on a per-cell user and group database used in conjunction with
ACLs.  The user is determined by the authentication token acquired from the
kaserver or Kerberos, not by the local fsuid/fsgid.  For the most part, the
uid, gid and mask on a file are ignored.

The generic/123 and generic/128 tests check that the UNIX permission bits do
what would normally be expected of them - but this fails on AFS.  Using "su"
to change the user is not effective on AFS.  Instead, "keyctl session" would
need to be used and an alternative authentication token would need to be
obtained.

Provide a "_require_unix_perm_checking" clause so that these tests can be
suppressed in cases such as AFS.

Signed
---

 common/rc                    |    9 +++++++++
 doc/requirement-checking.txt |    8 ++++++++
 tests/generic/123            |    1 +
 tests/generic/128            |    1 +
 4 files changed, 19 insertions(+)

diff --git a/common/rc b/common/rc
index a04433da..e25967d9 100644
--- a/common/rc
+++ b/common/rc
@@ -4631,6 +4631,15 @@ _require_use_local_uidgid()
 	esac
 }
 
+_require_unix_perm_checking()
+{
+	case $FSTYP in
+	afs)
+		_notrun "$FSTYP doesn't perform traditional UNIX perm checking"
+		;;
+	esac
+}
+
 init_rc
 
 ################################################################################
diff --git a/doc/requirement-checking.txt b/doc/requirement-checking.txt
index c945e16a..9be7a84c 100644
--- a/doc/requirement-checking.txt
+++ b/doc/requirement-checking.txt
@@ -20,6 +20,7 @@ they have.  This is done with _require_<xxx> macros, which may take parameters.
 	_has_mknod
 	_require_sgid_inheritance
 	_require_use_local_uidgid
+	_require_unix_perm_checking
 
  (3) System call requirements.
 
@@ -121,6 +122,13 @@ _require_use_local_uidgid
      filesystems, for example, may choose other settings or not even have these
      concepts available.  The test will be skipped if not supported.
 
+_require_unix_perm_checking
+
+     The test requires that the $TEST_DEV filesystem performs traditional UNIX
+     file permissions checking.  A remote filesystem, for example, might use
+     some alternative distributed permissions model involving authentication
+     tokens rather than the local fsuid/fsgid.
+
 
 ========================
 SYSTEM CALL REQUIREMENTS
diff --git a/tests/generic/123 b/tests/generic/123
index d2362e72..99ee4b9b 100755
--- a/tests/generic/123
+++ b/tests/generic/123
@@ -33,6 +33,7 @@ _supported_fs generic
 
 _require_test
 _require_user
+_require_unix_perm_checking
 
 my_test_subdir=$TEST_DIR/123subdir
 
diff --git a/tests/generic/128 b/tests/generic/128
index c1eae77a..91fdca1e 100755
--- a/tests/generic/128
+++ b/tests/generic/128
@@ -25,6 +25,7 @@ _supported_fs generic
 _require_scratch
 _require_user
 _require_chmod
+_require_unix_perm_checking
 
 _scratch_mkfs >/dev/null 2>&1
 _scratch_mount "-o nosuid"



  parent reply	other threads:[~2021-05-25 13:34 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-05-25 13:33 [PATCH 0/9] Add support for using xfstests to test AFS David Howells
2021-05-25 13:33 ` [PATCH 1/9] Add AFS support David Howells
2021-05-25 13:34 ` [PATCH 2/9] generic/294, afs: Allow for mknod subtest failing if mknod not supported David Howells
2021-05-25 16:09   ` Darrick J. Wong
2021-05-25 16:19   ` David Howells
2021-05-25 16:26     ` Darrick J. Wong
2021-05-30 12:49   ` Eryu Guan
2021-06-01 14:31   ` David Howells
2021-06-06 11:58     ` Eryu Guan
2021-05-25 13:34 ` [PATCH 3/9] generic/314, afs: Allow for a filesystem that doesn't honour SGID inheritance David Howells
2021-05-25 16:10   ` Darrick J. Wong
2021-05-25 13:34 ` [PATCH 4/9] generic/317, afs: Allow for a filesystem not to honour the local uid/gid David Howells
2021-05-25 16:17   ` Darrick J. Wong
2021-05-25 16:41   ` David Howells
2021-05-25 13:34 ` David Howells [this message]
2021-05-25 16:19   ` [PATCH 5/9] generic/123, generic/128, afs: Allow for an fs that does its own perm management Darrick J. Wong
2021-05-25 16:44   ` David Howells
2021-05-25 16:51     ` Darrick J. Wong
2021-05-25 13:34 ` [PATCH 6/9] Add the ability to require O_TMPFILE to be supported for a test David Howells
2021-05-25 16:19   ` Darrick J. Wong
2021-05-30 12:54   ` Eryu Guan
2021-05-25 13:34 ` [PATCH 7/9] afs: Indicate the minimum DIO alignment is 1 David Howells
2021-05-25 13:34 ` [PATCH 8/9] generic/465: Fix handling of DIO alignment < sizeof(long) David Howells
2021-05-25 16:25   ` Darrick J. Wong
2021-05-25 16:46   ` David Howells
2021-05-25 13:34 ` [PATCH 9/9] Fix other posix_memalign() alignment issues David Howells

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=162194966265.4011860.229488885734976223.stgit@warthog.procyon.org.uk \
    --to=dhowells@redhat.com \
    --cc=fstests@vger.kernel.org \
    --cc=linux-afs@lists.infradead.org \
    --subject='Re: [PATCH 5/9] generic/123, generic/128, afs: Allow for an fs that does its own perm management' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.