diff options
| author | Hanna Reitz <hreitz@redhat.com> | 2022-01-03 13:00:14 +0100 |
|---|---|---|
| committer | Kevin Wolf <kwolf@redhat.com> | 2022-01-14 12:03:16 +0100 |
| commit | e2eec2819a96f3a5d68f899c836ad365468cec01 (patch) | |
| tree | b7520cd17851804691eb77f84e3a9a55fbc0a1e4 /tests | |
| parent | 2ca1d5d6b91f8a52a5c651f660b2f58c94bf97ba (diff) | |
| download | qemu-e2eec2819a96f3a5d68f899c836ad365468cec01.zip qemu-e2eec2819a96f3a5d68f899c836ad365468cec01.tar.gz qemu-e2eec2819a96f3a5d68f899c836ad365468cec01.tar.bz2 | |
iotests/308: Fix for CAP_DAC_OVERRIDE
With CAP_DAC_OVERRIDE (which e.g. root generally has), permission checks
will be bypassed when opening files.
308 in one instance tries to open a read-only file (FUSE export) with
qemu-io as read/write, and expects this to fail. However, when running
it as root, opening will succeed (thanks to CAP_DAC_OVERRIDE) and only
the actual write operation will fail.
Note this as "Case not run", but have the test pass in either case.
Reported-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Fixes: 2c7dd057aa7bd7a875e9b1a53975c220d6380bc4
("export/fuse: Pass default_permissions for mount")
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
Message-Id: <20220103120014.13061-1-hreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Diffstat (limited to 'tests')
| -rwxr-xr-x | tests/qemu-iotests/308 | 25 | ||||
| -rw-r--r-- | tests/qemu-iotests/308.out | 2 |
2 files changed, 24 insertions, 3 deletions
diff --git a/tests/qemu-iotests/308 b/tests/qemu-iotests/308 index 2e3f8f4..bde4aac 100755 --- a/tests/qemu-iotests/308 +++ b/tests/qemu-iotests/308 @@ -230,8 +230,29 @@ echo '=== Writable export ===' fuse_export_add 'export-mp' "'mountpoint': '$EXT_MP', 'writable': true" # Check that writing to the read-only export fails -$QEMU_IO -f raw -c 'write -P 42 1M 64k' "$TEST_IMG" 2>&1 \ - | _filter_qemu_io | _filter_testdir | _filter_imgfmt +output=$($QEMU_IO -f raw -c 'write -P 42 1M 64k' "$TEST_IMG" 2>&1 \ + | _filter_qemu_io | _filter_testdir | _filter_imgfmt) + +# Expected reference output: Opening the file fails because it has no +# write permission +reference="Could not open 'TEST_DIR/t.IMGFMT': Permission denied" + +if echo "$output" | grep -q "$reference"; then + echo "Writing to read-only export failed: OK" +elif echo "$output" | grep -q "write failed: Permission denied"; then + # With CAP_DAC_OVERRIDE (e.g. when running this test as root), the export + # can be opened regardless of its file permissions, but writing will then + # fail. This is not the result for which we want to test, so count this as + # a SKIP. + _casenotrun "Opening RO export as R/W succeeded, perhaps because of" \ + "CAP_DAC_OVERRIDE" + + # Still, write this to the reference output to make the test pass + echo "Writing to read-only export failed: OK" +else + echo "Writing to read-only export failed: ERROR" + echo "$output" +fi # But here it should work $QEMU_IO -f raw -c 'write -P 42 1M 64k' "$EXT_MP" | _filter_qemu_io diff --git a/tests/qemu-iotests/308.out b/tests/qemu-iotests/308.out index fc47bb1..e4467a1 100644 --- a/tests/qemu-iotests/308.out +++ b/tests/qemu-iotests/308.out @@ -95,7 +95,7 @@ virtual size: 0 B (0 bytes) 'mountpoint': 'TEST_DIR/t.IMGFMT.fuse', 'writable': true } } {"return": {}} -qemu-io: can't open device TEST_DIR/t.IMGFMT: Could not open 'TEST_DIR/t.IMGFMT': Permission denied +Writing to read-only export failed: OK wrote 65536/65536 bytes at offset 1048576 64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) wrote 65536/65536 bytes at offset 1048576 |