From: David Howells <dhowells@redhat.com>
To: fstests@vger.kernel.org
Cc: David Howells <dhowells@redhat.com>,
"Darrick J. Wong" <djwong@kernel.org>, Eryu Guan <guan@eryu.me>,
Marc Dionne <marc.dionne@auristor.com>,
Jeffrey Altman <jaltman@auristor.com>,
linux-afs@lists.infradead.org
Subject: [PATCH v2 4/6] generic/123, generic/128, afs: Allow for an fs that does its own perm management
Date: Mon, 24 Apr 2023 15:10:40 +0100 [thread overview]
Message-ID: <20230424141042.450535-5-dhowells@redhat.com> (raw)
In-Reply-To: <20230424141042.450535-1-dhowells@redhat.com>
The AFS filesystem has its own distributed permission management system
that's based on a per-cell user and group database used in conjunction with
ACLs. The user is determined by the authentication token acquired from the
kaserver or Kerberos, not by the local fsuid/fsgid. For the most part, the
uid, gid and mask on a file are ignored.
The generic/123 and generic/128 tests check that the UNIX permission bits do
what would normally be expected of them - but this fails on AFS. Using "su"
to change the user is not effective on AFS. Instead, "keyctl session" would
need to be used and an alternative authentication token would need to be
obtained.
Provide a "_require_unix_perm_checking" clause so that these tests can be
suppressed in cases such as AFS.
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
---
common/rc | 9 +++++++++
doc/requirement-checking.txt | 8 ++++++++
tests/generic/123 | 1 +
tests/generic/128 | 1 +
4 files changed, 19 insertions(+)
diff --git a/common/rc b/common/rc
index e0978a03..4dfc3301 100644
--- a/common/rc
+++ b/common/rc
@@ -5115,6 +5115,15 @@ _require_use_local_uidgid()
esac
}
+_require_unix_perm_checking()
+{
+ case $FSTYP in
+ afs)
+ _notrun "$FSTYP doesn't perform traditional UNIX perm checking"
+ ;;
+ esac
+}
+
init_rc
################################################################################
diff --git a/doc/requirement-checking.txt b/doc/requirement-checking.txt
index f24ecf5c..802bf2a3 100644
--- a/doc/requirement-checking.txt
+++ b/doc/requirement-checking.txt
@@ -18,6 +18,7 @@ they have. This is done with _require_<xxx> macros, which may take parameters.
_require_exportfs
_require_sgid_inheritance
_require_use_local_uidgid
+ _require_unix_perm_checking
(3) System call requirements.
@@ -112,6 +113,13 @@ _require_use_local_uidgid
filesystems, for example, may choose other settings or not even have these
concepts available. The test will be skipped if not supported.
+_require_unix_perm_checking
+
+ The test requires that the $TEST_DEV filesystem performs traditional UNIX
+ file permissions checking. A remote filesystem, for example, might use
+ some alternative distributed permissions model involving authentication
+ tokens rather than the local fsuid/fsgid.
+
========================
SYSTEM CALL REQUIREMENTS
diff --git a/tests/generic/123 b/tests/generic/123
index f9b28abb..43f90b46 100755
--- a/tests/generic/123
+++ b/tests/generic/123
@@ -28,6 +28,7 @@ _supported_fs generic
_require_test
_require_user
+_require_unix_perm_checking
my_test_subdir=$TEST_DIR/123subdir
diff --git a/tests/generic/128 b/tests/generic/128
index dc1d43f4..924d6aa8 100755
--- a/tests/generic/128
+++ b/tests/generic/128
@@ -18,6 +18,7 @@ _supported_fs generic
_require_scratch
_require_user
_require_chmod
+_require_unix_perm_checking
_scratch_mkfs >/dev/null 2>&1
_scratch_mount "-o nosuid"
next prev parent reply other threads:[~2023-04-24 14:11 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-24 14:10 [PATCH v2 0/6] xfstests: Add support for using xfstests to test AFS David Howells
2023-04-24 14:10 ` [PATCH v2 1/6] Add AFS support David Howells
2023-04-26 14:30 ` Zorro Lang
2023-04-26 15:53 ` David Howells
2023-04-26 19:40 ` Zorro Lang
2023-04-26 20:32 ` David Howells
2023-04-27 5:38 ` Zorro Lang
2023-04-24 14:10 ` [PATCH v2 2/6] generic/314, afs: Allow for a filesystem that doesn't honour SGID inheritance David Howells
2023-04-26 14:35 ` Zorro Lang
2023-04-24 14:10 ` [PATCH v2 3/6] generic/317, afs: Allow for a filesystem not to honour the local uid/gid David Howells
2023-04-26 14:40 ` Zorro Lang
2023-04-26 15:54 ` David Howells
2023-04-24 14:10 ` David Howells [this message]
2023-04-26 14:47 ` [PATCH v2 4/6] generic/123, generic/128, afs: Allow for an fs that does its own perm management Zorro Lang
2023-04-24 14:10 ` [PATCH v2 5/6] generic/531: Check for O_TMPFILE David Howells
2023-04-26 14:49 ` Zorro Lang
2023-04-26 14:51 ` Zorro Lang
2023-04-26 14:54 ` Darrick J. Wong
2023-04-26 15:32 ` Zorro Lang
2023-04-26 15:57 ` David Howells
2023-04-24 14:10 ` [PATCH v2 6/6] generic/696: AFS doesn't support the "noacl" command line option David Howells
2023-04-26 14:53 ` Zorro Lang
2023-04-28 20:06 ` [PATCH v2 7/6] Doc changes for afs David Howells
2023-04-30 6:12 ` Zorro Lang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230424141042.450535-5-dhowells@redhat.com \
--to=dhowells@redhat.com \
--cc=djwong@kernel.org \
--cc=fstests@vger.kernel.org \
--cc=guan@eryu.me \
--cc=jaltman@auristor.com \
--cc=linux-afs@lists.infradead.org \
--cc=marc.dionne@auristor.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox