Re: [LTP] [PATCH 1/2] lib: Add checking of needs_root

[Petr Vorel <pvorel@suse.cz>]

> Hi,

> If we neeed to run the test as a non-root user, the non-root user would belong to the root group.

> Shall we add a checking of needs_root and needs_rootgroup?

How many of these tests we have? I wonder if it's worth to add this.

Kind regards,
Petr

> Regards,
> Gongyi



> > > > -----Original Message-----
> > > > From: ltp <ltp-bounces+tim.bird=sony.com@lists.linux.it> On Behalf
> > > > Of Petr Vorel

> > > > Hi all,

> > > > The subject "lib: Add checking of needs_root" is a bit misleading as
> > > > it does not mention at all that it's for the loop device.

> > > > > We need to check needs_root is set when tst_test->needs_device
> > or
> > > > > tst_test->mount_device is set since access the /dev/* need a
> > > > > privilege.

> > > > FYI we had some discussion about it, quoting Cyril [1]:

> > > > 	Well technically you can be added into whatever group is set to
> > > > 	/dev/loop-control e.g. disk group and then you can create devices
> > > > 	without a need to be a root.

> > > > 	So the most correct solution would be checking if we can access
> > > > 	/dev/loop-control if tst_test.needs_device is set and if not we would
> > > > 	imply needs_root. However this would need to be rethinked properly
> > so
> > > > 	that we do not end up creating something complex and not really
> > > > 	required.

> > > > There is also possibility to add custom device via $LTP_DEV. That
> > > > might allow to add permissions which allow to test without root.

> > > > I'll write to automated-testing ML (and maybe to LKML ML) to see if
> > > > people prefers to test without non-root.

> > > I took a quick look at this, and don't like the change.

> > > I didn't investigate all the affected tests, and what device exactly is being
> > protected.
> > > But the overall sense of the change takes makes the authorization
> > > checking for tests less granular.

> > > Fuego often runs tests as 'root', but it is also fairly common in
> > > Fuego to have a dedicated testing user account on a device under test,
> > > that has permissions for things like mounting, access to device nodes,
> > > etc.  This change would cause tests to break for that account.

> > Hi Tim,

> > thanks a lot for confirming that people are using non-root users for testing.
> > I'm not sure if we ever implement complex checks, but at least we should
> > not merge this patchset.

> > Kind regards,
> > Petr

> > > That's my 2 cents.
> > >  -- Tim


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp