From patchwork Thu Sep 2 15:22:28 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vivek Goyal X-Patchwork-Id: 12471871 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.1 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1EC95C4320E for ; Thu, 2 Sep 2021 15:22:50 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 035C2610CD for ; Thu, 2 Sep 2021 15:22:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345762AbhIBPXq (ORCPT ); Thu, 2 Sep 2021 11:23:46 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:54499 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345756AbhIBPXp (ORCPT ); Thu, 2 Sep 2021 11:23:45 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1630596165; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=JjAGCB+wUR9bfmDDGweER9kazklYGOtSqRBC47EM9+I=; b=Mv9PW4232vxdHPb97diMT5dJll1X0LmKC5lWk7CKGNwqnehgst6zTxZ9pq7HeJoBhAkKL+ 9t3xGpr6qhzUDNCCuHHLgAlFwZLYqYe1qGoArhYlGStPREtsyhrJLem/rNkBCMr4uMskmx aWvVTDktZ99olo5gqHhISQx2UzMs++w= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-246-pt0Vm-YRN3S039kDJd623Q-1; Thu, 02 Sep 2021 11:22:44 -0400 X-MC-Unique: pt0Vm-YRN3S039kDJd623Q-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 157C8802C89; Thu, 2 Sep 2021 15:22:43 +0000 (UTC) Received: from horse.redhat.com (unknown [10.22.8.149]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3D17A60657; Thu, 2 Sep 2021 15:22:39 +0000 (UTC) Received: by horse.redhat.com (Postfix, from userid 10451) id C97D32281B4; Thu, 2 Sep 2021 11:22:38 -0400 (EDT) From: Vivek Goyal To: viro@zeniv.linux.org.uk Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, virtio-fs@redhat.com, dwalsh@redhat.com, dgilbert@redhat.com, vgoyal@redhat.com, christian.brauner@ubuntu.com, casey.schaufler@intel.com, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, tytso@mit.edu, miklos@szeredi.hu, gscrivan@redhat.com, bfields@redhat.com, stephen.smalley.work@gmail.com, agruenba@redhat.com, david@fromorbit.com Subject: [PATCH v3 1/1] xattr: Allow user.* xattr on symlink and special files Date: Thu, 2 Sep 2021 11:22:28 -0400 Message-Id: <20210902152228.665959-2-vgoyal@redhat.com> In-Reply-To: <20210902152228.665959-1-vgoyal@redhat.com> References: <20210902152228.665959-1-vgoyal@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Currently user.* xattr are not allowed on symlink and special files. man xattr and recent discussion suggested that primary reason for this restriction is how file permissions for symlinks and special files are little different from regular files and directories. For symlinks, they are world readable/writable and if user xattr were to be permitted, it will allow unpriviliged users to dump a huge amount of user.* xattrs on symlinks without any control. (I think quota control still works with symlinks, just that quota is not typically deployed). For special files, permissions typically control capability to read/write from devices (and not necessarily from filesystem). So if a user can write to device (/dev/null), does not necessarily mean it should be allowed to write large number of user.* xattrs on the filesystem device node is residing in. This patch proposes to relax the restrictions a bit and allow file owner or privileged user (CAP_FOWNER), to be able to read/write user.* xattrs on symlink and special files. Note, for special files, file mode bits represent permission to access device and not necessarily permission to read/write xattrs. Hence, inode_permission() is not called on special files and just being owner (or CAP_FOWNER) is enough to read/write user extended xattrs on special files. LSM will still get a chance to allow/deny this operation as xattr related security hooks are still called. (security_inode_setxattr(), security_inode_getxattr(), security_inode_removexattr(), security_inode_listxattr()) virtiofs daemon has a need to store user.* xatrrs on all the files (including symlinks and special files), and currently that fails. This patch should help. Link: https://lore.kernel.org/linux-fsdevel/20210625191229.1752531-1-vgoyal@redhat.com/ Signed-off-by: Vivek Goyal --- fs/xattr.c | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/fs/xattr.c b/fs/xattr.c index 5c8c5175b385..69be1681477f 100644 --- a/fs/xattr.c +++ b/fs/xattr.c @@ -120,13 +120,26 @@ xattr_permission(struct user_namespace *mnt_userns, struct inode *inode, } /* - * In the user.* namespace, only regular files and directories can have - * extended attributes. For sticky directories, only the owner and - * privileged users can write attributes. + * In the user.