[kernel.org bug 103071] Dead "security.*" xattr code in ubifs

[kernel.org bug 103071] Dead "security.*" xattr code in ubifs

[Andreas Grünbacher]

Hello,

FYI, I've filed the following bug report against ubifs:

> ubifs sets sb->s_xattr to ubifs_xattr_handlers which contains a handler for
> "security.*" xattrs. The s_xattr handlers are never used because ubifs uses
> its own ubifs_{get,set,list,remove}xattr inode operations instead of
> generic_{get,set,list,remove}xattr inode operations though.

https://bugzilla.kernel.org/show_bug.cgi?id=103071

Thanks,
Andreas

Re: [kernel.org bug 103071] Dead "security.*" xattr code in ubifs

[Richard Weinberger]

Andreas,

On Tue, Aug 18, 2015 at 2:15 PM, Andreas Grünbacher
<andreas.gruenbacher@gmail.com> wrote:
> Hello,
>
> FYI, I've filed the following bug report against ubifs:
>
>> ubifs sets sb->s_xattr to ubifs_xattr_handlers which contains a handler for
>> "security.*" xattrs. The s_xattr handlers are never used because ubifs uses
>> its own ubifs_{get,set,list,remove}xattr inode operations instead of
>> generic_{get,set,list,remove}xattr inode operations though.
>
> https://bugzilla.kernel.org/show_bug.cgi?id=103071

Thanks for reporting.

CC'ing authors of commit d7f0b70d30ffb9bbe6b8a3e1035cf0b79965ef53
Author: Subodh Nijsure <snijsure@grid-net.com>
Date:   Fri Oct 31 13:50:30 2014 -0500

    UBIFS: Add security.* XATTR support for the UBIFS


Also xfstests' generic/062 test seems to fail (with USE_ATTR_SECURE=yes)
---cut---
generic/062 1s ... - output mismatch (see
/root/xfstests/results//generic/062.out.bad)
    --- tests/generic/062.out   2015-08-18 20:13:00.714593141 +0000
    +++ /root/xfstests/results//generic/062.out.bad     2015-08-18
20:50:06.450418217 +0000
    @@ -203,6 +203,292 @@
     SCRATCH_MNT/dev/p: user.name2: No such attribute or operation not permitted
     *** final list (strings, type=dev/p, nsp=user)

    +=== TYPE reg; NAMESPACE security
    +
    +*** set/get one initially empty attribute
    +# file: SCRATCH_MNT/reg
    ...
    (Run 'diff -u tests/generic/062.out
/root/xfstests/results//generic/062.out.bad'  to see the entire diff)
Ran: generic/062
Failures: generic/062
Failed 1 of 1 tests
---cut---

Guys, how did you test this feature?

-- 
Thanks,
//richard

Re: [kernel.org bug 103071] Dead "security.*" xattr code in ubifs

[Sheng Yong]

Hi,

On 8/19/2015 4:55 AM, Richard Weinberger wrote:
> Andreas,
> 
> On Tue, Aug 18, 2015 at 2:15 PM, Andreas Grünbacher
> <andreas.gruenbacher@gmail.com> wrote:
>> Hello,
>>
>> FYI, I've filed the following bug report against ubifs:
>>
>>> ubifs sets sb->s_xattr to ubifs_xattr_handlers which contains a handler for
>>> "security.*" xattrs. The s_xattr handlers are never used because ubifs uses
>>> its own ubifs_{get,set,list,remove}xattr inode operations instead of
>>> generic_{get,set,list,remove}xattr inode operations though.
>>
>> https://bugzilla.kernel.org/show_bug.cgi?id=103071
> 
> Thanks for reporting.
> 
> CC'ing authors of commit d7f0b70d30ffb9bbe6b8a3e1035cf0b79965ef53
> Author: Subodh Nijsure <snijsure@grid-net.com>
> Date:   Fri Oct 31 13:50:30 2014 -0500
> 
>     UBIFS: Add security.* XATTR support for the UBIFS
> 
> 
> Also xfstests' generic/062 test seems to fail (with USE_ATTR_SECURE=yes)
> ---cut---
> generic/062 1s ... - output mismatch (see
> /root/xfstests/results//generic/062.out.bad)
>     --- tests/generic/062.out   2015-08-18 20:13:00.714593141 +0000
>     +++ /root/xfstests/results//generic/062.out.bad     2015-08-18
> 20:50:06.450418217 +0000
>     @@ -203,6 +203,292 @@
>      SCRATCH_MNT/dev/p: user.name2: No such attribute or operation not permitted
>      *** final list (strings, type=dev/p, nsp=user)
> 
>     +=== TYPE reg; NAMESPACE security
>     +
>     +*** set/get one initially empty attribute
>     +# file: SCRATCH_MNT/reg
>     ...
>     (Run 'diff -u tests/generic/062.out
> /root/xfstests/results//generic/062.out.bad'  to see the entire diff)
> Ran: generic/062
> Failures: generic/062
> Failed 1 of 1 tests
> ---cut---
> 
> Guys, how did you test this feature?
> 
This is because UBIFS did not implement extended attribute in the geneirc way
(by calling generic_*xattr()). We could create an xattr_handler to have these
dead functions called (in fact, I did that), but doing this seems just another
encapsulation and makes no sense. So I think we could remove these dead code
directly.

thanks,
Sheng

Re: [kernel.org bug 103071] Dead "security.*" xattr code in ubifs

[Sheng Yong]

On 8/19/2015 9:07 AM, Sheng Yong wrote:
> Hi,
> 
> On 8/19/2015 4:55 AM, Richard Weinberger wrote:
>> Andreas,
>>
>> On Tue, Aug 18, 2015 at 2:15 PM, Andreas Grünbacher
>> <andreas.gruenbacher@gmail.com> wrote:
>>> Hello,
>>>
>>> FYI, I've filed the following bug report against ubifs:
>>>
>>>> ubifs sets sb->s_xattr to ubifs_xattr_handlers which contains a handler for
>>>> "security.*" xattrs. The s_xattr handlers are never used because ubifs uses
>>>> its own ubifs_{get,set,list,remove}xattr inode operations instead of
>>>> generic_{get,set,list,remove}xattr inode operations though.
>>>
>>> https://bugzilla.kernel.org/show_bug.cgi?id=103071
>>
>> Thanks for reporting.
My bad for didn't reply at the right line :(
> This is because UBIFS did not implement extended attribute in the geneirc way
> (by calling generic_*xattr()). We could create an xattr_handler to have these
> dead functions called (in fact, I did that), but doing this seems just another
> encapsulation and makes no sense. So I think we could remove these dead code
> directly.
> 
> thanks,
> Sheng
> 
> 
> ______________________________________________________
> Linux MTD discussion mailing list
> http://lists.infradead.org/mailman/listinfo/linux-mtd/
> 

Re: [kernel.org bug 103071] Dead "security.*" xattr code in ubifs

[Richard Weinberger]

Am 19.08.2015 um 03:37 schrieb Sheng Yong:
> 
> 
> On 8/19/2015 9:07 AM, Sheng Yong wrote:
>> Hi,
>>
>> On 8/19/2015 4:55 AM, Richard Weinberger wrote:
>>> Andreas,
>>>
>>> On Tue, Aug 18, 2015 at 2:15 PM, Andreas Grünbacher
>>> <andreas.gruenbacher@gmail.com> wrote:
>>>> Hello,
>>>>
>>>> FYI, I've filed the following bug report against ubifs:
>>>>
>>>>> ubifs sets sb->s_xattr to ubifs_xattr_handlers which contains a handler for
>>>>> "security.*" xattrs. The s_xattr handlers are never used because ubifs uses
>>>>> its own ubifs_{get,set,list,remove}xattr inode operations instead of
>>>>> generic_{get,set,list,remove}xattr inode operations though.
>>>>
>>>> https://bugzilla.kernel.org/show_bug.cgi?id=103071
>>>
>>> Thanks for reporting.
> My bad for didn't reply at the right line :(
>> This is because UBIFS did not implement extended attribute in the geneirc way
>> (by calling generic_*xattr()). We could create an xattr_handler to have these
>> dead functions called (in fact, I did that), but doing this seems just another
>> encapsulation and makes no sense. So I think we could remove these dead code
>> directly.

So, that would be a revert of commit d7f0b70d30ffb9bbe6b8a3e1035cf0b79965ef53?
I don't get what d7f0b70d30ffb9bbe6b8a3e1035cf0b79965ef53 was supposed to do
as it seems to be a no-op. :-)

Thanks,
//richard

Re: [kernel.org bug 103071] Dead "security.*" xattr code in ubifs

[Sheng Yong]

On 8/19/2015 2:59 PM, Richard Weinberger wrote:
> Am 19.08.2015 um 03:37 schrieb Sheng Yong:
>>
>>
>> On 8/19/2015 9:07 AM, Sheng Yong wrote:
>>> Hi,
>>>
>>> On 8/19/2015 4:55 AM, Richard Weinberger wrote:
>>>> Andreas,
>>>>
>>>> On Tue, Aug 18, 2015 at 2:15 PM, Andreas Grünbacher
>>>> <andreas.gruenbacher@gmail.com> wrote:
>>>>> Hello,
>>>>>
>>>>> FYI, I've filed the following bug report against ubifs:
>>>>>
>>>>>> ubifs sets sb->s_xattr to ubifs_xattr_handlers which contains a handler for
>>>>>> "security.*" xattrs. The s_xattr handlers are never used because ubifs uses
>>>>>> its own ubifs_{get,set,list,remove}xattr inode operations instead of
>>>>>> generic_{get,set,list,remove}xattr inode operations though.
>>>>>
>>>>> https://bugzilla.kernel.org/show_bug.cgi?id=103071
>>>>
>>>> Thanks for reporting.
>> My bad for didn't reply at the right line :(
>>> This is because UBIFS did not implement extended attribute in the geneirc way
>>> (by calling generic_*xattr()). We could create an xattr_handler to have these
>>> dead functions called (in fact, I did that), but doing this seems just another
>>> encapsulation and makes no sense. So I think we could remove these dead code
>>> directly.
> 
> So, that would be a revert of commit d7f0b70d30ffb9bbe6b8a3e1035cf0b79965ef53?
I think we still need security xattr, so security stuff should be initialized
when creating inodes.
> I don't get what d7f0b70d30ffb9bbe6b8a3e1035cf0b79965ef53 was supposed to do
> as it seems to be a no-op. :-)
AFAIK, geneirc_*attr() will go though sb->s_xattr to find the xattr_handler
which matches the xattr prefix, and generic_*attr() should have been triggered
from inode_operations. However, UBIFS uses ubifs_*attr in inode_operations
instead of these generic interfaces. So `ubifs_xattr_security_handler' defined
in fs/ubifs/xattr.c is useless, so are the security_*attr() functions. These
functions will never being called, set/get/list security xattr is still done
by calling ubifs_*attr() like other xattr.

thanks,
Sheng
> 
> Thanks,
> //richard
> 
> .
> 

Re: [kernel.org bug 103071] Dead "security.*" xattr code in ubifs

[Richard Weinberger]

Am 19.08.2015 um 09:36 schrieb Sheng Yong:
> 
> 
> On 8/19/2015 2:59 PM, Richard Weinberger wrote:
>> Am 19.08.2015 um 03:37 schrieb Sheng Yong:
>>>
>>>
>>> On 8/19/2015 9:07 AM, Sheng Yong wrote:
>>>> Hi,
>>>>
>>>> On 8/19/2015 4:55 AM, Richard Weinberger wrote:
>>>>> Andreas,
>>>>>
>>>>> On Tue, Aug 18, 2015 at 2:15 PM, Andreas Grünbacher
>>>>> <andreas.gruenbacher@gmail.com> wrote:
>>>>>> Hello,
>>>>>>
>>>>>> FYI, I've filed the following bug report against ubifs:
>>>>>>
>>>>>>> ubifs sets sb->s_xattr to ubifs_xattr_handlers which contains a handler for
>>>>>>> "security.*" xattrs. The s_xattr handlers are never used because ubifs uses
>>>>>>> its own ubifs_{get,set,list,remove}xattr inode operations instead of
>>>>>>> generic_{get,set,list,remove}xattr inode operations though.
>>>>>>
>>>>>> https://bugzilla.kernel.org/show_bug.cgi?id=103071
>>>>>
>>>>> Thanks for reporting.
>>> My bad for didn't reply at the right line :(
>>>> This is because UBIFS did not implement extended attribute in the geneirc way
>>>> (by calling generic_*xattr()). We could create an xattr_handler to have these
>>>> dead functions called (in fact, I did that), but doing this seems just another
>>>> encapsulation and makes no sense. So I think we could remove these dead code
>>>> directly.
>>
>> So, that would be a revert of commit d7f0b70d30ffb9bbe6b8a3e1035cf0b79965ef53?
> I think we still need security xattr, so security stuff should be initialized
> when creating inodes.
>> I don't get what d7f0b70d30ffb9bbe6b8a3e1035cf0b79965ef53 was supposed to do
>> as it seems to be a no-op. :-)
> AFAIK, geneirc_*attr() will go though sb->s_xattr to find the xattr_handler
> which matches the xattr prefix, and generic_*attr() should have been triggered
> from inode_operations. However, UBIFS uses ubifs_*attr in inode_operations
> instead of these generic interfaces. So `ubifs_xattr_security_handler' defined
> in fs/ubifs/xattr.c is useless, so are the security_*attr() functions. These
> functions will never being called, set/get/list security xattr is still done
> by calling ubifs_*attr() like other xattr.

My concern is not that we don't need these xattr.
I'm concerned about commit d7f0b70d30ffb9bbe6b8a3e1035cf0b79965ef53.
Today it seems to be a no-op. Did it ever work?

Clearly something went wrong. :(

Thanks,
//richard

Re: [kernel.org bug 103071] Dead "security.*" xattr code in ubifs

[Dongsheng Yang]

On 08/19/2015 04:55 AM, Richard Weinberger wrote:
> Andreas,
>
> On Tue, Aug 18, 2015 at 2:15 PM, Andreas Grünbacher
> <andreas.gruenbacher@gmail.com> wrote:
>> Hello,
>>
>> FYI, I've filed the following bug report against ubifs:
>>
>>> ubifs sets sb->s_xattr to ubifs_xattr_handlers which contains a handler for
>>> "security.*" xattrs. The s_xattr handlers are never used because ubifs uses
>>> its own ubifs_{get,set,list,remove}xattr inode operations instead of
>>> generic_{get,set,list,remove}xattr inode operations though.
>>
>> https://bugzilla.kernel.org/show_bug.cgi?id=103071
>
> Thanks for reporting.
>
> CC'ing authors of commit d7f0b70d30ffb9bbe6b8a3e1035cf0b79965ef53
> Author: Subodh Nijsure <snijsure@grid-net.com>
> Date:   Fri Oct 31 13:50:30 2014 -0500
>
>      UBIFS: Add security.* XATTR support for the UBIFS
>
>
> Also xfstests' generic/062 test seems to fail (with USE_ATTR_SECURE=yes)
> ---cut---
> generic/062 1s ... - output mismatch (see
> /root/xfstests/results//generic/062.out.bad)
>      --- tests/generic/062.out   2015-08-18 20:13:00.714593141 +0000
>      +++ /root/xfstests/results//generic/062.out.bad     2015-08-18
> 20:50:06.450418217 +0000
>      @@ -203,6 +203,292 @@
>       SCRATCH_MNT/dev/p: user.name2: No such attribute or operation not permitted
>       *** final list (strings, type=dev/p, nsp=user)
>
>      +=== TYPE reg; NAMESPACE security
>      +
>      +*** set/get one initially empty attribute
>      +# file: SCRATCH_MNT/reg
>      ...
>      (Run 'diff -u tests/generic/062.out
> /root/xfstests/results//generic/062.out.bad'  to see the entire diff)
> Ran: generic/062
> Failures: generic/062
> Failed 1 of 1 tests

Hi Richard,
	Glad to know you are also using fstests for our ubifs. :)
About this case, I checked it and found it's a bug in fstests.
Because when we are setting USE_ATTR_SECURE=yes, the output
would be different with what it expected currently.
	So, I will send a patch out to fix it. And with a quick
fix, I found ubifs works well in xattr security.

Yang
> ---cut---
>
> Guys, how did you test this feature?
>

[PATCH] fstests: link .out to correct output when we set USE_ATTR_SECURE=yes

[Dongsheng Yang]

When we set USE_ATTR_SECURE to yes or no, the expected outputs of generic/062
would be different. So we need to link the .out to different file.

Reported-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Dongsheng Yang <yangds.fnst@cn.fujitsu.com>
---
 common/rc                       |  14 +
 tests/generic/062               |   5 +
 tests/generic/062.out           | 654 ---------------------------
 tests/generic/062.out.no_secure | 654 +++++++++++++++++++++++++++
 tests/generic/062.out.secure    | 976 ++++++++++++++++++++++++++++++++++++++++
 5 files changed, 1649 insertions(+), 654 deletions(-)
 delete mode 100644 tests/generic/062.out
 create mode 100644 tests/generic/062.out.no_secure
 create mode 100644 tests/generic/062.out.secure

diff --git a/common/rc b/common/rc
index 610045e..1ef262b 100644
--- a/common/rc
+++ b/common/rc
@@ -2145,6 +2145,20 @@ _link_out_file()
 	fi
 }
 
+_link_secure_out_file()
+{
+	if [ -z "$1" -o -z "$2" ]; then
+		echo Error must pass src and dst.
+		exit
+	fi
+	rm -f $2
+	if [ "$USE_ATTR_SECURE" = yes ]; then
+		ln -s $1.secure $2
+	else
+		ln -s $1.no_secure $2
+	fi
+}
+
 _die()
 {
         echo $@
diff --git a/tests/generic/062 b/tests/generic/062
index 047c930..194b638 100755
--- a/tests/generic/062
+++ b/tests/generic/062
@@ -23,6 +23,7 @@
 #-----------------------------------------------------------------------
 #
 
+seqfull=$0
 seq=`basename $0`
 seqres=$RESULT_DIR/$seq
 echo "QA output created by $seq"
@@ -94,6 +95,10 @@ if [ "$USE_ATTR_SECURE" = yes ]; then
 else
     ATTR_MODES="user trusted"
 fi
+
+# link correct .out file
+_link_secure_out_file $seq.out $seqfull.out
+
 for nsp in $ATTR_MODES; do
 	for inode in reg dir lnk dev/b dev/c dev/p; do
 
