[PATCH] generic/692: test group ownership change

[PATCH] generic/692: test group ownership change

[Christian Brauner]

When group ownership is changed a caller whose fsuid owns the inode can
change the group of the inode to any group they are a member of. When
searching through the caller's groups we failed to use the gid mapped
according to the idmapped mount otherwise we fail to change ownership.
Add a test for this.

Cc: Seth Forshee <sforshee@digitalocean.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Aleksa Sarai <cyphar@cyphar.com>
Cc: <fstests@vger.kernel.org>
Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
---
 tests/generic/692     | 74 +++++++++++++++++++++++++++++++++++++++++++
 tests/generic/692.out |  3 ++
 2 files changed, 77 insertions(+)
 create mode 100755 tests/generic/692
 create mode 100644 tests/generic/692.out

diff --git a/tests/generic/692 b/tests/generic/692
new file mode 100755
index 00000000..825c836a
--- /dev/null
+++ b/tests/generic/692
@@ -0,0 +1,74 @@
+#! /bin/bash
+# SPDX-License-Identifier: GPL-2.0
+# Copyright (c) 2022 Christian Brauner (Microsoft).  All Rights Reserved.
+#
+# FS QA Test 692
+#
+# Test that users can changed group ownership of a file they own to a group
+# they are a member of.
+#
+# Regression test for commit:
+#
+# 263de29d8397 ("fs: account for group membership")
+#
+. ./common/preamble
+_begin_fstest auto quick perms attr idmapped mount
+
+# Override the default cleanup function.
+_cleanup()
+{
+	cd /
+	$UMOUNT_PROG $TEST_DIR/target-mnt
+	rm -r -f $tmp.*
+}
+
+# Import common functions.
+# . ./common/filter
+
+# real QA test starts here
+
+# Modify as appropriate.
+_supported_fs generic
+_require_test
+_require_chown
+_require_idmapped_mounts
+_require_user fsgqa
+_require_group fsgqa
+_require_group fsgqa2
+
+uqid=`id -u fsgqa`
+gqid=`id -g fsgqa`
+uqid2=`id -u fsgqa2`
+gqid2=`id -g fsgqa2`
+
+setup_tree()
+{
+	mkdir -p $TEST_DIR/source-mnt
+	chmod 0777 $TEST_DIR/source-mnt
+	touch $TEST_DIR/source-mnt/dir1
+	chown 65534:65534 $TEST_DIR/source-mnt
+	chown 65534:65535 $TEST_DIR/source-mnt/dir1
+
+	mkdir -p $TEST_DIR/target-mnt
+	chmod 0777 $TEST_DIR/target-mnt
+}
+
+setup_idmapped_mnt()
+{
+	$here/src/vfs/mount-idmapped \
+		--map-mount=u:65534:$uqid:1 \
+		--map-mount=g:65534:$gqid:1 \
+		--map-mount=u:65535:$uqid2:1 \
+		--map-mount=g:65535:$gqid2:1 \
+		$TEST_DIR/source-mnt $TEST_DIR/target-mnt
+}
+
+setup_tree
+setup_idmapped_mnt
+stat -c '%U:%G' "$TEST_DIR/target-mnt/dir1"
+_user_do "chgrp $gqid $TEST_DIR/target-mnt/dir1"
+stat -c '%U:%G' "$TEST_DIR/target-mnt/dir1"
+
+# success, all done
+status=0
+exit
diff --git a/tests/generic/692.out b/tests/generic/692.out
new file mode 100644
index 00000000..c963f7f4
--- /dev/null
+++ b/tests/generic/692.out
@@ -0,0 +1,3 @@
+QA output created by 692
+fsgqa:fsgqa2
+fsgqa:fsgqa

base-commit: 568ac9fffeb6afec03e5d6c9936617232fd7fc6d
-- 
2.34.1

Re: [PATCH] generic/692: test group ownership change

[Zorro Lang]

On Mon, Jun 13, 2022 at 05:23:14PM +0200, Christian Brauner wrote:
> When group ownership is changed a caller whose fsuid owns the inode can
> change the group of the inode to any group they are a member of. When
> searching through the caller's groups we failed to use the gid mapped
> according to the idmapped mount otherwise we fail to change ownership.
> Add a test for this.
> 
> Cc: Seth Forshee <sforshee@digitalocean.com>
> Cc: Christoph Hellwig <hch@lst.de>
> Cc: Aleksa Sarai <cyphar@cyphar.com>
> Cc: <fstests@vger.kernel.org>
> Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
> ---

Thanks for this test, a few of small review points as below ...

