From: Kevin Wolf <kwolf@redhat.com>
To: Max Reitz <mreitz@redhat.com>
Cc: qemu-devel@nongnu.org, qemu-block@nongnu.org
Subject: Re: [PATCH v2 6/6] iotests/fuse-allow-other: Test allow-other
Date: Wed, 7 Jul 2021 12:40:22 +0200 [thread overview]
Message-ID: <YOWElpoQUfM1R559@redhat.com> (raw)
In-Reply-To: <20210625142317.271673-7-mreitz@redhat.com>
Am 25.06.2021 um 16:23 hat Max Reitz geschrieben:
> Signed-off-by: Max Reitz <mreitz@redhat.com>
> ---
> tests/qemu-iotests/tests/fuse-allow-other | 175 ++++++++++++++++++
> tests/qemu-iotests/tests/fuse-allow-other.out | 88 +++++++++
> 2 files changed, 263 insertions(+)
> create mode 100755 tests/qemu-iotests/tests/fuse-allow-other
> create mode 100644 tests/qemu-iotests/tests/fuse-allow-other.out
>
> diff --git a/tests/qemu-iotests/tests/fuse-allow-other b/tests/qemu-iotests/tests/fuse-allow-other
> new file mode 100755
> index 0000000000..a513dbce66
> --- /dev/null
> +++ b/tests/qemu-iotests/tests/fuse-allow-other
> @@ -0,0 +1,175 @@
> +#!/usr/bin/env bash
> +# group: rw
> +#
> +# Test FUSE exports' allow-other option
> +#
> +# Copyright (C) 2021 Red Hat, Inc.
> +#
> +# This program is free software; you can redistribute it and/or modify
> +# it under the terms of the GNU General Public License as published by
> +# the Free Software Foundation; either version 2 of the License, or
> +# (at your option) any later version.
> +#
> +# This program is distributed in the hope that it will be useful,
> +# but WITHOUT ANY WARRANTY; without even the implied warranty of
> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> +# GNU General Public License for more details.
> +#
> +# You should have received a copy of the GNU General Public License
> +# along with this program. If not, see <http://www.gnu.org/licenses/>.
> +#
> +
> +seq=$(basename "$0")
> +echo "QA output created by $seq"
> +
> +status=1 # failure is the default!
> +
> +_cleanup()
> +{
> + _cleanup_qemu
> + _cleanup_test_img
> + rm -f "$EXT_MP"
> +}
> +trap "_cleanup; exit \$status" 0 1 2 3 15
> +
> +# get standard environment, filters and checks
> +. ../common.rc
> +. ../common.filter
> +. ../common.qemu
> +
> +_supported_fmt generic
> +
> +_supported_proto file # We create the FUSE export manually
> +
> +sudo -n -u nobody true || \
> + _notrun 'Password-less sudo as nobody required to test allow_other'
> +
> +# $1: Export ID
> +# $2: Options (beyond the node-name and ID)
> +# $3: Expected return value (defaults to 'return')
> +# $4: Node to export (defaults to 'node-format')
> +fuse_export_add()
> +{
> + allow_other_not_supported='option allow_other only allowed if'
> +
> + output=$(
> + success_or_failure=yes _send_qemu_cmd $QEMU_HANDLE \
> + "{'execute': 'block-export-add',
> + 'arguments': {
> + 'type': 'fuse',
> + 'id': '$1',
> + 'node-name': '${4:-node-format}',
> + $2
> + } }" \
> + "${3:-return}" \
> + "$allow_other_not_supported" \
> + | _filter_imgfmt
> + )
> +
> + if echo "$output" | grep -q "$allow_other_not_supported"; then
> + # Shut down qemu gracefully so it can unmount the export
> + _send_qemu_cmd $QEMU_HANDLE \
> + "{'execute': 'quit'}" \
> + 'return'
> +
> + wait=yes _cleanup_qemu
> +
> + _notrun "allow_other not supported"
> + fi
> +
> + echo "$output"
> +}
> +
> +EXT_MP="$TEST_DIR/fuse-export"
> +
> +_make_test_img 64k
> +touch "$EXT_MP"
> +
> +echo
> +echo '=== Test permissions ==='
> +
> +# Test that you can only change permissions on the export with allow-other=true.
> +# We cannot really test the primary reason behind allow-other (i.e. to allow
> +# users other than the current one access to the export), because for that we
> +# would need sudo, which realistically nobody will allow this test to use.
> +# What we can do is test that allow-other=true also enables default_permissions,
> +# i.e. whether we can still read from the file if we remove the read permission.
I don't think this comment is accurate any more now that you're actually
using sudo.
> +# $1: allow-other value ('true' or 'false')
on/off/auto, actually.
I can fix this up while applying, removing the comment block above, and
adjusting this line.
Kevin
next prev parent reply other threads:[~2021-07-07 10:41 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-25 14:23 [PATCH v2 0/6] export/fuse: Allow other users access to the export Max Reitz
2021-06-25 14:23 ` [PATCH v2 1/6] export/fuse: Pass default_permissions for mount Max Reitz
2021-06-25 14:23 ` [PATCH v2 2/6] export/fuse: Add allow-other option Max Reitz
2021-07-07 10:37 ` Kevin Wolf
2021-06-25 14:23 ` [PATCH v2 3/6] export/fuse: Give SET_ATTR_SIZE its own branch Max Reitz
2021-06-25 14:23 ` [PATCH v2 4/6] export/fuse: Let permissions be adjustable Max Reitz
2021-06-25 14:23 ` [PATCH v2 5/6] iotests/308: Test +w on read-only FUSE exports Max Reitz
2021-06-25 14:23 ` [PATCH v2 6/6] iotests/fuse-allow-other: Test allow-other Max Reitz
2021-07-07 10:40 ` Kevin Wolf [this message]
2021-07-07 11:03 ` [PATCH v2 0/6] export/fuse: Allow other users access to the export Kevin Wolf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YOWElpoQUfM1R559@redhat.com \
--to=kwolf@redhat.com \
--cc=mreitz@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).