diff --git a/tests/generic/062.out b/tests/generic/062.out
deleted file mode 100644
index 8cc3c65..0000000
--- a/tests/generic/062.out
+++ /dev/null
@@ -1,654 +0,0 @@
-QA output created by 062
-*** create test bed
-SCRATCH_MNT
-SCRATCH_MNT/dev
-SCRATCH_MNT/dev/b
-SCRATCH_MNT/dev/c
-SCRATCH_MNT/dev/p
-SCRATCH_MNT/dir
-SCRATCH_MNT/lnk
-SCRATCH_MNT/reg
-
-=== TYPE reg; NAMESPACE user
-
-*** set/get one initially empty attribute
-# file: SCRATCH_MNT/reg
-user.name
-
-*** overwrite empty, set several new attributes
-*** fetch several attribute names and values (hex)
-# file: SCRATCH_MNT/reg
-user.name=0xbabe
-user.name2=0xdeadbeef
-user.name3=0xdeface
-
-*** fetch several attribute names and values (base64)
-# file: SCRATCH_MNT/reg
-user.name=0sur4=
-user.name2=0s3q2+7w==
-user.name3=0s3vrO
-
-*** shrink value of an existing attribute
-# file: SCRATCH_MNT/reg
-user.name=0xbabe
-user.name2=0xdeaf
-user.name3=0xdeface
-
-*** grow value of existing attribute
-# file: SCRATCH_MNT/reg
-user.name=0xbabe
-user.name2=0xdecade
-user.name3=0xdeface
-
-*** set an empty value for second attribute
-# file: SCRATCH_MNT/reg
-user.name2
-
-*** overwrite empty value
-# file: SCRATCH_MNT/reg
-user.name2=0xcafe
-
-*** remove attribute
-SCRATCH_MNT/reg: user.name2: No such attribute or operation not permitted
-*** final list (strings, type=reg, nsp=user)
-# file: SCRATCH_MNT/reg
-user.name=0xbabe
-user.name3=0xdeface
-
-
-=== TYPE dir; NAMESPACE user
-
-*** set/get one initially empty attribute
-# file: SCRATCH_MNT/dir
-user.name
-
-*** overwrite empty, set several new attributes
-*** fetch several attribute names and values (hex)
-# file: SCRATCH_MNT/dir
-user.name=0xbabe
-user.name2=0xdeadbeef
-user.name3=0xdeface
-
-*** fetch several attribute names and values (base64)
-# file: SCRATCH_MNT/dir
-user.name=0sur4=
-user.name2=0s3q2+7w==
-user.name3=0s3vrO
-
-*** shrink value of an existing attribute
-# file: SCRATCH_MNT/dir
-user.name=0xbabe
-user.name2=0xdeaf
-user.name3=0xdeface
-
-*** grow value of existing attribute
-# file: SCRATCH_MNT/dir
-user.name=0xbabe
-user.name2=0xdecade
-user.name3=0xdeface
-
-*** set an empty value for second attribute
-# file: SCRATCH_MNT/dir
-user.name2
-
-*** overwrite empty value
-# file: SCRATCH_MNT/dir
-user.name2=0xcafe
-
-*** remove attribute
-SCRATCH_MNT/dir: user.name2: No such attribute or operation not permitted
-*** final list (strings, type=dir, nsp=user)
-# file: SCRATCH_MNT/dir
-user.name=0xbabe
-user.name3=0xdeface
-
-
-=== TYPE lnk; NAMESPACE user
-
-*** set/get one initially empty attribute
-setfattr: SCRATCH_MNT/lnk: Operation not permitted
-*** overwrite empty, set several new attributes
-setfattr: SCRATCH_MNT/lnk: Operation not permitted
-setfattr: SCRATCH_MNT/lnk: Operation not permitted
-setfattr: SCRATCH_MNT/lnk: Operation not permitted
-*** fetch several attribute names and values (hex)
-*** fetch several attribute names and values (base64)
-*** shrink value of an existing attribute
-setfattr: SCRATCH_MNT/lnk: Operation not permitted
-*** grow value of existing attribute
-setfattr: SCRATCH_MNT/lnk: Operation not permitted
-*** set an empty value for second attribute
-setfattr: SCRATCH_MNT/lnk: Operation not permitted
-SCRATCH_MNT/lnk: user.name2: No such attribute or operation not permitted
-*** overwrite empty value
-setfattr: SCRATCH_MNT/lnk: Operation not permitted
-SCRATCH_MNT/lnk: user.name2: No such attribute or operation not permitted
-*** remove attribute
-setfattr: SCRATCH_MNT/lnk: Operation not permitted
-SCRATCH_MNT/lnk: user.name2: No such attribute or operation not permitted
-*** final list (strings, type=lnk, nsp=user)
-
-=== TYPE dev/b; NAMESPACE user
-
-*** set/get one initially empty attribute
-setfattr: SCRATCH_MNT/dev/b: Operation not permitted
-*** overwrite empty, set several new attributes
-setfattr: SCRATCH_MNT/dev/b: Operation not permitted
-setfattr: SCRATCH_MNT/dev/b: Operation not permitted
-setfattr: SCRATCH_MNT/dev/b: Operation not permitted
-*** fetch several attribute names and values (hex)
-*** fetch several attribute names and values (base64)
-*** shrink value of an existing attribute
-setfattr: SCRATCH_MNT/dev/b: Operation not permitted
-*** grow value of existing attribute
-setfattr: SCRATCH_MNT/dev/b: Operation not permitted
-*** set an empty value for second attribute
-setfattr: SCRATCH_MNT/dev/b: Operation not permitted
-SCRATCH_MNT/dev/b: user.name2: No such attribute or operation not permitted
-*** overwrite empty value
-setfattr: SCRATCH_MNT/dev/b: Operation not permitted
-SCRATCH_MNT/dev/b: user.name2: No such attribute or operation not permitted
-*** remove attribute
-setfattr: SCRATCH_MNT/dev/b: Operation not permitted
-SCRATCH_MNT/dev/b: user.name2: No such attribute or operation not permitted
-*** final list (strings, type=dev/b, nsp=user)
-
-=== TYPE dev/c; NAMESPACE user
-
-*** set/get one initially empty attribute
-setfattr: SCRATCH_MNT/dev/c: Operation not permitted
-*** overwrite empty, set several new attributes
-setfattr: SCRATCH_MNT/dev/c: Operation not permitted
-setfattr: SCRATCH_MNT/dev/c: Operation not permitted
-setfattr: SCRATCH_MNT/dev/c: Operation not permitted
-*** fetch several attribute names and values (hex)
-*** fetch several attribute names and values (base64)
-*** shrink value of an existing attribute
-setfattr: SCRATCH_MNT/dev/c: Operation not permitted
-*** grow value of existing attribute
-setfattr: SCRATCH_MNT/dev/c: Operation not permitted
-*** set an empty value for second attribute
-setfattr: SCRATCH_MNT/dev/c: Operation not permitted
-SCRATCH_MNT/dev/c: user.name2: No such attribute or operation not permitted
-*** overwrite empty value
-setfattr: SCRATCH_MNT/dev/c: Operation not permitted
-SCRATCH_MNT/dev/c: user.name2: No such attribute or operation not permitted
-*** remove attribute
-setfattr: SCRATCH_MNT/dev/c: Operation not permitted
-SCRATCH_MNT/dev/c: user.name2: No such attribute or operation not permitted
-*** final list (strings, type=dev/c, nsp=user)
-
-=== TYPE dev/p; NAMESPACE user
-
-*** set/get one initially empty attribute
-setfattr: SCRATCH_MNT/dev/p: Operation not permitted
-*** overwrite empty, set several new attributes
-setfattr: SCRATCH_MNT/dev/p: Operation not permitted
-setfattr: SCRATCH_MNT/dev/p: Operation not permitted
-setfattr: SCRATCH_MNT/dev/p: Operation not permitted
-*** fetch several attribute names and values (hex)
-*** fetch several attribute names and values (base64)
-*** shrink value of an existing attribute
-setfattr: SCRATCH_MNT/dev/p: Operation not permitted
-*** grow value of existing attribute
-setfattr: SCRATCH_MNT/dev/p: Operation not permitted
-*** set an empty value for second attribute
-setfattr: SCRATCH_MNT/dev/p: Operation not permitted
-SCRATCH_MNT/dev/p: user.name2: No such attribute or operation not permitted
-*** overwrite empty value
-setfattr: SCRATCH_MNT/dev/p: Operation not permitted
-SCRATCH_MNT/dev/p: user.name2: No such attribute or operation not permitted
-*** remove attribute
-setfattr: SCRATCH_MNT/dev/p: Operation not permitted
-SCRATCH_MNT/dev/p: user.name2: No such attribute or operation not permitted
-*** final list (strings, type=dev/p, nsp=user)
-
-=== TYPE reg; NAMESPACE trusted
-
-*** set/get one initially empty attribute
-# file: SCRATCH_MNT/reg
-trusted.name
-
-*** overwrite empty, set several new attributes
-*** fetch several attribute names and values (hex)
-# file: SCRATCH_MNT/reg
-trusted.name=0xbabe
-trusted.name2=0xdeadbeef
-trusted.name3=0xdeface
-
-*** fetch several attribute names and values (base64)
-# file: SCRATCH_MNT/reg
-trusted.name=0sur4=
-trusted.name2=0s3q2+7w==
-trusted.name3=0s3vrO
-
-*** shrink value of an existing attribute
-# file: SCRATCH_MNT/reg
-trusted.name=0xbabe
-trusted.name2=0xdeaf
-trusted.name3=0xdeface
-
-*** grow value of existing attribute
-# file: SCRATCH_MNT/reg
-trusted.name=0xbabe
-trusted.name2=0xdecade
-trusted.name3=0xdeface
-
-*** set an empty value for second attribute
-# file: SCRATCH_MNT/reg
-trusted.name2
-
-*** overwrite empty value
-# file: SCRATCH_MNT/reg
-trusted.name2=0xcafe
-
-*** remove attribute
-SCRATCH_MNT/reg: trusted.name2: No such attribute or operation not permitted
-*** final list (strings, type=reg, nsp=trusted)
-# file: SCRATCH_MNT/reg
-trusted.name=0xbabe
-trusted.name3=0xdeface
-user.name=0xbabe
-user.name3=0xdeface
-
-
-=== TYPE dir; NAMESPACE trusted
-
-*** set/get one initially empty attribute
-# file: SCRATCH_MNT/dir
-trusted.name
-
-*** overwrite empty, set several new attributes
-*** fetch several attribute names and values (hex)
-# file: SCRATCH_MNT/dir
-trusted.name=0xbabe
-trusted.name2=0xdeadbeef
-trusted.name3=0xdeface
-
-*** fetch several attribute names and values (base64)
-# file: SCRATCH_MNT/dir
-trusted.name=0sur4=
-trusted.name2=0s3q2+7w==
-trusted.name3=0s3vrO
-
-*** shrink value of an existing attribute
-# file: SCRATCH_MNT/dir
-trusted.name=0xbabe
-trusted.name2=0xdeaf
-trusted.name3=0xdeface
-
-*** grow value of existing attribute
-# file: SCRATCH_MNT/dir
-trusted.name=0xbabe
-trusted.name2=0xdecade
-trusted.name3=0xdeface
-
-*** set an empty value for second attribute
-# file: SCRATCH_MNT/dir
-trusted.name2
-
-*** overwrite empty value
-# file: SCRATCH_MNT/dir
-trusted.name2=0xcafe
-
-*** remove attribute
-SCRATCH_MNT/dir: trusted.name2: No such attribute or operation not permitted
-*** final list (strings, type=dir, nsp=trusted)
-# file: SCRATCH_MNT/dir
-trusted.name=0xbabe
-trusted.name3=0xdeface
-user.name=0xbabe
-user.name3=0xdeface
-
-
-=== TYPE lnk; NAMESPACE trusted
-
-*** set/get one initially empty attribute
-# file: SCRATCH_MNT/lnk
-trusted.name
-
-*** overwrite empty, set several new attributes
-*** fetch several attribute names and values (hex)
-# file: SCRATCH_MNT/lnk
-trusted.name=0xbabe
-trusted.name2=0xdeadbeef
-trusted.name3=0xdeface
-
-*** fetch several attribute names and values (base64)
-# file: SCRATCH_MNT/lnk
-trusted.name=0sur4=
-trusted.name2=0s3q2+7w==
-trusted.name3=0s3vrO
-
-*** shrink value of an existing attribute
-# file: SCRATCH_MNT/lnk
-trusted.name=0xbabe
-trusted.name2=0xdeaf
-trusted.name3=0xdeface
-
-*** grow value of existing attribute
-# file: SCRATCH_MNT/lnk
-trusted.name=0xbabe
-trusted.name2=0xdecade
-trusted.name3=0xdeface
-
-*** set an empty value for second attribute
-# file: SCRATCH_MNT/lnk
-trusted.name2
-
-*** overwrite empty value
-# file: SCRATCH_MNT/lnk
-trusted.name2=0xcafe
-
-*** remove attribute
-SCRATCH_MNT/lnk: trusted.name2: No such attribute or operation not permitted
-*** final list (strings, type=lnk, nsp=trusted)
-# file: SCRATCH_MNT/lnk
-trusted.name=0xbabe
-trusted.name3=0xdeface
-
-
-=== TYPE dev/b; NAMESPACE trusted
-
-*** set/get one initially empty attribute
-# file: SCRATCH_MNT/dev/b
-trusted.name
-
-*** overwrite empty, set several new attributes
-*** fetch several attribute names and values (hex)
-# file: SCRATCH_MNT/dev/b
-trusted.name=0xbabe
-trusted.name2=0xdeadbeef
-trusted.name3=0xdeface
-
-*** fetch several attribute names and values (base64)
-# file: SCRATCH_MNT/dev/b
-trusted.name=0sur4=
-trusted.name2=0s3q2+7w==
-trusted.name3=0s3vrO
-
-*** shrink value of an existing attribute
-# file: SCRATCH_MNT/dev/b
-trusted.name=0xbabe
-trusted.name2=0xdeaf
-trusted.name3=0xdeface
-
-*** grow value of existing attribute
-# file: SCRATCH_MNT/dev/b
-trusted.name=0xbabe
-trusted.name2=0xdecade
-trusted.name3=0xdeface
-
-*** set an empty value for second attribute
-# file: SCRATCH_MNT/dev/b
-trusted.name2
-
-*** overwrite empty value
-# file: SCRATCH_MNT/dev/b
-trusted.name2=0xcafe
-
-*** remove attribute
-SCRATCH_MNT/dev/b: trusted.name2: No such attribute or operation not permitted
-*** final list (strings, type=dev/b, nsp=trusted)
-# file: SCRATCH_MNT/dev/b
-trusted.name=0xbabe
-trusted.name3=0xdeface
-
-
-=== TYPE dev/c; NAMESPACE trusted
-
-*** set/get one initially empty attribute
-# file: SCRATCH_MNT/dev/c
-trusted.name
-
-*** overwrite empty, set several new attributes
-*** fetch several attribute names and values (hex)
-# file: SCRATCH_MNT/dev/c
-trusted.name=0xbabe
-trusted.name2=0xdeadbeef
-trusted.name3=0xdeface
-
-*** fetch several attribute names and values (base64)
-# file: SCRATCH_MNT/dev/c
-trusted.name=0sur4=
-trusted.name2=0s3q2+7w==
-trusted.name3=0s3vrO
-
-*** shrink value of an existing attribute
-# file: SCRATCH_MNT/dev/c
-trusted.name=0xbabe
-trusted.name2=0xdeaf
-trusted.name3=0xdeface
-
-*** grow value of existing attribute
-# file: SCRATCH_MNT/dev/c
-trusted.name=0xbabe
-trusted.name2=0xdecade
-trusted.name3=0xdeface
-
-*** set an empty value for second attribute
-# file: SCRATCH_MNT/dev/c
-trusted.name2
-
-*** overwrite empty value
-# file: SCRATCH_MNT/dev/c
-trusted.name2=0xcafe
-
-*** remove attribute
-SCRATCH_MNT/dev/c: trusted.name2: No such attribute or operation not permitted
-*** final list (strings, type=dev/c, nsp=trusted)
-# file: SCRATCH_MNT/dev/c
-trusted.name=0xbabe
-trusted.name3=0xdeface
-
-
-=== TYPE dev/p; NAMESPACE trusted
-
-*** set/get one initially empty attribute
-# file: SCRATCH_MNT/dev/p
-trusted.name
-
-*** overwrite empty, set several new attributes
-*** fetch several attribute names and values (hex)
-# file: SCRATCH_MNT/dev/p
-trusted.name=0xbabe
-trusted.name2=0xdeadbeef
-trusted.name3=0xdeface
-
-*** fetch several attribute names and values (base64)
-# file: SCRATCH_MNT/dev/p
-trusted.name=0sur4=
-trusted.name2=0s3q2+7w==
-trusted.name3=0s3vrO
-
-*** shrink value of an existing attribute
-# file: SCRATCH_MNT/dev/p
-trusted.name=0xbabe
-trusted.name2=0xdeaf
-trusted.name3=0xdeface
-
-*** grow value of existing attribute
-# file: SCRATCH_MNT/dev/p
-trusted.name=0xbabe
-trusted.name2=0xdecade
-trusted.name3=0xdeface
-
-*** set an empty value for second attribute
-# file: SCRATCH_MNT/dev/p
-trusted.name2
-
-*** overwrite empty value
-# file: SCRATCH_MNT/dev/p
-trusted.name2=0xcafe
-
-*** remove attribute
-SCRATCH_MNT/dev/p: trusted.name2: No such attribute or operation not permitted
-*** final list (strings, type=dev/p, nsp=trusted)
-# file: SCRATCH_MNT/dev/p
-trusted.name=0xbabe
-trusted.name3=0xdeface
-
-
-
-*** extend test bed
-SCRATCH_MNT
-SCRATCH_MNT/descend
-SCRATCH_MNT/descend/and
-SCRATCH_MNT/descend/down
-SCRATCH_MNT/descend/down/here
-SCRATCH_MNT/dev
-SCRATCH_MNT/dev/b
-SCRATCH_MNT/dev/c
-SCRATCH_MNT/dev/p
-SCRATCH_MNT/dir
-SCRATCH_MNT/here
-SCRATCH_MNT/here/up
-SCRATCH_MNT/here/up/ascend
-SCRATCH_MNT/lnk
-SCRATCH_MNT/reg
-
-*** directory descent with us following symlinks
-# file: SCRATCH_MNT/descend
-user.1=0x3233
-user.x=0x797a
-
-# file: SCRATCH_MNT/descend/and/ascend
-trusted.9=0x3837
-trusted.a=0x6263
-
-# file: SCRATCH_MNT/descend/down
-user.1=0x3233
-user.x=0x797a
-
-# file: SCRATCH_MNT/descend/down/here
-user.1=0x3233
-user.x=0x797a
-
-# file: SCRATCH_MNT/dev/b
-trusted.name=0xbabe
-trusted.name3=0xdeface
-
-# file: SCRATCH_MNT/dev/c
-trusted.name=0xbabe
-trusted.name3=0xdeface
-
-# file: SCRATCH_MNT/dev/p
-trusted.name=0xbabe
-trusted.name3=0xdeface
-
-# file: SCRATCH_MNT/dir
-trusted.name=0xbabe
-trusted.name3=0xdeface
-user.name=0xbabe
-user.name3=0xdeface
-
-# file: SCRATCH_MNT/here
-trusted.9=0x3837
-trusted.a=0x6263
-
-# file: SCRATCH_MNT/here/up
-trusted.9=0x3837
-trusted.a=0x6263
-
-# file: SCRATCH_MNT/here/up/ascend
-trusted.9=0x3837
-trusted.a=0x6263
-
-# file: SCRATCH_MNT/lnk
-trusted.name=0xbabe
-trusted.name3=0xdeface
-
-# file: SCRATCH_MNT/reg
-trusted.name=0xbabe
-trusted.name3=0xdeface
-user.name=0xbabe
-user.name3=0xdeface
-
-
-*** directory descent without following symlinks
-# file: SCRATCH_MNT/descend
-user.1=0x3233
-user.x=0x797a
-
-# file: SCRATCH_MNT/descend/down
-user.1=0x3233
-user.x=0x797a
-
-# file: SCRATCH_MNT/descend/down/here
-user.1=0x3233
-user.x=0x797a
-
-# file: SCRATCH_MNT/dev/b
-trusted.name=0xbabe
-trusted.name3=0xdeface
-
-# file: SCRATCH_MNT/dev/c
-trusted.name=0xbabe
-trusted.name3=0xdeface
-
-# file: SCRATCH_MNT/dev/p
-trusted.name=0xbabe
-trusted.name3=0xdeface
-
-# file: SCRATCH_MNT/dir
-trusted.name=0xbabe
-trusted.name3=0xdeface
-user.name=0xbabe
-user.name3=0xdeface
-
-# file: SCRATCH_MNT/here
-trusted.9=0x3837
-trusted.a=0x6263
-
-# file: SCRATCH_MNT/here/up
-trusted.9=0x3837
-trusted.a=0x6263
-
-# file: SCRATCH_MNT/here/up/ascend
-trusted.9=0x3837
-trusted.a=0x6263
-
-# file: SCRATCH_MNT/lnk
-trusted.name=0xbabe
-trusted.name3=0xdeface
-
-# file: SCRATCH_MNT/reg
-trusted.name=0xbabe
-trusted.name3=0xdeface
-user.name=0xbabe
-user.name3=0xdeface
-
-
-
-*** backup everything
-*** clear out the scratch device
-*** reset test bed with no extended attributes
-*** create test bed
-SCRATCH_MNT
-SCRATCH_MNT/dev
-SCRATCH_MNT/dev/b
-SCRATCH_MNT/dev/c
-SCRATCH_MNT/dev/p
-SCRATCH_MNT/dir
-SCRATCH_MNT/lnk
-SCRATCH_MNT/reg
-*** extend test bed
-SCRATCH_MNT
-SCRATCH_MNT/descend
-SCRATCH_MNT/descend/and
-SCRATCH_MNT/descend/down
-SCRATCH_MNT/descend/down/here
-SCRATCH_MNT/dev
-SCRATCH_MNT/dev/b
-SCRATCH_MNT/dev/c
-SCRATCH_MNT/dev/p
-SCRATCH_MNT/dir
-SCRATCH_MNT/here
-SCRATCH_MNT/here/up
-SCRATCH_MNT/here/up/ascend
-SCRATCH_MNT/lnk
-SCRATCH_MNT/reg
-*** restore everything
-*** compare before and after backups
-
-*** unmount
diff --git a/tests/generic/062.out.no_secure b/tests/generic/062.out.no_secure
new file mode 100644
index 0000000..8cc3c65
--- /dev/null
+++ b/tests/generic/062.out.no_secure
@@ -0,0 +1,654 @@
+QA output created by 062
+*** create test bed
+SCRATCH_MNT
+SCRATCH_MNT/dev
+SCRATCH_MNT/dev/b
+SCRATCH_MNT/dev/c
+SCRATCH_MNT/dev/p
+SCRATCH_MNT/dir
+SCRATCH_MNT/lnk
+SCRATCH_MNT/reg
+
+=== TYPE reg; NAMESPACE user
+
+*** set/get one initially empty attribute
+# file: SCRATCH_MNT/reg
+user.name
+
+*** overwrite empty, set several new attributes
+*** fetch several attribute names and values (hex)
+# file: SCRATCH_MNT/reg
+user.name=0xbabe
+user.name2=0xdeadbeef
+user.name3=0xdeface
+
+*** fetch several attribute names and values (base64)
+# file: SCRATCH_MNT/reg
+user.name=0sur4=
+user.name2=0s3q2+7w==
+user.name3=0s3vrO
+
+*** shrink value of an existing attribute
+# file: SCRATCH_MNT/reg
+user.name=0xbabe
+user.name2=0xdeaf
+user.name3=0xdeface
+
+*** grow value of existing attribute
+# file: SCRATCH_MNT/reg
+user.name=0xbabe
+user.name2=0xdecade
+user.name3=0xdeface
+
+*** set an empty value for second attribute
+# file: SCRATCH_MNT/reg
+user.name2
+
+*** overwrite empty value
+# file: SCRATCH_MNT/reg
+user.name2=0xcafe
+
+*** remove attribute
+SCRATCH_MNT/reg: user.name2: No such attribute or operation not permitted
+*** final list (strings, type=reg, nsp=user)
+# file: SCRATCH_MNT/reg
+user.name=0xbabe
+user.name3=0xdeface
+
+
+=== TYPE dir; NAMESPACE user
+
+*** set/get one initially empty attribute
+# file: SCRATCH_MNT/dir
+user.name
+
+*** overwrite empty, set several new attributes
+*** fetch several attribute names and values (hex)
+# file: SCRATCH_MNT/dir
+user.name=0xbabe
+user.name2=0xdeadbeef
+user.name3=0xdeface
+
+*** fetch several attribute names and values (base64)
+# file: SCRATCH_MNT/dir
+user.name=0sur4=
+user.name2=0s3q2+7w==
+user.name3=0s3vrO
+
+*** shrink value of an existing attribute
+# file: SCRATCH_MNT/dir
+user.name=0xbabe
+user.name2=0xdeaf
+user.name3=0xdeface
+
+*** grow value of existing attribute
+# file: SCRATCH_MNT/dir
+user.name=0xbabe
+user.name2=0xdecade
+user.name3=0xdeface
+
+*** set an empty value for second attribute
+# file: SCRATCH_MNT/dir
+user.name2
+
+*** overwrite empty value
+# file: SCRATCH_MNT/dir
+user.name2=0xcafe
+
+*** remove attribute
+SCRATCH_MNT/dir: user.name2: No such attribute or operation not permitted
+*** final list (strings, type=dir, nsp=user)
+# file: SCRATCH_MNT/dir
+user.name=0xbabe
+user.name3=0xdeface
+
+
+=== TYPE lnk; NAMESPACE user
+
+*** set/get one initially empty attribute
+setfattr: SCRATCH_MNT/lnk: Operation not permitted
+*** overwrite empty, set several new attributes
+setfattr: SCRATCH_MNT/lnk: Operation not permitted
+setfattr: SCRATCH_MNT/lnk: Operation not permitted
+setfattr: SCRATCH_MNT/lnk: Operation not permitted
+*** fetch several attribute names and values (hex)
+*** fetch several attribute names and values (base64)
+*** shrink value of an existing attribute
+setfattr: SCRATCH_MNT/lnk: Operation not permitted
+*** grow value of existing attribute
+setfattr: SCRATCH_MNT/lnk: Operation not permitted
+*** set an empty value for second attribute
+setfattr: SCRATCH_MNT/lnk: Operation not permitted
+SCRATCH_MNT/lnk: user.name2: No such attribute or operation not permitted
+*** overwrite empty value
+setfattr: SCRATCH_MNT/lnk: Operation not permitted
+SCRATCH_MNT/lnk: user.name2: No such attribute or operation not permitted
+*** remove attribute
+setfattr: SCRATCH_MNT/lnk: Operation not permitted
+SCRATCH_MNT/lnk: user.name2: No such attribute or operation not permitted
+*** final list (strings, type=lnk, nsp=user)
+
+=== TYPE dev/b; NAMESPACE user
+
+*** set/get one initially empty attribute
+setfattr: SCRATCH_MNT/dev/b: Operation not permitted
+*** overwrite empty, set several new attributes
+setfattr: SCRATCH_MNT/dev/b: Operation not permitted
+setfattr: SCRATCH_MNT/dev/b: Operation not permitted
+setfattr: SCRATCH_MNT/dev/b: Operation not permitted
+*** fetch several attribute names and values (hex)
+*** fetch several attribute names and values (base64)
+*** shrink value of an existing attribute
+setfattr: SCRATCH_MNT/dev/b: Operation not permitted
+*** grow value of existing attribute
+setfattr: SCRATCH_MNT/dev/b: Operation not permitted
+*** set an empty value for second attribute
+setfattr: SCRATCH_MNT/dev/b: Operation not permitted
+SCRATCH_MNT/dev/b: user.name2: No such attribute or operation not permitted
+*** overwrite empty value
+setfattr: SCRATCH_MNT/dev/b: Operation not permitted
+SCRATCH_MNT/dev/b: user.name2: No such attribute or operation not permitted
+*** remove attribute
+setfattr: SCRATCH_MNT/dev/b: Operation not permitted
+SCRATCH_MNT/dev/b: user.name2: No such attribute or operation not permitted
+*** final list (strings, type=dev/b, nsp=user)
+
+=== TYPE dev/c; NAMESPACE user
+
+*** set/get one initially empty attribute
+setfattr: SCRATCH_MNT/dev/c: Operation not permitted
+*** overwrite empty, set several new attributes
+setfattr: SCRATCH_MNT/dev/c: Operation not permitted
+setfattr: SCRATCH_MNT/dev/c: Operation not permitted
+setfattr: SCRATCH_MNT/dev/c: Operation not permitted
+*** fetch several attribute names and values (hex)
+*** fetch several attribute names and values (base64)
+*** shrink value of an existing attribute
+setfattr: SCRATCH_MNT/dev/c: Operation not permitted
+*** grow value of existing attribute
+setfattr: SCRATCH_MNT/dev/c: Operation not permitted
+*** set an empty value for second attribute
+setfattr: SCRATCH_MNT/dev/c: Operation not permitted
+SCRATCH_MNT/dev/c: user.name2: No such attribute or operation not permitted
+*** overwrite empty value
+setfattr: SCRATCH_MNT/dev/c: Operation not permitted
+SCRATCH_MNT/dev/c: user.name2: No such attribute or operation not permitted
+*** remove attribute
+setfattr: SCRATCH_MNT/dev/c: Operation not permitted
+SCRATCH_MNT/dev/c: user.name2: No such attribute or operation not permitted
+*** final list (strings, type=dev/c, nsp=user)
+
+=== TYPE dev/p; NAMESPACE user
+
+*** set/get one initially empty attribute
+setfattr: SCRATCH_MNT/dev/p: Operation not permitted
+*** overwrite empty, set several new attributes
+setfattr: SCRATCH_MNT/dev/p: Operation not permitted
+setfattr: SCRATCH_MNT/dev/p: Operation not permitted
+setfattr: SCRATCH_MNT/dev/p: Operation not permitted
+*** fetch several attribute names and values (hex)
+*** fetch several attribute names and values (base64)
+*** shrink value of an existing attribute
+setfattr: SCRATCH_MNT/dev/p: Operation not permitted
+*** grow value of existing attribute
