* [LTP] [PATCH 1/2] chdir01.c: Fix on enabled FIPS
@ 2021-12-13 13:23 Petr Vorel
2021-12-13 13:23 ` [LTP] [PATCH 2/2] chdir01.c: Minor cleanup Petr Vorel
2022-01-10 15:18 ` [LTP] [PATCH 1/2] chdir01.c: Fix on enabled FIPS Cyril Hrubis
0 siblings, 2 replies; 6+ messages in thread
From: Petr Vorel @ 2021-12-13 13:23 UTC (permalink / raw)
To: ltp
which causes 0 permission for user and group.
Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
testcases/kernel/syscalls/chdir/chdir01.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/testcases/kernel/syscalls/chdir/chdir01.c b/testcases/kernel/syscalls/chdir/chdir01.c
index aa25adf6aa..5819998484 100644
--- a/testcases/kernel/syscalls/chdir/chdir01.c
+++ b/testcases/kernel/syscalls/chdir/chdir01.c
@@ -27,7 +27,7 @@
#define LINK_NAME2 "symloop2"
static char *workdir;
-static int skip_symlinks, skip_blocked;
+static int skip_symlinks, blocked_perm;
static struct passwd *ltpuser;
static struct test_case {
@@ -61,9 +61,9 @@ static void setup(void)
SAFE_MKDIR(BLOCKED_NAME, 0644);
umask(sys_umask);
- /* FAT and NTFS override file and directory permissions */
SAFE_STAT(BLOCKED_NAME, &statbuf);
- skip_blocked = statbuf.st_mode & 0111;
+ blocked_perm = statbuf.st_mode;
+
skip_symlinks = 0;
TEST(symlink(LINK_NAME1, LINK_NAME2));
@@ -117,7 +117,15 @@ static void run(unsigned int n)
TEST(chdir(tc->name));
check_result("root", tc->name, tc->root_ret, tc->root_err);
- if (tc->nobody_err == EACCES && skip_blocked) {
+ /* FIPS mode disables umask efect for group or other */
+ if (!(blocked_perm & S_IRGRP) && strcmp(tc->name, "/") != 0) {
+ tst_res(TCONF, "Skipping unprivileged permission test, "
+ "no read permission for \"%s\"", tc->name);
+ return;
+ }
+
+ /* FAT and NTFS override file and directory permissions */
+ if (blocked_perm & 0111 && tc->nobody_err == EACCES) {
tst_res(TCONF, "Skipping unprivileged permission test, "
"FS mangles dir mode");
return;
--
2.34.1
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [LTP] [PATCH 2/2] chdir01.c: Minor cleanup
2021-12-13 13:23 [LTP] [PATCH 1/2] chdir01.c: Fix on enabled FIPS Petr Vorel
@ 2021-12-13 13:23 ` Petr Vorel
2022-01-10 15:19 ` Cyril Hrubis
2022-01-10 15:18 ` [LTP] [PATCH 1/2] chdir01.c: Fix on enabled FIPS Cyril Hrubis
1 sibling, 1 reply; 6+ messages in thread
From: Petr Vorel @ 2021-12-13 13:23 UTC (permalink / raw)
To: ltp
1) print tested item (readability)
2) define TESTUSER (DRY)
Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
testcases/kernel/syscalls/chdir/chdir01.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/testcases/kernel/syscalls/chdir/chdir01.c b/testcases/kernel/syscalls/chdir/chdir01.c
index 5819998484..228f6daf44 100644
--- a/testcases/kernel/syscalls/chdir/chdir01.c
+++ b/testcases/kernel/syscalls/chdir/chdir01.c
@@ -25,6 +25,7 @@
#define BLOCKED_NAME "keep_out"
#define LINK_NAME1 "symloop"
#define LINK_NAME2 "symloop2"
+#define TESTUSER "nobody"
static char *workdir;
static int skip_symlinks, blocked_perm;
@@ -78,7 +79,7 @@ static void setup(void)
SAFE_CLOSE(fd);
if (!ltpuser)
- ltpuser = SAFE_GETPWNAM("nobody");
+ ltpuser = SAFE_GETPWNAM(TESTUSER);
}
static void check_result(const char *user, const char *name, int retval,
@@ -106,6 +107,8 @@ static void run(unsigned int n)
{
struct test_case *tc = testcase_list + n;
+ tst_res(TINFO, "Testing '%s'", tc->name);
+
if (tc->root_err == ELOOP && skip_symlinks) {
tst_res(TCONF, "Skipping symlink loop test, not supported");
return;
@@ -135,7 +138,7 @@ static void run(unsigned int n)
SAFE_SETEUID(ltpuser->pw_uid);
TEST(chdir(tc->name));
SAFE_SETEUID(0);
- check_result("nobody", tc->name, tc->nobody_ret, tc->nobody_err);
+ check_result(TESTUSER, tc->name, tc->nobody_ret, tc->nobody_err);
}
static void cleanup(void)
--
2.34.1
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [LTP] [PATCH 1/2] chdir01.c: Fix on enabled FIPS
2021-12-13 13:23 [LTP] [PATCH 1/2] chdir01.c: Fix on enabled FIPS Petr Vorel
2021-12-13 13:23 ` [LTP] [PATCH 2/2] chdir01.c: Minor cleanup Petr Vorel
@ 2022-01-10 15:18 ` Cyril Hrubis
2022-01-10 17:27 ` Petr Vorel
1 sibling, 1 reply; 6+ messages in thread
From: Cyril Hrubis @ 2022-01-10 15:18 UTC (permalink / raw)
To: Petr Vorel; +Cc: ltp
Hi!
> which causes 0 permission for user and group.
This could be a bit more verbose.
