All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Darrick J. Wong" <djwong@kernel.org>
To: David Howells <dhowells@redhat.com>
Cc: fstests@vger.kernel.org, linux-afs@lists.infradead.org
Subject: Re: [PATCH 5/9] generic/123, generic/128, afs: Allow for an fs that does its own perm management
Date: Tue, 25 May 2021 09:19:26 -0700	[thread overview]
Message-ID: <20210525161926.GF202095@locust> (raw)
In-Reply-To: <162194966265.4011860.229488885734976223.stgit@warthog.procyon.org.uk>

On Tue, May 25, 2021 at 02:34:22PM +0100, David Howells wrote:
> The AFS filesystem has its own distributed permission management system
> that's based on a per-cell user and group database used in conjunction with
> ACLs.  The user is determined by the authentication token acquired from the
> kaserver or Kerberos, not by the local fsuid/fsgid.  For the most part, the
> uid, gid and mask on a file are ignored.
> 
> The generic/123 and generic/128 tests check that the UNIX permission bits do
> what would normally be expected of them - but this fails on AFS.  Using "su"
> to change the user is not effective on AFS.  Instead, "keyctl session" would
> need to be used and an alternative authentication token would need to be
> obtained.
> 
> Provide a "_require_unix_perm_checking" clause so that these tests can be
> suppressed in cases such as AFS.
> 
> Signed

Looks ok,
Reviewed

(I'll send the rest when the remainder of the SoB comes in. :P)

--D

> ---
> 
>  common/rc                    |    9 +++++++++
>  doc/requirement-checking.txt |    8 ++++++++
>  tests/generic/123            |    1 +
>  tests/generic/128            |    1 +
>  4 files changed, 19 insertions(+)
> 
> diff --git a/common/rc b/common/rc
> index a04433da..e25967d9 100644
> --- a/common/rc
> +++ b/common/rc
> @@ -4631,6 +4631,15 @@ _require_use_local_uidgid()
>  	esac
>  }
>  
> +_require_unix_perm_checking()
> +{
> +	case $FSTYP in
> +	afs)
> +		_notrun "$FSTYP doesn't perform traditional UNIX perm checking"
> +		;;
> +	esac
> +}
> +
>  init_rc
>  
>  ################################################################################
> diff --git a/doc/requirement-checking.txt b/doc/requirement-checking.txt
> index c945e16a..9be7a84c 100644
> --- a/doc/requirement-checking.txt
> +++ b/doc/requirement-checking.txt
> @@ -20,6 +20,7 @@ they have.  This is done with _require_<xxx> macros, which may take parameters.
>  	_has_mknod
>  	_require_sgid_inheritance
>  	_require_use_local_uidgid
> +	_require_unix_perm_checking
>  
>   (3) System call requirements.
>  
> @@ -121,6 +122,13 @@ _require_use_local_uidgid
>       filesystems, for example, may choose other settings or not even have these
>       concepts available.  The test will be skipped if not supported.
>  
> +_require_unix_perm_checking
> +
> +     The test requires that the $TEST_DEV filesystem performs traditional UNIX
> +     file permissions checking.  A remote filesystem, for example, might use
> +     some alternative distributed permissions model involving authentication
> +     tokens rather than the local fsuid/fsgid.
> +
>  
>  ========================
>  SYSTEM CALL REQUIREMENTS
> diff --git a/tests/generic/123 b/tests/generic/123
> index d2362e72..99ee4b9b 100755
> --- a/tests/generic/123
> +++ b/tests/generic/123
> @@ -33,6 +33,7 @@ _supported_fs generic
>  
>  _require_test
>  _require_user
> +_require_unix_perm_checking
>  
>  my_test_subdir=$TEST_DIR/123subdir
>  
> diff --git a/tests/generic/128 b/tests/generic/128
> index c1eae77a..91fdca1e 100755
> --- a/tests/generic/128
> +++ b/tests/generic/128
> @@ -25,6 +25,7 @@ _supported_fs generic
>  _require_scratch
>  _require_user
>  _require_chmod
> +_require_unix_perm_checking
>  
>  _scratch_mkfs >/dev/null 2>&1
>  _scratch_mount "-o nosuid"
> 
> 

  reply	other threads:[~2021-05-25 16:19 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-05-25 13:33 [PATCH 0/9] Add support for using xfstests to test AFS David Howells
2021-05-25 13:33 ` [PATCH 1/9] Add AFS support David Howells
2021-05-25 13:34 ` [PATCH 2/9] generic/294, afs: Allow for mknod subtest failing if mknod not supported David Howells
2021-05-25 16:09   ` Darrick J. Wong
2021-05-25 16:19   ` David Howells
2021-05-25 16:26     ` Darrick J. Wong
2021-05-30 12:49   ` Eryu Guan
2021-06-01 14:31   ` David Howells
2021-06-06 11:58     ` Eryu Guan
2021-05-25 13:34 ` [PATCH 3/9] generic/314, afs: Allow for a filesystem that doesn't honour SGID inheritance David Howells
2021-05-25 16:10   ` Darrick J. Wong
2021-05-25 13:34 ` [PATCH 4/9] generic/317, afs: Allow for a filesystem not to honour the local uid/gid David Howells
2021-05-25 16:17   ` Darrick J. Wong
2021-05-25 16:41   ` David Howells
2021-05-25 13:34 ` [PATCH 5/9] generic/123, generic/128, afs: Allow for an fs that does its own perm management David Howells
2021-05-25 16:19   ` Darrick J. Wong [this message]
2021-05-25 16:44   ` David Howells
2021-05-25 16:51     ` Darrick J. Wong
2021-05-25 13:34 ` [PATCH 6/9] Add the ability to require O_TMPFILE to be supported for a test David Howells
2021-05-25 16:19   ` Darrick J. Wong
2021-05-30 12:54   ` Eryu Guan
2021-05-25 13:34 ` [PATCH 7/9] afs: Indicate the minimum DIO alignment is 1 David Howells
2021-05-25 13:34 ` [PATCH 8/9] generic/465: Fix handling of DIO alignment < sizeof(long) David Howells
2021-05-25 16:25   ` Darrick J. Wong
2021-05-25 16:46   ` David Howells
2021-05-25 13:34 ` [PATCH 9/9] Fix other posix_memalign() alignment issues David Howells

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210525161926.GF202095@locust \
    --to=djwong@kernel.org \
    --cc=dhowells@redhat.com \
    --cc=fstests@vger.kernel.org \
    --cc=linux-afs@lists.infradead.org \
    --subject='Re: [PATCH 5/9] generic/123, generic/128, afs: Allow for an fs that does its own perm management' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.