[PATCH 5/9] generic/123, generic/128, afs: Allow for an fs that does its own perm management
Darrick J. Wong
djwong at kernel.org
Tue May 25 09:19:26 PDT 2021
On Tue, May 25, 2021 at 02:34:22PM +0100, David Howells wrote:
> The AFS filesystem has its own distributed permission management system
> that's based on a per-cell user and group database used in conjunction with
> ACLs. The user is determined by the authentication token acquired from the
> kaserver or Kerberos, not by the local fsuid/fsgid. For the most part, the
> uid, gid and mask on a file are ignored.
>
> The generic/123 and generic/128 tests check that the UNIX permission bits do
> what would normally be expected of them - but this fails on AFS. Using "su"
> to change the user is not effective on AFS. Instead, "keyctl session" would
> need to be used and an alternative authentication token would need to be
> obtained.
>
> Provide a "_require_unix_perm_checking" clause so that these tests can be
> suppressed in cases such as AFS.
>
> Signed
Looks ok,
Reviewed
(I'll send the rest when the remainder of the SoB comes in. :P)
--D
> ---
>
> common/rc | 9 +++++++++
> doc/requirement-checking.txt | 8 ++++++++
> tests/generic/123 | 1 +
> tests/generic/128 | 1 +
> 4 files changed, 19 insertions(+)
>
> diff --git a/common/rc b/common/rc
> index a04433da..e25967d9 100644
> --- a/common/rc
> +++ b/common/rc
> @@ -4631,6 +4631,15 @@ _require_use_local_uidgid()
> esac
> }
>
> +_require_unix_perm_checking()
> +{
> + case $FSTYP in
> + afs)
> + _notrun "$FSTYP doesn't perform traditional UNIX perm checking"
> + ;;
> + esac
> +}
> +
> init_rc
>
> ################################################################################
> diff --git a/doc/requirement-checking.txt b/doc/requirement-checking.txt
> index c945e16a..9be7a84c 100644
> --- a/doc/requirement-checking.txt
> +++ b/doc/requirement-checking.txt
> @@ -20,6 +20,7 @@ they have. This is done with _require_<xxx> macros, which may take parameters.
> _has_mknod
> _require_sgid_inheritance
> _require_use_local_uidgid
> + _require_unix_perm_checking
>
> (3) System call requirements.
>
> @@ -121,6 +122,13 @@ _require_use_local_uidgid
> filesystems, for example, may choose other settings or not even have these
> concepts available. The test will be skipped if not supported.
>
> +_require_unix_perm_checking
> +
> + The test requires that the $TEST_DEV filesystem performs traditional UNIX
> + file permissions checking. A remote filesystem, for example, might use
> + some alternative distributed permissions model involving authentication
> + tokens rather than the local fsuid/fsgid.
> +
>
> ========================
> SYSTEM CALL REQUIREMENTS
> diff --git a/tests/generic/123 b/tests/generic/123
> index d2362e72..99ee4b9b 100755
> --- a/tests/generic/123
> +++ b/tests/generic/123
> @@ -33,6 +33,7 @@ _supported_fs generic
>
> _require_test
> _require_user
> +_require_unix_perm_checking
>
> my_test_subdir=$TEST_DIR/123subdir
>
> diff --git a/tests/generic/128 b/tests/generic/128
> index c1eae77a..91fdca1e 100755
> --- a/tests/generic/128
> +++ b/tests/generic/128
> @@ -25,6 +25,7 @@ _supported_fs generic
> _require_scratch
> _require_user
> _require_chmod
> +_require_unix_perm_checking
>
> _scratch_mkfs >/dev/null 2>&1
> _scratch_mount "-o nosuid"
>
>
More information about the linux-afs
mailing list