Signed-off-by: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
---
common/config | 2 +
common/rc | 61 ++++++++++++++++++++++
tests/generic/362 | 125 +++++++++++++++++++++++++++++++++++++++++++++
tests/generic/362.out | 94 ++++++++++++++++++++++++++++++++++
tests/generic/363 | 118 ++++++++++++++++++++++++++++++++++++++++++
tests/generic/363.out | 139 ++++++++++++++++++++++++++++++++++++++++++++++++++
tests/generic/364 | 98 +++++++++++++++++++++++++++++++++++
tests/generic/364.out | 39 ++++++++++++++
tests/generic/365 | 93 +++++++++++++++++++++++++++++++++
tests/generic/365.out | 9 ++++
tests/generic/366 | 86 +++++++++++++++++++++++++++++++
tests/generic/366.out | 11 ++++
tests/generic/367 | 85 ++++++++++++++++++++++++++++++
tests/generic/367.out | 11 ++++
tests/generic/368 | 85 ++++++++++++++++++++++++++++++
tests/generic/368.out | 7 +++
tests/generic/369 | 126 +++++++++++++++++++++++++++++++++++++++++++++
tests/generic/369.out | 24 +++++++++
tests/generic/370 | 90 ++++++++++++++++++++++++++++++++
tests/generic/370.out | 19 +++++++
tests/generic/group | 9 ++++
21 files changed, 1331 insertions(+)
create mode 100755 tests/generic/362
create mode 100644 tests/generic/362.out
create mode 100755 tests/generic/363
create mode 100644 tests/generic/363.out
create mode 100755 tests/generic/364
create mode 100644 tests/generic/364.out
create mode 100755 tests/generic/365
create mode 100644 tests/generic/365.out
create mode 100755 tests/generic/366
create mode 100644 tests/generic/366.out
create mode 100755 tests/generic/367
create mode 100644 tests/generic/367.out
create mode 100755 tests/generic/368
create mode 100644 tests/generic/368.out
create mode 100755 tests/generic/369
create mode 100644 tests/generic/369.out
create mode 100755 tests/generic/370
create mode 100644 tests/generic/370.out
diff --git a/common/config b/common/config
index c25b1ec..48211ac 100644
--- a/common/config
+++ b/common/config
@@ -196,6 +196,8 @@ export RESTORE_PROG="`set_prog_path restore`"
export LVM_PROG="`set_prog_path lvm`"
export CHATTR_PROG="`set_prog_path chattr`"
export DEBUGFS_PROG="`set_prog_path debugfs`"
+export GETRICHACL_PROG="`set_prog_path getrichacl`"
+export SETRICHACL_PROG="`set_prog_path setrichacl`"
# use 'udevadm settle' or 'udevsettle' to wait for lv to be settled.
# newer systems have udevadm command but older systems like RHEL5 don't.
diff --git a/common/rc b/common/rc
index 4b6ebe5..973527f 100644
--- a/common/rc
+++ b/common/rc
@@ -2000,6 +2000,67 @@ _runas()
"$here/src/runas" "$@"
}
+_require_richacl_prog()
+{
+ _require_command "$GETRICHACL_PROG" getrichacl
+ _require_command "$SETRICHACL_PROG" setrichacl
+}
+
+_require_scratch_richacl_xfs()
+{
+ _scratch_mkfs_xfs_supported -m richacl=1 >/dev/null 2>&1 \
+ || _notrun "mkfs.xfs doesn't have richacl feature"
+ _scratch_mkfs_xfs -m richacl=1 >/dev/null 2>&1
+ _scratch_mount >/dev/null 2>&1 \
+ || _notrun "kernel doesn't support richacl feature on $FSTYP"
+ _scratch_unmount
+}
+
+_require_scratch_richacl_ext4()
+{
+ _scratch_mkfs -O richacl >/dev/null 2>&1 \
+ || _notrun "can't mkfs $FSTYP with option -O richacl"
+ _scratch_mount >/dev/null 2>&1 \
+ || _notrun "kernel doesn't support richacl feature on $FSTYP"
+ _scratch_unmount
+}
+
+_require_scratch_richacl_support()
+{
+ _scratch_mount
+ $GETFATTR_PROG -n system.richacl >/dev/null 2>&1 \
+ || _notrun "this test requires richacl support on \$SCRATCH_DEV"
+ _scratch_unmount
+}
+
+_require_scratch_richacl()
+{
+ case "$FSTYP" in
+ xfs) _require_scratch_richacl_xfs
+ ;;
+ ext4) _require_scratch_richacl_ext4
+ ;;
+ nfs*|cifs|overlay)
+ _require_scratch_richacl_support
+ ;;
+ *) _notrun "this test requires richacl support on \$SCRATCH_DEV"
+ ;;
+ esac
+}
+
+_scratch_mkfs_richacl()
+{
+ case "$FSTYP" in
+ xfs) _scratch_mkfs_xfs -m richacl=1
+ ;;
+ ext4) _scratch_mkfs -O richacl
+ ;;
+ nfs*|cifs|overlay)
+ _scratch_mkfs
+ ;;
+ esac
+}
+
# check that a FS on a device is mounted
# if so, return mount point
#
diff --git a/tests/generic/362 b/tests/generic/362
new file mode 100755
index 0000000..91ffe0e
--- /dev/null
+++ b/tests/generic/362
@@ -0,0 +1,125 @@
+#! /bin/bash
+# FS QA Test 362
+#
+# RichACL apply-masks test
+#
+#-----------------------------------------------------------------------
+# Copyright (c) 2016 Red Hat, Inc. All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it would be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+#-----------------------------------------------------------------------
+#
+
+seq=`basename $0`
+seqres=$RESULT_DIR/$seq
+echo "QA output created by $seq"
+
+here=`pwd`
+tmp=/tmp/$$
+status=1 # failure is the default!