+setfattr: SCRATCH_MNT/dev/p: Operation not permitted
+*** set an empty value for second attribute
+setfattr: SCRATCH_MNT/dev/p: Operation not permitted
+SCRATCH_MNT/dev/p: user.name2: No such attribute or operation not permitted
+*** overwrite empty value
+setfattr: SCRATCH_MNT/dev/p: Operation not permitted
+SCRATCH_MNT/dev/p: user.name2: No such attribute or operation not permitted
+*** remove attribute
+setfattr: SCRATCH_MNT/dev/p: Operation not permitted
+SCRATCH_MNT/dev/p: user.name2: No such attribute or operation not permitted
+*** final list (strings, type=dev/p, nsp=user)
+
+=== TYPE reg; NAMESPACE trusted
+
+*** set/get one initially empty attribute
+# file: SCRATCH_MNT/reg
+trusted.name
+
+*** overwrite empty, set several new attributes
+*** fetch several attribute names and values (hex)
+# file: SCRATCH_MNT/reg
+trusted.name=0xbabe
+trusted.name2=0xdeadbeef
+trusted.name3=0xdeface
+
+*** fetch several attribute names and values (base64)
+# file: SCRATCH_MNT/reg
+trusted.name=0sur4=
+trusted.name2=0s3q2+7w==
+trusted.name3=0s3vrO
+
+*** shrink value of an existing attribute
+# file: SCRATCH_MNT/reg
+trusted.name=0xbabe
+trusted.name2=0xdeaf
+trusted.name3=0xdeface
+
+*** grow value of existing attribute
+# file: SCRATCH_MNT/reg
+trusted.name=0xbabe
+trusted.name2=0xdecade
+trusted.name3=0xdeface
+
+*** set an empty value for second attribute
+# file: SCRATCH_MNT/reg
+trusted.name2
+
+*** overwrite empty value
+# file: SCRATCH_MNT/reg
+trusted.name2=0xcafe
+
+*** remove attribute
+SCRATCH_MNT/reg: trusted.name2: No such attribute or operation not permitted
+*** final list (strings, type=reg, nsp=trusted)
+# file: SCRATCH_MNT/reg
+trusted.name=0xbabe
+trusted.name3=0xdeface
+user.name=0xbabe
+user.name3=0xdeface
+
+
+=== TYPE dir; NAMESPACE trusted
+
+*** set/get one initially empty attribute
+# file: SCRATCH_MNT/dir
+trusted.name
+
+*** overwrite empty, set several new attributes
+*** fetch several attribute names and values (hex)
+# file: SCRATCH_MNT/dir
+trusted.name=0xbabe
+trusted.name2=0xdeadbeef
+trusted.name3=0xdeface
+
+*** fetch several attribute names and values (base64)
+# file: SCRATCH_MNT/dir
+trusted.name=0sur4=
+trusted.name2=0s3q2+7w==
+trusted.name3=0s3vrO
+
+*** shrink value of an existing attribute
+# file: SCRATCH_MNT/dir
+trusted.name=0xbabe
+trusted.name2=0xdeaf
+trusted.name3=0xdeface
+
+*** grow value of existing attribute
+# file: SCRATCH_MNT/dir
+trusted.name=0xbabe
+trusted.name2=0xdecade
+trusted.name3=0xdeface
+
+*** set an empty value for second attribute
+# file: SCRATCH_MNT/dir
+trusted.name2
+
+*** overwrite empty value
+# file: SCRATCH_MNT/dir
+trusted.name2=0xcafe
+
+*** remove attribute
+SCRATCH_MNT/dir: trusted.name2: No such attribute or operation not permitted
+*** final list (strings, type=dir, nsp=trusted)
+# file: SCRATCH_MNT/dir
+trusted.name=0xbabe
+trusted.name3=0xdeface
+user.name=0xbabe
+user.name3=0xdeface
+
+
+=== TYPE lnk; NAMESPACE trusted
+
+*** set/get one initially empty attribute
+# file: SCRATCH_MNT/lnk
+trusted.name
+
+*** overwrite empty, set several new attributes
+*** fetch several attribute names and values (hex)
+# file: SCRATCH_MNT/lnk
+trusted.name=0xbabe
+trusted.name2=0xdeadbeef
+trusted.name3=0xdeface
+
+*** fetch several attribute names and values (base64)
+# file: SCRATCH_MNT/lnk
+trusted.name=0sur4=
+trusted.name2=0s3q2+7w==
+trusted.name3=0s3vrO
+
+*** shrink value of an existing attribute
+# file: SCRATCH_MNT/lnk
+trusted.name=0xbabe
+trusted.name2=0xdeaf
+trusted.name3=0xdeface
+
+*** grow value of existing attribute
+# file: SCRATCH_MNT/lnk
+trusted.name=0xbabe
+trusted.name2=0xdecade
+trusted.name3=0xdeface
+
+*** set an empty value for second attribute
+# file: SCRATCH_MNT/lnk
+trusted.name2
+
+*** overwrite empty value
+# file: SCRATCH_MNT/lnk
+trusted.name2=0xcafe
+
+*** remove attribute
+SCRATCH_MNT/lnk: trusted.name2: No such attribute or operation not permitted
+*** final list (strings, type=lnk, nsp=trusted)
+# file: SCRATCH_MNT/lnk
+trusted.name=0xbabe
+trusted.name3=0xdeface
+
+
+=== TYPE dev/b; NAMESPACE trusted
+
+*** set/get one initially empty attribute
+# file: SCRATCH_MNT/dev/b
+trusted.name
+
+*** overwrite empty, set several new attributes
+*** fetch several attribute names and values (hex)
+# file: SCRATCH_MNT/dev/b
+trusted.name=0xbabe
+trusted.name2=0xdeadbeef
+trusted.name3=0xdeface
+
+*** fetch several attribute names and values (base64)
+# file: SCRATCH_MNT/dev/b
+trusted.name=0sur4=
+trusted.name2=0s3q2+7w==
+trusted.name3=0s3vrO
+
+*** shrink value of an existing attribute
+# file: SCRATCH_MNT/dev/b
+trusted.name=0xbabe
+trusted.name2=0xdeaf
+trusted.name3=0xdeface
+
+*** grow value of existing attribute
+# file: SCRATCH_MNT/dev/b
+trusted.name=0xbabe
+trusted.name2=0xdecade
+trusted.name3=0xdeface
+
+*** set an empty value for second attribute
+# file: SCRATCH_MNT/dev/b
+trusted.name2
+
+*** overwrite empty value
+# file: SCRATCH_MNT/dev/b
+trusted.name2=0xcafe
+
+*** remove attribute
+SCRATCH_MNT/dev/b: trusted.name2: No such attribute or operation not permitted
+*** final list (strings, type=dev/b, nsp=trusted)
+# file: SCRATCH_MNT/dev/b
+trusted.name=0xbabe
+trusted.name3=0xdeface
+
+
+=== TYPE dev/c; NAMESPACE trusted
+
+*** set/get one initially empty attribute
+# file: SCRATCH_MNT/dev/c
+trusted.name
+
+*** overwrite empty, set several new attributes
+*** fetch several attribute names and values (hex)
+# file: SCRATCH_MNT/dev/c
+trusted.name=0xbabe
+trusted.name2=0xdeadbeef
+trusted.name3=0xdeface
+
+*** fetch several attribute names and values (base64)
+# file: SCRATCH_MNT/dev/c
+trusted.name=0sur4=
+trusted.name2=0s3q2+7w==
+trusted.name3=0s3vrO
+
+*** shrink value of an existing attribute
+# file: SCRATCH_MNT/dev/c
+trusted.name=0xbabe
+trusted.name2=0xdeaf
+trusted.name3=0xdeface
+
+*** grow value of existing attribute
+# file: SCRATCH_MNT/dev/c
+trusted.name=0xbabe
+trusted.name2=0xdecade
+trusted.name3=0xdeface
+
+*** set an empty value for second attribute
+# file: SCRATCH_MNT/dev/c
+trusted.name2
+
+*** overwrite empty value
+# file: SCRATCH_MNT/dev/c
+trusted.name2=0xcafe
+
+*** remove attribute
+SCRATCH_MNT/dev/c: trusted.name2: No such attribute or operation not permitted
+*** final list (strings, type=dev/c, nsp=trusted)
+# file: SCRATCH_MNT/dev/c
+trusted.name=0xbabe
+trusted.name3=0xdeface
+
+
+=== TYPE dev/p; NAMESPACE trusted
+
+*** set/get one initially empty attribute
+# file: SCRATCH_MNT/dev/p
+trusted.name
+
+*** overwrite empty, set several new attributes
+*** fetch several attribute names and values (hex)
+# file: SCRATCH_MNT/dev/p
+trusted.name=0xbabe
+trusted.name2=0xdeadbeef
+trusted.name3=0xdeface
+
+*** fetch several attribute names and values (base64)
+# file: SCRATCH_MNT/dev/p
+trusted.name=0sur4=
+trusted.name2=0s3q2+7w==
+trusted.name3=0s3vrO
+
+*** shrink value of an existing attribute
+# file: SCRATCH_MNT/dev/p
+trusted.name=0xbabe
+trusted.name2=0xdeaf
+trusted.name3=0xdeface
+
+*** grow value of existing attribute
+# file: SCRATCH_MNT/dev/p
+trusted.name=0xbabe
+trusted.name2=0xdecade
+trusted.name3=0xdeface
+
+*** set an empty value for second attribute
+# file: SCRATCH_MNT/dev/p
+trusted.name2
+
+*** overwrite empty value
+# file: SCRATCH_MNT/dev/p
+trusted.name2=0xcafe
+
+*** remove attribute
+SCRATCH_MNT/dev/p: trusted.name2: No such attribute or operation not permitted
+*** final list (strings, type=dev/p, nsp=trusted)
+# file: SCRATCH_MNT/dev/p
+trusted.name=0xbabe
+trusted.name3=0xdeface
+
+
+
+*** extend test bed
+SCRATCH_MNT
+SCRATCH_MNT/descend
+SCRATCH_MNT/descend/and
+SCRATCH_MNT/descend/down
+SCRATCH_MNT/descend/down/here
+SCRATCH_MNT/dev
+SCRATCH_MNT/dev/b
+SCRATCH_MNT/dev/c
+SCRATCH_MNT/dev/p
+SCRATCH_MNT/dir
+SCRATCH_MNT/here
+SCRATCH_MNT/here/up
+SCRATCH_MNT/here/up/ascend
+SCRATCH_MNT/lnk
+SCRATCH_MNT/reg
+
+*** directory descent with us following symlinks
+# file: SCRATCH_MNT/descend
+user.1=0x3233
+user.x=0x797a
+
+# file: SCRATCH_MNT/descend/and/ascend
+trusted.9=0x3837
+trusted.a=0x6263
+
+# file: SCRATCH_MNT/descend/down
+user.1=0x3233
+user.x=0x797a
+
+# file: SCRATCH_MNT/descend/down/here
+user.1=0x3233
+user.x=0x797a
+
+# file: SCRATCH_MNT/dev/b
+trusted.name=0xbabe
+trusted.name3=0xdeface
+
+# file: SCRATCH_MNT/dev/c
+trusted.name=0xbabe
+trusted.name3=0xdeface
+
+# file: SCRATCH_MNT/dev/p
+trusted.name=0xbabe
+trusted.name3=0xdeface
+
+# file: SCRATCH_MNT/dir
+trusted.name=0xbabe
+trusted.name3=0xdeface
+user.name=0xbabe
+user.name3=0xdeface
+
+# file: SCRATCH_MNT/here
+trusted.9=0x3837
+trusted.a=0x6263
+
+# file: SCRATCH_MNT/here/up
+trusted.9=0x3837
+trusted.a=0x6263
+
+# file: SCRATCH_MNT/here/up/ascend
+trusted.9=0x3837
+trusted.a=0x6263
+
+# file: SCRATCH_MNT/lnk
+trusted.name=0xbabe
+trusted.name3=0xdeface
+
+# file: SCRATCH_MNT/reg
+trusted.name=0xbabe
+trusted.name3=0xdeface
+user.name=0xbabe
+user.name3=0xdeface
+
+
+*** directory descent without following symlinks
+# file: SCRATCH_MNT/descend
+user.1=0x3233
+user.x=0x797a
+
+# file: SCRATCH_MNT/descend/down
+user.1=0x3233
+user.x=0x797a
+
+# file: SCRATCH_MNT/descend/down/here
+user.1=0x3233
+user.x=0x797a
+
+# file: SCRATCH_MNT/dev/b
+trusted.name=0xbabe
+trusted.name3=0xdeface
+
+# file: SCRATCH_MNT/dev/c
+trusted.name=0xbabe
+trusted.name3=0xdeface
+
+# file: SCRATCH_MNT/dev/p
+trusted.name=0xbabe
+trusted.name3=0xdeface
+
+# file: SCRATCH_MNT/dir
+trusted.name=0xbabe
+trusted.name3=0xdeface
+user.name=0xbabe
+user.name3=0xdeface
+
+# file: SCRATCH_MNT/here
+trusted.9=0x3837
+trusted.a=0x6263
+
+# file: SCRATCH_MNT/here/up
+trusted.9=0x3837
+trusted.a=0x6263
+
+# file: SCRATCH_MNT/here/up/ascend
+trusted.9=0x3837
+trusted.a=0x6263
+
+# file: SCRATCH_MNT/lnk
+trusted.name=0xbabe
+trusted.name3=0xdeface
+
+# file: SCRATCH_MNT/reg
+trusted.name=0xbabe
+trusted.name3=0xdeface
+user.name=0xbabe
+user.name3=0xdeface
+
+
+
+*** backup everything
+*** clear out the scratch device
+*** reset test bed with no extended attributes
+*** create test bed
+SCRATCH_MNT
+SCRATCH_MNT/dev
+SCRATCH_MNT/dev/b
+SCRATCH_MNT/dev/c
+SCRATCH_MNT/dev/p
+SCRATCH_MNT/dir
+SCRATCH_MNT/lnk
+SCRATCH_MNT/reg
+*** extend test bed
+SCRATCH_MNT
+SCRATCH_MNT/descend
+SCRATCH_MNT/descend/and
+SCRATCH_MNT/descend/down
+SCRATCH_MNT/descend/down/here
+SCRATCH_MNT/dev
+SCRATCH_MNT/dev/b
+SCRATCH_MNT/dev/c
+SCRATCH_MNT/dev/p
+SCRATCH_MNT/dir
+SCRATCH_MNT/here
+SCRATCH_MNT/here/up
+SCRATCH_MNT/here/up/ascend
+SCRATCH_MNT/lnk
+SCRATCH_MNT/reg
+*** restore everything
+*** compare before and after backups
+
+*** unmount
diff --git a/tests/generic/062.out.secure b/tests/generic/062.out.secure
new file mode 100644
index 0000000..1c7214d
--- /dev/null
+++ b/tests/generic/062.out.secure
@@ -0,0 +1,976 @@
+QA output created by 062
+*** create test bed
+SCRATCH_MNT
+SCRATCH_MNT/dev
+SCRATCH_MNT/dev/b
+SCRATCH_MNT/dev/c
+SCRATCH_MNT/dev/p
+SCRATCH_MNT/dir
+SCRATCH_MNT/lnk
+SCRATCH_MNT/reg
+
+=== TYPE reg; NAMESPACE user
+
+*** set/get one initially empty attribute
+# file: SCRATCH_MNT/reg
+user.name
+
+*** overwrite empty, set several new attributes
+*** fetch several attribute names and values (hex)
+# file: SCRATCH_MNT/reg
+user.name=0xbabe
+user.name2=0xdeadbeef
+user.name3=0xdeface
+
+*** fetch several attribute names and values (base64)
+# file: SCRATCH_MNT/reg
+user.name=0sur4=
+user.name2=0s3q2+7w==
+user.name3=0s3vrO
+
+*** shrink value of an existing attribute
+# file: SCRATCH_MNT/reg
+user.name=0xbabe
+user.name2=0xdeaf
+user.name3=0xdeface
+
+*** grow value of existing attribute
+# file: SCRATCH_MNT/reg
+user.name=0xbabe
+user.name2=0xdecade
+user.name3=0xdeface
+
+*** set an empty value for second attribute
+# file: SCRATCH_MNT/reg
+user.name2
+
+*** overwrite empty value
+# file: SCRATCH_MNT/reg
+user.name2=0xcafe
+
+*** remove attribute
+SCRATCH_MNT/reg: user.name2: No such attribute or operation not permitted
