[PATCH v2 4/6] generic/123, generic/128, afs: Allow for an fs that does its own perm management
Zorro Lang
zlang at redhat.com
Wed Apr 26 07:47:08 PDT 2023
On Mon, Apr 24, 2023 at 03:10:40PM +0100, David Howells wrote:
> The AFS filesystem has its own distributed permission management system
> that's based on a per-cell user and group database used in conjunction with
> ACLs. The user is determined by the authentication token acquired from the
> kaserver or Kerberos, not by the local fsuid/fsgid. For the most part, the
> uid, gid and mask on a file are ignored.
>
> The generic/123 and generic/128 tests check that the UNIX permission bits do
> what would normally be expected of them - but this fails on AFS. Using "su"
> to change the user is not effective on AFS. Instead, "keyctl session" would
> need to be used and an alternative authentication token would need to be
> obtained.
>
> Provide a "_require_unix_perm_checking" clause so that these tests can be
> suppressed in cases such as AFS.
>
> Signed-off-by: David Howells <dhowells at redhat.com>
> Reviewed-by: Darrick J. Wong <djwong at kernel.org>
> ---
Good to me,
Reviewed-by: Zorro Lang <zlang at redhat.com>
> common/rc | 9 +++++++++
> doc/requirement-checking.txt | 8 ++++++++
> tests/generic/123 | 1 +
> tests/generic/128 | 1 +
> 4 files changed, 19 insertions(+)
>
> diff --git a/common/rc b/common/rc
> index e0978a03..4dfc3301 100644
> --- a/common/rc
> +++ b/common/rc
> @@ -5115,6 +5115,15 @@ _require_use_local_uidgid()
> esac
> }
>
> +_require_unix_perm_checking()
> +{
> + case $FSTYP in
> + afs)
> + _notrun "$FSTYP doesn't perform traditional UNIX perm checking"
> + ;;
> + esac
> +}
> +
> init_rc
>
> ################################################################################
> diff --git a/doc/requirement-checking.txt b/doc/requirement-checking.txt
> index f24ecf5c..802bf2a3 100644
> --- a/doc/requirement-checking.txt
> +++ b/doc/requirement-checking.txt
> @@ -18,6 +18,7 @@ they have. This is done with _require_<xxx> macros, which may take parameters.
> _require_exportfs
> _require_sgid_inheritance
> _require_use_local_uidgid
> + _require_unix_perm_checking
>
> (3) System call requirements.
>
> @@ -112,6 +113,13 @@ _require_use_local_uidgid
> filesystems, for example, may choose other settings or not even have these
> concepts available. The test will be skipped if not supported.
>
> +_require_unix_perm_checking
> +
> + The test requires that the $TEST_DEV filesystem performs traditional UNIX
> + file permissions checking. A remote filesystem, for example, might use
> + some alternative distributed permissions model involving authentication
> + tokens rather than the local fsuid/fsgid.
> +
>
> ========================
> SYSTEM CALL REQUIREMENTS
> diff --git a/tests/generic/123 b/tests/generic/123
> index f9b28abb..43f90b46 100755
> --- a/tests/generic/123
> +++ b/tests/generic/123
> @@ -28,6 +28,7 @@ _supported_fs generic
>
> _require_test
> _require_user
> +_require_unix_perm_checking
>
> my_test_subdir=$TEST_DIR/123subdir
>
> diff --git a/tests/generic/128 b/tests/generic/128
> index dc1d43f4..924d6aa8 100755
> --- a/tests/generic/128
> +++ b/tests/generic/128
> @@ -18,6 +18,7 @@ _supported_fs generic
> _require_scratch
> _require_user
> _require_chmod
> +_require_unix_perm_checking
>
> _scratch_mkfs >/dev/null 2>&1
> _scratch_mount "-o nosuid"
>
More information about the linux-afs
mailing list