1#!/bin/sh
2#*********************************************************************
3#   Copyright (c) International Business Machines  Corp., 2003
4#
5#   This program is free software;  you can redistribute it and/or modify
6#   it under the terms of the GNU General Public License as published by
7#   the Free Software Foundation; either version 2 of the License, or
8#   (at your option) any later version.
9#
10#   This program is distributed in the hope that it will be useful,
11#   but WITHOUT ANY WARRANTY;  without even the implied warranty of
12#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
13#   the GNU General Public License for more details.
14#
15#   You should have received a copy of the GNU General Public License
16#   along with this program;  if not, write to the Free Software
17#   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
18#
19#
20#
21#  FILE   : acls
22#
23#  PURPOSE: Tests extended acls
24#
25#  HISTORY:
26#    03/03 Jerone Young  (jyoung5@us.ibm.com)
27#    09/08 Jacky Malcles changing the setup to have this TC started by runltp
28#*********************************************************************
29#
30################################################################
31#
32# Make sure that uid=root is running this script.
33# Make sure that loop device is built into the kernel
34# Make sure that ACL(Access Control List) and Extended Attribute are
35#     built into the kernel
36#
37#
38################################################################
39
40export TCID=acltest01
41export TST_TOTAL=5
42export TST_COUNT=1
43
44. test.sh
45
46TMP=${TMP:=/tmp}
47
48TEST_USER1="acltest1"
49TEST_USER1_GROUP="users"
50TEST_USER1_PASSWD="ltp_test_pass1"
51TEST_USER1_HOMEDIR="$TMP/tacl/mount-ext3/$TEST_USER1"
52
53FILE_ACL="$TMP/tacl/mount-ext3/test_file"
54FILE_ACL_LINK="$TMP/tacl/mount-ext3/test_file_link"
55TCbin=`pwd`
56
57COMMAND=$(command -v "getenforce" "setenforce" |wc -l)
58if [ $COMMAND -eq 2 ]; then
59	SELINUX=$(getenforce)
60else
61	SELINUX=""
62fi
63
64do_setup()
65{
66	tst_require_root
67
68	if ! ( test -d $TMP/tacl || mkdir -m 777 $TMP/tacl) ; then
69		tst_brkm TBROK "Failed to create $TMP/tacl directory."
70	fi
71
72	dd if=/dev/zero of=$TMP/tacl/blkext3 bs=1k count=10240 && chmod 777 $TMP/tacl/blkext3
73	if [ $? -ne 0 ] ; then
74		tst_brkm TBROK "Failed to create $TMP/tacl/blkext3"
75	fi
76
77	if ! LOOP_DEV=$(losetup -f) || [ "x$LOOP_DEV" = x ]; then
78		tst_brkm TCONF "[ losetup.1 ] Failed to find an available loopback device -- is the required support compiled in your kernel?"
79	fi
80
81	if ! losetup $LOOP_DEV $TMP/tacl/blkext3 2>&1 > /dev/null; then
82		echo ""
83		tst_brkm TCONF "[ losetup.2 ] Failed to setup the device."
84	fi
85
86	mount | grep ext2
87	if [ $? -ne 0 ]; then
88		mkfs -t ext3 $LOOP_DEV #> /dev/null 2>&1
89		mkdir  -m 777 $TMP/tacl/mount-ext3
90		mount -t ext3 -o defaults,acl,user_xattr $LOOP_DEV $TMP/tacl/mount-ext3
91		if [ $? -ne 0 ]; then
92			tst_resm TCONF "[ mount ] Make sure that ACL (Access Control List)"
93			tst_resm TCONF "\t and Extended Attribute are built into the kernel\n"
94			tst_brkm TCONF "\t Can not mount ext3 file system with acl and user_xattr options\n"
95		fi
96	else
97		mkfs -t ext2 $LOOP_DEV
98		mkdir  -m 777 $TMP/tacl/mount-ext3
99		mount -t ext2 -o defaults,acl,user_xattr $LOOP_DEV $TMP/tacl/mount-ext3
100		if [ $? -ne 0 ]; then
101			tst_resm TCONF "FAILED: [ mount ] Make sure that ACL (Access Control List)"
102			tst_resm TCONF "\t and Extended Attribute are built into the kernel\n"
103			tst_brkm TCONF "\t Can not mount ext2 file system with acl and user_xattr options\n"
104		fi
105	fi
106
107	# We couldn't consider whether the SElinux is Disable or Permissive.
108	# We only set it to Permissive when it it Enforcing.
109	if [ "$SELINUX" = "Enforcing" ]; then
110		echo "set the SElinux to Permissive."
111		setenforce 0
112	fi
113
114	useradd -d $TEST_USER1_HOMEDIR -m -g $TEST_USER1_GROUP $TEST_USER1 -s /bin/sh
115	if [ $? -ne 0 ]; then
116		tst_brkm TBROK "Could not add test user $TEST_USER1."
117	fi
118}
119
120do_cleanup()
121{
122	userdel $TEST_USER1 > /dev/null 2>&1
123	rm -f $FILE_ACL > /dev/null 2>&1
124	rm -f $FILE_ACL_LINK > /dev/null 2>&1
125	mount | grep -q "$TMP/tacl/mount-ext3" && umount -d $TMP/tacl/mount-ext3
126	rm -rf $TMP/tacl
127
128	# We set it back to Enforcing.
129	if [ "$SELINUX" = "Enforcing" ]; then
130		echo "set the SElinux back to Enforcing."
131		setenforce 1
132	fi
133}
134
135do_setup
136TST_CLEANUP=do_cleanup
137
138tst_resm TINFO "Testing ACL for root"
139
140touch $FILE_ACL
141touch $FILE_ACL_LINK
142
143#setup files for extended attributes
144setfacl -mu:root:r $FILE_ACL_LINK
145setfacl -mu:root:r $FILE_ACL
146
147acl_file_test $FILE_ACL
148if [ $? -ne 0 ]; then
149	tst_resm TFAIL "Extended acls for files."
150else
151	tst_resm TPASS "Extended acls for files."
152fi
153
154acl_link_test $FILE_ACL_LINK
155if [ $? -ne 0 ]; then
156	tst_resm TFAIL "Extended acls for links."
157else
158	tst_resm TPASS "Extended acls for links."
159fi
160
161chown $TEST_USER1 $FILE_ACL
162chown $TEST_USER1 $FILE_ACL_LINK
163
164tst_resm TINFO "Testing ACL for $TEST_USER1"
165
166#setup files for extended attributes
167setfacl -m u:$TEST_USER1:r $FILE_ACL_LINK
168setfacl -m u:$TEST_USER1:r $FILE_ACL
169
170tst_su $TEST_USER1 "acl_file_test $FILE_ACL"
171if [ $? -ne 0 ]; then
172	tst_resm TFAIL "Extended acls for files."
173else
174	tst_resm TPASS "Extended acls for files."
175fi
176
177tst_su $TEST_USER1 "acl_link_test $FILE_ACL_LINK"
178if [ $? -ne 0 ]; then
179	tst_resm TFAIL "Extended acls for links."
180else
181	tst_resm TPASS "Extended acls for links."
182fi
183
184tst_exit
185