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+_cleanup()
+{
+ cd /
+ rm -f $tmp.*
+}
+
+# get standard environment, filters and checks
+. ./common/rc
+
+# remove previous $seqres.full before test
+rm -f $seqres.full
+
+# real QA test starts here
+
+_supported_fs generic
+_supported_os Linux
+
+_require_scratch
+_require_scratch_richacl
+_require_richacl_prog
+
+_scratch_mkfs_richacl >> $seqres.full
+_scratch_mount
+
+cd $SCRATCH_MNT
+
+touch x
+$SETRICHACL_PROG --set 'owner@:rwp::allow group@:rwp::allow everyone@:r::allow' x
+$GETRICHACL_PROG x
+
+$SETRICHACL_PROG --set 'everyone@:wp::allow owner@:r::allow group@:r::allow' x
+chmod 664 x
+$GETRICHACL_PROG x
+
+$SETRICHACL_PROG --set 'everyone@:wp::deny owner@:rwp::allow group@:rwp::allow' x
+chmod 664 x
+$GETRICHACL_PROG x
+
+$SETRICHACL_PROG --set 'owner@:rwCo::allow' x
+$GETRICHACL_PROG x
+
+$SETRICHACL_PROG --set 'owner@:rwpCo::allow' x
+$GETRICHACL_PROG x
+
+chmod 644 x
+$GETRICHACL_PROG x
+
+$SETRICHACL_PROG --set 'u:77:rwp::allow' x
+chmod 664 x
+$GETRICHACL_PROG x
+
+chmod 644 x
+$GETRICHACL_PROG --numeric-ids x
+
+chmod 664 x
+$GETRICHACL_PROG x
+
+$SETRICHACL_PROG --set 'u:77:rwp::allow everyone@:r::allow' x
+chmod 664 x
+$GETRICHACL_PROG x
+
+$SETRICHACL_PROG --set 'u:77:r::allow everyone@:rwp::allow' x
+chmod 664 x
+$GETRICHACL_PROG x
+
+$SETRICHACL_PROG --set 'u:77:wp::deny everyone@:rwp::allow' x
+chmod 664 x
+$GETRICHACL_PROG x
+
+$SETRICHACL_PROG --set 'u:77:rwp::allow u:77:wp::deny everyone@:rwp::allow' x
+chmod 664 x
+$GETRICHACL_PROG x
+
+$SETRICHACL_PROG --set 'everyone@:rwp::allow' x
+chmod 066 x
+$GETRICHACL_PROG x
+
+chmod 006 x
+$GETRICHACL_PROG x
+
+chmod 606 x
+$GETRICHACL_PROG x
+
+$SETRICHACL_PROG --set 'u:77:rwp::allow everyone@:rwp::allow' x
+chmod 606 x
+$GETRICHACL_PROG x
+
+chmod 646 x
+$GETRICHACL_PROG x
+
+# success, all done
+status=0
+exit
diff --git a/tests/generic/362.out b/tests/generic/362.out
new file mode 100644
index 0000000..65d52cc
--- /dev/null
+++ b/tests/generic/362.out
@@ -0,0 +1,94 @@
+QA output created by 362
+x:
+ owner@:rwp----------::allow
+ group@:rwp----------::allow
+ everyone@:r------------::allow
+
+x:
+ owner@:rwp----------::allow
+ group@:rwp----------::allow
+ everyone@:r------------::allow
+
+x:
+ owner@:rwp----------::allow
+ group@:rwp----------::allow
+ everyone@:r------------::allow
+
+x:
+ owner@:rw-------Co--::allow
+
+x:
+ owner@:rwp----------::allow
+
+x:
+ owner@:rwp----------::allow
+ everyone@:r------------::allow
+
+x:
+ owner@:rwp----------::allow
+ user:77:rwp----------::allow
+ group@:r------------::deny
+ everyone@:r------------::allow
+
+x:
+ owner@:rwp----------::allow
+ user:77:r------------::allow
+ group@:r------------::deny
+ everyone@:r------------::allow
+
+x:
+ owner@:rwp----------::allow
+ user:77:rwp----------::allow
+ group@:r------------::deny
+ everyone@:r------------::allow
+
+x:
+ owner@:rwp----------::allow
+ user:77:rwp----------::allow
+ everyone@:r------------::allow
+
+x:
+ user:77:rwp----------::allow
+ owner@:rwp----------::allow
+ group@:rwp----------::allow
+ everyone@:r------------::allow
+
+x:
+ owner@:rwp----------::allow
+ user:77:-wp----------::deny
+ group@:rwp----------::allow
+ everyone@:r------------::allow
+
+x:
+ owner@:rwp----------::allow
+ user:77:rwp----------::allow
+ user:77:-wp----------::deny
+ group@:rwp----------::allow
+ everyone@:r------------::allow
+
+x:
+ owner@:rwp----------::deny
+ everyone@:rwp----------::allow
+
+x:
+ owner@:rwp----------::deny
+ group@:rwp----------::deny
+ everyone@:rwp----------::allow
+
+x:
+ owner@:rwp----------::allow
+ group@:rwp----------::deny
+ everyone@:rwp----------::allow
+
+x:
+ owner@:rwp----------::allow
+ group@:rwp----------::deny
+ everyone@:rwp----------::allow
+
+x:
+ user:77:r------------::allow
+ owner@:rwp----------::allow
+ group@:-wp----------::deny
+ user:77:-wp----------::deny
+ everyone@:rwp----------::allow
+
diff --git a/tests/generic/363 b/tests/generic/363
new file mode 100755
index 0000000..4694b19
--- /dev/null
+++ b/tests/generic/363
@@ -0,0 +1,118 @@
+#! /bin/bash
+# FS QA Test 363
+#
+# RichACL auto-inheritance test
+#
+#-----------------------------------------------------------------------
+# Copyright (c) 2016 Red Hat, Inc. All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it would be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+#-----------------------------------------------------------------------
+#
+
+seq=`basename $0`
+seqres=$RESULT_DIR/$seq
+echo "QA output created by $seq"
+
+here=`pwd`
+tmp=/tmp/$$
+status=1 # failure is the default!