* namespace, for symlinks and special files, only + * the owner and priviliged users can read/write attributes. + * For sticky directories, only the owner and privileged users can + * write attributes. */ if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) { - if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode)) - return (mask & MAY_WRITE) ? -EPERM : -ENODATA; + if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode)) { + if (!inode_owner_or_capable(mnt_userns, inode)) { + return (mask & MAY_WRITE) ? -EPERM : -ENODATA; + } + /* + * This is special file and file mode bits represent + * permission to access device and not + * necessarily permission to read/write xattrs. + * Hence do not call inode_permission() and return + * success. + */ + if (!S_ISLNK(inode->i_mode)) + return 0; + } if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) && (mask & MAY_WRITE) && !inode_owner_or_capable(mnt_userns, inode)) From patchwork Thu Sep 2 15:38:48 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vivek Goyal X-Patchwork-Id: 12471919 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.1 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 301B1C4320E for ; Thu, 2 Sep 2021 15:39:01 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0B552610CE for ; Thu, 2 Sep 2021 15:39:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345839AbhIBPj6 (ORCPT ); Thu, 2 Sep 2021 11:39:58 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:26984 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345810AbhIBPjy (ORCPT ); Thu, 2 Sep 2021 11:39:54 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1630597135; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=dThrFUEauS0PVKV2QOhWb7PoGtgPW3EHRoCBlNIp8ng=; b=GdV4Q3M/yb5GB8iBS1zWk5RORuPPol5m8SZsaCmciWDmRkUkVid3OH9ce6so5VoXKgyLC8 Fd8OXuGwQNWKRuuJcW5RiFG9Hg9mSLHjDu286eyMeMoZtKZIyCPdlH2UtUVzjHv3FZGaJE 32b1qzSuvNhTHyZMyAUS09jZ2xgDO4A= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-509-fWh-sNzWP9GaIwZRi3O0-A-1; Thu, 02 Sep 2021 11:38:54 -0400 X-MC-Unique: fWh-sNzWP9GaIwZRi3O0-A-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7C0A6801AE3; Thu, 2 Sep 2021 15:38:52 +0000 (UTC) Received: from horse.redhat.com (unknown [10.22.8.149]) by smtp.corp.redhat.com (Postfix) with ESMTP id B2AF728554; Thu, 2 Sep 2021 15:38:48 +0000 (UTC) Received: by horse.redhat.com (Postfix, from userid 10451) id 52139220257; Thu, 2 Sep 2021 11:38:48 -0400 (EDT) Date: Thu, 2 Sep 2021 11:38:48 -0400 From: Vivek Goyal To: linux-api@vger.kernel.org, mtk.manpages@gmail.com Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, virtio-fs@redhat.com, dwalsh@redhat.com, dgilbert@redhat.com, christian.brauner@ubuntu.com, casey.schaufler@intel.com, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, tytso@mit.edu, miklos@szeredi.hu, gscrivan@redhat.com, bfields@redhat.com, stephen.smalley.work@gmail.com, agruenba@redhat.com, david@fromorbit.com, viro@zeniv.linux.org.uk Subject: [PATCH 2/1] man-pages: xattr.7: Update text for user extended xattr behavior change Message-ID: References: <20210902152228.665959-1-vgoyal@redhat.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20210902152228.665959-1-vgoyal@redhat.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org I have proposed a patch to relax restrictions on user extended xattrs and allow file owner (or CAP_FOWNER) to get/set user extended xattrs on symlink and device files. Signed-off-by: Vivek Goyal --- man7/xattr.7 | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) Index: man-pages/man7/xattr.7 =================================================================== --- man-pages.orig/man7/xattr.7 2021-09-01 13:46:16.165016463 -0400 +++ man-pages/man7/xattr.7 2021-09-01 16:31:51.038016463 -0400 @@ -129,8 +129,13 @@ a way not controllable by disk quotas fo special files and directories. .PP For this reason, -user extended attributes are allowed only for regular files and directories, -and access to user extended attributes is restricted to the +user extended attributes are allowed only for regular files and directories +till kernel 5.14. In newer kernel (5.15 onwards), restrictions have been +relaxed a bit and user extended attributes are also allowed on symlinks +and special files as long as caller is either owner of the file or is +privileged (CAP_FOWNER). + +Access to user extended attributes is restricted to the owner and to users with appropriate capabilities for directories with the sticky bit set (see the .BR chmod (1) From patchwork Thu Sep 2 15:47:31 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vivek Goyal X-Patchwork-Id: 12471935 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.1 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 19750C432BE for ; Thu, 2 Sep 2021 15:47:40 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id F2EF66101A for ; Thu, 2 Sep 2021 15:47:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231942AbhIBPsh (ORCPT ); Thu, 2 Sep 2021 11:48:37 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:50224 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234405AbhIBPsg (ORCPT ); Thu, 2 Sep 2021 11:48:36 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1630597657; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=WDx0PcjIEi7aaYT5qenMJpXUhrm6VH0waiqiPfuyEm4=; b=M3IH4uuXgfc44RHpXwZO0oCk19dQrEquY1Es7GhPF1G7iMsaHOcuThBgrvVVkHqzbbtZ4v 9zV2aZN2oArWKv3Jjwqrr6fLVju7az+hy9fHivF3BbT6NbwDK8HkjK7OVANUEDZXWu5Yp9 JWsn27NfrbPEQfgf8URDhldDJvx0QuM= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-300-WcbQxMzvPqGQVG_21Zq6JA-1; Thu, 02 Sep 2021 11:47:36 -0400 X-MC-Unique: