Since stipping S_SIGID should check S_IXGRP, so using sefacl to umask it to
check whether works well.
Signed-off-by: Yang Xu <xuyang2018.jy@xxxxxxxxxxx>
---
src/idmapped-mounts/idmapped-mounts.c | 75 +++++++++++++++++++++++++++
1 file changed, 75 insertions(+)
diff --git a/src/idmapped-mounts/idmapped-mounts.c b/src/idmapped-mounts/idmapped-mounts.c
index d6769f08..8f292228 100644
--- a/src/idmapped-mounts/idmapped-mounts.c
+++ b/src/idmapped-mounts/idmapped-mounts.c
@@ -8052,6 +8052,30 @@ static int setgid_create_umask(void)
return 0;
}
+static int setgid_create_acl(void)
+{
+ pid_t pid;
+
+ snprintf(t_buf, sizeof(t_buf), "setfacl -d -m u::rwx,g::rw,o::rwx %s/%s", t_mountpoint, T_DIR1);
+ if (system(t_buf))
+ die("failure: system");
+
+ pid = fork();
+ if (pid < 0)
+ die("failure: fork");
+
+ if (pid == 0) {
+ if (setgid_create())
+ die("failure: setgid");
+ exit(EXIT_SUCCESS);
+ }
+
+ if (wait_for_pid(pid))
+ return -1;
+ else
+ return 0;
+}
+
static int setgid_create_idmapped(void)
{
int fret = -1;
@@ -8199,6 +8223,30 @@ static int setgid_create_idmapped_umask(void)
return 0;
}
+static int setgid_create_idmapped_acl(void)
+{
+ pid_t pid;
+
+ snprintf(t_buf, sizeof(t_buf), "setfacl -d -m u::rwx,g::rw,o::rwx %s/%s", t_mountpoint, T_DIR1);
+ if (system(t_buf))
+ die("failure: system");
+
+ pid = fork();
+ if (pid < 0)
+ die("failure: fork");
+
+ if (pid == 0) {
+ if (setgid_create_idmapped())
+ die("failure: setgid");
+ exit(EXIT_SUCCESS);
+ }
+
+ if (wait_for_pid(pid))
+ return -1;
+ else
+ return 0;
+}
+
static int setgid_create_idmapped_in_userns(void)
{
int fret = -1;
@@ -8555,6 +8603,30 @@ static int setgid_create_idmapped_in_userns_umask(void)
return 0;
}
+static int setgid_create_idmapped_in_userns_acl(void)
+{
+ pid_t pid;
+
+ snprintf(t_buf, sizeof(t_buf), "setfacl -d -m u::rwx,g::rw,o::rwx %s/%s", t_mountpoint, T_DIR1);
+ if (system(t_buf))
+ die("failure: system");
+
+ pid = fork();
+ if (pid < 0)
+ die("failure: fork");
+
+ if (pid == 0) {
+ if (setgid_create_idmapped_in_userns())
+ die("failure: setgid_create");
+ exit(EXIT_SUCCESS);
+ }
+
+ if (wait_for_pid(pid))
+ return -1;
+ else
+ return 0;
+}
+
#define PTR_TO_INT(p) ((int)((intptr_t)(p)))
#define INT_TO_PTR(u) ((void *)((intptr_t)(u)))
@@ -14164,10 +14236,13 @@ struct t_idmapped_mounts t_setattr_fix_968219708108[] = {
struct t_idmapped_mounts t_setgid[] = {
{ setgid_create, false, "create operations in directories with setgid bit set", },
{ setgid_create_umask, false, "create operations in directories with setgid bit set by umask(S_IXGRP)", },
+ { setgid_create_acl, false, "create operations in directories with setgid bit set by setfacl(S_IXGRP)", },
{ setgid_create_idmapped, true, "create operations in directories with setgid bit set on idmapped mounts", },
{ setgid_create_idmapped_umask, true, "create operations in directories with setgid bit set on idmapped mounts by umask(S_IXGRP)", },
+ { setgid_create_idmapped_acl, true, "create operations in directories with setgid bit set on idmapped mounts by setfacl(S_IXGRP)", },
{ setgid_create_idmapped_in_userns, true, "create operations in directories with setgid bit set on idmapped mounts in user namespace", },
{ setgid_create_idmapped_in_userns_umask, true, "create operations in directories with setgid bit set on idmapped mounts in user namespace by umask(S_IXGRP)", },
+ { setgid_create_idmapped_in_userns_acl, true, "create operations in directories with setgid bit set on idmapped mounts in user namespace by setfacl(S_IXGRP)",},
};
static bool run_test(struct t_idmapped_mounts suite[], size_t suite_size)
--
2.27.0