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+_cleanup()
+{
+ cd /
+ rm -f $tmp.*
+}
+
+# get standard environment, filters and checks
+. ./common/rc
+
+# remove previous $seqres.full before test
+rm -f $seqres.full
+
+# real QA test starts here
+
+_supported_fs generic
+_supported_os Linux
+
+_require_scratch
+_require_scratch_richacl
+_require_richacl_prog
+
+_scratch_mkfs_richacl >> $seqres.full
+_scratch_mount
+
+cd $SCRATCH_MNT
+
+umask 022
+
+mkdir d1
+$SETRICHACL_PROG --modify owner@:rwpxd:fd:allow,u:101:rw:fd:deny d1
+$SETRICHACL_PROG --modify u:102:rw:f:deny d1
+$SETRICHACL_PROG --modify u:103:rw:d:deny d1
+$SETRICHACL_PROG --modify g:101:rw:fdi:deny d1
+
+$SETRICHACL_PROG --modify flags:a d1
+
+$GETRICHACL_PROG --numeric --raw d1
+
+mkdir d1/d2
+touch d1/d3
+
+# Mode bits derived from inherited ACEs
+$GETRICHACL_PROG --numeric --raw d1/d2
+
+$GETRICHACL_PROG --numeric --raw d1/d3
+
+mkdir d1/d2/d4
+touch d1/d2/d4/d5
+
+# Protected files
+mkdir d1/d6
+touch d1/d7
+
+$GETRICHACL_PROG --numeric --raw d1/d2/d4
+
+$GETRICHACL_PROG --numeric --raw d1/d2/d4/d5
+
+# Clear protected flag from all the ACLs
+$SETRICHACL_PROG --modify flags:a d1/d2
+$SETRICHACL_PROG --modify flags:a d1/d3
+$SETRICHACL_PROG --modify flags:a d1/d2/d4
+$SETRICHACL_PROG --modify flags:a d1/d2/d4/d5
+
+$GETRICHACL_PROG --numeric d1 | sed -e 's/:fd:deny/:fd:allow/' > acl.txt
+cat acl.txt
+
+$SETRICHACL_PROG --set-file acl.txt d1
+
+$GETRICHACL_PROG --numeric --raw d1
+
+$GETRICHACL_PROG --numeric --raw d1/d2
+
+$GETRICHACL_PROG --numeric --raw d1/d3
+
+$GETRICHACL_PROG --numeric --raw d1/d2/d4
+
+$GETRICHACL_PROG --numeric --raw d1/d2/d4/d5
+
+# No automatic inheritance for protected files
+$GETRICHACL_PROG --numeric --raw d1/d6
+
+$GETRICHACL_PROG --numeric --raw d1/d7
+
+# success, all done
+status=0
+exit
diff --git a/tests/generic/363.out b/tests/generic/363.out
new file mode 100644
index 0000000..62f3a49
--- /dev/null
+++ b/tests/generic/363.out
@@ -0,0 +1,139 @@
+QA output created by 363
+d1:
+ flags:a
+ owner:rwpxd-----------::mask
+ group:r--x------------::mask
+ other:r--x------------::mask
+ user:101:rw--------------:fd:deny
+ user:102:rw--------------:f:deny
+ user:103:rw--------------:d:deny
+ group:101:rw--------------:fdi:deny
+ owner@:rwpxd-----------:fd:allow
+ everyone@:r--x------------::allow
+
+d1/d2:
+ flags:map
+ owner:rwpxd-----------::mask
+ group:----------------::mask
+ other:----------------::mask
+ user:101:rw--------------:fda:deny
+ user:102:rw--------------:fia:deny
+ user:103:rw--------------:da:deny
+ group:101:rw--------------:fda:deny
+ owner@:rwpxd-----------:fda:allow
+
+d1/d3:
+ flags:map
+ owner:rwp-------------::mask
+ group:----------------::mask
+ other:----------------::mask
+ user:101:rw--------------:a:deny
+ user:102:rw--------------:a:deny
+ group:101:rw--------------:a:deny
+ owner@:rwpx------------:a:allow
+
+d1/d2/d4:
+ flags:map
+ owner:rwpxd-----------::mask
+ group:----------------::mask
+ other:----------------::mask
+ user:101:rw--------------:fda:deny
+ user:102:rw--------------:fia:deny
+ user:103:rw--------------:da:deny
+ group:101:rw--------------:fda:deny
+ owner@:rwpxd-----------:fda:allow
+
+d1/d2/d4/d5:
+ flags:map
+ owner:rwp-------------::mask
+ group:----------------::mask
+ other:----------------::mask
+ user:101:rw--------------:a:deny
+ user:102:rw--------------:a:deny
+ group:101:rw--------------:a:deny
+ owner@:rwpx------------:a:allow
+
+d1:
+ flags:a
+ user:101:rw-----------:fd:allow
+ user:102:rw-----------:f:deny
+ user:103:rw-----------:d:deny
+ group:101:rw-----------:fdi:deny
+ owner@:rwpxd--------:fd:allow
+ everyone@:r--x---------::allow
+
+d1:
+ flags:a
+ owner:rwpxd-----------::mask
+ group:rw-x------------::mask
+ other:r--x------------::mask
+ user:101:rw--------------:fd:allow
+ user:102:rw--------------:f:deny
+ user:103:rw--------------:d:deny
+ group:101:rw--------------:fdi:deny
+ owner@:rwpxd-----------:fd:allow
+ everyone@:r--x------------::allow
+
+d1/d2:
+ flags:a
+ owner:rwpxd-----------::mask
+ group:rw--------------::mask
+ other:----------------::mask
+ user:101:rw--------------:fda:allow
+ user:102:rw--------------:fia:deny
+ user:103:rw--------------:da:deny
+ group:101:rw--------------:fda:deny
+ owner@:rwpxd-----------:fda:allow
+
+d1/d3:
+ flags:a
+ owner:rwpx------------::mask
+ group:rw--------------::mask
+ other:----------------::mask
+ user:101:rw--------------:a:allow
+ user:102:rw--------------:a:deny
+ group:101:rw--------------:a:deny
+ owner@:rwpx------------:a:allow
+
+d1/d2/d4:
+ flags:a
+ owner:rwpxd-----------::mask
+ group:rw--------------::mask
+ other:----------------::mask
+ user:101:rw--------------:fda:allow
+ user:102:rw--------------:fia:deny
+ user:103:rw--------------:da:deny
+ group:101:rw--------------:fda:deny
+ owner@:rwpxd-----------:fda:allow
+
+d1/d2/d4/d5:
+ flags:a
+ owner:rwpx------------::mask
+ group:rw--------------::mask
+ other:----------------::mask
+ user:101:rw--------------:a:allow
+ user:102:rw--------------:a:deny
+ group:101:rw--------------:a:deny
+ owner@:rwpx------------:a:allow
+
+d1/d6:
+ flags:map
+ owner:rwpxd-----------::mask
+ group:----------------::mask
+ other:----------------::mask
+ user:101:rw--------------:fda:deny
+ user:102:rw--------------:fia:deny
+ user:103:rw--------------:da:deny
+ group:101:rw--------------:fda:deny
+ owner@:rwpxd-----------:fda:allow
+
+d1/d7:
+ flags:map
+ owner:rwp-------------::mask
+ group:----------------::mask
+ other:----------------::mask
+ user:101:rw--------------:a:deny
+ user:102:rw--------------:a:deny
+ group:101:rw--------------:a:deny
+ owner@:rwpx------------:a:allow
+
diff --git a/tests/generic/364 b/tests/generic/364
new file mode 100755
index 0000000..e56fccc
--- /dev/null
+++ b/tests/generic/364
@@ -0,0 +1,98 @@
+#! /bin/bash
+# FS QA Test 364
+#
+# RichACL basic test
+#
+#-----------------------------------------------------------------------
+# Copyright (c) 2016 Red Hat, Inc. All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it would be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+#-----------------------------------------------------------------------
+#
+
+seq=`basename $0`
+seqres=$RESULT_DIR/$seq
+echo "QA output created by $seq"
+
+here=`pwd`
+tmp=/tmp/$$
+status=1 # failure is the default!
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+_cleanup()
+{
+ cd /
+ rm -f $tmp.*
+}
+
+# get standard environment, filters and checks
+. ./common/rc
+
+# remove previous $seqres.full before test
+rm -f $seqres.full
+
+# real QA test starts here
+
+_supported_fs generic
+_supported_os Linux
+
+_require_scratch
+_require_scratch_richacl
+_require_richacl_prog
+
+_scratch_mkfs_richacl >> $seqres.full
+_scratch_mount
+
+cd $SCRATCH_MNT
+
+umask 022
+
+touch x
+
+$SETRICHACL_PROG --set 'everyone@:rwp::allow' x
+stat -c %A x
+$GETRICHACL_PROG x
+
+chmod 664 x
+stat -c %A x
+$GETRICHACL_PROG x
+
+# Note that unlike how the test cases look at first sight, we do *not* require
+# a richacl-enabled version of ls here ...