+*** final list (strings, type=reg, nsp=user)
+# file: SCRATCH_MNT/reg
+user.name=0xbabe
+user.name3=0xdeface
+
+
+=== TYPE dir; NAMESPACE user
+
+*** set/get one initially empty attribute
+# file: SCRATCH_MNT/dir
+user.name
+
+*** overwrite empty, set several new attributes
+*** fetch several attribute names and values (hex)
+# file: SCRATCH_MNT/dir
+user.name=0xbabe
+user.name2=0xdeadbeef
+user.name3=0xdeface
+
+*** fetch several attribute names and values (base64)
+# file: SCRATCH_MNT/dir
+user.name=0sur4=
+user.name2=0s3q2+7w==
+user.name3=0s3vrO
+
+*** shrink value of an existing attribute
+# file: SCRATCH_MNT/dir
+user.name=0xbabe
+user.name2=0xdeaf
+user.name3=0xdeface
+
+*** grow value of existing attribute
+# file: SCRATCH_MNT/dir
+user.name=0xbabe
+user.name2=0xdecade
+user.name3=0xdeface
+
+*** set an empty value for second attribute
+# file: SCRATCH_MNT/dir
+user.name2
+
+*** overwrite empty value
+# file: SCRATCH_MNT/dir
+user.name2=0xcafe
+
+*** remove attribute
+SCRATCH_MNT/dir: user.name2: No such attribute or operation not permitted
+*** final list (strings, type=dir, nsp=user)
+# file: SCRATCH_MNT/dir
+user.name=0xbabe
+user.name3=0xdeface
+
+
+=== TYPE lnk; NAMESPACE user
+
+*** set/get one initially empty attribute
+setfattr: SCRATCH_MNT/lnk: Operation not permitted
+*** overwrite empty, set several new attributes
+setfattr: SCRATCH_MNT/lnk: Operation not permitted
+setfattr: SCRATCH_MNT/lnk: Operation not permitted
+setfattr: SCRATCH_MNT/lnk: Operation not permitted
+*** fetch several attribute names and values (hex)
+*** fetch several attribute names and values (base64)
+*** shrink value of an existing attribute
+setfattr: SCRATCH_MNT/lnk: Operation not permitted
+*** grow value of existing attribute
+setfattr: SCRATCH_MNT/lnk: Operation not permitted
+*** set an empty value for second attribute
+setfattr: SCRATCH_MNT/lnk: Operation not permitted
+SCRATCH_MNT/lnk: user.name2: No such attribute or operation not permitted
+*** overwrite empty value
+setfattr: SCRATCH_MNT/lnk: Operation not permitted
+SCRATCH_MNT/lnk: user.name2: No such attribute or operation not permitted
+*** remove attribute
+setfattr: SCRATCH_MNT/lnk: Operation not permitted
+SCRATCH_MNT/lnk: user.name2: No such attribute or operation not permitted
+*** final list (strings, type=lnk, nsp=user)
+
+=== TYPE dev/b; NAMESPACE user
+
+*** set/get one initially empty attribute
+setfattr: SCRATCH_MNT/dev/b: Operation not permitted
+*** overwrite empty, set several new attributes
+setfattr: SCRATCH_MNT/dev/b: Operation not permitted
+setfattr: SCRATCH_MNT/dev/b: Operation not permitted
+setfattr: SCRATCH_MNT/dev/b: Operation not permitted
+*** fetch several attribute names and values (hex)
+*** fetch several attribute names and values (base64)
+*** shrink value of an existing attribute
+setfattr: SCRATCH_MNT/dev/b: Operation not permitted
+*** grow value of existing attribute
+setfattr: SCRATCH_MNT/dev/b: Operation not permitted
+*** set an empty value for second attribute
+setfattr: SCRATCH_MNT/dev/b: Operation not permitted
+SCRATCH_MNT/dev/b: user.name2: No such attribute or operation not permitted
+*** overwrite empty value
+setfattr: SCRATCH_MNT/dev/b: Operation not permitted
+SCRATCH_MNT/dev/b: user.name2: No such attribute or operation not permitted
+*** remove attribute
+setfattr: SCRATCH_MNT/dev/b: Operation not permitted
+SCRATCH_MNT/dev/b: user.name2: No such attribute or operation not permitted
+*** final list (strings, type=dev/b, nsp=user)
+
+=== TYPE dev/c; NAMESPACE user
+
+*** set/get one initially empty attribute
+setfattr: SCRATCH_MNT/dev/c: Operation not permitted
+*** overwrite empty, set several new attributes
+setfattr: SCRATCH_MNT/dev/c: Operation not permitted
+setfattr: SCRATCH_MNT/dev/c: Operation not permitted
+setfattr: SCRATCH_MNT/dev/c: Operation not permitted
+*** fetch several attribute names and values (hex)
+*** fetch several attribute names and values (base64)
+*** shrink value of an existing attribute
+setfattr: SCRATCH_MNT/dev/c: Operation not permitted
+*** grow value of existing attribute
+setfattr: SCRATCH_MNT/dev/c: Operation not permitted
+*** set an empty value for second attribute
+setfattr: SCRATCH_MNT/dev/c: Operation not permitted
+SCRATCH_MNT/dev/c: user.name2: No such attribute or operation not permitted
+*** overwrite empty value
+setfattr: SCRATCH_MNT/dev/c: Operation not permitted
+SCRATCH_MNT/dev/c: user.name2: No such attribute or operation not permitted
+*** remove attribute
+setfattr: SCRATCH_MNT/dev/c: Operation not permitted
+SCRATCH_MNT/dev/c: user.name2: No such attribute or operation not permitted
+*** final list (strings, type=dev/c, nsp=user)
+
+=== TYPE dev/p; NAMESPACE user
+
+*** set/get one initially empty attribute
+setfattr: SCRATCH_MNT/dev/p: Operation not permitted
+*** overwrite empty, set several new attributes
+setfattr: SCRATCH_MNT/dev/p: Operation not permitted
+setfattr: SCRATCH_MNT/dev/p: Operation not permitted
+setfattr: SCRATCH_MNT/dev/p: Operation not permitted
+*** fetch several attribute names and values (hex)
+*** fetch several attribute names and values (base64)
+*** shrink value of an existing attribute
+setfattr: SCRATCH_MNT/dev/p: Operation not permitted
+*** grow value of existing attribute
+setfattr: SCRATCH_MNT/dev/p: Operation not permitted
+*** set an empty value for second attribute
+setfattr: SCRATCH_MNT/dev/p: Operation not permitted
+SCRATCH_MNT/dev/p: user.name2: No such attribute or operation not permitted
+*** overwrite empty value
+setfattr: SCRATCH_MNT/dev/p: Operation not permitted
+SCRATCH_MNT/dev/p: user.name2: No such attribute or operation not permitted
+*** remove attribute
+setfattr: SCRATCH_MNT/dev/p: Operation not permitted
+SCRATCH_MNT/dev/p: user.name2: No such attribute or operation not permitted
+*** final list (strings, type=dev/p, nsp=user)
+
+=== TYPE reg; NAMESPACE security
+
+*** set/get one initially empty attribute
+# file: SCRATCH_MNT/reg
+security.name
+
+*** overwrite empty, set several new attributes
+*** fetch several attribute names and values (hex)
+# file: SCRATCH_MNT/reg
+security.name=0xbabe
+security.name2=0xdeadbeef
+security.name3=0xdeface
+
+*** fetch several attribute names and values (base64)
+# file: SCRATCH_MNT/reg
+security.name=0sur4=
+security.name2=0s3q2+7w==
+security.name3=0s3vrO
+
+*** shrink value of an existing attribute
+# file: SCRATCH_MNT/reg
+security.name=0xbabe
+security.name2=0xdeaf
+security.name3=0xdeface
+
+*** grow value of existing attribute
+# file: SCRATCH_MNT/reg
+security.name=0xbabe
+security.name2=0xdecade
+security.name3=0xdeface
+
+*** set an empty value for second attribute
+# file: SCRATCH_MNT/reg
+security.name2
+
+*** overwrite empty value
+# file: SCRATCH_MNT/reg
+security.name2=0xcafe
+
+*** remove attribute
+SCRATCH_MNT/reg: security.name2: No such attribute or operation not permitted
+*** final list (strings, type=reg, nsp=security)
+# file: SCRATCH_MNT/reg
+security.name=0xbabe
+security.name3=0xdeface
+user.name=0xbabe
+user.name3=0xdeface
+
+
+=== TYPE dir; NAMESPACE security
+
+*** set/get one initially empty attribute
+# file: SCRATCH_MNT/dir
+security.name
+
+*** overwrite empty, set several new attributes
+*** fetch several attribute names and values (hex)
+# file: SCRATCH_MNT/dir
+security.name=0xbabe
+security.name2=0xdeadbeef
+security.name3=0xdeface
+
+*** fetch several attribute names and values (base64)
+# file: SCRATCH_MNT/dir
+security.name=0sur4=
+security.name2=0s3q2+7w==
+security.name3=0s3vrO
+
+*** shrink value of an existing attribute
+# file: SCRATCH_MNT/dir
+security.name=0xbabe
+security.name2=0xdeaf
+security.name3=0xdeface
+
+*** grow value of existing attribute
+# file: SCRATCH_MNT/dir
+security.name=0xbabe
+security.name2=0xdecade
+security.name3=0xdeface
+
+*** set an empty value for second attribute
+# file: SCRATCH_MNT/dir
+security.name2
+
+*** overwrite empty value
+# file: SCRATCH_MNT/dir
+security.name2=0xcafe
+
+*** remove attribute
+SCRATCH_MNT/dir: security.name2: No such attribute or operation not permitted
+*** final list (strings, type=dir, nsp=security)
+# file: SCRATCH_MNT/dir
+security.name=0xbabe
+security.name3=0xdeface
+user.name=0xbabe
+user.name3=0xdeface
+
+
+=== TYPE lnk; NAMESPACE security
+
+*** set/get one initially empty attribute
+# file: SCRATCH_MNT/lnk
+security.name
+
+*** overwrite empty, set several new attributes
+*** fetch several attribute names and values (hex)
+# file: SCRATCH_MNT/lnk
+security.name=0xbabe
+security.name2=0xdeadbeef
+security.name3=0xdeface
+
+*** fetch several attribute names and values (base64)
+# file: SCRATCH_MNT/lnk
+security.name=0sur4=
+security.name2=0s3q2+7w==
+security.name3=0s3vrO
+
+*** shrink value of an existing attribute
+# file: SCRATCH_MNT/lnk
+security.name=0xbabe
+security.name2=0xdeaf
+security.name3=0xdeface
+
+*** grow value of existing attribute
+# file: SCRATCH_MNT/lnk
+security.name=0xbabe
+security.name2=0xdecade
+security.name3=0xdeface
+
+*** set an empty value for second attribute
+# file: SCRATCH_MNT/lnk
+security.name2
+
+*** overwrite empty value
+# file: SCRATCH_MNT/lnk
+security.name2=0xcafe
+
+*** remove attribute
+SCRATCH_MNT/lnk: security.name2: No such attribute or operation not permitted
+*** final list (strings, type=lnk, nsp=security)
+# file: SCRATCH_MNT/lnk
+security.name=0xbabe
+security.name3=0xdeface
+
+
+=== TYPE dev/b; NAMESPACE security
+
+*** set/get one initially empty attribute
+# file: SCRATCH_MNT/dev/b
+security.name
+
+*** overwrite empty, set several new attributes
+*** fetch several attribute names and values (hex)
+# file: SCRATCH_MNT/dev/b
+security.name=0xbabe
+security.name2=0xdeadbeef
+security.name3=0xdeface
+
+*** fetch several attribute names and values (base64)
+# file: SCRATCH_MNT/dev/b
+security.name=0sur4=
+security.name2=0s3q2+7w==
+security.name3=0s3vrO
+
+*** shrink value of an existing attribute
+# file: SCRATCH_MNT/dev/b
+security.name=0xbabe
+security.name2=0xdeaf
+security.name3=0xdeface
+
+*** grow value of existing attribute
+# file: SCRATCH_MNT/dev/b
+security.name=0xbabe
+security.name2=0xdecade
+security.name3=0xdeface
+
+*** set an empty value for second attribute
+# file: SCRATCH_MNT/dev/b
+security.name2
+
+*** overwrite empty value
+# file: SCRATCH_MNT/dev/b
+security.name2=0xcafe
+
+*** remove attribute
+SCRATCH_MNT/dev/b: security.name2: No such attribute or operation not permitted
+*** final list (strings, type=dev/b, nsp=security)
+# file: SCRATCH_MNT/dev/b
+security.name=0xbabe
+security.name3=0xdeface
+
+
+=== TYPE dev/c; NAMESPACE security
+
+*** set/get one initially empty attribute
+# file: SCRATCH_MNT/dev/c
+security.name
+
+*** overwrite empty, set several new attributes
+*** fetch several attribute names and values (hex)
+# file: SCRATCH_MNT/dev/c
+security.name=0xbabe
+security.name2=0xdeadbeef
+security.name3=0xdeface
+
+*** fetch several attribute names and values (base64)
+# file: SCRATCH_MNT/dev/c
+security.name=0sur4=
+security.name2=0s3q2+7w==
+security.name3=0s3vrO
+
+*** shrink value of an existing attribute
+# file: SCRATCH_MNT/dev/c
+security.name=0xbabe
+security.name2=0xdeaf
+security.name3=0xdeface
+
+*** grow value of existing attribute
+# file: SCRATCH_MNT/dev/c
+security.name=0xbabe
+security.name2=0xdecade
+security.name3=0xdeface
+
+*** set an empty value for second attribute
+# file: SCRATCH_MNT/dev/c
+security.name2
+
+*** overwrite empty value
+# file: SCRATCH_MNT/dev/c
+security.name2=0xcafe
+
+*** remove attribute
+SCRATCH_MNT/dev/c: security.name2: No such attribute or operation not permitted
+*** final list (strings, type=dev/c, nsp=security)
+# file: SCRATCH_MNT/dev/c
+security.name=0xbabe
+security.name3=0xdeface
+
+
+=== TYPE dev/p; NAMESPACE security
+
+*** set/get one initially empty attribute
+# file: SCRATCH_MNT/dev/p
+security.name