WcbQxMzvPqGQVG_21Zq6JA-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id F03C0189C454; Thu, 2 Sep 2021 15:47:34 +0000 (UTC) Received: from horse.redhat.com (unknown [10.22.8.149]) by smtp.corp.redhat.com (Postfix) with ESMTP id A37B719C46; Thu, 2 Sep 2021 15:47:31 +0000 (UTC) Received: by horse.redhat.com (Postfix, from userid 10451) id 38BED220257; Thu, 2 Sep 2021 11:47:31 -0400 (EDT) Date: Thu, 2 Sep 2021 11:47:31 -0400 From: Vivek Goyal To: fstests@vger.kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, virtio-fs@redhat.com, dwalsh@redhat.com, dgilbert@redhat.com, christian.brauner@ubuntu.com, casey.schaufler@intel.com, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, tytso@mit.edu, miklos@szeredi.hu, gscrivan@redhat.com, bfields@redhat.com, stephen.smalley.work@gmail.com, agruenba@redhat.com, david@fromorbit.com, viro@zeniv.linux.org.uk Subject: [PATCH 3/1] xfstests: generic/062: Do not run on newer kernels Message-ID: References: <20210902152228.665959-1-vgoyal@redhat.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20210902152228.665959-1-vgoyal@redhat.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org xfstests: generic/062: Do not run on newer kernels This test has been written with assumption that setting user.* xattrs will fail on symlink and special files. When newer kernels support setting user.* xattrs on symlink and special files, this test starts failing. Found it hard to change test in such a way that it works on both type of kernels. Primary problem is 062.out file which hardcodes the output and output will be different on old and new kernels. So instead, do not run this test if kernel is new and is expected to exhibit new behavior. Next patch will create a new test and run that test on new kernel. IOW, on old kernels run 062 and on new kernels run new test. This is a proposed patch. Will need to be fixed if corresponding kernel changes are merged upstream. Signed-off-by: Vivek Goyal --- tests/generic/062 | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) Index: xfstests-dev/tests/generic/062 =================================================================== --- xfstests-dev.orig/tests/generic/062 2021-08-31 15:51:08.160307982 -0400 +++ xfstests-dev/tests/generic/062 2021-08-31 16:27:41.678307982 -0400 @@ -55,6 +55,26 @@ _require_attrs _require_symlinks _require_mknod +user_xattr_allowed() +{ + local kernel_version kernel_patchlevel + + kernel_version=`uname -r | awk -F. '{print $1}'` + kernel_patchlevel=`uname -r | awk -F. '{print $2}'` + + # Kernel version 5.14 onwards allow user xattr on symlink/special files. + [ $kernel_version -lt 5 ] && return 1 + [ $kernel_patchlevel -lt 14 ] && return 1 + return 0; +} + + +# Kernel version 5.14 onwards allow user xattr on symlink/special files. +# Do not run this test on newer kernels. Instead run the new test +# which has been written with the assumption that user.* xattr +# will succeed on symlink and special files. +user_xattr_allowed && _notrun "Kernel allows user.* xattrs on symlinks and special files. Skipping this test. Run newer test instead." + rm -f $tmp.backup1 $tmp.backup2 $seqres.full # real QA test starts here From patchwork Thu Sep 2 15:50:53 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vivek Goyal X-Patchwork-Id: 12471947 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.1 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1EB97C4320E for ; Thu, 2 Sep 2021 15:51:06 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E54676101A for ; Thu, 2 Sep 2021 15:51:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345935AbhIBPwD (ORCPT ); Thu, 2 Sep 2021 11:52:03 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:47753 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345735AbhIBPwC (ORCPT ); Thu, 2 Sep 2021 11:52:02 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1630597861; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=hbIKR6vpGbpbYb1RPSSjDiv86f88wuzCxmyG7KUinEo=; b=PV4NI5O7VHrVtm+gTo9sQeD6tjti0Cq12RcXgvOfMCDSpZaDXU2A1cTFTSdc9ChWmjkFy2 L+/rgYIaCO3BZyEdaCjkzAGO01nwbaJptHi9aIPyAF4LzMABwtnx74eWHi5HaNSjP7eQkh lFnI/V+oPsrT9ZTIARkpTdzqSKmc8nY= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-41-7nXw5JlVNGqxO5Q-TG1FtA-1; Thu, 02 Sep 2021 11:51:00 -0400 X-MC-Unique: 7nXw5JlVNGqxO5Q-TG1FtA-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 04205189C44F; Thu, 2 Sep 2021 15:50:59 +0000 (UTC) Received: from horse.redhat.com (unknown [10.22.8.149]) by smtp.corp.redhat.com (Postfix) with ESMTP id B3AFB77716; Thu, 2 Sep 2021 15:50:53 +0000 (UTC) Received: by horse.redhat.com (Postfix, from userid 10451) id 4F8CA220257; Thu, 2 Sep 2021 11:50:53 -0400 (EDT) Date: Thu, 2 Sep 2021 11:50:53 -0400 From: Vivek Goyal To: fstests@vger.kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, virtio-fs@redhat.com, dwalsh@redhat.com, dgilbert@redhat.com, christian.brauner@ubuntu.com, casey.schaufler@intel.com, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, tytso@mit.edu, miklos@szeredi.hu, gscrivan@redhat.com, bfields@redhat.com, stephen.smalley.work@gmail.com, agruenba@redhat.com, david@fromorbit.com, viro@zeniv.linux.org.uk Subject: [PATCH 4/1] xfstest: Add a new test to test xattr operations Message-ID: References: <20210902152228.665959-1-vgoyal@redhat.