Re: [PATCH 5/9] generic/123, generic/128, afs: Allow for an fs that does its own perm management

From: "Darrick J. Wong" <djwong@kernel.org>
To: David Howells <dhowells@redhat.com>
Cc: fstests@vger.kernel.org, linux-afs@lists.infradead.org
Subject: Re: [PATCH 5/9] generic/123, generic/128, afs: Allow for an fs that does its own perm management
Date: Tue, 25 May 2021 09:19:26 -0700	[thread overview]
Message-ID: <20210525161926.GF202095@locust> (raw)
In-Reply-To: <162194966265.4011860.229488885734976223.stgit@warthog.procyon.org.uk>

On Tue, May 25, 2021 at 02:34:22PM +0100, David Howells wrote:
> The AFS filesystem has its own distributed permission management system
> that's based on a per-cell user and group database used in conjunction with
> ACLs.  The user is determined by the authentication token acquired from the
> kaserver or Kerberos, not by the local fsuid/fsgid.  For the most part, the
> uid, gid and mask on a file are ignored.
> 
> The generic/123 and generic/128 tests check that the UNIX permission bits do
> what would normally be expected of them - but this fails on AFS.  Using "su"
> to change the user is not effective on AFS.  Instead, "keyctl session" would
> need to be used and an alternative authentication token would need to be
> obtained.
> 
> Provide a "_require_unix_perm_checking" clause so that these tests can be
> suppressed in cases such as AFS.
> 
> Signed

Looks ok,
Reviewed

(I'll send the rest when the remainder of the SoB comes in. :P)

--D

> ---
> 
>  common/rc                    |    9 +++++++++
>  doc/requirement-checking.txt |    8 ++++++++
>  tests/generic/123            |    1 +
>  tests/generic/128            |    1 +
>  4 files changed, 19 insertions(+)
> 
> diff --git a/common/rc b/common/rc
> index a04433da..e25967d9 100644
> --- a/common/rc
> +++ b/common/rc
> @@ -4631,6 +4631,15 @@ _require_use_local_uidgid()
>  	esac
>  }
>  
> +_require_unix_perm_checking()
> +{
> +	case $FSTYP in
> +	afs)
> +		_notrun "$FSTYP doesn't perform traditional UNIX perm checking"
> +		;;
> +	esac
> +}
> +
>  init_rc
>  
>  ################################################################################
> diff --git a/doc/requirement-checking.txt b/doc/requirement-checking.txt
> index c945e16a..9be7a84c 100644
> --- a/doc/requirement-checking.txt
> +++ b/doc/requirement-checking.txt
> @@ -20,6 +20,7 @@ they have.  This is done with _require_<xxx> macros, which may take parameters.
>  	_has_mknod
>  	_require_sgid_inheritance
>  	_require_use_local_uidgid
> +	_require_unix_perm_checking
>  
>   (3) System call requirements.
>  
> @@ -121,6 +122,13 @@ _require_use_local_uidgid
>       filesystems, for example, may choose other settings or not even have these
>       concepts available.  The test will be skipped if not supported.
>  
> +_require_unix_perm_checking
> +
> +     The test requires that the $TEST_DEV filesystem performs traditional UNIX
> +     file permissions checking.  A remote filesystem, for example, might use
> +     some alternative distributed permissions model involving authentication
> +     tokens rather than the local fsuid/fsgid.
> +
>  
>  ========================
>  SYSTEM CALL REQUIREMENTS
> diff --git a/tests/generic/123 b/tests/generic/123
> index d2362e72..99ee4b9b 100755
> --- a/tests/generic/123
> +++ b/tests/generic/123
> @@ -33,6 +33,7 @@ _supported_fs generic
>  
>  _require_test
>  _require_user
> +_require_unix_perm_checking
>  
>  my_test_subdir=$TEST_DIR/123subdir
>  
> diff --git a/tests/generic/128 b/tests/generic/128
> index c1eae77a..91fdca1e 100755
> --- a/tests/generic/128
> +++ b/tests/generic/128
> @@ -25,6 +25,7 @@ _supported_fs generic
>  _require_scratch
>  _require_user
>  _require_chmod
> +_require_unix_perm_checking
>  
>  _scratch_mkfs >/dev/null 2>&1
>  _scratch_mount "-o nosuid"
> 
> 