Here are few tests for config file with default permissions, including
setting SUID, SGID and sticky bits to files/directories.
Signed-off-by: Jan Safranek <jsafr...@redhat.com>
---
.../permissions_default1.conf | 64 ++++++++++++++++
.../permissions_default2.conf | 82 ++++++++++++++++++++
.../permissions_default3.conf | 64 ++++++++++++++++
tests/tools/cgconfigparser/permissions | 65 +++++++++++++++-
4 files changed, 270 insertions(+), 5 deletions(-)
create mode 100644
tests/tools/cgconfigparser/cgconfigparser_conf_files/permissions_default1.conf
create mode 100644
tests/tools/cgconfigparser/cgconfigparser_conf_files/permissions_default2.conf
create mode 100644
tests/tools/cgconfigparser/cgconfigparser_conf_files/permissions_default3.conf
diff --git
a/tests/tools/cgconfigparser/cgconfigparser_conf_files/permissions_default1.conf
b/tests/tools/cgconfigparser/cgconfigparser_conf_files/permissions_default1.conf
new file mode 100644
index 0000000..3138d11
--- /dev/null
+++
b/tests/tools/cgconfigparser/cgconfigparser_conf_files/permissions_default1.conf
@@ -0,0 +1,64 @@
+mount {
+ cpu = /TMP/cgroups/cpu;
+ cpuacct = /TMP/cgroups/cpu;
+}
+
+default {
+ perm {
+ task {
+ uid=nobody;
+ gid=nobody;
+ fperm=757;
+ }
+ admin {
+ uid = nobody;
+ gid = nobody;
+ dperm = 757;
+ fperm = 757;
+ }
+ }
+}
+
+# inherit default
+group daemons/www {
+ cpu {
+ cpu.shares = "1000";
+ }
+}
+
+#override default
+group daemons/ftp {
+ perm {
+ task {
+ uid = root;
+ gid = root;
+ fperm = 274;
+ }
+ admin {
+ uid = root;
+ gid = root;
+ dperm = 742;
+ fperm = 427;
+ }
+ }
+ cpu {
+ cpu.shares = "500";
+ }
+}
+
+# override some default
+group daemons/ssh {
+ perm {
+ task {
+ uid = root;
+ fperm = 274;
+ }
+ admin {
+ uid = root;
+ fperm = 427;
+ }
+ }
+ cpu {
+ cpu.shares = "500";
+ }
+}
diff --git
a/tests/tools/cgconfigparser/cgconfigparser_conf_files/permissions_default2.conf
b/tests/tools/cgconfigparser/cgconfigparser_conf_files/permissions_default2.conf
new file mode 100644
index 0000000..b8021ea
--- /dev/null
+++
b/tests/tools/cgconfigparser/cgconfigparser_conf_files/permissions_default2.conf
@@ -0,0 +1,82 @@
+mount {
+ cpu = /TMP/cgroups/cpu;
+ cpuacct = /TMP/cgroups/cpu;
+}
+
+default {
+ perm {
+ task {
+ uid=root;
+ gid=root;
+ fperm=700;
+ }
+ admin {
+ uid = root;
+ gid = root;
+ dperm = 700;
+ fperm = 700;
+ }
+ }
+}
+
+
+# inherit default
+group daemons/www {
+ cpu {
+ cpu.shares = "1000";
+ }
+}
+
+#override default
+group daemons/ftp {
+ perm {
+ task {
+ uid = root;
+ gid = root;
+ fperm = 274;
+ }
+ admin {
+ uid = root;
+ gid = root;
+ dperm = 742;
+ fperm = 427;
+ }
+ }
+ cpu {
+ cpu.shares = "500";
+ }
+}
+
+# override some default
+group daemons/ssh {
+ perm {
+ task {
+ uid = root;
+ fperm = 274;
+ }
+ admin {
+ uid = root;
+ fperm = 427;
+ }
+ }
+ cpu {
