Re: [PATCH v2 6/6] iotests/fuse-allow-other: Test allow-other

[Kevin Wolf]

Am 25.06.2021 um 16:23 hat Max Reitz geschrieben:
> Signed-off-by: Max Reitz <mreitz@redhat.com>
> ---
>  tests/qemu-iotests/tests/fuse-allow-other     | 175 ++++++++++++++++++
>  tests/qemu-iotests/tests/fuse-allow-other.out |  88 +++++++++
>  2 files changed, 263 insertions(+)
>  create mode 100755 tests/qemu-iotests/tests/fuse-allow-other
>  create mode 100644 tests/qemu-iotests/tests/fuse-allow-other.out
> 
> diff --git a/tests/qemu-iotests/tests/fuse-allow-other 
> b/tests/qemu-iotests/tests/fuse-allow-other
> new file mode 100755
> index 0000000000..a513dbce66
> --- /dev/null
> +++ b/tests/qemu-iotests/tests/fuse-allow-other
> @@ -0,0 +1,175 @@
> +#!/usr/bin/env bash
> +# group: rw
> +#
> +# Test FUSE exports' allow-other option
> +#
> +# Copyright (C) 2021 Red Hat, Inc.
> +#
> +# This program is free software; you can redistribute it and/or modify
> +# it under the terms of the GNU General Public License as published by
> +# the Free Software Foundation; either version 2 of the License, or
> +# (at your option) any later version.
> +#
> +# This program is distributed in the hope that it will be useful,
> +# but WITHOUT ANY WARRANTY; without even the implied warranty of
> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> +# GNU General Public License for more details.
> +#
> +# You should have received a copy of the GNU General Public License
> +# along with this program.  If not, see <http://www.gnu.org/licenses/>.
> +#
> +
> +seq=$(basename "$0")
> +echo "QA output created by $seq"
> +
> +status=1     # failure is the default!
> +
> +_cleanup()
> +{
> +    _cleanup_qemu
> +    _cleanup_test_img
> +    rm -f "$EXT_MP"
> +}
> +trap "_cleanup; exit \$status" 0 1 2 3 15
> +
> +# get standard environment, filters and checks
> +. ../common.rc
> +. ../common.filter
> +. ../common.qemu
> +
> +_supported_fmt generic
> +
> +_supported_proto file # We create the FUSE export manually
> +
> +sudo -n -u nobody true || \
> +    _notrun 'Password-less sudo as nobody required to test allow_other'
> +
> +# $1: Export ID
> +# $2: Options (beyond the node-name and ID)
> +# $3: Expected return value (defaults to 'return')
> +# $4: Node to export (defaults to 'node-format')
> +fuse_export_add()
> +{
> +    allow_other_not_supported='option allow_other only allowed if'
> +
> +    output=$(
> +        success_or_failure=yes _send_qemu_cmd $QEMU_HANDLE \
> +            "{'execute': 'block-export-add',
> +              'arguments': {
> +                  'type': 'fuse',
> +                  'id': '$1',
> +                  'node-name': '${4:-node-format}',
> +                  $2
> +              } }" \
> +            "${3:-return}" \
> +            "$allow_other_not_supported" \
> +            | _filter_imgfmt
> +    )
> +
> +    if echo "$output" | grep -q "$allow_other_not_supported"; then
> +        # Shut down qemu gracefully so it can unmount the export
> +        _send_qemu_cmd $QEMU_HANDLE \
> +            "{'execute': 'quit'}" \
> +            'return'
> +
> +        wait=yes _cleanup_qemu
> +
> +        _notrun "allow_other not supported"
> +    fi
> +
> +    echo "$output"
> +}
> +
> +EXT_MP="$TEST_DIR/fuse-export"
> +
> +_make_test_img 64k
> +touch "$EXT_MP"
> +
> +echo
> +echo '=== Test permissions ==='
> +
> +# Test that you can only change permissions on the export with 
> allow-other=true.
> +# We cannot really test the primary reason behind allow-other (i.e. to allow
> +# users other than the current one access to the export), because for that we
> +# would need sudo, which realistically nobody will allow this test to use.
> +# What we can do is test that allow-other=true also enables 
> default_permissions,
> +# i.e. whether we can still read from the file if we remove the read 
> permission.

I don't think this comment is accurate any more now that you're actually
using sudo.

> +# $1: allow-other value ('true' or 'false')

on/off/auto, actually.

I can fix this up while applying, removing the comment block above, and
adjusting this line.

Kevin