Re: [LTP] [PATCH] fs/acls: fix some permission issue in the testcase

Zeng Linggang Mon, 09 Mar 2015 19:26:06 -0700

On Mon, 2015-03-09 at 17:43 +0800, Li Wang wrote:
> hi,
> 
> The acl_test01 failed with a series of permission issue when runing on RHEL:
>       useradd: cannot set SELinux context for home directory
>       /mnt/testarea/ltp-KIK01kZbbL/tacl/mount-ext3/acltest1
>       Could not add test user acltest1.
>       /dev/loop1 on /mnt/testarea/ltp-KIK01kZbbL/tacl/mount-ext3
>       type ext3 (rw,relatime,seclabel,data=ordered)
>       ...
> 
> A proposal fixed patch and test results as below:
> 
>       TESTING ACLS FOR USER root
>       Trying extended acls for files
>       Extended acls for files (PASSED)
>       Trying extended acls for file links
>       Extended acls for links (PASSED)
> 
>       TESTING ACLS FOR 2ND USER acltest1
>       Trying extended acls for files
>       Extended acls for files (PASSED)
>       Trying extended acls for file links
>       Extended acls for links (PASSED)
>       ...
> 
> Thanks.
> 
> Signed-off-by: Li Wang <liw...@redhat.com>
> ---
>  testcases/kernel/fs/acls/acl_test01 | 25 +++++++++++++++++++++++--
>  1 file changed, 23 insertions(+), 2 deletions(-)
> 
> diff --git a/testcases/kernel/fs/acls/acl_test01 
> b/testcases/kernel/fs/acls/acl_test01
> index af65213..5aa5823 100755
> --- a/testcases/kernel/fs/acls/acl_test01
> +++ b/testcases/kernel/fs/acls/acl_test01
> @@ -52,15 +52,30 @@ FILE_ACL="$TMP/tacl/mount-ext3/test_file"
>  FILE_ACL_LINK="$TMP/tacl/mount-ext3/test_file_link"
>  TCbin=`pwd`
>  
> +SESTATUS=`/usr/sbin/sestatus |grep "SELinux status"|awk '{print $3}'`
> +if [ "$SESTATUS" = "enabled" ]; then
> +     export SELINUX=`getenforce`
> +else
> +     export SELINUX="disabled"
> +
> +fi
> +
>  #-----------------------------------------------------------------------
>  # FUNCTION:  do_setup
>  #-----------------------------------------------------------------------
>  
>  do_setup(){
>  
> +     tst_require_root
> +
>       rm -f $FILE_ACL
>       rm -f $FILE_ACL_LINK
>  
> +     if [ "$SELINUX" = "Enforcing" ]; then
> +             echo "set the SElinux to Permissive."
> +             setenforce 0
> +     fi
> +
>       if [ "x$TEST_USER1_HOMEDIR" = "x" ]; then
>               echo "Could not find user $TEST_USER1's home directory."
>               exit 1
> @@ -91,6 +106,11 @@ do_cleanup() {
>       mount | grep "$TMP/tacl/mount-ext3" && umount -d $TMP/tacl/mount-ext3
>       [ "x$LOOP_DEV" != x ] && losetup -d $LOOP_DEV
>       rm -rf $TMP/tacl
> +
> +     if [ "$SELNUX" = "Enforcing" ]; then


At the begin, SELINUX is Enforcing.
Then you set SELINUX to Permissive.
Here $SELINUX(`getenforce`) is also Permissive, not Enforcing.
Now you could not set it to Enforcing.

How about:
1.
SELINUX=$(getenforce)

2.
# We could not consider whether the SElinux is Disabled or Permissive.
# We only set it to Permissive when it is Enforcing.
if [ "${SELINUX} = "Enforcing" ]; then
        echo "set the SElinux to Permissive."
        setenforce 0
fi

...

3.
# We set it back to Enforcing.
if [ "${SELINUX} = "Enforcing" ]; then
        setenforce 1
fi

...

Thanks,
Zeng

> +             echo "set the SElinux to Enforcing."
> +             setenforce 1
> +     fi
>  }
>  
>  #-----------------------------------------------------------------------
> @@ -177,7 +197,7 @@ then
>       setfacl -m u:$TEST_USER1:r $FILE_ACL
>  
>       echo "Trying extended acls for files"
> -     ${TCbin}/acl_file_test $FILE_ACL
> +     $TMP/tacl/mount-ext3/acl_file_test $FILE_ACL
>       if [ $? -ne 0 ]
>       then
>               EXIT_CODE=1
> @@ -187,7 +207,7 @@ then
>       fi
>  
>       echo "Trying extended acls for file links"
> -     ${TCbin}/acl_link_test $FILE_ACL_LINK
> +     $TMP/tacl/mount-ext3/acl_link_test $FILE_ACL_LINK
>       if [ $? -ne 0 ]
>       then
>               EXIT_CODE=1
> @@ -227,6 +247,7 @@ else
>               echo "Extended acls for links (PASSED)"
>       fi
>  
> +     cp ${TCbin}/acl_link_test ${TCbin}/acl_file_test $TMP/tacl/mount-ext3/
>       chown $TEST_USER1 $FILE_ACL
>       chown $TEST_USER1 $FILE_ACL_LINK
>  



------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

Re: [LTP] [PATCH] fs/acls: fix some permission issue in the testcase

Reply via email to