On Tue, Sep 13, 2022 at 04:44:04PM +0800, cuiyue-fnst@xxxxxxxxxxx wrote: > > When the version of procps-ng is 3.3.17-6, the output of "sysctl -w" is > like: > /proc/sys/fs/protected_regular = 0 > > But when I install procps-ng 3.3.17-4, the output is like: > fs.protected_regular = 0 > > To avoid this, Just remove the sysctl's stdout from out file. > --- Hi, I have two points about this patch... 1) Is this a designed change of procps, or an issue which was brought in accidentally? Better to figure out which commit brought in it, due to when I tried to use the upstream procps source code, I didn't hit this issue: # git clone https://gitlab.com/procps-ng/procps.git # git lo a8f1c50d (tag: v4.0.1rc1) nls: Update man-po for EIP updates ... # cd procps # ./autogen.sh # ./configure # make -j8 # ./sysctl -w fs.protected_symlinks=1 fs.protected_symlinks = 1 So I doubt if it's an issue which has been fixed by procps? If anyone knows more about that, please feel free to tell us :) 2) Even if this's an expected behavior change of procps, we'd better to use a filter to keep same output format for old and new procps. E.g. _sysctl() { sysctl "$@" | sed -e /proc\\/sys/s#/proc/sys/##g \ -e s#/#.#g } It's a little rude, welcome better pattern :) Thanks, Zorro > tests/generic/597 | 8 ++++---- > tests/generic/597.out | 4 ---- > tests/generic/598 | 12 ++++++------ > tests/generic/598.out | 6 ------ > 4 files changed, 10 insertions(+), 20 deletions(-) > > diff --git a/tests/generic/597 b/tests/generic/597 > index ff985ca..30129ac 100755 > --- a/tests/generic/597 > +++ b/tests/generic/597 > @@ -83,9 +83,9 @@ setup_tree > # is not the link owner. > echo "== Test symlink follow protection when" > echo "== process != link owner and dir owner != link owner" > -sysctl -w fs.protected_symlinks=0 > +sysctl -w fs.protected_symlinks=0 > /dev/null > test_symlink > -sysctl -w fs.protected_symlinks=1 > +sysctl -w fs.protected_symlinks=1 > /dev/null > test_symlink > echo > @@ -96,9 +96,9 @@ echo > # read-write access to the target > echo "== Test hardlink create protection when" > echo "== process != target owner and process cannot read target" > -sysctl -w fs.protected_hardlinks=0 > +sysctl -w fs.protected_hardlinks=0 > /dev/null > test_hardlink > -sysctl -w fs.protected_hardlinks=1 > +sysctl -w fs.protected_hardlinks=1 > /dev/null > test_hardlink > # success, all done > diff --git a/tests/generic/597.out b/tests/generic/597.out > index c654da7..dc327ae 100644 > --- a/tests/generic/597.out > +++ b/tests/generic/597.out > @@ -1,14 +1,10 @@ > QA output created by 597 > == Test symlink follow protection when > == process != link owner and dir owner != link owner > -fs.protected_symlinks = 0 > successfully followed symlink > -fs.protected_symlinks = 1 > Permission denied > == Test hardlink create protection when > == process != target owner and process cannot read target > -fs.protected_hardlinks = 0 > successfully created hardlink > -fs.protected_hardlinks = 1 > ln: failed to create hard link 'TEST_DIR/597/sticky_dir/hardlink' => > 'TEST_DIR/597/target': Operation not permitted > diff --git a/tests/generic/598 b/tests/generic/598 > index 769c1b1..4264f33 100755 > --- a/tests/generic/598 > +++ b/tests/generic/598 > @@ -88,11 +88,11 @@ setup_tree > # sticky directories > echo "== Test file open when owned by another and file owner != dir owner" > -sysctl -w fs.protected_regular=0 > +sysctl -w fs.protected_regular=0 > /dev/null > test_access file > -sysctl -w fs.protected_regular=1 > +sysctl -w fs.protected_regular=1 > /dev/null > test_access file > -sysctl -w fs.protected_regular=2 > +sysctl -w fs.protected_regular=2 > /dev/null > test_access file > echo > @@ -105,11 +105,11 @@ echo > # With protection set to 2, the same goes for group-writable > # sticky directories > echo "== Test fifo open when owned by another and fifo owner != dir owner" > -sysctl -w fs.protected_fifos=0 > +sysctl -w fs.protected_fifos=0 > /dev/null > test_access fifo > -sysctl -w fs.protected_fifos=1 > +sysctl -w fs.protected_fifos=1 > /dev/null > test_access fifo > -sysctl -w fs.protected_fifos=2 > +sysctl -w fs.protected_fifos=2 > /dev/null > test_access fifo > # success, all done > diff --git a/tests/generic/598.out b/tests/generic/598.out > index 6d8047d..7903107 100644 > --- a/tests/generic/598.out > +++ b/tests/generic/598.out > @@ -1,27 +1,21 @@ > QA output created by 598 > == Test file open when owned by another and file owner != dir owner > -fs.protected_regular = 0 > = group & world writable dir > = only group writable dir > -fs.protected_regular = 1 > = group & world writable dir > Permission denied > = only group writable dir > -fs.protected_regular = 2 > = group & world writable dir > Permission denied > = only group writable dir > Permission denied > == Test fifo open when owned by another and fifo owner != dir owner > -fs.protected_fifos = 0 > = group & world writable dir > = only group writable dir > -fs.protected_fifos = 1 > = group & world writable dir > Permission denied > = only group writable dir > -fs.protected_fifos = 2 > = group & world writable dir > Permission denied > = only group writable dir > -- > 1.8.3.1 >
