From: Petr Vorel <pvorel@suse.cz>
To: "Bird, Tim" <Tim.Bird@sony.com>
Cc: "ltp@lists.linux.it" <ltp@lists.linux.it>
Subject: Re: [LTP] [PATCH 1/2] lib: Add checking of needs_root
Date: Wed, 12 Oct 2022 21:13:00 +0200 [thread overview]
Message-ID: <Y0cRvJysXOJcabNL@pevik> (raw)
In-Reply-To: <BYAPR13MB2503DBBBDBB055C42B36DDB0FD229@BYAPR13MB2503.namprd13.prod.outlook.com>
> > -----Original Message-----
> > From: ltp <ltp-bounces+tim.bird=sony.com@lists.linux.it> On Behalf Of Petr Vorel
> > Hi all,
> > The subject "lib: Add checking of needs_root" is a bit misleading
> > as it does not mention at all that it's for the loop device.
> > > We need to check needs_root is set when tst_test->needs_device or
> > > tst_test->mount_device is set since access the /dev/* need a
> > > privilege.
> > FYI we had some discussion about it, quoting Cyril [1]:
> > Well technically you can be added into whatever group is set to
> > /dev/loop-control e.g. disk group and then you can create devices
> > without a need to be a root.
> > So the most correct solution would be checking if we can access
> > /dev/loop-control if tst_test.needs_device is set and if not we would
> > imply needs_root. However this would need to be rethinked properly so
> > that we do not end up creating something complex and not really
> > required.
> > There is also possibility to add custom device via $LTP_DEV. That might allow to
> > add permissions which allow to test without root.
> > I'll write to automated-testing ML (and maybe to LKML ML) to see if people
> > prefers to test without non-root.
> I took a quick look at this, and don't like the change.
> I didn't investigate all the affected tests, and what device exactly is being protected.
> But the overall sense of the change takes makes the authorization checking for tests
> less granular.
> Fuego often runs tests as 'root', but it is also fairly common in Fuego to have a
> dedicated testing user account on a device under test, that has permissions
> for things like mounting, access to device nodes, etc. This change
> would cause tests to break for that account.
Hi Tim,
thanks a lot for confirming that people are using non-root users for testing.
I'm not sure if we ever implement complex checks, but at least we should not
merge this patchset.
Kind regards,
Petr
> That's my 2 cents.
> -- Tim
--
Mailing list info: https://lists.linux.it/listinfo/ltp
next prev parent reply other threads:[~2022-10-12 19:13 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-12 9:15 [LTP] [PATCH 0/2] Optimization reference to needs_root Zhao Gongyi via ltp
2022-10-12 9:15 ` [LTP] [PATCH 1/2] lib: Add checking of needs_root Zhao Gongyi via ltp
2022-10-12 11:33 ` Petr Vorel
2022-10-12 18:47 ` Bird, Tim
2022-10-12 19:13 ` Petr Vorel [this message]
2022-10-12 9:15 ` [LTP] [PATCH 2/2] needs_root: Add setting " Zhao Gongyi via ltp
2022-10-13 7:41 ` Petr Vorel
-- strict thread matches above, loose matches on Subject: below --
2022-10-13 2:32 [LTP] [PATCH 1/2] lib: Add checking " zhaogongyi via ltp
2022-10-13 7:38 ` Petr Vorel
2022-10-13 7:52 zhaogongyi via ltp
2022-10-13 9:11 ` Petr Vorel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y0cRvJysXOJcabNL@pevik \
--to=pvorel@suse.cz \
--cc=Tim.Bird@sony.com \
--cc=ltp@lists.linux.it \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox