2
# Copyright (C) 2002-2005 Novell/SUSE
4
# This program is free software; you can redistribute it and/or
5
# modify it under the terms of the GNU General Public License as
6
# published by the Free Software Foundation, version 2 of the
11
# This test verifies setting getting and removing xattrs on a file or symlink.
12
# The test is run for each namespace supported by xattrs since its namespace
13
# has its own security constraints (see man 5 attr for full details).
14
# security: get r, set w + CAP_SYS_ADMIN
15
# system: (acl's etc.) fs and kernel dependent (CAP_SYS_ADMIN)
16
# trusted: CAP_SYS_ADMIN
17
# user: for subdomain the relevent file must be in the profile, with r perm
18
# to get xattr, w perm to set or remove xattr. The appriate cap must be
19
# present in the profile as well
22
# User xattrs are not allowed on symlinks and special files system namespace
23
# tests are going to take some work, have todo with acls or caps all system
24
# tests are currently commented until new tests can be developed, then they
29
runchecktest "$3 xattrs in namespace \"$4\" on $1 with perms=$2" $5 $1 $4 $3
33
pwd=`cd $pwd ; /bin/pwd`
39
requires_kernel_features file/xattr
41
tmpmount=$tmpdir/mountpoint
42
diskimg=$tmpdir/disk.img
43
file=$tmpmount/testfile
44
link=$tmpmount/testlink
45
dir=$tmpmount/testdir/
49
# guarantee fs supports user_xattrs
50
dd if=/dev/zero of=${diskimg} bs=4096 count=4096 2> /dev/null
51
mkfs.ext3 -q -F ${diskimg}
53
mount -o loop,user_xattr ${diskimg} ${tmpmount}
61
#set the xattr for thos that passed above again so we can test removing it
62
setfattr -h -n security.sdtest -v hello "$1"
63
setfattr -h -n trusted.sdtest -v hello "$1"
64
if [ "$1" != $link ] ; then
65
setfattr -h -n user.sdtest -v hello "$1"
69
for var in $file $link $dir ; do
71
genprofile $var:$badperm
72
xattrtest $var $badperm write security fail
73
#xattrtest $var $badperm write system fail
74
xattrtest $var $badperm write trusted fail
75
if [ $var != $link ] ; then xattrtest $var $badperm write user xfail ; fi
77
genprofile $var:$badperm capability:sys_admin
78
xattrtest $var "$badperm+cap SYS_ADMIN" write security xfail
79
#xattrtest $var "$badperm+cap SYS_ADMIN" write system fail
80
xattrtest $var "$badperm+cap SYS_ADMIN" write trusted xfail
81
if [ $var != $link ] ; then xattrtest $var "$badperm+cap SYS_ADMIN" write user xfail ; fi
83
genprofile $var:$okperm
84
xattrtest $var $okperm write security xpass
85
#xattrtest $var $okperm write system fail
86
xattrtest $var $okperm write trusted fail
87
if [ $var != $link ] ; then xattrtest $var $okperm write user pass ; fi
89
genprofile $var:$okperm capability:sys_admin
90
xattrtest $var "$okperm+cap SYS_ADMIN" write security pass
91
#xattrtest $var "$okperm+cap SYS_ADMIN" write system pass
92
xattrtest $var "$okperm+cap SYS_ADMIN" write trusted pass
93
if [ $var != $link ] ; then xattrtest $var "$okperm+cap SYS_ADMIN" write user pass ; fi
97
genprofile $var:$badperm
98
xattrtest $var $badperm read security pass
99
#xattrtest $var $badperm read system fail
100
xattrtest $var $badperm read trusted fail
101
if [ $var != $link ] ; then xattrtest $var $badperm read user pass ; fi
103
genprofile $var:$badperm capability:sys_admin
104
xattrtest $var "$badperm+cap SYS_ADMIN" read security pass
105
#xattrtest $var "$badperm+cap SYS_ADMIN" read system pass
106
xattrtest $var "$badperm+cap SYS_ADMIN" read trusted pass
107
if [ $var != $link ] ; then xattrtest $var "$badperm+cap SYS_ADMIN" read user pass ; fi
111
genprofile $var:$badperm
112
xattrtest $var $badperm remove security fail
113
#xattrtest $var $badperm remove system fail
114
xattrtest $var $badperm remove trusted fail
115
if [ $var != $link ] ; then xattrtest $var $badperm remove user xfail ; fi
119
genprofile $var:$badperm capability:sys_admin
120
xattrtest $var "$badperm+cap SYS_ADMIN" remove security xfail
121
#xattrtest $var "$badperm+cap SYS_ADMIN" remove system fail
122
xattrtest $var "$badperm+cap SYS_ADMIN" remove trusted xfail
123
if [ $var != $link ] ; then xattrtest $var "$badperm+cap SYS_ADMIN" remove user xfail ; fi
127
genprofile $var:$okperm
128
xattrtest $var $okperm remove security xpass
129
#xattrtest $var $okperm remove system fail
130
xattrtest $var $okperm remove trusted fail
131
if [ $var != $link ] ; then xattrtest $var $okperm remove user pass ; fi
135
genprofile $var:$okperm capability:sys_admin
136
xattrtest $var "$okperm+cap SYS_ADMIN" remove security pass
137
#xattrtest $var "$okperm+cap SYS_ADMIN" remove system pass
138
xattrtest $var "$okperm+cap SYS_ADMIN" remove trusted pass
139
if [ $var != $link ] ; then xattrtest $var "$okperm+cap SYS_ADMIN" remove user pass ; fi