Skip to content

Commit

Permalink
ZTS: Fix incorrect use of libtest in user_run by xattr_003_neg
Browse files Browse the repository at this point in the history 
You can't use user_run to eval ksh functions defined in libtest unless
you include libtest in the user shell.

Simplify user_run to retain the current environment, eliminate eval,
and feed the command string into ksh.  Enhance the logging for
user_run so we can see out and err.

Fix xattr_003_neg by:
* running ksh as the user
* feeding it the commands to include libtest *then* run get_xattr
* assert this fails
* use variables for filenames so they don't change in the user's shell
* don't log the contents of /etc/passwd
* cleanup all byproducts

Signed-off-by: Ryan Moeller <ryan@iXsystems.com>
  • Loading branch information
Ryan Moeller authored and Ryan Moeller committed Nov 24, 2020
1 parent 04a82e0 commit 0a4b9ab
Show file tree
Hide file tree
Showing 5 changed files with 44 additions and 33 deletions.
11 changes: 8 additions & 3 deletions tests/zfs-tests/include/libtest.shlib
View file
Expand Up @@ -41,7 +41,7 @@
# PATH may have been modified by sudo's secure_path behavior.
#
if [ -n "$STF_PATH" ]; then
PATH="$STF_PATH"
export PATH="$STF_PATH"
fi

#
Expand Down Expand Up @@ -3393,8 +3393,13 @@ function user_run
typeset user=$1
shift

log_note "user:$user $@"
eval su - \$user -c \"$@\" > $TEST_BASE_DIR/out 2>$TEST_BASE_DIR/err
log_note "user: $user"
log_note "cmd: $*"
sudo -Eu $user ksh <<<"$*" >$TEST_BASE_DIR/out 2>$TEST_BASE_DIR/err
typeset res=$?
log_note "out: `<$TEST_BASE_DIR/out`"
log_note "err: `<$TEST_BASE_DIR/err`"
return $res
}

#
Expand Down
10 changes: 5 additions & 5 deletions tests/zfs-tests/tests/functional/delegate/delegate_common.kshlib
View file
Expand Up @@ -388,7 +388,7 @@ function verify_send
typeset bak_user=$TEST_BASE_DIR/bak.$user.$stamp
typeset bak_root=$TEST_BASE_DIR/bak.root.$stamp

user_run $user eval "zfs send $snap > $bak_user"
user_run $user "zfs send $snap > $bak_user"
log_must eval "zfs send $snap > $bak_root"

if [[ $(checksum $bak_user) == $(checksum $bak_root) ]]; then
Expand Down Expand Up @@ -430,27 +430,27 @@ function verify_fs_receive
log_must eval "zfs send $dtstsnap > $bak_root"
log_must_busy zfs destroy -rf $dtst

user_run $user eval "zfs receive $dtst < $bak_root"
user_run $user "zfs receive $dtst < $bak_root"
if datasetexists $dtstsnap ; then
return 1
fi

log_must zfs allow $user create $fs
user_run $user eval "zfs receive $dtst < $bak_root"
user_run $user "zfs receive $dtst < $bak_root"
log_must zfs unallow $user create $fs
if datasetexists $dtstsnap ; then
return 1
fi

log_must zfs allow $user mount $fs
user_run $user eval "zfs receive $dtst < $bak_root"
user_run $user "zfs receive $dtst < $bak_root"
log_must zfs unallow $user mount $fs
if datasetexists $dtstsnap ; then
return 1
fi

log_must zfs allow $user mount,create $fs
user_run $user eval "zfs receive $dtst < $bak_root"
user_run $user "zfs receive $dtst < $bak_root"
log_must zfs unallow $user mount,create $fs
if ! datasetexists $dtstsnap ; then
return 1
Expand Down
4 changes: 2 additions & 2 deletions tests/zfs-tests/tests/functional/limits/filesystem_limit.ksh
View file
Expand Up @@ -126,14 +126,14 @@ log_must zfs set filesystem_limit=0 "$DATASET_TEST"
log_must zfs create "$DATASET_UTIL/send"
log_must zfs snapshot "$DATASET_UTIL/send@snap1"
log_must eval "zfs send $DATASET_UTIL/send@snap1 > $ZSTREAM"
log_mustnot user_run $STAFF1 eval "zfs receive $DATASET_TEST/received < $ZSTREAM"
log_mustnot user_run $STAFF1 "zfs receive $DATASET_TEST/received < $ZSTREAM"
log_mustnot datasetexists "$DATASET_TEST/received"
log_must test "$(get_prop 'filesystem_count' "$DATASET_TEST")" == "0"
# Verify filesystem_limit is *not* enforced for users allowed to change it
log_must eval "zfs receive $DATASET_TEST/received < $ZSTREAM"
log_must zfs destroy -r "$DATASET_TEST/received"
log_must zfs allow -l $STAFF1 'filesystem_limit' "$DATASET_TEST"
log_must user_run $STAFF1 eval "zfs receive $DATASET_TEST/received < $ZSTREAM"
log_must user_run $STAFF1 "zfs receive $DATASET_TEST/received < $ZSTREAM"
log_must datasetexists "$DATASET_TEST/received"

