* [PATCH] generic/692: test group ownership change
@ 2022-06-13 15:23 Christian Brauner
2022-06-14 4:25 ` Zorro Lang
0 siblings, 1 reply; 3+ messages in thread
From: Christian Brauner @ 2022-06-13 15:23 UTC (permalink / raw)
To: fstests
Cc: Christian Brauner, Seth Forshee, Christoph Hellwig, Zorro Lang,
Aleksa Sarai
When group ownership is changed a caller whose fsuid owns the inode can
change the group of the inode to any group they are a member of. When
searching through the caller's groups we failed to use the gid mapped
according to the idmapped mount otherwise we fail to change ownership.
Add a test for this.
Cc: Seth Forshee <sforshee@digitalocean.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Aleksa Sarai <cyphar@cyphar.com>
Cc: <fstests@vger.kernel.org>
Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
---
tests/generic/692 | 74 +++++++++++++++++++++++++++++++++++++++++++
tests/generic/692.out | 3 ++
2 files changed, 77 insertions(+)
create mode 100755 tests/generic/692
create mode 100644 tests/generic/692.out
diff --git a/tests/generic/692 b/tests/generic/692
new file mode 100755
index 00000000..825c836a
--- /dev/null
+++ b/tests/generic/692
@@ -0,0 +1,74 @@
+#! /bin/bash
+# SPDX-License-Identifier: GPL-2.0
+# Copyright (c) 2022 Christian Brauner (Microsoft). All Rights Reserved.
+#
+# FS QA Test 692
+#
+# Test that users can changed group ownership of a file they own to a group
+# they are a member of.
+#
+# Regression test for commit:
+#
+# 263de29d8397 ("fs: account for group membership")
+#
+. ./common/preamble
+_begin_fstest auto quick perms attr idmapped mount
+
+# Override the default cleanup function.
+_cleanup()
+{
+ cd /
+ $UMOUNT_PROG $TEST_DIR/target-mnt
+ rm -r -f $tmp.*
+}
+
+# Import common functions.
+# . ./common/filter
+
+# real QA test starts here
+
+# Modify as appropriate.
+_supported_fs generic
+_require_test
+_require_chown
+_require_idmapped_mounts
+_require_user fsgqa
+_require_group fsgqa
+_require_group fsgqa2
+
+uqid=`id -u fsgqa`
+gqid=`id -g fsgqa`
+uqid2=`id -u fsgqa2`
+gqid2=`id -g fsgqa2`
+
+setup_tree()
+{
+ mkdir -p $TEST_DIR/source-mnt
+ chmod 0777 $TEST_DIR/source-mnt
+ touch $TEST_DIR/source-mnt/dir1
+ chown 65534:65534 $TEST_DIR/source-mnt
+ chown 65534:65535 $TEST_DIR/source-mnt/dir1
+
+ mkdir -p $TEST_DIR/target-mnt
+ chmod 0777 $TEST_DIR/target-mnt
+}
+
+setup_idmapped_mnt()
+{
+ $here/src/vfs/mount-idmapped \
+ --map-mount=u:65534:$uqid:1 \
+ --map-mount=g:65534:$gqid:1 \
+ --map-mount=u:65535:$uqid2:1 \
+ --map-mount=g:65535:$gqid2:1 \
+ $TEST_DIR/source-mnt $TEST_DIR/target-mnt
+}
+
+setup_tree
+setup_idmapped_mnt
+stat -c '%U:%G' "$TEST_DIR/target-mnt/dir1"
+_user_do "chgrp $gqid $TEST_DIR/target-mnt/dir1"
+stat -c '%U:%G' "$TEST_DIR/target-mnt/dir1"
+
+# success, all done
+status=0
+exit
diff --git a/tests/generic/692.out b/tests/generic/692.out
new file mode 100644
index 00000000..c963f7f4
--- /dev/null
+++ b/tests/generic/692.out
@@ -0,0 +1,3 @@
+QA output created by 692
+fsgqa:fsgqa2
+fsgqa:fsgqa
base-commit: 568ac9fffeb6afec03e5d6c9936617232fd7fc6d
--
2.34.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] generic/692: test group ownership change
2022-06-13 15:23 [PATCH] generic/692: test group ownership change Christian Brauner
@ 2022-06-14 4:25 ` Zorro Lang
2022-06-14 10:16 ` Christian Brauner
0 siblings, 1 reply; 3+ messages in thread
From: Zorro Lang @ 2022-06-14 4:25 UTC (permalink / raw)
To: Christian Brauner; +Cc: fstests, Seth Forshee, Christoph Hellwig, Aleksa Sarai
On Mon, Jun 13, 2022 at 05:23:14PM +0200, Christian Brauner wrote:
> When group ownership is changed a caller whose fsuid owns the inode can
> change the group of the inode to any group they are a member of. When
> searching through the caller's groups we failed to use the gid mapped
> according to the idmapped mount otherwise we fail to change ownership.