+
+*** overwrite empty, set several new attributes
+*** fetch several attribute names and values (hex)
+# file: SCRATCH_MNT/dev/p
+security.name=0xbabe
+security.name2=0xdeadbeef
+security.name3=0xdeface
+
+*** fetch several attribute names and values (base64)
+# file: SCRATCH_MNT/dev/p
+security.name=0sur4=
+security.name2=0s3q2+7w==
+security.name3=0s3vrO
+
+*** shrink value of an existing attribute
+# file: SCRATCH_MNT/dev/p
+security.name=0xbabe
+security.name2=0xdeaf
+security.name3=0xdeface
+
+*** grow value of existing attribute
+# file: SCRATCH_MNT/dev/p
+security.name=0xbabe
+security.name2=0xdecade
+security.name3=0xdeface
+
+*** set an empty value for second attribute
+# file: SCRATCH_MNT/dev/p
+security.name2
+
+*** overwrite empty value
+# file: SCRATCH_MNT/dev/p
+security.name2=0xcafe
+
+*** remove attribute
+SCRATCH_MNT/dev/p: security.name2: No such attribute or operation not permitted
+*** final list (strings, type=dev/p, nsp=security)
+# file: SCRATCH_MNT/dev/p
+security.name=0xbabe
+security.name3=0xdeface
+
+
+=== TYPE reg; NAMESPACE trusted
+
+*** set/get one initially empty attribute
+# file: SCRATCH_MNT/reg
+trusted.name
+
+*** overwrite empty, set several new attributes
+*** fetch several attribute names and values (hex)
+# file: SCRATCH_MNT/reg
+trusted.name=0xbabe
+trusted.name2=0xdeadbeef
+trusted.name3=0xdeface
+
+*** fetch several attribute names and values (base64)
+# file: SCRATCH_MNT/reg
+trusted.name=0sur4=
+trusted.name2=0s3q2+7w==
+trusted.name3=0s3vrO
+
+*** shrink value of an existing attribute
+# file: SCRATCH_MNT/reg
+trusted.name=0xbabe
+trusted.name2=0xdeaf
+trusted.name3=0xdeface
+
+*** grow value of existing attribute
+# file: SCRATCH_MNT/reg
+trusted.name=0xbabe
+trusted.name2=0xdecade
+trusted.name3=0xdeface
+
+*** set an empty value for second attribute
+# file: SCRATCH_MNT/reg
+trusted.name2
+
+*** overwrite empty value
+# file: SCRATCH_MNT/reg
+trusted.name2=0xcafe
+
+*** remove attribute
+SCRATCH_MNT/reg: trusted.name2: No such attribute or operation not permitted
+*** final list (strings, type=reg, nsp=trusted)
+# file: SCRATCH_MNT/reg
+security.name=0xbabe
+security.name3=0xdeface
+trusted.name=0xbabe
+trusted.name3=0xdeface
+user.name=0xbabe
+user.name3=0xdeface
+
+
+=== TYPE dir; NAMESPACE trusted
+
+*** set/get one initially empty attribute
+# file: SCRATCH_MNT/dir
+trusted.name
+
+*** overwrite empty, set several new attributes
+*** fetch several attribute names and values (hex)
+# file: SCRATCH_MNT/dir
+trusted.name=0xbabe
+trusted.name2=0xdeadbeef
+trusted.name3=0xdeface
+
+*** fetch several attribute names and values (base64)
+# file: SCRATCH_MNT/dir
+trusted.name=0sur4=
+trusted.name2=0s3q2+7w==
+trusted.name3=0s3vrO
+
+*** shrink value of an existing attribute
+# file: SCRATCH_MNT/dir
+trusted.name=0xbabe
+trusted.name2=0xdeaf
+trusted.name3=0xdeface
+
+*** grow value of existing attribute
+# file: SCRATCH_MNT/dir
+trusted.name=0xbabe
+trusted.name2=0xdecade
+trusted.name3=0xdeface
+
+*** set an empty value for second attribute
+# file: SCRATCH_MNT/dir
+trusted.name2
+
+*** overwrite empty value
+# file: SCRATCH_MNT/dir
+trusted.name2=0xcafe
+
+*** remove attribute
+SCRATCH_MNT/dir: trusted.name2: No such attribute or operation not permitted
+*** final list (strings, type=dir, nsp=trusted)
+# file: SCRATCH_MNT/dir
+security.name=0xbabe
+security.name3=0xdeface
+trusted.name=0xbabe
+trusted.name3=0xdeface
+user.name=0xbabe
+user.name3=0xdeface
+
+
+=== TYPE lnk; NAMESPACE trusted
+
+*** set/get one initially empty attribute
+# file: SCRATCH_MNT/lnk
+trusted.name
+
+*** overwrite empty, set several new attributes
+*** fetch several attribute names and values (hex)
+# file: SCRATCH_MNT/lnk
+trusted.name=0xbabe
+trusted.name2=0xdeadbeef
+trusted.name3=0xdeface
+
+*** fetch several attribute names and values (base64)
+# file: SCRATCH_MNT/lnk
+trusted.name=0sur4=
+trusted.name2=0s3q2+7w==
+trusted.name3=0s3vrO
+
+*** shrink value of an existing attribute
+# file: SCRATCH_MNT/lnk
+trusted.name=0xbabe
+trusted.name2=0xdeaf
+trusted.name3=0xdeface
+
+*** grow value of existing attribute
+# file: SCRATCH_MNT/lnk
+trusted.name=0xbabe
+trusted.name2=0xdecade
+trusted.name3=0xdeface
+
+*** set an empty value for second attribute
+# file: SCRATCH_MNT/lnk
+trusted.name2
+
+*** overwrite empty value
+# file: SCRATCH_MNT/lnk
+trusted.name2=0xcafe
+
+*** remove attribute
+SCRATCH_MNT/lnk: trusted.name2: No such attribute or operation not permitted
+*** final list (strings, type=lnk, nsp=trusted)
+# file: SCRATCH_MNT/lnk
+security.name=0xbabe
+security.name3=0xdeface
+trusted.name=0xbabe
+trusted.name3=0xdeface
+
+
+=== TYPE dev/b; NAMESPACE trusted
+
+*** set/get one initially empty attribute
+# file: SCRATCH_MNT/dev/b
+trusted.name
+
+*** overwrite empty, set several new attributes
+*** fetch several attribute names and values (hex)
+# file: SCRATCH_MNT/dev/b
+trusted.name=0xbabe
+trusted.name2=0xdeadbeef
+trusted.name3=0xdeface
+
+*** fetch several attribute names and values (base64)
+# file: SCRATCH_MNT/dev/b
+trusted.name=0sur4=
+trusted.name2=0s3q2+7w==
+trusted.name3=0s3vrO
+
+*** shrink value of an existing attribute
+# file: SCRATCH_MNT/dev/b
+trusted.name=0xbabe
+trusted.name2=0xdeaf
+trusted.name3=0xdeface
+
+*** grow value of existing attribute
+# file: SCRATCH_MNT/dev/b
+trusted.name=0xbabe
+trusted.name2=0xdecade
+trusted.name3=0xdeface
+
+*** set an empty value for second attribute
+# file: SCRATCH_MNT/dev/b
+trusted.name2
+
+*** overwrite empty value
+# file: SCRATCH_MNT/dev/b
+trusted.name2=0xcafe
+
+*** remove attribute
+SCRATCH_MNT/dev/b: trusted.name2: No such attribute or operation not permitted
+*** final list (strings, type=dev/b, nsp=trusted)
+# file: SCRATCH_MNT/dev/b
+security.name=0xbabe
+security.name3=0xdeface
+trusted.name=0xbabe
+trusted.name3=0xdeface
+
+
+=== TYPE dev/c; NAMESPACE trusted
+
+*** set/get one initially empty attribute
+# file: SCRATCH_MNT/dev/c
+trusted.name
+
+*** overwrite empty, set several new attributes
+*** fetch several attribute names and values (hex)
+# file: SCRATCH_MNT/dev/c
+trusted.name=0xbabe
+trusted.name2=0xdeadbeef
+trusted.name3=0xdeface
+
+*** fetch several attribute names and values (base64)
+# file: SCRATCH_MNT/dev/c
+trusted.name=0sur4=
+trusted.name2=0s3q2+7w==
+trusted.name3=0s3vrO
+
+*** shrink value of an existing attribute
+# file: SCRATCH_MNT/dev/c
+trusted.name=0xbabe
+trusted.name2=0xdeaf
+trusted.name3=0xdeface
+
+*** grow value of existing attribute
+# file: SCRATCH_MNT/dev/c
+trusted.name=0xbabe
+trusted.name2=0xdecade
+trusted.name3=0xdeface
+
+*** set an empty value for second attribute
+# file: SCRATCH_MNT/dev/c
+trusted.name2
+
+*** overwrite empty value
+# file: SCRATCH_MNT/dev/c
+trusted.name2=0xcafe
+
+*** remove attribute
+SCRATCH_MNT/dev/c: trusted.name2: No such attribute or operation not permitted
+*** final list (strings, type=dev/c, nsp=trusted)
+# file: SCRATCH_MNT/dev/c
+security.name=0xbabe
+security.name3=0xdeface
+trusted.name=0xbabe
+trusted.name3=0xdeface
+
+
+=== TYPE dev/p; NAMESPACE trusted
+
+*** set/get one initially empty attribute
+# file: SCRATCH_MNT/dev/p
+trusted.name
+
+*** overwrite empty, set several new attributes
+*** fetch several attribute names and values (hex)
+# file: SCRATCH_MNT/dev/p
+trusted.name=0xbabe
+trusted.name2=0xdeadbeef
+trusted.name3=0xdeface
+
+*** fetch several attribute names and values (base64)
+# file: SCRATCH_MNT/dev/p
+trusted.name=0sur4=
+trusted.name2=0s3q2+7w==
+trusted.name3=0s3vrO
+
+*** shrink value of an existing attribute
+# file: SCRATCH_MNT/dev/p
+trusted.name=0xbabe
+trusted.name2=0xdeaf
+trusted.name3=0xdeface
+
+*** grow value of existing attribute
+# file: SCRATCH_MNT/dev/p
+trusted.name=0xbabe
+trusted.name2=0xdecade
+trusted.name3=0xdeface
+
+*** set an empty value for second attribute
+# file: SCRATCH_MNT/dev/p
+trusted.name2
+
+*** overwrite empty value
+# file: SCRATCH_MNT/dev/p
+trusted.name2=0xcafe
+
+*** remove attribute
+SCRATCH_MNT/dev/p: trusted.name2: No such attribute or operation not permitted
+*** final list (strings, type=dev/p, nsp=trusted)
+# file: SCRATCH_MNT/dev/p
+security.name=0xbabe
+security.name3=0xdeface
+trusted.name=0xbabe
+trusted.name3=0xdeface
+
+
+
+*** extend test bed
+SCRATCH_MNT
+SCRATCH_MNT/descend
+SCRATCH_MNT/descend/and
+SCRATCH_MNT/descend/down
+SCRATCH_MNT/descend/down/here
+SCRATCH_MNT/dev
+SCRATCH_MNT/dev/b
+SCRATCH_MNT/dev/c
+SCRATCH_MNT/dev/p
+SCRATCH_MNT/dir
+SCRATCH_MNT/here
+SCRATCH_MNT/here/up
+SCRATCH_MNT/here/up/ascend
+SCRATCH_MNT/lnk
+SCRATCH_MNT/reg
+
+*** directory descent with us following symlinks
+# file: SCRATCH_MNT/descend
+user.1=0x3233
+user.x=0x797a
+
+# file: SCRATCH_MNT/descend/and/ascend
+trusted.9=0x3837
+trusted.a=0x6263
+
+# file: SCRATCH_MNT/descend/down
+user.1=0x3233
+user.x=0x797a
+
+# file: SCRATCH_MNT/descend/down/here
+user.1=0x3233
+user.x=0x797a
+
+# file: SCRATCH_MNT/dev/b
+security.name=0xbabe
+security.name3=0xdeface
+trusted.name=0xbabe
+trusted.name3=0xdeface
+
+# file: SCRATCH_MNT/dev/c
+security.name=0xbabe
+security.name3=0xdeface
+trusted.name=0xbabe
+trusted.name3=0xdeface
+
+# file: SCRATCH_MNT/dev/p
+security.name=0xbabe
+security.name3=0xdeface
+trusted.name=0xbabe
+trusted.name3=0xdeface
+
+# file: SCRATCH_MNT/dir
+security.name=0xbabe
+security.name3=0xdeface
+trusted.name=0xbabe
+trusted.name3=0xdeface
+user.name=0xbabe
+user.name3=0xdeface
+
+# file: SCRATCH_MNT/here
+trusted.9=0x3837
+trusted.a=0x6263
+
+# file: SCRATCH_MNT/here/up
+trusted.9=0x3837
+trusted.a=0x6263
+
+# file: SCRATCH_MNT/here/up/ascend
+trusted.9=0x3837
+trusted.a=0x6263
+
+# file: SCRATCH_MNT/lnk
+security.name=0xbabe
+security.name3=0xdeface
+trusted.name=0xbabe
+trusted.name3=0xdeface
+
+# file: SCRATCH_MNT/reg
+security.name=0xbabe
+security.name3=0xdeface
+trusted.name=0xbabe
+trusted.name3=0xdeface
+user.name=0xbabe
+user.name3=0xdeface
+
+
+*** directory descent without following symlinks
+# file: SCRATCH_MNT/descend
+user.1=0x3233
+user.x=0x797a
+
+# file: SCRATCH_MNT/descend/down
+user.1=0x3233
+user.x=0x797a
+
+# file: SCRATCH_MNT/descend/down/here
+user.1=0x3233
+user.x=0x797a
+
+# file: SCRATCH_MNT/dev/b
+security.name=0xbabe
+security.name3=0xdeface
+trusted.name=0xbabe
+trusted.name3=0xdeface
+
+# file: SCRATCH_MNT/dev/c
+security.name=0xbabe
+security.name3=0xdeface
+trusted.name=0xbabe
+trusted.name3=0xdeface
+
+# file: SCRATCH_MNT/dev/p
+security.name=0xbabe
+security.name3=0xdeface
+trusted.name=0xbabe
+trusted.name3=0xdeface
+
+# file: SCRATCH_MNT/dir
+security.name=0xbabe
+security.name3=0xdeface
+trusted.name=0xbabe
+trusted.name3=0xdeface
+user.name=0xbabe
+user.name3=0xdeface
+
+# file: SCRATCH_MNT/here
+trusted.9=0x3837
+trusted.a=0x6263
+
+# file: SCRATCH_MNT/here/up
+trusted.9=0x3837
+trusted.a=0x6263
+
+# file: SCRATCH_MNT/here/up/ascend
+trusted.9=0x3837
+trusted.a=0x6263
+
+# file: SCRATCH_MNT/lnk
+security.name=0xbabe
+security.name3=0xdeface
+trusted.name=0xbabe
+trusted.name3=0xdeface
+
+# file: SCRATCH_MNT/reg
+security.name=0xbabe
+security.name3=0xdeface
+trusted.name=0xbabe
+trusted.name3=0xdeface
+user.name=0xbabe
+user.name3=0xdeface
+
+
+
+*** backup everything
+*** clear out the scratch device
+*** reset test bed with no extended attributes
+*** create test bed
+SCRATCH_MNT
+SCRATCH_MNT/dev
+SCRATCH_MNT/dev/b
+SCRATCH_MNT/dev/c
+SCRATCH_MNT/dev/p
+SCRATCH_MNT/dir
+SCRATCH_MNT/lnk
+SCRATCH_MNT/reg
+*** extend test bed
+SCRATCH_MNT
+SCRATCH_MNT/descend
+SCRATCH_MNT/descend/and
+SCRATCH_MNT/descend/down
+SCRATCH_MNT/descend/down/here
+SCRATCH_MNT/dev
+SCRATCH_MNT/dev/b
+SCRATCH_MNT/dev/c
+SCRATCH_MNT/dev/p
+SCRATCH_MNT/dir
+SCRATCH_MNT/here
+SCRATCH_MNT/here/up
+SCRATCH_MNT/here/up/ascend
+SCRATCH_MNT/lnk
+SCRATCH_MNT/reg
+*** restore everything
+*** compare before and after backups
+
+*** unmount
-- 
1.8.4.2