+
+mkdir sub
+$SETRICHACL_PROG --set 'everyone@:rwpxd:fd:allow' sub
+stat -c %A+ sub
+$GETFATTR_PROG -m system\.richacl sub
+
+chmod 775 sub
+stat -c %A+ sub
+$GETFATTR_PROG -m system\.richacl sub
+$GETRICHACL_PROG sub
+
+touch sub/f
+stat -c %A sub/f
+$GETRICHACL_PROG sub/f
+
+mkdir sub/sub2
+stat -c %A+ sub/sub2
+$GETRICHACL_PROG sub/sub2
+
+mkdir -m 750 sub/sub3
+stat -c %A+ sub/sub3
+$GETRICHACL_PROG sub/sub3
+
+# success, all done
+status=0
+exit
diff --git a/tests/generic/364.out b/tests/generic/364.out
new file mode 100644
index 0000000..696cf6c
--- /dev/null
+++ b/tests/generic/364.out
@@ -0,0 +1,39 @@
+QA output created by 364
+-rw-rw-rw-
+x:
+ everyone@:rwp----------::allow
+
+-rw-rw-r--
+x:
+ owner@:rwp----------::allow
+ group@:rwp----------::allow
+ everyone@:r------------::allow
+
+drwxrwxrwx+
+# file: sub
+system.richacl
+
+drwxrwxr-x+
+# file: sub
+system.richacl
+
+sub:
+ owner@:rwpxd--------::allow
+ group@:rwpxd--------::allow
+ everyone@:rwpxd--------:fdi:allow
+ everyone@:r--x---------::allow
+
+-rw-rw-rw-
+sub/f:
+ everyone@:rwp----------::allow
+
+drwxrwxrwx+
+sub/sub2:
+ everyone@:rwpxd--------:fd:allow
+
+drwxr-x---+
+sub/sub3:
+ owner@:rwpxd--------::allow
+ group@:r--x---------::allow
+ everyone@:rwpxd--------:fdi:allow
+
diff --git a/tests/generic/365 b/tests/generic/365
new file mode 100755
index 0000000..510e5e0
--- /dev/null
+++ b/tests/generic/365
@@ -0,0 +1,93 @@
+#! /bin/bash
+# FS QA Test 365
+#
+# RichACL chmod test
+#
+#-----------------------------------------------------------------------
+# Copyright (c) 2016 Red Hat, Inc. All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it would be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+#-----------------------------------------------------------------------
+#
+
+seq=`basename $0`
+seqres=$RESULT_DIR/$seq
+echo "QA output created by $seq"
+
+here=`pwd`
+tmp=/tmp/$$
+status=1 # failure is the default!
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+_cleanup()
+{
+ cd /
+ rm -f $tmp.*
+}
+
+# get standard environment, filters and checks
+. ./common/rc
+
+# remove previous $seqres.full before test
+rm -f $seqres.full
+
+# real QA test starts here
+
+_supported_fs generic
+_supported_os Linux
+
+_require_scratch
+_require_scratch_richacl
+_require_richacl_prog
+_require_runas
+
+_scratch_mkfs_richacl >> $seqres.full
+_scratch_mount
+
+cd $SCRATCH_MNT
+
+r()
+{
+ echo "--- runas -u 99 -g 99 $*"
+ _runas -u 99 -g 99 -- "$@"
+}
+
+s()
+{
+ echo "--- runas -u 99 -g 99 setrichacl $*"
+ _runas -u 99 -g 99 -- $SETRICHACL_PROG "$@"
+}
+
+# Create file as root
+touch a
+
+# We cannot set the acl as another user
+s --set 'u:99:rwc::allow' a
+
+# We cannot chmod as another user
+r chmod 666 a
+
+# Give user 99 the write_acl permission
+$SETRICHACL_PROG --set 'u:99:rwpC::allow' a
+
+# Now user 99 can setrichacl and chmod ...
+s --set 'u:99:rwpC::allow' a
+r chmod 666 a
+
+# ... but chmod disables the write_acl permission
+s --set 'u:99:rwpC::allow' a
+
+# success, all done
+status=0
+exit
diff --git a/tests/generic/365.out b/tests/generic/365.out
new file mode 100644
index 0000000..f7c9242
--- /dev/null
+++ b/tests/generic/365.out
@@ -0,0 +1,9 @@
+QA output created by 365
+--- runas -u 99 -g 99 setrichacl --set u:99:rwc::allow a
+a: Operation not permitted
+--- runas -u 99 -g 99 chmod 666 a
+chmod: changing permissions of 'a': Operation not permitted
+--- runas -u 99 -g 99 setrichacl --set u:99:rwpC::allow a
+--- runas -u 99 -g 99 chmod 666 a
+--- runas -u 99 -g 99 setrichacl --set u:99:rwpC::allow a
+a: Operation not permitted
diff --git a/tests/generic/366 b/tests/generic/366
new file mode 100755
index 0000000..3a9e4cb
--- /dev/null
+++ b/tests/generic/366
@@ -0,0 +1,86 @@
+#! /bin/bash
+# FS QA Test 366
+#
+# RichACL chown test
+#
+#-----------------------------------------------------------------------
+# Copyright (c) 2016 Red Hat, Inc. All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it would be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+#-----------------------------------------------------------------------
+#
+
+seq=`basename $0`
+seqres=$RESULT_DIR/$seq
+echo "QA output created by $seq"
+
+here=`pwd`
+tmp=/tmp/$$
+status=1 # failure is the default!