+ cpu.shares = "500";
+ }
+}
+
+# second default, wins
+default {
+ perm {
+ task {
+ uid=nobody;
+ gid=nobody;
+ fperm=757;
+ }
+ admin {
+ uid = nobody;
+ gid = nobody;
+ dperm = 757;
+ fperm = 757;
+ }
+ }
+}
diff --git
a/tests/tools/cgconfigparser/cgconfigparser_conf_files/permissions_default3.conf
b/tests/tools/cgconfigparser/cgconfigparser_conf_files/permissions_default3.conf
new file mode 100644
index 0000000..99465a5
--- /dev/null
+++
b/tests/tools/cgconfigparser/cgconfigparser_conf_files/permissions_default3.conf
@@ -0,0 +1,64 @@
+mount {
+ cpu = /TMP/cgroups/cpu;
+ cpuacct = /TMP/cgroups/cpu;
+}
+
+default {
+ perm {
+ task {
+ uid=nobody;
+ gid=nobody;
+ fperm=1757;
+ }
+ admin {
+ uid = nobody;
+ gid = nobody;
+ dperm = 2757;
+ fperm = 7757;
+ }
+ }
+}
+
+# inherit default
+group daemons/www {
+ cpu {
+ cpu.shares = "1000";
+ }
+}
+
+#override default
+group daemons/ftp {
+ perm {
+ task {
+ uid = root;
+ gid = root;
+ fperm = 274;
+ }
+ admin {
+ uid = root;
+ gid = root;
+ dperm = 742;
+ fperm = 427;
+ }
+ }
+ cpu {
+ cpu.shares = "500";
+ }
+}
+
+# override some default
+group daemons/ssh {
+ perm {
+ task {
+ uid = root;
+ fperm = 274;
+ }
+ admin {
+ uid = root;
+ fperm = 427;
+ }
+ }
+ cpu {
+ cpu.shares = "500";
+ }
+}
diff --git a/tests/tools/cgconfigparser/permissions
b/tests/tools/cgconfigparser/permissions
index 35e93d7..0f02e02 100755
--- a/tests/tools/cgconfigparser/permissions
+++ b/tests/tools/cgconfigparser/permissions
@@ -6,11 +6,6 @@
CONFDIR=$TESTDIR/tools/cgconfigparser/cgconfigparser_conf_files
-# all mount points are in /$TMP/cgroups
-mkdir /$TMP/cgroups/ 2>/dev/null
-$TOOLSDIR/cgconfigparser -l `prepare_config $CONFDIR/permissions.conf` || \
- die "cgconfigparser -l $CONFDIR/permissions.conf failed"
-
# permissions test
function check_perm()
{
@@ -36,6 +31,12 @@ function check_perm()
fi
}
+# all mount points are in /$TMP/cgroups
+mkdir /$TMP/cgroups/ 2>/dev/null
+
+# STEP1: simple config file without default section
+$TOOLSDIR/cgconfigparser -l `prepare_config $CONFDIR/permissions.conf` || \
+ die "STEP1: cgconfigparser -l $CONFDIR/permissions.conf failed"
check_perm "STEP1" "/$TMP/cgroups/cpu/daemons/www" 770 root root
check_perm "STEP1" "/$TMP/cgroups/cpu/daemons/www/cpu.shares" 666 root root
check_perm "STEP1" "/$TMP/cgroups/cpu/daemons/www/tasks" 640 root nobody
@@ -44,6 +45,60 @@ check_perm "STEP1" "/$TMP/cgroups/cpu/daemons/ftp" 742 root
root
check_perm "STEP1" "/$TMP/cgroups/cpu/daemons/ftp/cpu.shares" 426 root root
check_perm "STEP1" "/$TMP/cgroups/cpu/daemons/ftp/tasks" 264 root nobody
+$TOOLSDIR/cgclear || die "STEP1: cgclear failed"
+
+# STEP2: config file with one default section
+$TOOLSDIR/cgconfigparser -l `prepare_config
$CONFDIR/permissions_default1.conf` || \
+ die "STEP2: cgconfigparser -l $CONFDIR/permissions_default1.conf failed"
