* [PATCH] generic/397: test renaming encrypted files without key
@ 2017-03-14 21:23 Eric Biggers
2017-03-15 9:39 ` Eryu Guan
0 siblings, 1 reply; 3+ messages in thread
From: Eric Biggers @ 2017-03-14 21:23 UTC (permalink / raw)
To: fstests; +Cc: Eric Biggers, Theodore Ts'o, Jaegeuk Kim, Richard Weinberger
From: Eric Biggers <ebiggers@google.com>
Update generic/397 to test another behavior when accessing encrypted
files without the key: renames should be forbidden, even though they may
be possible cryptographically. Test both a regular rename and a cross
rename. (It happens that generic/398 also covers the cross rename case,
but it's primarily for a different reason.)
Cc: Theodore Ts'o <tytso@mit.edu>
Cc: Jaegeuk Kim <jaegeuk@kernel.org>
Cc: Richard Weinberger <richard@nod.at>
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
tests/generic/397 | 13 +++++++++++++
tests/generic/397.out | 2 ++
2 files changed, 15 insertions(+)
diff --git a/tests/generic/397 b/tests/generic/397
index 7077d048..0d3ab4c1 100755
--- a/tests/generic/397
+++ b/tests/generic/397
@@ -46,6 +46,7 @@ _cleanup()
. ./common/rc
. ./common/filter
. ./common/encrypt
+. ./common/renameat2
# remove previous $seqres.full before test
rm -f $seqres.full
@@ -56,6 +57,7 @@ _supported_os Linux
_require_scratch_encryption
_require_xfs_io_command "set_encpolicy"
_require_command "$KEYCTL_PROG" keyctl
+_requires_renameat2
_new_session_keyring
@@ -135,6 +137,17 @@ mkdir $SCRATCH_MNT/edir/0123456789abcdef |& filter_create_errors | _filter_scrat
ln -s foo $SCRATCH_MNT/edir/newlink |& filter_create_errors | _filter_scratch
ln -s foo $SCRATCH_MNT/edir/0123456789abcdef |& filter_create_errors | _filter_scratch
+# Try to rename files in the encrypted directory. This should fail with ENOKEY.
+# As noted above, encrypted filenames are unpredictable, so this needs to be
+# written in a way that does not assume any particular filenames.
+# Regression test for:
+# 173b8439e1ba ("ext4: don't allow encrypted operations without keys")
+# 363fa4e078cb ("f2fs: don't allow encrypted operations without keys")
+efile1=$(find $SCRATCH_MNT/edir -maxdepth 1 -type f | head -1)
+efile2=$(find $SCRATCH_MNT/edir -maxdepth 1 -type f | tail -1)
+mv $efile1 $efile2 |& _filter_scratch | sed 's|edir/[a-zA-Z0-9+,_]\+|edir/FILENAME|g'
+src/renameat2 -x $efile1 $efile2
+
# Delete the encrypted directory (should succeed)
rm -r $SCRATCH_MNT/edir
stat $SCRATCH_MNT/edir |& _filter_scratch
diff --git a/tests/generic/397.out b/tests/generic/397.out
index 2f55c5d6..3cf57aab 100644
--- a/tests/generic/397.out
+++ b/tests/generic/397.out
@@ -10,4 +10,6 @@ mkdir: cannot create directory 'SCRATCH_MNT/edir/newdir': Required key not avail
mkdir: cannot create directory 'SCRATCH_MNT/edir/0123456789abcdef': Required key not available
ln: failed to create symbolic link 'SCRATCH_MNT/edir/newlink': Required key not available
ln: failed to create symbolic link 'SCRATCH_MNT/edir/0123456789abcdef': Required key not available
+mv: cannot move 'SCRATCH_MNT/edir/FILENAME' to 'SCRATCH_MNT/edir/FILENAME': Required key not available
+Required key not available
stat: cannot stat 'SCRATCH_MNT/edir': No such file or directory
--
2.12.0.367.g23dc2f6d3c-goog
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] generic/397: test renaming encrypted files without key
2017-03-14 21:23 [PATCH] generic/397: test renaming encrypted files without key Eric Biggers
@ 2017-03-15 9:39 ` Eryu Guan
2017-03-15 17:59 ` Eric Biggers
0 siblings, 1 reply; 3+ messages in thread
From: Eryu Guan @ 2017-03-15 9:39 UTC (permalink / raw)
To: Eric Biggers
Cc: fstests, Eric Biggers, Theodore Ts'o, Jaegeuk Kim,
Richard Weinberger
On Tue, Mar 14, 2017 at 02:23:58PM -0700, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@google.com>
>
> Update generic/397 to test another behavior when accessing encrypted
> files without the key: renames should be forbidden, even though they may
> be possible cryptographically. Test both a regular rename and a cross
> rename. (It happens that generic/398 also covers the cross rename case,
> but it's primarily for a different reason.)
>
> Cc: Theodore Ts'o <tytso@mit.edu>
> Cc: Jaegeuk Kim <jaegeuk@kernel.org>
> Cc: Richard Weinberger <richard@nod.at>
> Signed-off-by: Eric Biggers <ebiggers@google.com>
We usually don't add new tests to existing tests, expecially targeted
regression tests, this could make test start failing and make people
think it's a new regression.
Would you mind writing a new case for it?
Thanks,
Eryu
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] generic/397: test renaming encrypted files without key
2017-03-15 9:39 ` Eryu Guan
@ 2017-03-15 17:59 ` Eric Biggers
0 siblings, 0 replies; 3+ messages in thread
From: Eric Biggers @ 2017-03-15 17:59 UTC (permalink / raw)
To: Eryu Guan
Cc: fstests, Eric Biggers, Theodore Ts'o, Jaegeuk Kim,
Richard Weinberger
On Wed, Mar 15, 2017 at 05:39:42PM +0800, Eryu Guan wrote:
> On Tue, Mar 14, 2017 at 02:23:58PM -0700, Eric Biggers wrote:
> > From: Eric Biggers <ebiggers@google.com>
> >
> > Update generic/397 to test another behavior when accessing encrypted
> > files without the key: renames should be forbidden, even though they may
> > be possible cryptographically. Test both a regular rename and a cross
> > rename. (It happens that generic/398 also covers the cross rename case,
> > but it's primarily for a different reason.)
> >
> > Cc: Theodore Ts'o <tytso@mit.edu>
> > Cc: Jaegeuk Kim <jaegeuk@kernel.org>
> > Cc: Richard Weinberger <richard@nod.at>
> > Signed-off-by: Eric Biggers <ebiggers@google.com>
>
> We usually don't add new tests to existing tests, expecially targeted
> regression tests, this could make test start failing and make people
> think it's a new regression.
>
> Would you mind writing a new case for it?
>
> Thanks,
> Eryu
I felt that this fit well into the existing test, but yes I'll add a new one if
that's preferable. Thanks!
- Eric
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-03-15 17:59 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-03-14 21:23 [PATCH] generic/397: test renaming encrypted files without key Eric Biggers
2017-03-15 9:39 ` Eryu Guan
2017-03-15 17:59 ` Eric Biggers
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.