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+_cleanup()
+{
+ cd /
+ rm -f $tmp.*
+}
+
+# get standard environment, filters and checks
+. ./common/rc
+
+# remove previous $seqres.full before test
+rm -f $seqres.full
+
+# real QA test starts here
+
+_supported_fs generic
+_supported_os Linux
+
+_require_scratch
+_require_scratch_richacl
+_require_richacl_prog
+_require_runas
+
+_scratch_mkfs_richacl >> $seqres.full
+_scratch_mount
+
+cd $SCRATCH_MNT
+
+r()
+{
+ echo "--- runas -u 99 -g 99 $*"
+ _runas -u 99 -g 99 -- "$@"
+}
+
+# Create file as root
+touch a
+
+# Chown and chgrp with no take ownership permission fails
+r chown 99 a
+r chgrp 99 a
+
+# Add the take_ownership permission
+$SETRICHACL_PROG --set 'u:99:rwpo::allow' a
+
+# Chown and chgrp to a user or group the process is not in fails
+r chown 100 a
+r chgrp 100 a
+
+# Chown and chgrp to a user and group the process is in succeeds
+r chown 99 a
+r chgrp 99 a
+
+# success, all done
+status=0
+exit
diff --git a/tests/generic/366.out b/tests/generic/366.out
new file mode 100644
index 0000000..d950cc2
--- /dev/null
+++ b/tests/generic/366.out
@@ -0,0 +1,11 @@
+QA output created by 366
+--- runas -u 99 -g 99 chown 99 a
+chown: changing ownership of 'a': Operation not permitted
+--- runas -u 99 -g 99 chgrp 99 a
+chgrp: changing group of 'a': Operation not permitted
+--- runas -u 99 -g 99 chown 100 a
+chown: changing ownership of 'a': Operation not permitted
+--- runas -u 99 -g 99 chgrp 100 a
+chgrp: changing group of 'a': Operation not permitted
+--- runas -u 99 -g 99 chown 99 a
+--- runas -u 99 -g 99 chgrp 99 a
diff --git a/tests/generic/367 b/tests/generic/367
new file mode 100755
index 0000000..018ff16
--- /dev/null
+++ b/tests/generic/367
@@ -0,0 +1,85 @@
+#! /bin/bash
+# FS QA Test 367
+#
+# RichACL create test
+#
+#-----------------------------------------------------------------------
+# Copyright (c) 2016 Red Hat, Inc. All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it would be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+#-----------------------------------------------------------------------
+#
+
+seq=`basename $0`
+seqres=$RESULT_DIR/$seq
+echo "QA output created by $seq"
+
+here=`pwd`
+tmp=/tmp/$$
+status=1 # failure is the default!
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+_cleanup()
+{
+ cd /
+ rm -f $tmp.*
+}
+
+# get standard environment, filters and checks
+. ./common/rc
+
+# remove previous $seqres.full before test
+rm -f $seqres.full
+
+# real QA test starts here
+
+_supported_fs generic
+_supported_os Linux
+
+_require_scratch
+_require_scratch_richacl
+_require_richacl_prog
+_require_runas
+
+_scratch_mkfs_richacl >> $seqres.full
+_scratch_mount
+
+cd $SCRATCH_MNT
+
+r()
+{
+ echo "--- runas -u 99 -g 99 $*"
+ _runas -u 99 -g 99 -- "$@"
+}
+
+# Create directories as root with different permissions
+mkdir d1 d2 d3
+$SETRICHACL_PROG --set 'u:99:wx::allow' d2
+$SETRICHACL_PROG --set 'u:99:px::allow' d3
+
+# Cannot create files or directories without permissions
+r touch d1/f
+r mkdir d1/d
+
+# Can create files with add_file (w) permission
+r touch d2/f
+r mkdir d2/d
+
+# Can create directories with add_subdirectory (p) permission
+r touch d3/f
+r mkdir d3/d
+
+# success, all done
+status=0
+exit
diff --git a/tests/generic/367.out b/tests/generic/367.out
new file mode 100644
index 0000000..ec25b5c
--- /dev/null
+++ b/tests/generic/367.out
@@ -0,0 +1,11 @@
+QA output created by 367
+--- runas -u 99 -g 99 touch d1/f
+touch: cannot touch 'd1/f': Permission denied
+--- runas -u 99 -g 99 mkdir d1/d
+mkdir: cannot create directory 'd1/d': Permission denied
+--- runas -u 99 -g 99 touch d2/f
+--- runas -u 99 -g 99 mkdir d2/d
+mkdir: cannot create directory 'd2/d': Permission denied
+--- runas -u 99 -g 99 touch d3/f
+touch: cannot touch 'd3/f': Permission denied
+--- runas -u 99 -g 99 mkdir d3/d
diff --git a/tests/generic/368 b/tests/generic/368
new file mode 100755
index 0000000..8060f48
--- /dev/null
+++ b/tests/generic/368
@@ -0,0 +1,85 @@
+#! /bin/bash
+# FS QA Test 368
+#
+# RichACL ctime test
+#
+#-----------------------------------------------------------------------
+# Copyright (c) 2016 Red Hat, Inc. All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it would be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+#-----------------------------------------------------------------------
+#
+
+seq=`basename $0`
+seqres=$RESULT_DIR/$seq
+echo "QA output created by $seq"
+
+here=`pwd`
+tmp=/tmp/$$
+status=1 # failure is the default!
