2
# $Id: xattrs.sh 95 2006-08-04 23:39:16Z jrjohansen $
4
# Copyright (C) 2002-2005 Novell/SUSE
6
# This program is free software; you can redistribute it and/or
7
# modify it under the terms of the GNU General Public License as
8
# published by the Free Software Foundation, version 2 of the
13
# This test verifies setting getting and removing xattrs on a file or symlink.
14
# The test is run for each namespace supported by xattrs since its namespace
15
# has its own security constraints (see man 5 attr for full details).
16
# security: get r, set w + CAP_SYS_ADMIN
17
# system: (acl's etc.) fs and kernel dependent (CAP_SYS_ADMIN)
18
# trusted: CAP_SYS_ADMIN
19
# user: for subdomain the relevent file must be in the profile, with r perm
20
# to get xattr, w perm to set or remove xattr. The appriate cap must be
21
# present in the profile as well
24
# User xattrs are not allowed on symlinks and special files system namespace
25
# tests are going to take some work, have todo with acls or caps all system
26
# tests are currently commented until new tests can be developed, then they
31
runchecktest "$3 xattrs in namespace \"$4\" on $1 with perms=$2" $5 $1 $4 $3
35
pwd=`cd $pwd ; /bin/pwd`
51
for var in $file $link $dir ; do
53
genprofile $var:$badperm
54
xattrtest $var $badperm write security fail
55
#xattrtest $var $badperm write system fail
56
xattrtest $var $badperm write trusted fail
57
if [ $var != $link ] ; then xattrtest $var $badperm write user fail ; fi
59
genprofile $var:$badperm capability:sys_admin
60
xattrtest $var "$badperm+cap SYS_ADMIN" write security fail
61
#xattrtest $var "$badperm+cap SYS_ADMIN" write system fail
62
xattrtest $var "$badperm+cap SYS_ADMIN" write trusted fail
63
if [ $var != $link ] ; then xattrtest $var "$badperm+cap SYS_ADMIN" write user fail ; fi
65
genprofile $var:$okperm
66
xattrtest $var $okperm write security pass
67
#xattrtest $var $okperm write system fail
68
xattrtest $var $okperm write trusted fail
69
if [ $var != $link ] ; then xattrtest $var $okperm write user pass ; fi
71
genprofile $var:$okperm capability:sys_admin
72
xattrtest $var "$okperm+cap SYS_ADMIN" write security pass
73
#xattrtest $var "$okperm+cap SYS_ADMIN" write system pass
74
xattrtest $var "$okperm+cap SYS_ADMIN" write trusted pass
75
if [ $var != $link ] ; then xattrtest $var "$okperm+cap SYS_ADMIN" write user pass ; fi
79
genprofile $var:$badperm
80
xattrtest $var $badperm read security pass
81
#xattrtest $var $badperm read system fail
82
xattrtest $var $badperm read trusted fail
83
if [ $var != $link ] ; then xattrtest $var $badperm read user pass ; fi
85
genprofile $var:$badperm capability:sys_admin
86
xattrtest $var "$badperm+cap SYS_ADMIN" read security pass
87
#xattrtest $var "$badperm+cap SYS_ADMIN" read system pass
88
xattrtest $var "$badperm+cap SYS_ADMIN" read trusted pass
89
if [ $var != $link ] ; then xattrtest $var "$badperm+cap SYS_ADMIN" read user pass ; fi
93
genprofile $var:$badperm
94
xattrtest $var $badperm remove security fail
95
#xattrtest $var $badperm remove system fail
96
xattrtest $var $badperm remove trusted fail
97
if [ $var != $link ] ; then xattrtest $var $badperm remove user fail ; fi
99
genprofile $var:$badperm capability:sys_admin
100
xattrtest $var "$badperm+cap SYS_ADMIN" remove security fail
101
#xattrtest $var "$badperm+cap SYS_ADMIN" remove system fail
102
xattrtest $var "$badperm+cap SYS_ADMIN" remove trusted fail
103
if [ $var != $link ] ; then xattrtest $var "$badperm+cap SYS_ADMIN" remove user fail ; fi
105
genprofile $var:$okperm
106
xattrtest $var $okperm remove security pass
107
#xattrtest $var $okperm remove system fail
108
xattrtest $var $okperm remove trusted fail
109
if [ $var != $link ] ; then xattrtest $var $okperm remove user pass ; fi
111
#set the xattr for thos that passed above again so we can test removing it
112
setfattr -h -n security.sdtest -v hello $var
113
if [ $var != $link ] ; then setfattr -h -n user.sdtest -v hello $var ; fi
115
genprofile $var:$okperm capability:sys_admin
116
xattrtest $var "$okperm+cap SYS_ADMIN" remove security pass
117
#xattrtest $var "$okperm+cap SYS_ADMIN" remove system pass
118
xattrtest $var "$okperm+cap SYS_ADMIN" remove trusted pass
119
if [ $var != $link ] ; then xattrtest $var "$okperm+cap SYS_ADMIN" remove user pass ; fi