>  tests/generic/692     | 74 +++++++++++++++++++++++++++++++++++++++++++
>  tests/generic/692.out |  3 ++
>  2 files changed, 77 insertions(+)
>  create mode 100755 tests/generic/692
>  create mode 100644 tests/generic/692.out
> 
> diff --git a/tests/generic/692 b/tests/generic/692
> new file mode 100755
> index 00000000..825c836a
> --- /dev/null
> +++ b/tests/generic/692
> @@ -0,0 +1,74 @@
> +#! /bin/bash
> +# SPDX-License-Identifier: GPL-2.0
> +# Copyright (c) 2022 Christian Brauner (Microsoft).  All Rights Reserved.
> +#
> +# FS QA Test 692
> +#
> +# Test that users can changed group ownership of a file they own to a group
> +# they are a member of.
> +#
> +# Regression test for commit:
> +#
> +# 263de29d8397 ("fs: account for group membership")
> +#
> +. ./common/preamble
> +_begin_fstest auto quick perms attr idmapped mount
> +
> +# Override the default cleanup function.
> +_cleanup()
> +{
> +	cd /
> +	$UMOUNT_PROG $TEST_DIR/target-mnt

Do you need to filter out the errors by "2>/dev/null"?

> +	rm -r -f $tmp.*
> +}
> +
> +# Import common functions.
> +# . ./common/filter

I think you didn't use any filter, right? If so, this can be removed.

> +
> +# real QA test starts here
> +
> +# Modify as appropriate.
     ^^^
This line can be removed too.

> +_supported_fs generic
> +_require_test
> +_require_chown
> +_require_idmapped_mounts
> +_require_user fsgqa
> +_require_group fsgqa
> +_require_group fsgqa2
> +
> +uqid=`id -u fsgqa`
> +gqid=`id -g fsgqa`
> +uqid2=`id -u fsgqa2`
> +gqid2=`id -g fsgqa2`
> +
> +setup_tree()
> +{
> +	mkdir -p $TEST_DIR/source-mnt
> +	chmod 0777 $TEST_DIR/source-mnt
> +	touch $TEST_DIR/source-mnt/dir1
> +	chown 65534:65534 $TEST_DIR/source-mnt
> +	chown 65534:65535 $TEST_DIR/source-mnt/dir1
> +
> +	mkdir -p $TEST_DIR/target-mnt
> +	chmod 0777 $TEST_DIR/target-mnt
> +}
> +
> +setup_idmapped_mnt()
> +{
> +	$here/src/vfs/mount-idmapped \

You might need:
  _require_test_program "vfs/mount-idmapped"

due to _require_idmapped_mounts doesn't guarantee that.

Thanks,
Zorro

> +		--map-mount=u:65534:$uqid:1 \
> +		--map-mount=g:65534:$gqid:1 \
> +		--map-mount=u:65535:$uqid2:1 \
> +		--map-mount=g:65535:$gqid2:1 \
> +		$TEST_DIR/source-mnt $TEST_DIR/target-mnt
> +}
> +
> +setup_tree
> +setup_idmapped_mnt
> +stat -c '%U:%G' "$TEST_DIR/target-mnt/dir1"
> +_user_do "chgrp $gqid $TEST_DIR/target-mnt/dir1"
> +stat -c '%U:%G' "$TEST_DIR/target-mnt/dir1"
> +
> +# success, all done
> +status=0
> +exit
> diff --git a/tests/generic/692.out b/tests/generic/692.out
> new file mode 100644
> index 00000000..c963f7f4
> --- /dev/null
> +++ b/tests/generic/692.out
> @@ -0,0 +1,3 @@
> +QA output created by 692
> +fsgqa:fsgqa2
> +fsgqa:fsgqa
> 
> base-commit: 568ac9fffeb6afec03e5d6c9936617232fd7fc6d
> -- 
> 2.34.1
> 