> Add a test for this.
>
> Cc: Seth Forshee <sforshee@digitalocean.com>
> Cc: Christoph Hellwig <hch@lst.de>
> Cc: Aleksa Sarai <cyphar@cyphar.com>
> Cc: <fstests@vger.kernel.org>
> Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
> ---
Thanks for this test, a few of small review points as below ...
> tests/generic/692 | 74 +++++++++++++++++++++++++++++++++++++++++++
> tests/generic/692.out | 3 ++
> 2 files changed, 77 insertions(+)
> create mode 100755 tests/generic/692
> create mode 100644 tests/generic/692.out
>
> diff --git a/tests/generic/692 b/tests/generic/692
> new file mode 100755
> index 00000000..825c836a
> --- /dev/null
> +++ b/tests/generic/692
> @@ -0,0 +1,74 @@
> +#! /bin/bash
> +# SPDX-License-Identifier: GPL-2.0
> +# Copyright (c) 2022 Christian Brauner (Microsoft). All Rights Reserved.
> +#
> +# FS QA Test 692
> +#
> +# Test that users can changed group ownership of a file they own to a group
> +# they are a member of.
> +#
> +# Regression test for commit:
> +#
> +# 263de29d8397 ("fs: account for group membership")
> +#
> +. ./common/preamble
> +_begin_fstest auto quick perms attr idmapped mount
> +
> +# Override the default cleanup function.
> +_cleanup()
> +{
> + cd /
> + $UMOUNT_PROG $TEST_DIR/target-mnt
Do you need to filter out the errors by "2>/dev/null"?
> + rm -r -f $tmp.*
> +}
> +
> +# Import common functions.
> +# . ./common/filter
I think you didn't use any filter, right? If so, this can be removed.
> +
> +# real QA test starts here
> +
> +# Modify as appropriate.
^^^
This line can be removed too.
> +_supported_fs generic
> +_require_test
> +_require_chown
> +_require_idmapped_mounts
> +_require_user fsgqa
> +_require_group fsgqa
> +_require_group fsgqa2
> +
> +uqid=`id -u fsgqa`
> +gqid=`id -g fsgqa`
> +uqid2=`id -u fsgqa2`
> +gqid2=`id -g fsgqa2`
> +
> +setup_tree()
> +{
> + mkdir -p $TEST_DIR/source-mnt
> + chmod 0777 $TEST_DIR/source-mnt
> + touch $TEST_DIR/source-mnt/dir1
> + chown 65534:65534 $TEST_DIR/source-mnt
> + chown 65534:65535 $TEST_DIR/source-mnt/dir1
> +
> + mkdir -p $TEST_DIR/target-mnt
> + chmod 0777 $TEST_DIR/target-mnt
> +}
> +
> +setup_idmapped_mnt()
> +{
> + $here/src/vfs/mount-idmapped \
You might need:
_require_test_program "vfs/mount-idmapped"
due to _require_idmapped_mounts doesn't guarantee that.
Thanks,
Zorro
> + --map-mount=u:65534:$uqid:1 \
> + --map-mount=g:65534:$gqid:1 \
> + --map-mount=u:65535:$uqid2:1 \
> + --map-mount=g:65535:$gqid2:1 \
> + $TEST_DIR/source-mnt $TEST_DIR/target-mnt
> +}
> +
> +setup_tree
> +setup_idmapped_mnt
> +stat -c '%U:%G' "$TEST_DIR/target-mnt/dir1"
> +_user_do "chgrp $gqid $TEST_DIR/target-mnt/dir1"
> +stat -c '%U:%G' "$TEST_DIR/target-mnt/dir1"
> +
> +# success, all done
> +status=0
> +exit
> diff --git a/tests/generic/692.out b/tests/generic/692.out
> new file mode 100644
> index 00000000..c963f7f4
> --- /dev/null
> +++ b/tests/generic/692.out
> @@ -0,0 +1,3 @@
> +QA output created by 692
> +fsgqa:fsgqa2
> +fsgqa:fsgqa
>
> base-commit: 568ac9fffeb6afec03e5d6c9936617232fd7fc6d
> --
> 2.34.1
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] generic/692: test group ownership change
2022-06-14 4:25 ` Zorro Lang
@ 2022-06-14 10:16 ` Christian Brauner
0 siblings, 0 replies; 3+ messages in thread
From: Christian Brauner @ 2022-06-14 10:16 UTC (permalink / raw)
To: Zorro Lang; +Cc: fstests, Seth Forshee, Christoph Hellwig, Aleksa Sarai
On Tue, Jun 14, 2022 at 12:25:16PM +0800, Zorro Lang wrote:
> On Mon, Jun 13, 2022 at 05:23:14PM +0200, Christian Brauner wrote:
> > When group ownership is changed a caller whose fsuid owns the inode can
> > change the group of the inode to any group they are a member of. When
> > searching through the caller's groups we failed to use the gid mapped
> > according to the idmapped mount otherwise we fail to change ownership.