+
+check_perm "STEP2" "/$TMP/cgroups/cpu/daemons/www" 757 nobody nobody
+check_perm "STEP2" "/$TMP/cgroups/cpu/daemons/www/cpu.shares" 646 nobody nobody
+check_perm "STEP2" "/$TMP/cgroups/cpu/daemons/www/tasks" 646 nobody nobody
+
+check_perm "STEP2" "/$TMP/cgroups/cpu/daemons/ftp" 742 root root
+check_perm "STEP2" "/$TMP/cgroups/cpu/daemons/ftp/cpu.shares" 426 root root
+check_perm "STEP2" "/$TMP/cgroups/cpu/daemons/ftp/tasks" 264 root root
+
+check_perm "STEP2" "/$TMP/cgroups/cpu/daemons/ssh" 757 root nobody
+check_perm "STEP2" "/$TMP/cgroups/cpu/daemons/ssh/cpu.shares" 426 root nobody
+check_perm "STEP2" "/$TMP/cgroups/cpu/daemons/ssh/tasks" 264 root nobody
+
+$TOOLSDIR/cgclear || die "cgclear failed"
+
+# STEP3: config file with two default sections - the last wins
+$TOOLSDIR/cgconfigparser -l `prepare_config
$CONFDIR/permissions_default2.conf` || \
+ die "STEP3: cgconfigparser -l $CONFDIR/permissions_default2.conf failed"
+
+check_perm "STEP3" "/$TMP/cgroups/cpu/daemons/www" 757 nobody nobody
+check_perm "STEP3" "/$TMP/cgroups/cpu/daemons/www/cpu.shares" 646 nobody nobody
+check_perm "STEP3" "/$TMP/cgroups/cpu/daemons/www/tasks" 646 nobody nobody
+
+check_perm "STEP3" "/$TMP/cgroups/cpu/daemons/ftp" 742 root root
+check_perm "STEP3" "/$TMP/cgroups/cpu/daemons/ftp/cpu.shares" 426 root root
+check_perm "STEP3" "/$TMP/cgroups/cpu/daemons/ftp/tasks" 264 root root
+
+check_perm "STEP3" "/$TMP/cgroups/cpu/daemons/ssh" 757 root nobody
+check_perm "STEP3" "/$TMP/cgroups/cpu/daemons/ssh/cpu.shares" 426 root nobody
+check_perm "STEP3" "/$TMP/cgroups/cpu/daemons/ssh/tasks" 264 root nobody
+
+$TOOLSDIR/cgclear || die "cgclear failed"
+
+# STEP4: config file with one default section, now with SUID and SGID bits
+$TOOLSDIR/cgconfigparser -l `prepare_config
$CONFDIR/permissions_default3.conf` || \
+ die "STEP4: cgconfigparser -l $CONFDIR/permissions_default3.conf failed"
+
+check_perm "STEP4" "/$TMP/cgroups/cpu/daemons/www" 2757 nobody nobody
+check_perm "STEP4" "/$TMP/cgroups/cpu/daemons/www/cpu.shares" 7646 nobody
nobody
+check_perm "STEP4" "/$TMP/cgroups/cpu/daemons/www/tasks" 1646 nobody nobody
+
+check_perm "STEP4" "/$TMP/cgroups/cpu/daemons/ftp" 742 root root
+check_perm "STEP4" "/$TMP/cgroups/cpu/daemons/ftp/cpu.shares" 426 root root
+check_perm "STEP4" "/$TMP/cgroups/cpu/daemons/ftp/tasks" 264 root root
+
+check_perm "STEP4" "/$TMP/cgroups/cpu/daemons/ssh" 2757 root nobody
+check_perm "STEP4" "/$TMP/cgroups/cpu/daemons/ssh/cpu.shares" 426 root nobody
+check_perm "STEP4" "/$TMP/cgroups/cpu/daemons/ssh/tasks" 264 root nobody
+
$TOOLSDIR/cgclear || die "cgclear failed"
cleanup
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Libcg-devel mailing list
Libcg-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libcg-devel