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20210902152228.665959-1-vgoyal@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org generic/062 has been written with assumption that user.* xattrs will fail on symlinks and special files. On newer kernel this will not be true. Found it very hard to modify generic/062 so that it can deal with both the possibilities. So creating a new test which basically is same as 062. Only difference is that it runs only if user.* xattrs can be set on symlinks and special files. Given this test is more or less same as 062, I have retained original copyright as well. Modified the test slightly to bail out if kernel is older and user xattrs are not supposed to be set on symlinks and special files. This patch will need little modification if corresponding kernel changes are merged upstream. Signed-off-by: Vivek Goyal --- tests/generic/648 | 227 ++++++++++++++ tests/generic/648.out | 766 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 993 insertions(+) Index: xfstests-dev/tests/generic/648 =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ xfstests-dev/tests/generic/648 2021-09-01 13:23:47.271016463 -0400 @@ -0,0 +1,227 @@ +#! /bin/bash +# SPDX-License-Identifier: GPL-2.0 +# Copyright (c) 2000-2002 Silicon Graphics, Inc. All Rights Reserved +# Copyright (c) 2021 Red Hat, Inc. All Rights Reserved. +# +# FS QA Test No. 648 +# +# Exercises the getfattr/setfattr tools +# Derived from test 062. Modified it so that it can run on kernels which +# support user.* xattr on symlinks and special files. +# +. ./common/preamble +_begin_fstest attr udf auto quick + +# Import common functions. +. ./common/filter +. ./common/attr + +# Override the default cleanup function. +_cleanup() +{ + cd / + echo; echo "*** unmount" + _scratch_unmount 2>/dev/null + rm -f $tmp.* +} + +getfattr() +{ + _getfattr --absolute-names -dh $@ 2>&1 | _filter_scratch +} + +setfattr() +{ + $SETFATTR_PROG $@ 2>&1 | _filter_scratch +} + +_create_test_bed() +{ + echo "*** create test bed" + touch $SCRATCH_MNT/reg + mkdir -p $SCRATCH_MNT/dir + ln -s $SCRATCH_MNT/dir $SCRATCH_MNT/lnk + mkdir $SCRATCH_MNT/dev + mknod $SCRATCH_MNT/dev/b b 0 0 + mknod $SCRATCH_MNT/dev/c c 1 3 + mknod $SCRATCH_MNT/dev/p p + # sanity check + find $SCRATCH_MNT | LC_COLLATE=POSIX sort | _filter_scratch | grep -v "lost+found" +} + +# real QA test starts here +_supported_fs generic + +_require_scratch +_require_attrs +_require_symlinks +_require_mknod + +user_xattr_allowed() +{ + local kernel_version kernel_patchlevel + + kernel_version=`uname -r | awk -F. '{print $1}'` + kernel_patchlevel=`uname -r | awk -F. '{print $2}'` + + # Kernel version 5.14 onwards allow user xattr on symlink/special files. + [ $kernel_version -lt 5 ] && return 1 + [ $kernel_patchlevel -lt 14 ] && return 1 + return 0; +} + + +# Kernel version 5.14 onwards allow user xattr on symlink/special files. +# Do not run this test on older kernels. Instead run the old test 062 +# which has been written with the assumption that user.* xattr +# will not succeed on symlink and special files. +user_xattr_allowed || _notrun "Kernel does not allows user.* xattrs on symlinks and special files. Skipping this test. Run test 062 instead." + +rm -f $tmp.backup1 $tmp.backup2 $seqres.full + +# real QA test starts here +_scratch_mkfs > /dev/null 2>&1 || _fail "mkfs failed" +_scratch_mount +_create_test_bed + +# In kernels before 3.0, getxattr() fails with EPERM for an attribute which +# cannot exist. Later kernels fail with ENODATA. Accept both results. +invalid_attribute_filter() { + sed -e "s:\(No such attribute\|Operation not permitted\):No such attribute or operation not permitted:" +} + +if [ "$USE_ATTR_SECURE" = yes ]; then + ATTR_MODES="user security trusted" + ATTR_FILTER="^(user|security|trusted)" +else + ATTR_MODES="user trusted" + ATTR_FILTER="^(user|trusted)" +fi + +_require_attrs $ATTR_MODES + +for nsp in $ATTR_MODES; do + for inode in reg dir lnk dev/b dev/c dev/p; do + + echo; echo "=== TYPE $inode; NAMESPACE $nsp"; echo + echo "*** set/get one initially empty attribute" + + setfattr -h -n $nsp.name $SCRATCH_MNT/$inode + getfattr -m $nsp $SCRATCH_MNT/$inode + + echo "*** overwrite empty, set several new attributes" + setfattr -h -n $nsp.name -v 0xbabe $SCRATCH_MNT/$inode + setfattr -h -n $nsp.name2 -v 0xdeadbeef $SCRATCH_MNT/$inode + setfattr -h -n $nsp.name3 -v 0xdeface $SCRATCH_MNT/$inode + + echo "*** fetch several attribute names and values (hex)" + getfattr -m $nsp -e hex $SCRATCH_MNT/$inode + + echo "*** fetch several attribute names and values (base64)" + getfattr -m $nsp -e base64 $SCRATCH_MNT/$inode + + echo "*** shrink value of an existing attribute" + setfattr -h -n $nsp.name2 -v 0xdeaf $SCRATCH_MNT/$inode + getfattr -m $nsp -e hex $SCRATCH_MNT/$inode + + echo "*** grow value of existing attribute" + setfattr -h -n $nsp.name2 -v 0xdecade $SCRATCH_MNT/$inode + getfattr -m $nsp -e hex $SCRATCH_MNT/$inode + + echo "*** set an empty value for second attribute" + setfattr -h -n $nsp.name2 $SCRATCH_MNT/$inode + getfattr -m $nsp -n $nsp.name2 $SCRATCH_MNT/$inode 2>&1 | invalid_attribute_filter + + echo "*** overwrite empty value" + setfattr -h -n $nsp.name2 -v 0xcafe $SCRATCH_MNT/$inode + getfattr -m $nsp -e hex -n $nsp.name2 $SCRATCH_MNT/$inode 2>&1 | invalid_attribute_filter + + echo "*** remove attribute" + setfattr -h -x $nsp.name2 $SCRATCH_MNT/$inode + getfattr -m $nsp -e hex -n $nsp.name2 $SCRATCH_MNT/$inode 2>&1 | invalid_attribute_filter + + echo "*** final list (strings, type=$inode, nsp=$nsp)" + getfattr -m $ATTR_FILTER -e hex $SCRATCH_MNT/$inode + + done +done + +# +# Test the directory descent code +# +echo; echo + +_extend_test_bed() +{ + echo "*** extend test bed" + # must set some descents' attributes to be useful + mkdir -p $SCRATCH_MNT/here/up/ascend + mkdir -p $SCRATCH_MNT/descend/down/here + find $SCRATCH_MNT/descend | xargs setfattr -n user.x -v yz + find $SCRATCH_MNT/descend | xargs setfattr -n user.1 -v 23 + find $SCRATCH_MNT/here | xargs setfattr -n trusted.a -v bc + find $SCRATCH_MNT/here | xargs setfattr -n trusted.9 -v 87 + # whack a symlink in the middle, just to be difficult + ln -s $SCRATCH_MNT/here/up $SCRATCH_MNT/descend/and + # dump out our new starting point + find $SCRATCH_MNT | LC_COLLATE=POSIX sort | _filter_scratch | grep -v "lost+found" +} + +_extend_test_bed + +echo +echo "*** directory descent with us following symlinks" +getfattr -h -L -R -m "$ATTR_FILTER" -e hex $SCRATCH_MNT | _sort_getfattr_output + +echo +echo "*** directory descent without following symlinks" +getfattr -h -P -R -m "$ATTR_FILTER" -e hex $SCRATCH_MNT | _sort_getfattr_output + +# +# Test the backup/restore code +# +echo; echo + +_backup() +{ + # Note: we don't filter scratch here since we need to restore too. But + # we *do* sort the output by path, since it otherwise would depend on + # readdir order, which on some filesystems may change after re-creating + # the files. + _getfattr --absolute-names -dh -R -m $ATTR_FILTER $SCRATCH_MNT | _sort_getfattr_output >$1 + echo BACKUP $1 >>$seqres.full + cat $1 >> $seqres.full + [ ! -s $1 ] && echo "warning: $1 (backup file) is empty" +} + +echo "*** backup everything" +_backup $tmp.backup1 + +echo "*** clear out the scratch device" +rm -rf $(find $SCRATCH_MNT/* | grep -v "lost+found") +echo "AFTER REMOVE" >>$seqres.full +getfattr -L -R -m '.' $SCRATCH_MNT >>$seqres.full + +echo "*** reset test bed with no extended attributes" +_create_test_bed +_extend_test_bed + +echo "*** restore everything" +setfattr -h --restore=$tmp.backup1 +_backup $tmp.backup2 + +echo "AFTER RESTORE" >>$seqres.full +getfattr -L -R -m '.' $SCRATCH_MNT >>$seqres.full + +echo "*** compare before and after backups" +diff $tmp.backup1 $tmp.backup2 +if [ $? -ne 0 ]; then + echo "urk, failed - creating $seq.backup1 and $seq.backup2" + cp $tmp.backup1 $seq.backup1 && cp $tmp.backup2 $seq.backup2 + status=1 + exit +fi + +# success, all done +status=0 +exit Index: xfstests-dev/tests/generic/648.out =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ xfstests-dev/tests/generic/648.out 2021-09-01 13:08:00.260016463 -0400 @@ -0,0 +1,766 @@ +QA output created by 648 +*** create test bed +SCRATCH_MNT +SCRATCH_MNT/dev +SCRATCH_MNT/dev/b +SCRATCH_MNT/dev/c +SCRATCH_MNT/dev/p +SCRATCH_MNT/dir +SCRATCH_MNT/lnk +SCRATCH_MNT/reg + +=== TYPE reg; NAMESPACE user + +*** set/get one initially empty attribute +# file: SCRATCH_MNT/reg +user.name + +*** overwrite empty, set several new attributes +*** fetch several attribute names and values (hex) +# file: SCRATCH_MNT/reg +user.name=0xbabe +user.name2=0xdeadbeef +user.name3=0xdeface + +*** fetch several attribute names and values (base64) +# file: SCRATCH_MNT/reg +user.name=0sur4= +user.name2=0s3q2+7w== +user.name3=0s3vrO + +*** shrink value of an existing attribute +# file: SCRATCH_MNT/reg +user.name=0xbabe +user.name2=0xdeaf +user.name3=0xdeface + +*** grow value of existing attribute +# file: SCRATCH_MNT/reg +user.name=0xbabe +user.name2=0xdecade +user.name3=0xdeface + +*** set an empty value for second attribute +# file: SCRATCH_MNT/reg +user.name2 + +*** overwrite empty value +# file: SCRATCH_MNT/reg +user.name2=0xcafe + +*** remove attribute +SCRATCH_MNT/reg: user.name2: No such attribute or operation not permitted +*** final list (strings, type=reg, nsp=user) +# file: SCRATCH_MNT/reg +user.name=0xbabe +user.name3=0xdeface + + +=== TYPE dir; NAMESPACE user + +*** set/get one initially empty attribute +# file: SCRATCH_MNT/dir +user.name + +*** overwrite empty, set several new attributes +*** fetch several attribute names and values (hex) +# file: SCRATCH_MNT/dir +user.name=0xbabe +user.name2=0xdeadbeef +user.name3=0xdeface + +*** fetch several attribute names and values (base64) +# file: SCRATCH_MNT/dir +user.name=0sur4= +user.name2=0s3q2+7w== +user.name3=0s3vrO + +*** shrink value of an existing attribute +# file: SCRATCH_MNT/dir +user.name=0xbabe +user.name2=0xdeaf +user.name3=0xdeface + +*** grow value of existing attribute +# file: SCRATCH_MNT/dir +user.name=0xbabe +user.name2=0xdecade +user.name3=0xdeface + +*** set an empty value for second attribute +# file: SCRATCH_MNT/dir +user.name2 + +*** overwrite empty value +# file: SCRATCH_MNT/dir +user.name2=0xcafe + +*** remove attribute +SCRATCH_MNT/dir: user.name2: No such attribute or operation not permitted +*** final list (strings, type=dir, nsp=user) +# file: SCRATCH_MNT/dir +user.name=0xbabe +user.name3=0xdeface + + +=== TYPE lnk; NAMESPACE user + +*** set/get one initially empty attribute +# file: SCRATCH_MNT/lnk +user.name + +*** overwrite empty, set several new attributes +*** fetch several attribute names and values (hex) +# file: SCRATCH_MNT/lnk +user.name=0xbabe +user.name2=0xdeadbeef +user.name3=0xdeface + +*** fetch several attribute names and values (base64) +# file: SCRATCH_MNT/lnk +user.name=0sur4= +user.name2=0s3q2+7w== +user.name3=0s3vrO + +*** shrink value of an existing attribute +# file: SCRATCH_MNT/lnk +user.name=0xbabe +user.name2=0xdeaf +user.name3=0xdeface + +*** grow value of existing attribute +# file: SCRATCH_MNT/lnk +user.name=0xbabe +user.name2=0xdecade +user.name3=0xdeface + +*** set an empty value for second attribute +# file: SCRATCH_MNT/lnk +user.name2 + +*** overwrite empty value +# file: SCRATCH_MNT/lnk +user.name2=0xcafe + +*** remove attribute +SCRATCH_MNT/lnk: user.name2: No such attribute or operation not permitted +*** final list (strings, type=lnk, nsp=user) +# file: SCRATCH_MNT/lnk +user.name=0xbabe +user.name3=0xdeface + + +=== TYPE dev/b; NAMESPACE user + +*** set/get one initially empty attribute +# file: SCRATCH_MNT/dev/b +user.name + +*** overwrite empty, set several new attributes +*** fetch several attribute names and values (hex) +# file: SCRATCH_MNT/dev/b +user.name=0xbabe +user.name2=0xdeadbeef +user.name3=0xdeface + +*** fetch several attribute names and values (base64) +# file: SCRATCH_MNT/dev/b +user.name=0sur4= +user.name2=0s3q2+7w== +user.name3=0s3vrO + +*** shrink value of an existing attribute +# file: SCRATCH_MNT/dev/b +user.name=0xbabe +user.name2=0xdeaf +user.name3=0xdeface + +*** grow value of existing attribute +# file: SCRATCH_MNT/dev/b +user.name=0xbabe +user.name2=0xdecade +user.name3=0xdeface + +*** set an empty value for second attribute +# file: SCRATCH_MNT/dev/b +user.name2 + +*** overwrite empty value +# file: SCRATCH_MNT/dev/b +user.name2=0xcafe + +*** remove attribute +SCRATCH_MNT/dev/b: user.name2: No such attribute or operation not permitted +*** final list (strings, type=dev/b, nsp=user) +# file: SCRATCH_MNT/dev/b +user.name=0xbabe +user.name3=0xdeface + + +=== TYPE dev/c; NAMESPACE user + +*** set/get one initially empty attribute +# file: SCRATCH_MNT/dev/c +user.name + +*** overwrite empty, set several new attributes +*** fetch several attribute names and values (hex) +# file: SCRATCH_MNT/dev/c +user.name=0xbabe +user.name2=0xdeadbeef +user.name3=0xdeface + +*** fetch several attribute names and values (base64) +# file: SCRATCH_MNT/dev/c +user.name=0sur4= +user.name2=0s3q2+7w== +user.name3=0s3vrO + +*** shrink value of an existing attribute +# file: SCRATCH_MNT/dev/c +user.name=0xbabe +user.name2=0xdeaf +user.name3=0xdeface + +*** grow value of existing attribute +# file: SCRATCH_MNT/dev/c +user.name=0xbabe +user.name2=0xdecade +user.name3=0xdeface + +*** set an empty value for second attribute +# file: SCRATCH_MNT/dev/c +user.name2 + +*** overwrite empty value +# file: SCRATCH_MNT/dev/c +user.name2=0xcafe + +*** remove attribute +SCRATCH_MNT/dev/c: user.name2: No such attribute or operation not permitted +*** final list (strings, type=dev/c, nsp=user) +# file: SCRATCH_MNT/dev/c +user.name=0xbabe +user.name3=0xdeface + + +=== TYPE dev/p; NAMESPACE user + +*** set/get one initially empty attribute +# file: SCRATCH_MNT/dev/p +user.name + +*** overwrite empty, set several new attributes +*** fetch several attribute names and values (hex) +# file: SCRATCH_MNT/dev/p +user.name=0xbabe +user.name2=0xdeadbeef +user.name3=0xdeface + +*** fetch several attribute names and values (base64) +# file: SCRATCH_MNT/dev/p +user.name=0sur4= +user.name2=0s3q2+7w== +user.name3=0s3vrO + +*** shrink value of an existing attribute +# file: SCRATCH_MNT/dev/p +user.name=0xbabe +user.name2=0xdeaf +user.name3=0xdeface + +*** grow value of existing attribute +# file: SCRATCH_MNT/dev/p +user.name=0xbabe +user.name2=0xdecade +user.name3=0xdeface + +*** set an empty value for second attribute +# file: SCRATCH_MNT/dev/p +user.name2 + +*** overwrite empty value +# file: SCRATCH_MNT/dev/p +user.name2=0xcafe + +*** remove attribute +SCRATCH_MNT/dev/p: user.name2: No such attribute or operation not permitted +*** final list (strings, type=dev/p, nsp=user) +# file: SCRATCH_MNT/dev/p +user.name=0xbabe +user.name3=0xdeface + + +=== TYPE reg; NAMESPACE trusted + +*** set/get one initially empty attribute +# file: SCRATCH_MNT/reg +trusted.name + +*** overwrite empty, set several new attributes +*** fetch several attribute names and values (hex) +# file: SCRATCH_MNT/reg +trusted.name=0xbabe +trusted.name2=0xdeadbeef +trusted.name3=0xdeface + +*** fetch several attribute names and values (base64) +# file: SCRATCH_MNT/reg +trusted.name=0sur4= +trusted.name2=0s3q2+7w== +trusted.name3=0s3vrO + +*** shrink value of an existing attribute +# file: SCRATCH_MNT/reg +trusted.name=0xbabe +trusted.name2=0xdeaf +trusted.name3=0xdeface + +*** grow value of existing attribute +# file: SCRATCH_MNT/reg +trusted.name=0xbabe +trusted.name2=0xdecade +trusted.name3=0xdeface + +*** set an empty value for second attribute +# file: SCRATCH_MNT/reg +trusted.name2 + +*** overwrite empty value +# file: SCRATCH_MNT/reg +trusted.name2=0xcafe + +*** remove attribute +SCRATCH_MNT/reg: trusted.name2: No such attribute or operation not permitted +*** final list (strings, type=reg, nsp=trusted) +# file: SCRATCH_MNT/reg +trusted.name=0xbabe +trusted.name3=0xdeface +user.name=0xbabe +user.name3=0xdeface + + +=== TYPE dir; NAMESPACE trusted + +*** set/get one initially empty attribute +# file: SCRATCH_MNT/dir +trusted.name + +*** overwrite empty, set several new attributes +*** fetch several attribute names and values (hex) +# file: SCRATCH_MNT/dir +trusted.name=0xbabe +trusted.name2=0xdeadbeef +trusted.name3=0xdeface + +*** fetch several attribute names and values (base64) +# file: SCRATCH_MNT/dir +trusted.name=0sur4= +trusted.name2=0s3q2+7w== +trusted.name3=0s3vrO + +*** shrink value of an existing attribute +# file: SCRATCH_MNT/dir +trusted.name=0xbabe +trusted.name2=0xdeaf +trusted.name3=0xdeface + +*** grow value of existing attribute +# file: SCRATCH_MNT/dir +trusted.name=0xbabe +trusted.name2=0xdecade +trusted.name3=0xdeface + +*** set an empty value for second attribute +# file: SCRATCH_MNT/dir +trusted.name2 + +*** overwrite empty value +# file: SCRATCH_MNT/dir +trusted.name2=0xcafe + +*** remove attribute +SCRATCH_MNT/dir: trusted.name2: No such attribute or operation not permitted +*** final list (strings, type=dir, nsp=trusted) +# file: SCRATCH_MNT/dir +trusted.name=0xbabe +trusted.name3=0xdeface +user.name=0xbabe +user.name3=0xdeface + + +=== TYPE lnk; NAMESPACE trusted + +*** set/get one initially empty attribute +# file: SCRATCH_MNT/lnk +trusted.name + +*** overwrite empty, set several new attributes +*** fetch several attribute names and values (hex) +# file: SCRATCH_MNT/lnk +trusted.name=0xbabe +trusted.name2=0xdeadbeef +trusted.name3=0xdeface + +*** fetch several attribute names and values (base64) +# file: SCRATCH_MNT/lnk +trusted.name=0sur4= +trusted.name2=0s3q2+7w== +trusted.name3=0s3vrO + +*** shrink value of an existing attribute +# file: SCRATCH_MNT/lnk +trusted.name=0xbabe +trusted.name2=0xdeaf +trusted.name3=0xdeface + +*** grow value of existing attribute +# file: SCRATCH_MNT/lnk +trusted.name=0xbabe +trusted.name2=0xdecade +trusted.name3=0xdeface + +*** set an empty value for second attribute +# file: SCRATCH_MNT/lnk +trusted.name2 + +*** overwrite empty value +# file: SCRATCH_MNT/lnk +trusted.name2=0xcafe + +*** remove attribute +SCRATCH_MNT/lnk: trusted.name2: No such attribute or operation not permitted +*** final list (strings, type=lnk, nsp=trusted) +# file: SCRATCH_MNT/lnk +trusted.name=0xbabe +trusted.name3=0xdeface +user.name=0xbabe +user.name3=0xdeface + + +=== TYPE dev/b; NAMESPACE trusted + +*** set/get one initially empty attribute +# file: SCRATCH_MNT/dev/b +trusted.name + +*** overwrite empty, set several new attributes +*** fetch several attribute names and values (hex) +# file: SCRATCH_MNT/dev/b +trusted.name=0xbabe +trusted.name2=0xdeadbeef +trusted.name3=0xdeface + +*** fetch several attribute names and values (base64) +# file: SCRATCH_MNT/dev/b +trusted.name=0sur4= +trusted.name2=0s3q2+7w== +trusted.name3=0s3vrO + +*** shrink value of an existing attribute +# file: SCRATCH_MNT/dev/b +trusted.name=0xbabe +trusted.name2=0xdeaf +trusted.name3=0xdeface + +*** grow value of existing attribute +# file: SCRATCH_MNT/dev/b +trusted.name=0xbabe +trusted.name2=0xdecade +trusted.name3=0xdeface + +*** set an empty value for second attribute +# file: SCRATCH_MNT/dev/b +trusted.name2 + +*** overwrite empty value +# file: SCRATCH_MNT/dev/b +trusted.name2=0xcafe + +*** remove attribute +SCRATCH_MNT/dev/b: trusted.name2: No such attribute or operation not permitted +*** final list (strings, type=dev/b, nsp=trusted) +# file: SCRATCH_MNT/dev/b +trusted.name=0xbabe +trusted.name3=0xdeface +user.name=0xbabe +user.name3=0xdeface + + +=== TYPE dev/c; NAMESPACE trusted + +*** set/get one initially empty attribute +# file: SCRATCH_MNT/dev/c +trusted.name + +*** overwrite empty, set several new attributes +*** fetch several attribute names and values (hex) +# file: SCRATCH_MNT/dev/c +trusted.name=0xbabe +trusted.name2=0xdeadbeef +trusted.name3=0xdeface + +*** fetch several attribute names and values (base64) +# file: SCRATCH_MNT/dev/c +trusted.name=0sur4= +trusted.name2=0s3q2+7w== +trusted.name3=0s3vrO + +*** shrink value of an existing attribute +# file: SCRATCH_MNT/dev/c +trusted.name=0xbabe +trusted.name2=0xdeaf +trusted.name3=0xdeface + +*** grow value of