> > Add a test for this.
> >
> > Cc: Seth Forshee <sforshee@digitalocean.com>
> > Cc: Christoph Hellwig <hch@lst.de>
> > Cc: Aleksa Sarai <cyphar@cyphar.com>
> > Cc: <fstests@vger.kernel.org>
> > Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
> > ---
>
> Thanks for this test, a few of small review points as below ...
Thanks for the review!
>
> > tests/generic/692 | 74 +++++++++++++++++++++++++++++++++++++++++++
> > tests/generic/692.out | 3 ++
> > 2 files changed, 77 insertions(+)
> > create mode 100755 tests/generic/692
> > create mode 100644 tests/generic/692.out
> >
> > diff --git a/tests/generic/692 b/tests/generic/692
> > new file mode 100755
> > index 00000000..825c836a
> > --- /dev/null
> > +++ b/tests/generic/692
> > @@ -0,0 +1,74 @@
> > +#! /bin/bash
> > +# SPDX-License-Identifier: GPL-2.0
> > +# Copyright (c) 2022 Christian Brauner (Microsoft). All Rights Reserved.
> > +#
> > +# FS QA Test 692
> > +#
> > +# Test that users can changed group ownership of a file they own to a group
> > +# they are a member of.
> > +#
> > +# Regression test for commit:
> > +#
> > +# 263de29d8397 ("fs: account for group membership")
> > +#
> > +. ./common/preamble
> > +_begin_fstest auto quick perms attr idmapped mount
> > +
> > +# Override the default cleanup function.
> > +_cleanup()
> > +{
> > + cd /
> > + $UMOUNT_PROG $TEST_DIR/target-mnt
>
> Do you need to filter out the errors by "2>/dev/null"?
Yeah, good idea.
>
> > + rm -r -f $tmp.*
> > +}
> > +
> > +# Import common functions.
> > +# . ./common/filter
>
> I think you didn't use any filter, right? If so, this can be removed.
Removed.
>
> > +
> > +# real QA test starts here
> > +
> > +# Modify as appropriate.
> ^^^
> This line can be removed too.
Removed.
>
> > +_supported_fs generic
> > +_require_test
> > +_require_chown
> > +_require_idmapped_mounts
> > +_require_user fsgqa
> > +_require_group fsgqa
> > +_require_group fsgqa2
> > +
> > +uqid=`id -u fsgqa`
> > +gqid=`id -g fsgqa`
> > +uqid2=`id -u fsgqa2`
> > +gqid2=`id -g fsgqa2`
> > +
> > +setup_tree()
> > +{
> > + mkdir -p $TEST_DIR/source-mnt
> > + chmod 0777 $TEST_DIR/source-mnt
> > + touch $TEST_DIR/source-mnt/dir1
> > + chown 65534:65534 $TEST_DIR/source-mnt
> > + chown 65534:65535 $TEST_DIR/source-mnt/dir1
> > +
> > + mkdir -p $TEST_DIR/target-mnt
> > + chmod 0777 $TEST_DIR/target-mnt
> > +}
> > +
> > +setup_idmapped_mnt()
> > +{
> > + $here/src/vfs/mount-idmapped \
>
> You might need:
> _require_test_program "vfs/mount-idmapped"
>
> due to _require_idmapped_mounts doesn't guarantee that.
Yes, good point!
Thanks!
Christian
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-06-14 10:16 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-13 15:23 [PATCH] generic/692: test group ownership change Christian Brauner
2022-06-14 4:25 ` Zorro Lang
2022-06-14 10:16 ` Christian Brauner
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.