log_pass "'filesystem_limit' property is enforced"
8 changes: 4 additions & 4 deletions tests/zfs-tests/tests/functional/limits/snapshot_limit.ksh
View file
Expand Up @@ -142,16 +142,16 @@ log_must zfs create "$DATASET_UTIL/send"
log_must zfs snapshot "$DATASET_UTIL/send@snap1"
log_must eval "zfs send $DATASET_UTIL/send@snap1 > $ZSTREAM"
log_mustnot user_run $STAFF1 \
eval "zfs receive $DATASET_TEST/received < $ZSTREAM"
"zfs receive $DATASET_TEST/received < $ZSTREAM"
log_mustnot datasetexists "$DATASET_TEST/received"
log_must test "$(get_prop 'snapshot_count' "$DATASET_TEST")" == "0"
log_must zfs set snapshot_limit=1 "$DATASET_TEST"
log_must user_run $STAFF1 \
eval "zfs receive $DATASET_TEST/received < $ZSTREAM"
"zfs receive $DATASET_TEST/received < $ZSTREAM"
log_must zfs snapshot "$DATASET_UTIL/send@snap2"
log_must eval "zfs send -i @snap1 $DATASET_UTIL/send@snap2 > $ZSTREAM"
log_mustnot user_run $STAFF1 \
eval "zfs receive $DATASET_TEST/received < $ZSTREAM"
"zfs receive $DATASET_TEST/received < $ZSTREAM"
log_mustnot datasetexists "$DATASET_TEST/received@snap2"
log_must test "$(get_prop 'snapshot_count' "$DATASET_TEST")" == "1"
# Verify snapshot_limit is *not* enforced for users allowed to change it
Expand All @@ -160,7 +160,7 @@ log_must zfs snapshot "$DATASET_UTIL/send@snap3"
log_must eval "zfs send -i @snap2 $DATASET_UTIL/send@snap3 > $ZSTREAM"
log_must zfs allow -l $STAFF1 'snapshot_limit' "$DATASET_TEST"
log_must user_run $STAFF1 \
eval "zfs receive $DATASET_TEST/received < $ZSTREAM"
"zfs receive $DATASET_TEST/received < $ZSTREAM"
log_must test "$(get_prop 'snapshot_count' "$DATASET_TEST")" == "3"

log_pass "'snapshot_limit' property is enforced"
44 changes: 25 additions & 19 deletions tests/zfs-tests/tests/functional/xattr/xattr_003_neg.ksh
View file
Expand Up @@ -43,34 +43,40 @@
# 4. Check that we're unable to write an xattr as a non-root user
#

function cleanup {

log_must rm $TESTDIR/myfile.$$

function cleanup
{
rm -f $testfile $tempfile
}

log_assert "read/write xattr on a file with no permissions fails"
log_onexit cleanup

log_must touch $TESTDIR/myfile.$$
create_xattr $TESTDIR/myfile.$$ passwd /etc/passwd
typeset testfile=$TESTDIR/testfile.$$
typeset tempfile=/tmp/tempfile.$$

log_must touch $testfile
create_xattr $testfile passwd /etc/passwd

log_must chmod 000 $TESTDIR/myfile.$$
log_must chmod 000 $testfile
if is_illumos; then
log_mustnot su $ZFS_USER -c "runat $TESTDIR/myfile.$$ cat passwd"
log_mustnot su $ZFS_USER -c "runat $TESTDIR/myfile.$$ cp /etc/passwd ."
log_mustnot su $ZFS_USER -c "runat $testfile cat passwd"
log_mustnot su $ZFS_USER -c "runat $testfile cp /etc/passwd ."
else
user_run $ZFS_USER eval \
"get_xattr passwd $TESTDIR/myfile.$$ >/tmp/passwd.$$"
log_mustnot diff /etc/passwd /tmp/passwd.$$
log_must rm /tmp/passwd.$$
log_mustnot user_run $ZFS_USER "
. $STF_SUITE/include/libtest.shlib
get_xattr passwd $testfile >$tempfile
"
log_mustnot diff -q /etc/passwd $tempfile
log_must rm $tempfile

user_run $ZFS_USER eval \
"set_xattr_stdin passwd $TESTDIR/myfile.$$ </etc/group"
log_must chmod 644 $TESTDIR/myfile.$$
get_xattr passwd $TESTDIR/myfile.$$ >/tmp/passwd.$$
log_must diff /etc/passwd /tmp/passwd.$$
log_must rm /tmp/passwd.$$
log_mustnot user_run $ZFS_USER "
. $STF_SUITE/include/libtest.shlib
set_xattr_stdin passwd $testfile </etc/group
"
log_must chmod 644 $testfile
get_xattr passwd $testfile >$tempfile
log_must diff -q /etc/passwd $tempfile
log_must rm $tempfile
fi

log_pass "read/write xattr on a file with no permissions fails"

0 comments on commit 0a4b9ab

Please sign in to comment.