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+_cleanup()
+{
+ cd /
+ rm -f $tmp.*
+}
+
+# get standard environment, filters and checks
+. ./common/rc
+
+# remove previous $seqres.full before test
+rm -f $seqres.full
+
+# real QA test starts here
+
+_supported_fs generic
+_supported_os Linux
+
+_require_scratch
+_require_scratch_richacl
+_require_richacl_prog
+_require_runas
+
+_scratch_mkfs_richacl >> $seqres.full
+_scratch_mount
+
+cd $SCRATCH_MNT
+
+r()
+{
+ echo "--- runas -u 99 -g 99 $*"
+ _runas -u 99 -g 99 -- "$@"
+}
+
+touch a
+
+# Without write access, the ctime cannot be changed
+r touch a
+
+$SETRICHACL_PROG --set 'u:99:rw::allow' a
+
+# With write access, the ctime can be set to the current time, but not to
+# any other time
+r touch a
+r touch -d '1 hour ago' a
+
+$SETRICHACL_PROG --set 'u:99:rwA::allow' a
+
+# With set_attributes access, the ctime can be set to an arbitrary time
+r touch -d '1 hour ago' a
+
+# success, all done
+status=0
+exit
diff --git a/tests/generic/368.out b/tests/generic/368.out
new file mode 100644
index 0000000..2cdf5e5
--- /dev/null
+++ b/tests/generic/368.out
@@ -0,0 +1,7 @@
+QA output created by 368
+--- runas -u 99 -g 99 touch a
+touch: cannot touch 'a': Permission denied
+--- runas -u 99 -g 99 touch a
+--- runas -u 99 -g 99 touch -d 1 hour ago a
+touch: setting times of 'a': Operation not permitted
+--- runas -u 99 -g 99 touch -d 1 hour ago a
diff --git a/tests/generic/369 b/tests/generic/369
new file mode 100755
index 0000000..7d11e14
--- /dev/null
+++ b/tests/generic/369
@@ -0,0 +1,126 @@
+#! /bin/bash
+# FS QA Test 369
+#
+# RichACL delete test
+#
+#-----------------------------------------------------------------------
+# Copyright (c) 2016 Red Hat, Inc. All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it would be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+#-----------------------------------------------------------------------
+#
+
+seq=`basename $0`
+seqres=$RESULT_DIR/$seq
+echo "QA output created by $seq"
+
+here=`pwd`
+tmp=/tmp/$$
+status=1 # failure is the default!
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+_cleanup()
+{
+ cd /
+ rm -f $tmp.*
+}
+
+# get standard environment, filters and checks
+. ./common/rc
+
+# remove previous $seqres.full before test
+rm -f $seqres.full
+
+# real QA test starts here
+
+_supported_fs generic
+_supported_os Linux
+
+_require_scratch
+_require_scratch_richacl
+_require_richacl_prog
+_require_runas
+
+_scratch_mkfs_richacl >> $seqres.full
+_scratch_mount
+
+cd $SCRATCH_MNT
+
+r()
+{
+ echo "--- runas -u 99 -g 99 $*"
+ _runas -u 99 -g 99 -- "$@"
+}
+
+umask 022
+
+chmod go+w .
+mkdir d1 d2 d3 d4 d5 d6 d7
+touch d1/f d1/g d2/f d3/f d4/f d5/f d6/f d7/f d7/g d7/h
+chmod o+w d1/g
+chown 99 d2
+chgrp 99 d3
+chmod g+w d3
+$SETRICHACL_PROG --set 'u:99:wx::allow' d4
+$SETRICHACL_PROG --set 'u:99:d::allow' d5
+$SETRICHACL_PROG --set 'u:99:xd::allow' d6
+$SETRICHACL_PROG --set 'u:99:D::allow' d7/f d7/g d7/h
+chmod 664 d7/g
+
+mkdir s2 s3 s4 s5 s6 s7
+chmod +t s2 s3 s4 s5 s6 s7
+touch s2/f s3/f s4/f s5/f s6/f s7/f s7/g s7/h
+chown 99 s2
+chgrp 99 s3
+chmod g+w s3
+$SETRICHACL_PROG --set 'u:99:wx::allow' s4
+$SETRICHACL_PROG --set 'u:99:d::allow' s5
+$SETRICHACL_PROG --set 'u:99:xd::allow' s6
+$SETRICHACL_PROG --set 'u:99:D::allow' s7/f s7/g s7/h
+chmod 664 s7/g
+
+# Cannot delete files with no or only with write permissions on the directory
+r rm -f d1/f d1/g
+
+# Can delete files in directories we own
+r rm -f d2/f s2/f
+
+# Can delete files in non-sticky directories we have write access to
+r rm -f d3/f s3/f
+
+# "Write_data/execute" access does not include delete_child access, so deleting
+# is not allowed:
+r rm -f d4/f s4/f
+
+# "Delete_child" access alone also is not sufficient
+r rm -f d5/f s5/f
+
+# "Execute/delete_child" access is sufficient for non-sticky directories
+r rm -f d6/f s6/f
+
+# "Delete" access on the child is sufficient, even in sticky directories.
+r rm -f d7/f s7/f
+
+# Regression: Delete access must not override add_file / add_subdirectory
+# access.