> Signed-off-by: Petr Vorel <pvorel@suse.cz>
> ---
> testcases/kernel/syscalls/chdir/chdir01.c | 16 ++++++++++++----
> 1 file changed, 12 insertions(+), 4 deletions(-)
>
> diff --git a/testcases/kernel/syscalls/chdir/chdir01.c b/testcases/kernel/syscalls/chdir/chdir01.c
> index aa25adf6aa..5819998484 100644
> --- a/testcases/kernel/syscalls/chdir/chdir01.c
> +++ b/testcases/kernel/syscalls/chdir/chdir01.c
> @@ -27,7 +27,7 @@
> #define LINK_NAME2 "symloop2"
>
> static char *workdir;
> -static int skip_symlinks, skip_blocked;
> +static int skip_symlinks, blocked_perm;
> static struct passwd *ltpuser;
>
> static struct test_case {
> @@ -61,9 +61,9 @@ static void setup(void)
> SAFE_MKDIR(BLOCKED_NAME, 0644);
> umask(sys_umask);
>
> - /* FAT and NTFS override file and directory permissions */
> SAFE_STAT(BLOCKED_NAME, &statbuf);
> - skip_blocked = statbuf.st_mode & 0111;
> + blocked_perm = statbuf.st_mode;
> +
> skip_symlinks = 0;
> TEST(symlink(LINK_NAME1, LINK_NAME2));
>
> @@ -117,7 +117,15 @@ static void run(unsigned int n)
> TEST(chdir(tc->name));
> check_result("root", tc->name, tc->root_ret, tc->root_err);
>
> - if (tc->nobody_err == EACCES && skip_blocked) {
> + /* FIPS mode disables umask efect for group or other */
> + if (!(blocked_perm & S_IRGRP) && strcmp(tc->name, "/") != 0) {
So on FIPS the directories we create have zeroed group and other flags
regardless of the umask? Or is this just a different default umask on
FIPS? If it's just different umask the easiest solution would be
changing the umask in the test setup.
And if it's regardless of umask settings shouldn't this rather be:
if (tst_fips_enabled() && !strcmp(tc->name, "/"))
> + tst_res(TCONF, "Skipping unprivileged permission test, "
> + "no read permission for \"%s\"", tc->name);
> + return;
> + }
> +
> + /* FAT and NTFS override file and directory permissions */
> + if (blocked_perm & 0111 && tc->nobody_err == EACCES) {
> tst_res(TCONF, "Skipping unprivileged permission test, "
> "FS mangles dir mode");
> return;
> --
> 2.34.1
>
--
Cyril Hrubis
chrubis@suse.cz
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [LTP] [PATCH 2/2] chdir01.c: Minor cleanup
2021-12-13 13:23 ` [LTP] [PATCH 2/2] chdir01.c: Minor cleanup Petr Vorel
@ 2022-01-10 15:19 ` Cyril Hrubis
2022-01-12 15:29 ` Petr Vorel
0 siblings, 1 reply; 6+ messages in thread
From: Cyril Hrubis @ 2022-01-10 15:19 UTC (permalink / raw)
To: Petr Vorel; +Cc: ltp
Hi!
This one is obviously fine.
Reviewed-by: Cyril Hrubis <chrubis@suse.cz>
--
Cyril Hrubis
chrubis@suse.cz
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [LTP] [PATCH 1/2] chdir01.c: Fix on enabled FIPS
2022-01-10 15:18 ` [LTP] [PATCH 1/2] chdir01.c: Fix on enabled FIPS Cyril Hrubis
@ 2022-01-10 17:27 ` Petr Vorel
0 siblings, 0 replies; 6+ messages in thread
From: Petr Vorel @ 2022-01-10 17:27 UTC (permalink / raw)
To: Cyril Hrubis; +Cc: ltp
Hi Cyril,
> Hi!
> > which causes 0 permission for user and group.
> This could be a bit more verbose.
I'll put more info.
...
> > - if (tc->nobody_err == EACCES && skip_blocked) {
> > + /* FIPS mode disables umask efect for group or other */
> > + if (!(blocked_perm & S_IRGRP) && strcmp(tc->name, "/") != 0) {
> So on FIPS the directories we create have zeroed group and other flags
> regardless of the umask? Or is this just a different default umask on
> FIPS? If it's just different umask the easiest solution would be
> changing the umask in the test setup.
Thanks! It's really just different umask, 0077 (where group umask is important).
Kind regards,
Petr
> And if it's regardless of umask settings shouldn't this rather be:
> if (tst_fips_enabled() && !strcmp(tc->name, "/"))
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [LTP] [PATCH 2/2] chdir01.c: Minor cleanup
2022-01-10 15:19 ` Cyril Hrubis
@ 2022-01-12 15:29 ` Petr Vorel
0 siblings, 0 replies; 6+ messages in thread
From: Petr Vorel @ 2022-01-12 15:29 UTC (permalink / raw)
To: Cyril Hrubis; +Cc: ltp
Hi Cyril,
> Hi!
> This one is obviously fine.
Thanks, merged!
Kind regards,
Petr
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2022-01-12 15:30 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-13 13:23 [LTP] [PATCH 1/2] chdir01.c: Fix on enabled FIPS Petr Vorel
2021-12-13 13:23 ` [LTP] [PATCH 2/2] chdir01.c: Minor cleanup Petr Vorel
2022-01-10 15:19 ` Cyril Hrubis
2022-01-12 15:29 ` Petr Vorel
2022-01-10 15:18 ` [LTP] [PATCH 1/2] chdir01.c: Fix on enabled FIPS Cyril Hrubis
2022-01-10 17:27 ` Petr Vorel
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.