existing attribute +# file: SCRATCH_MNT/dev/c +trusted.name=0xbabe +trusted.name2=0xdecade +trusted.name3=0xdeface + +*** set an empty value for second attribute +# file: SCRATCH_MNT/dev/c +trusted.name2 + +*** overwrite empty value +# file: SCRATCH_MNT/dev/c +trusted.name2=0xcafe + +*** remove attribute +SCRATCH_MNT/dev/c: trusted.name2: No such attribute or operation not permitted +*** final list (strings, type=dev/c, nsp=trusted) +# file: SCRATCH_MNT/dev/c +trusted.name=0xbabe +trusted.name3=0xdeface +user.name=0xbabe +user.name3=0xdeface + + +=== TYPE dev/p; NAMESPACE trusted + +*** set/get one initially empty attribute +# file: SCRATCH_MNT/dev/p +trusted.name + +*** overwrite empty, set several new attributes +*** fetch several attribute names and values (hex) +# file: SCRATCH_MNT/dev/p +trusted.name=0xbabe +trusted.name2=0xdeadbeef +trusted.name3=0xdeface + +*** fetch several attribute names and values (base64) +# file: SCRATCH_MNT/dev/p +trusted.name=0sur4= +trusted.name2=0s3q2+7w== +trusted.name3=0s3vrO + +*** shrink value of an existing attribute +# file: SCRATCH_MNT/dev/p +trusted.name=0xbabe +trusted.name2=0xdeaf +trusted.name3=0xdeface + +*** grow value of existing attribute +# file: SCRATCH_MNT/dev/p +trusted.name=0xbabe +trusted.name2=0xdecade +trusted.name3=0xdeface + +*** set an empty value for second attribute +# file: SCRATCH_MNT/dev/p +trusted.name2 + +*** overwrite empty value +# file: SCRATCH_MNT/dev/p +trusted.name2=0xcafe + +*** remove attribute +SCRATCH_MNT/dev/p: trusted.name2: No such attribute or operation not permitted +*** final list (strings, type=dev/p, nsp=trusted) +# file: SCRATCH_MNT/dev/p +trusted.name=0xbabe +trusted.name3=0xdeface +user.name=0xbabe +user.name3=0xdeface + + + +*** extend test bed +SCRATCH_MNT +SCRATCH_MNT/descend +SCRATCH_MNT/descend/and +SCRATCH_MNT/descend/down +SCRATCH_MNT/descend/down/here +SCRATCH_MNT/dev +SCRATCH_MNT/dev/b +SCRATCH_MNT/dev/c +SCRATCH_MNT/dev/p +SCRATCH_MNT/dir +SCRATCH_MNT/here +SCRATCH_MNT/here/up +SCRATCH_MNT/here/up/ascend +SCRATCH_MNT/lnk +SCRATCH_MNT/reg + +*** directory descent with us following symlinks +# file: SCRATCH_MNT/descend +user.1=0x3233 +user.x=0x797a + +# file: SCRATCH_MNT/descend/and/ascend +trusted.9=0x3837 +trusted.a=0x6263 + +# file: SCRATCH_MNT/descend/down +user.1=0x3233 +user.x=0x797a + +# file: SCRATCH_MNT/descend/down/here +user.1=0x3233 +user.x=0x797a + +# file: SCRATCH_MNT/dev/b +trusted.name=0xbabe +trusted.name3=0xdeface +user.name=0xbabe +user.name3=0xdeface + +# file: SCRATCH_MNT/dev/c +trusted.name=0xbabe +trusted.name3=0xdeface +user.name=0xbabe +user.name3=0xdeface + +# file: SCRATCH_MNT/dev/p +trusted.name=0xbabe +trusted.name3=0xdeface +user.name=0xbabe +user.name3=0xdeface + +# file: SCRATCH_MNT/dir +trusted.name=0xbabe +trusted.name3=0xdeface +user.name=0xbabe +user.name3=0xdeface + +# file: SCRATCH_MNT/here +trusted.9=0x3837 +trusted.a=0x6263 + +# file: SCRATCH_MNT/here/up +trusted.9=0x3837 +trusted.a=0x6263 + +# file: SCRATCH_MNT/here/up/ascend +trusted.9=0x3837 +trusted.a=0x6263 + +# file: SCRATCH_MNT/lnk +trusted.name=0xbabe +trusted.name3=0xdeface +user.name=0xbabe +user.name3=0xdeface + +# file: SCRATCH_MNT/reg +trusted.name=0xbabe +trusted.name3=0xdeface +user.name=0xbabe +user.name3=0xdeface + + +*** directory descent without following symlinks +# file: SCRATCH_MNT/descend +user.1=0x3233 +user.x=0x797a + +# file: SCRATCH_MNT/descend/down +user.1=0x3233 +user.x=0x797a + +# file: SCRATCH_MNT/descend/down/here +user.1=0x3233 +user.x=0x797a + +# file: SCRATCH_MNT/dev/b +trusted.name=0xbabe +trusted.name3=0xdeface +user.name=0xbabe +user.name3=0xdeface + +# file: SCRATCH_MNT/dev/c +trusted.name=0xbabe +trusted.name3=0xdeface +user.name=0xbabe +user.name3=0xdeface + +# file: SCRATCH_MNT/dev/p +trusted.name=0xbabe +trusted.name3=0xdeface +user.name=0xbabe +user.name3=0xdeface + +# file: SCRATCH_MNT/dir +trusted.name=0xbabe +trusted.name3=0xdeface +user.name=0xbabe +user.name3=0xdeface + +# file: SCRATCH_MNT/here +trusted.9=0x3837 +trusted.a=0x6263 + +# file: SCRATCH_MNT/here/up +trusted.9=0x3837 +trusted.a=0x6263 + +# file: SCRATCH_MNT/here/up/ascend +trusted.9=0x3837 +trusted.a=0x6263 + +# file: SCRATCH_MNT/lnk +trusted.name=0xbabe +trusted.name3=0xdeface +user.name=0xbabe +user.name3=0xdeface + +# file: SCRATCH_MNT/reg +trusted.name=0xbabe +trusted.name3=0xdeface +user.name=0xbabe +user.name3=0xdeface + + + +*** backup everything +*** clear out the scratch device +*** reset test bed with no extended attributes +*** create test bed +SCRATCH_MNT +SCRATCH_MNT/dev +SCRATCH_MNT/dev/b +SCRATCH_MNT/dev/c +SCRATCH_MNT/dev/p +SCRATCH_MNT/dir +SCRATCH_MNT/lnk +SCRATCH_MNT/reg +*** extend test bed +SCRATCH_MNT +SCRATCH_MNT/descend +SCRATCH_MNT/descend/and +SCRATCH_MNT/descend/down +SCRATCH_MNT/descend/down/here +SCRATCH_MNT/dev +SCRATCH_MNT/dev/b +SCRATCH_MNT/dev/c +SCRATCH_MNT/dev/p +SCRATCH_MNT/dir +SCRATCH_MNT/here +SCRATCH_MNT/here/up +SCRATCH_MNT/here/up/ascend +SCRATCH_MNT/lnk +SCRATCH_MNT/reg +*** restore everything +*** compare before and after backups + +*** unmount