Re: [PATCH] generic/692: test group ownership change

[Christian Brauner]

On Tue, Jun 14, 2022 at 12:25:16PM +0800, Zorro Lang wrote:
> On Mon, Jun 13, 2022 at 05:23:14PM +0200, Christian Brauner wrote:
> > When group ownership is changed a caller whose fsuid owns the inode can
> > change the group of the inode to any group they are a member of. When
> > searching through the caller's groups we failed to use the gid mapped
> > according to the idmapped mount otherwise we fail to change ownership.
> > Add a test for this.
> > 
> > Cc: Seth Forshee <sforshee@digitalocean.com>
> > Cc: Christoph Hellwig <hch@lst.de>
> > Cc: Aleksa Sarai <cyphar@cyphar.com>
> > Cc: <fstests@vger.kernel.org>
> > Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
> > ---
> 
> Thanks for this test, a few of small review points as below ...

Thanks for the review!

> 
> >  tests/generic/692     | 74 +++++++++++++++++++++++++++++++++++++++++++
> >  tests/generic/692.out |  3 ++
> >  2 files changed, 77 insertions(+)
> >  create mode 100755 tests/generic/692
> >  create mode 100644 tests/generic/692.out
> > 
> > diff --git a/tests/generic/692 b/tests/generic/692
> > new file mode 100755
> > index 00000000..825c836a
> > --- /dev/null
> > +++ b/tests/generic/692
> > @@ -0,0 +1,74 @@
> > +#! /bin/bash
> > +# SPDX-License-Identifier: GPL-2.0
> > +# Copyright (c) 2022 Christian Brauner (Microsoft).  All Rights Reserved.
> > +#
> > +# FS QA Test 692
> > +#
> > +# Test that users can changed group ownership of a file they own to a group
> > +# they are a member of.
> > +#
> > +# Regression test for commit:
> > +#
> > +# 263de29d8397 ("fs: account for group membership")
> > +#
> > +. ./common/preamble
> > +_begin_fstest auto quick perms attr idmapped mount
> > +
> > +# Override the default cleanup function.
> > +_cleanup()
> > +{
> > +	cd /
> > +	$UMOUNT_PROG $TEST_DIR/target-mnt
> 
> Do you need to filter out the errors by "2>/dev/null"?

Yeah, good idea.

> 
> > +	rm -r -f $tmp.*
> > +}
> > +
> > +# Import common functions.
> > +# . ./common/filter
> 
> I think you didn't use any filter, right? If so, this can be removed.

Removed.

> 
> > +
> > +# real QA test starts here
> > +
> > +# Modify as appropriate.
>      ^^^
> This line can be removed too.

Removed.

> 
> > +_supported_fs generic
> > +_require_test
> > +_require_chown
> > +_require_idmapped_mounts
> > +_require_user fsgqa
> > +_require_group fsgqa
> > +_require_group fsgqa2
> > +
> > +uqid=`id -u fsgqa`
> > +gqid=`id -g fsgqa`
> > +uqid2=`id -u fsgqa2`
> > +gqid2=`id -g fsgqa2`
> > +
> > +setup_tree()
> > +{
> > +	mkdir -p $TEST_DIR/source-mnt
> > +	chmod 0777 $TEST_DIR/source-mnt
> > +	touch $TEST_DIR/source-mnt/dir1
> > +	chown 65534:65534 $TEST_DIR/source-mnt
> > +	chown 65534:65535 $TEST_DIR/source-mnt/dir1
> > +
> > +	mkdir -p $TEST_DIR/target-mnt
> > +	chmod 0777 $TEST_DIR/target-mnt
> > +}
> > +
> > +setup_idmapped_mnt()
> > +{
> > +	$here/src/vfs/mount-idmapped \
> 
> You might need:
>   _require_test_program "vfs/mount-idmapped"
> 
> due to _require_idmapped_mounts doesn't guarantee that.

Yes, good point!

Thanks!
Christian