+r touch h
+r mv -f h d7/
+r mv -f h s7/
+
+# A chmod turns off the "delete" permission
+r rm -f d7/g s7/g
+
+# success, all done
+status=0
+exit
diff --git a/tests/generic/369.out b/tests/generic/369.out
new file mode 100644
index 0000000..acdab46
--- /dev/null
+++ b/tests/generic/369.out
@@ -0,0 +1,24 @@
+QA output created by 369
+--- runas -u 99 -g 99 rm -f d1/f d1/g
+rm: cannot remove 'd1/f': Permission denied
+rm: cannot remove 'd1/g': Permission denied
+--- runas -u 99 -g 99 rm -f d2/f s2/f
+--- runas -u 99 -g 99 rm -f d3/f s3/f
+rm: cannot remove 's3/f': Operation not permitted
+--- runas -u 99 -g 99 rm -f d4/f s4/f
+rm: cannot remove 'd4/f': Permission denied
+rm: cannot remove 's4/f': Permission denied
+--- runas -u 99 -g 99 rm -f d5/f s5/f
+rm: cannot remove 'd5/f': Permission denied
+rm: cannot remove 's5/f': Permission denied
+--- runas -u 99 -g 99 rm -f d6/f s6/f
+rm: cannot remove 's6/f': Operation not permitted
+--- runas -u 99 -g 99 rm -f d7/f s7/f
+--- runas -u 99 -g 99 touch h
+--- runas -u 99 -g 99 mv -f h d7/
+mv: cannot move 'h' to 'd7/h': Permission denied
+--- runas -u 99 -g 99 mv -f h s7/
+mv: cannot move 'h' to 's7/h': Permission denied
+--- runas -u 99 -g 99 rm -f d7/g s7/g
+rm: cannot remove 'd7/g': Permission denied
+rm: cannot remove 's7/g': Permission denied
diff --git a/tests/generic/370 b/tests/generic/370
new file mode 100755
index 0000000..8827f5c
--- /dev/null
+++ b/tests/generic/370
@@ -0,0 +1,90 @@
+#! /bin/bash
+# FS QA Test 370
+#
+# RichACL write-vs-append test
+#
+#-----------------------------------------------------------------------
+# Copyright (c) 2016 Red Hat, Inc. All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it would be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+#-----------------------------------------------------------------------
+#
+
+seq=`basename $0`
+seqres=$RESULT_DIR/$seq
+echo "QA output created by $seq"
+
+here=`pwd`
+tmp=/tmp/$$
+status=1 # failure is the default!
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+_cleanup()
+{
+ cd /
+ rm -f $tmp.*
+}
+
+# get standard environment, filters and checks
+. ./common/rc
+
+# remove previous $seqres.full before test
+rm -f $seqres.full
+
+# real QA test starts here
+
+_supported_fs generic
+_supported_os Linux
+
+_require_scratch
+_require_scratch_richacl
+_require_richacl_prog
+_require_runas
+
+_scratch_mkfs_richacl >> $seqres.full
+_scratch_mount
+
+cd $SCRATCH_MNT
+
+r()
+{
+ echo "--- runas -u 99 -g 99 $*"
+ _runas -u 99 -g 99 -- "$@"
+}
+
+touch a b c d e f
+$SETRICHACL_PROG --set 'owner@:rwp::allow' a
+$SETRICHACL_PROG --set 'owner@:rwp::allow u:99:w::allow' b
+$SETRICHACL_PROG --set 'owner@:rwp::allow u:99:p::allow' c
+$SETRICHACL_PROG --set 'owner@:rwp::allow u:99:wp::allow' d
+$SETRICHACL_PROG --set 'u:99:a::deny owner@:rwp::allow u:99:w::allow' e
+$SETRICHACL_PROG --set 'u:99:w::deny owner@:rwp::allow u:99:p::allow' f
+
+r sh -c 'echo a > a'
+r sh -c 'echo b > b'
+r sh -c 'echo c > c'
+r sh -c 'echo d > d'
+r sh -c 'echo e > e'
+r sh -c 'echo f > f'
+
+r sh -c 'echo A >> a'
+r sh -c 'echo B >> b'
+r sh -c 'echo C >> c'
+r sh -c 'echo D >> d'
+r sh -c 'echo E >> e'
+r sh -c 'echo F >> f'
+
+# success, all done
+status=0
+exit
diff --git a/tests/generic/370.out b/tests/generic/370.out
new file mode 100644
index 0000000..97a21a1
--- /dev/null
+++ b/tests/generic/370.out
@@ -0,0 +1,19 @@
+QA output created by 370
+--- runas -u 99 -g 99 sh -c echo a > a
+sh: a: Permission denied
+--- runas -u 99 -g 99 sh -c echo b > b
+--- runas -u 99 -g 99 sh -c echo c > c
+sh: c: Permission denied
+--- runas -u 99 -g 99 sh -c echo d > d
+--- runas -u 99 -g 99 sh -c echo e > e
+--- runas -u 99 -g 99 sh -c echo f > f
+sh: f: Permission denied
+--- runas -u 99 -g 99 sh -c echo A >> a
+sh: a: Permission denied
+--- runas -u 99 -g 99 sh -c echo B >> b
+sh: b: Permission denied
+--- runas -u 99 -g 99 sh -c echo C >> c
+--- runas -u 99 -g 99 sh -c echo D >> d
+--- runas -u 99 -g 99 sh -c echo E >> e
+sh: e: Permission denied
+--- runas -u 99 -g 99 sh -c echo F >> f
diff --git a/tests/generic/group b/tests/generic/group
index 7491282..2ec4288 100644
--- a/tests/generic/group
+++ b/tests/generic/group
@@ -364,3 +364,12 @@
359 auto quick clone
360 auto quick metadata
361 auto quick
+362 auto quick richacl
+363 auto quick richacl
+364 auto quick richacl
+365 auto quick richacl
+366 auto quick richacl
+367 auto quick richacl
+368 auto quick richacl
+369 auto quick richacl
+370 auto quick richacl
--
2.5.5
--
To unsubscribe from this list: send the line "unsubscribe fstests" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
