mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 00:14:44 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

[https://bugzilla.novell.com/show_bug.cgi?id=165177]

Browse source 
XFS appears to be more strict than the Linux vfs layer wrt whether a
process can chgrp a file when it's not the owner but still in the same
group -- XFS doesn't allow it and requires CAP_FOWNER instead.

This fix rorders the tests so that the chgrp operations occur before the
chown operations happen, avoiding the difference in requirements between
XFS and linux's vfs.
This commit is contained in:
Steve Beattie 2006-04-14 18:11:55 +00:00
parent 20830f842e
commit 16ce411178
1 changed files with 16 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
tests/regression/subdomain/setattr.sh
View file

@ -71,14 +71,20 @@ newgid=$(awk -F: "/^${newgroup}:/ {print \$3}" /etc/group)
touch $file
chmod $origfileperm $file
# NOTE on the ordering of tests: XFS requires the FOWNER capability
# to chgrp a file that you are not the owner of; linux's vfs layer will
# allow you to do it if you are in the group of the file without FOWNER.
# Therefore, we should do the chgrp test BEFORE changing the owner of
# the file.
# PASS TEST (UNCONSTRAINED)
settest chmod
runchecktest "CHMOD (unconstrained)" pass $file $newfileperm
settest chown
runchecktest "CHOWN (unconstrained)" pass $file $newuid
settest chgrp
runchecktest "CHGRP (unconstrained)" pass $file $newgid
settest chown
runchecktest "CHOWN (unconstrained)" pass $file $newuid
checkfile $file "unconstrained" $newfilepermstr $newuser $newgroup
@ -91,14 +97,14 @@ settest chmod
genprofile $file:$okperm
runchecktest "CHMOD (constrained $okperm)" pass $file 000
settest chown
genprofile $file:$okperm $pwfiles capability:chown
runchecktest "CHOWN (constrained $okperm)" pass $file $newuid
settest chgrp
genprofile $file:$okperm $pwfiles capability:chown
runchecktest "CHGRP (constrained $okperm)" pass $file $newgid
settest chown
genprofile $file:$okperm $pwfiles capability:chown
runchecktest "CHOWN (constrained $okperm)" pass $file $newuid
checkfile $file "constrained $okperm" $newfilepermstr $newuser $newgroup
# FAIL TEST (CONSTRAINED)
@ -110,12 +116,12 @@ settest chmod
genprofile $file:$badperm $pwfiles
runchecktest "CHMOD (constrained $badperm)" fail $file 000
settest chown
genprofile $file:$badperm $pwfiles
runchecktest "CHOWN (constrained $badperm)" fail $file $newuid
settest chgrp
genprofile $file:$badperm $pwfiles
runchecktest "CHGRP (constrained $badperm)" fail $file $newgid
settest chown
genprofile $file:$badperm $pwfiles
runchecktest "CHOWN (constrained $badperm)" fail $file $newuid
checkfile $file "constrained $badperm" $origfilepermstr $origuser $origgroup