From: Eric Biggers <ebiggers3@gmail.com>
To: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Cc: fstests@vger.kernel.org, linux-mtd@lists.infradead.org, richard@nod.at
Subject: Re: [PATCH 2/2] Accept failing with EPERM in addition to ENOKEY for rename without key
Date: Wed, 17 May 2017 12:21:46 -0700 [thread overview]
Message-ID: <20170517192146.GD91213@gmail.com> (raw)
In-Reply-To: <20170517095531.11818-3-david.oberhollenzer@sigma-star.at>
Hi David,
On Wed, May 17, 2017 at 11:55:30AM +0200, David Oberhollenzer wrote:
> Some filesystems (e.g. UBIFS) fail with EPERM when trying to move a
> file into an encrypted directory via cross rename, without having
> access to the encryption key.
>
> Since rename is perfectly allowed to return EPERM, which is also tested
> for, and no precise specification seems to exist that clarifys when to
> expect EPERM and when ENOKEY, this patch modifies the generic/398 test
> to accept both, for the test case where the key is not available.
>
Specifically, the operation is expected to fail for two logically independent
reasons:
- It shouldn't be possible to link or rename an unencrypted file into an
encrypted directory, as this violates the "one encryption policy per directory
tree" constraint (EPERM)
- It shouldn't be possible to link or rename files into an encrypted directory
without the directory's encryption key (ENOKEY)
Therefore it's not an ideal test, though it seemed worthwhile originally because
it was, in fact, broken in both ways, causing the operation to succeed :)
> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
> ---
> tests/generic/398 | 10 ++++++++--
> 1 file changed, 8 insertions(+), 2 deletions(-)
>
> diff --git a/tests/generic/398 b/tests/generic/398
> index b486b9c5..390c4380 100755
> --- a/tests/generic/398
> +++ b/tests/generic/398
> @@ -43,6 +43,12 @@ _cleanup()
> rm -f $tmp.*
> }
>
> +_filter_rename()
> +{
> + # rename without key can also fail with EPERM instead of ENOKEY
> + sed -e "s/Operation not permitted/Required key not available/g"
> +}
> +
It doesn't matter much, but IMO it would make a little more sense to substitute
ENOKEY with EPERM instead of the other way around, then updating 398.out to
expect "Operation not permitted". The reason for this is that everything else
in generic/398 is testing for EPERM, because the test script is checking for
situations in which the "one encryption policy per directory tree" constraint
can be violated, and such violations normally result in EPERM.
Eric
next prev parent reply other threads:[~2017-05-17 19:22 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-17 9:55 Add UBIFS support to xfstests David Oberhollenzer
2017-05-17 9:55 ` [PATCH 1/2] Add support for UBIFS David Oberhollenzer
2017-05-17 11:53 ` Eryu Guan
2017-05-17 18:45 ` Eric Biggers
2017-05-18 8:41 ` David Oberhollenzer
2017-05-18 11:35 ` Eryu Guan
2017-05-17 9:55 ` [PATCH 2/2] Accept failing with EPERM in addition to ENOKEY for rename without key David Oberhollenzer
2017-05-17 19:21 ` Eric Biggers [this message]
2017-05-17 9:55 ` [PATCH] xfstests-bld: add experimental support for ubifs David Oberhollenzer
2017-05-17 19:05 ` Add UBIFS support to xfstests Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170517192146.GD91213@gmail.com \
--to=ebiggers3@gmail.com \
--cc=david.oberhollenzer@sigma-star.at \
--cc=fstests@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
--cc=richard@nod.at \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).