On Mon, Jun 13, 2022 at 05:23:14PM +0200, Christian Brauner wrote:
> When group ownership is changed a caller whose fsuid owns the inode can
> change the group of the inode to any group they are a member of. When
> searching through the caller's groups we failed to use the gid mapped
> according to the idmapped mount otherwise we fail to change ownership.
> Add a test for this.
>
> Cc: Seth Forshee <sforshee@xxxxxxxxxxxxxxxx>
> Cc: Christoph Hellwig <hch@xxxxxx>
> Cc: Aleksa Sarai <cyphar@xxxxxxxxxx>
> Cc: <fstests@xxxxxxxxxxxxxxx>
> Signed-off-by: Christian Brauner (Microsoft) <brauner@xxxxxxxxxx>
> ---
Thanks for this test, a few of small review points as below ...
> tests/generic/692 | 74 +++++++++++++++++++++++++++++++++++++++++++
> tests/generic/692.out | 3 ++
> 2 files changed, 77 insertions(+)
> create mode 100755 tests/generic/692
> create mode 100644 tests/generic/692.out
>
> diff --git a/tests/generic/692 b/tests/generic/692
> new file mode 100755
> index 00000000..825c836a
> --- /dev/null
> +++ b/tests/generic/692
> @@ -0,0 +1,74 @@
> +#! /bin/bash
> +# SPDX-License-Identifier: GPL-2.0
> +# Copyright (c) 2022 Christian Brauner (Microsoft). All Rights Reserved.
> +#
> +# FS QA Test 692
> +#
> +# Test that users can changed group ownership of a file they own to a group
> +# they are a member of.
> +#
> +# Regression test for commit:
> +#
> +# 263de29d8397 ("fs: account for group membership")
> +#
> +. ./common/preamble
> +_begin_fstest auto quick perms attr idmapped mount
> +
> +# Override the default cleanup function.
> +_cleanup()
> +{
> + cd /
> + $UMOUNT_PROG $TEST_DIR/target-mnt
Do you need to filter out the errors by "2>/dev/null"?
> + rm -r -f $tmp.*
> +}
> +
> +# Import common functions.
> +# . ./common/filter
I think you didn't use any filter, right? If so, this can be removed.
> +
> +# real QA test starts here
> +
> +# Modify as appropriate.
^^^
This line can be removed too.
> +_supported_fs generic
> +_require_test
> +_require_chown
> +_require_idmapped_mounts
> +_require_user fsgqa
> +_require_group fsgqa
> +_require_group fsgqa2
> +
> +uqid=`id -u fsgqa`
> +gqid=`id -g fsgqa`
> +uqid2=`id -u fsgqa2`
> +gqid2=`id -g fsgqa2`
> +
> +setup_tree()
> +{
> + mkdir -p $TEST_DIR/source-mnt
> + chmod 0777 $TEST_DIR/source-mnt
> + touch $TEST_DIR/source-mnt/dir1
> + chown 65534:65534 $TEST_DIR/source-mnt
> + chown 65534:65535 $TEST_DIR/source-mnt/dir1
> +
> + mkdir -p $TEST_DIR/target-mnt
> + chmod 0777 $TEST_DIR/target-mnt
> +}
> +
> +setup_idmapped_mnt()
> +{
> + $here/src/vfs/mount-idmapped \
You might need:
_require_test_program "vfs/mount-idmapped"
due to _require_idmapped_mounts doesn't guarantee that.
Thanks,
Zorro
> + --map-mount=u:65534:$uqid:1 \
> + --map-mount=g:65534:$gqid:1 \
> + --map-mount=u:65535:$uqid2:1 \
> + --map-mount=g:65535:$gqid2:1 \
> + $TEST_DIR/source-mnt $TEST_DIR/target-mnt
> +}
> +
> +setup_tree
> +setup_idmapped_mnt
> +stat -c '%U:%G' "$TEST_DIR/target-mnt/dir1"
> +_user_do "chgrp $gqid $TEST_DIR/target-mnt/dir1"
> +stat -c '%U:%G' "$TEST_DIR/target-mnt/dir1"
> +
> +# success, all done
> +status=0
> +exit
> diff --git a/tests/generic/692.out b/tests/generic/692.out
> new file mode 100644
> index 00000000..c963f7f4
> --- /dev/null
> +++ b/tests/generic/692.out
> @@ -0,0 +1,3 @@
> +QA output created by 692
> +fsgqa:fsgqa2
> +fsgqa:fsgqa
>
> base-commit: 568ac9fffeb6afec03e5d6c9936617232fd7fc6d
> --
> 2.34.1
>