Re: [PATCH] fstests: link .out to correct output when we set USE_ATTR_SECURE=yes

[Andreas Grünbacher]

Dongsheng,

2015-08-20 3:01 GMT+02:00 Dongsheng Yang <yangds.fnst@cn.fujitsu.com>:
>
> When we set USE_ATTR_SECURE to yes or no, the expected outputs of generic/062
> would be different. So we need to link the .out to different file.

Can the tests for the different namespaces please be separated from
each other here (see below)?

diff --git a/tests/generic/062 b/tests/generic/062
index 194b638..9dd4498 100755
--- a/tests/generic/062
+++ b/tests/generic/062
@@ -142,6 +142,7 @@ for nsp in $ATTR_MODES; do
                echo "*** final list (strings, type=$inode, nsp=$nsp)"
                getfattr -m '.' -e hex $SCRATCH_MNT/$inode

+               # FIXME: Remove all remaining xattrs
        done
 done

Next, can the security namespace tests be put in their own test case
so that we don't need to switch between two different .out files? This
could be done by setting ATTR_MODES and then invoking
tests/generic/062 to avoid duplicating the entire test script.

Thanks,
Andreas

Re: [kernel.org bug 103071] Dead "security.*" xattr code in ubifs

[Richard Weinberger]

Am 20.08.2015 um 02:50 schrieb Dongsheng Yang:
> Hi Richard,
>     Glad to know you are also using fstests for our ubifs. :)
> About this case, I checked it and found it's a bug in fstests.

Yeah, I'm extending my testbed to use xfstests too. :)
I'm sure these tests will uncover some UBIFS issues.

> Because when we are setting USE_ATTR_SECURE=yes, the output
> would be different with what it expected currently.
>     So, I will send a patch out to fix it. And with a quick
> fix, I found ubifs works well in xattr security.

Oh. Good find!

Thanks,
//richard

Re: [kernel.org bug 103071] Dead "security.*" xattr code in ubifs

[Andreas Grünbacher]

Richard,

2015-08-19 9:51 GMT+02:00 Richard Weinberger <richard@nod.at>:
> My concern is not that we don't need these xattr.
> I'm concerned about commit d7f0b70d30ffb9bbe6b8a3e1035cf0b79965ef53.
> Today it seems to be a no-op. Did it ever work?

The commit also initializes the security context of new inodes, so that part
likely works. It looks like the ubifs_ xattr inode operations will handle
"security.*" attributes just fine.

The "security.*" xattr handler was already dead code when introduced in that
commit, though. I've sent a patch to remove that.

Thanks,
Andreas

Re: [PATCH] fstests: link .out to correct output when we set USE_ATTR_SECURE=yes

[Dave Chinner]

On Thu, Aug 20, 2015 at 08:18:28AM +0200, Andreas Grünbacher wrote:
> Dongsheng,
> 
> 2015-08-20 3:01 GMT+02:00 Dongsheng Yang <yangds.fnst@cn.fujitsu.com>:
> >
> > When we set USE_ATTR_SECURE to yes or no, the expected outputs of generic/062
> > would be different. So we need to link the .out to different file.
> 
> Can the tests for the different namespaces please be separated from
> each other here (see below)?

I certainly agree with this approach ;)

> 
> diff --git a/tests/generic/062 b/tests/generic/062
> index 194b638..9dd4498 100755
> --- a/tests/generic/062
> +++ b/tests/generic/062
> @@ -142,6 +142,7 @@ for nsp in $ATTR_MODES; do
>                 echo "*** final list (strings, type=$inode, nsp=$nsp)"
>                 getfattr -m '.' -e hex $SCRATCH_MNT/$inode
> 
> +               # FIXME: Remove all remaining xattrs
>         done
>  done
> 
> Next, can the security namespace tests be put in their own test case
> so that we don't need to switch between two different .out files? This
> could be done by setting ATTR_MODES and then invoking
> tests/generic/062 to avoid duplicating the entire test script.

Just not the suggested mechanism :)

We can't execute one test from another - that will lead to all sorts
of bad juju occurring with results and timing and so on because they
are all based on $0.  The correct way to do this is to factor the
test internals into a common file, then wrap the common functions
with a new test file.

e.g. see _test_generic_punch(), which started off as corner case
testing the XFS_IOC_ZERORANGE ioctl in a single test, Then got
extended to testing hole punching in a new test, then got factored
into common functions in common/punch, and it is now called by 14
different tests....

Cheers,

Dave.
-- 
Dave Chinner
david@fromorbit.com

Re: [PATCH] fstests: link .out to correct output when we set USE_ATTR_SECURE=yes

[Andreas Grünbacher]

2015-08-20 23:08 GMT+02:00 Dave Chinner <david@fromorbit.com>:
> The correct way to do this [...]

Yes, that's better.

Thanks,
Andreas

Re: [PATCH] fstests: link .out to correct output when we set USE_ATTR_SECURE=yes

[Dongsheng Yang]

On 08/21/2015 05:08 AM, Dave Chinner wrote:
> On Thu, Aug 20, 2015 at 08:18:28AM +0200, Andreas Grünbacher wrote:
>> Dongsheng,
>>
>> 2015-08-20 3:01 GMT+02:00 Dongsheng Yang <yangds.fnst@cn.fujitsu.com>:
>>>
>>> When we set USE_ATTR_SECURE to yes or no, the expected outputs of generic/062
>>> would be different. So we need to link the .out to different file.
>>
>> Can the tests for the different namespaces please be separated from
>> each other here (see below)?
>
> I certainly agree with this approach ;)
>
>>
>> diff --git a/tests/generic/062 b/tests/generic/062
>> index 194b638..9dd4498 100755
>> --- a/tests/generic/062
>> +++ b/tests/generic/062
>> @@ -142,6 +142,7 @@ for nsp in $ATTR_MODES; do
>>                  echo "*** final list (strings, type=$inode, nsp=$nsp)"
>>                  getfattr -m '.' -e hex $SCRATCH_MNT/$inode
>>
>> +               # FIXME: Remove all remaining xattrs
>>          done
>>   done
>>
>> Next, can the security namespace tests be put in their own test case
>> so that we don't need to switch between two different .out files? This
>> could be done by setting ATTR_MODES and then invoking
>> tests/generic/062 to avoid duplicating the entire test script.
>
> Just not the suggested mechanism :)
>
> We can't execute one test from another - that will lead to all sorts
> of bad juju occurring with results and timing and so on because they
> are all based on $0.  The correct way to do this is to factor the
> test internals into a common file, then wrap the common functions
> with a new test file.

Sounds good, thanx Dave and Andreas.

Yang
>
> e.g. see _test_generic_punch(), which started off as corner case
> testing the XFS_IOC_ZERORANGE ioctl in a single test, Then got
> extended to testing hole punching in a new test, then got factored
> into common functions in common/punch, and it is now called by 14
> different tests....
>
> Cheers,
>
> Dave.
>