xfs
[Top] [All Lists]

[PATCH] xfstests: test dump/restore of file capabilities

To: xfs-oss <xfs@xxxxxxxxxxx>
Subject: [PATCH] xfstests: test dump/restore of file capabilities
From: Eric Sandeen <sandeen@xxxxxxxxxx>
Date: Thu, 03 Jan 2013 18:05:23 -0600
Cc: fugazzi® <fugazzi99@xxxxxxxxx>
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/17.0 Thunderbird/17.0
xfsrestore isn't properly restoring file capabilities; it restores
them, but then chowns the file, which removes the caps:

Call Trace:
 [<ffffffffa028de68>] xfs_xattr_set+0x118/0x120 [xfs]
 [<ffffffff8119a8c0>] generic_removexattr+0x80/0x90
 [<ffffffff8120b408>] cap_inode_killpriv+0x28/0x30
 [<ffffffff8120c666>] security_inode_killpriv+0x16/0x20
 [<ffffffff81192edf>] notify_change+0x18f/0x330
 [<ffffffff81176b70>] chown_common+0x60/0xa0
 [<ffffffff81176c30>] sys_fchown+0x80/0xd0
 [<ffffffff81537c59>] system_call_fastpath+0x16/0x1b

This test demonstrates the problem.

Reported-by: fugazzi® <fugazzi99@xxxxxxxxx>
Signed-off-by: Eric Sandeen <sandeen@xxxxxxxxxx>
---

diff --git a/296 b/296
new file mode 100755
index 0000000..efcfb09
--- /dev/null
+++ b/296
@@ -0,0 +1,83 @@
+#! /bin/bash
+# FS QA Test No. 296
+#
+# Test that xfsdump/restore preserves file capabilities
+#
+#-----------------------------------------------------------------------
+# Copyright (c) 2013 Red Hat, Inc.  All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it would be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write the Free Software Foundation,
+# Inc.,  51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#-----------------------------------------------------------------------
+#
+# creator
+owner=sandeen@xxxxxxxxxxx
+
+seq=`basename $0`
+echo "QA output created by $seq"
+
+here=`pwd`
+tmp=/tmp/$$
+status=1       # failure is the default!
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+_cleanup()
+{
+    cd /
+    rm -f $tmp.*
+}
+
+# get standard environment, filters and checks
+. ./common.rc
+. ./common.filter
+. ./common.dump
+
+# real QA test starts here
+
+# Modify as appropriate.
+_supported_fs xfs
+_supported_os Linux
+_require_scratch
+
+rm -f $seq.full
+
+_wipe_fs
+
+mkdir -p $dump_dir
+echo test > $dump_dir/testfile
+# Set a generic xattr
+setfattr -n user.name -v value $dump_dir/testfile
+# Now set the cap (which is also an xattr)
+setcap cap_setgid,cap_setuid+ep $dump_dir/testfile
+# And make sure they are there on the source
+echo "Checking for xattr on source file"
+getfattr --absolute-names -m user.name $dump_dir/testfile | _dir_filter
+echo "Checking for capability on source file"
+getcap $dump_dir/testfile | _dir_filter
+getfattr --absolute-names -m security.capability $dump_dir/testfile | 
_dir_filter
+
+_do_dump_file -f $tmp.df.0
+_prepare_restore_dir
+_do_restore_file
+# Basic dump/restore checks first - the file is there, right?
+_ls_compare_sub
+_diff_compare
+
+echo "Checking for xattr on restored file"
+getfattr --absolute-names -m user.name $restore_dir/$dump_sdir/testfile | 
_dir_filter
+echo "Checking for capability on restored file"
+getcap $restore_dir/$dump_sdir/testfile | _dir_filter
+getfattr --absolute-names -m security.capability 
$restore_dir/$dump_sdir/testfile | _dir_filter
+
+status=0
+exit
diff --git a/296.out b/296.out
new file mode 100644
index 0000000..7401e93
--- /dev/null
+++ b/296.out
@@ -0,0 +1,55 @@
+QA output created by 296
+Checking for xattr on source file
+# file: DUMP_DIR/testfile
+user.name
+
+Checking for capability on source file
+DUMP_DIR/testfile = cap_setgid,cap_setuid+ep
+# file: DUMP_DIR/testfile
+security.capability
+
+Dumping to file...
+xfsdump  -f DUMP_FILE -M stress_tape_media -L stress_296 SCRATCH_MNT
+xfsdump: using file dump (drive_simple) strategy
+xfsdump: level 0 dump of HOSTNAME:SCRATCH_MNT
+xfsdump: dump date: DATE
+xfsdump: session id: ID
+xfsdump: session label: "stress_296"
+xfsdump: ino map <PHASES>
+xfsdump: ino map construction complete
+xfsdump: estimated dump size: NUM bytes
+xfsdump: /var/xfsdump/inventory created
+xfsdump: creating dump session media file 0 (media 0, file 0)
+xfsdump: dumping ino map
+xfsdump: dumping directories
+xfsdump: dumping non-directory files
+xfsdump: ending media file
+xfsdump: media file size NUM bytes
+xfsdump: dump size (non-dir files) : NUM bytes
+xfsdump: dump complete: SECS seconds elapsed
+xfsdump: Dump Status: SUCCESS
+Restoring from file...
+xfsrestore  -f DUMP_FILE  -L stress_296 RESTORE_DIR
+xfsrestore: using file dump (drive_simple) strategy
+xfsrestore: using online session inventory
+xfsrestore: searching media for directory dump
+xfsrestore: examining media file 0
+xfsrestore: reading directories
+xfsrestore: 2 directories and 2 entries processed
+xfsrestore: directory post-processing
+xfsrestore: restoring non-directory files
+xfsrestore: restore complete: SECS seconds elapsed
+xfsrestore: Restore Status: SUCCESS
+Comparing listing of dump directory with restore directory
+Files TMP.dump_dir and TMP.restore_dir are identical
+Comparing dump directory with restore directory
+Files DUMP_DIR/testfile and RESTORE_DIR/DUMP_SUBDIR/testfile are identical
+Only in SCRATCH_MNT: RESTORE_SUBDIR
+Checking for xattr on restored file
+# file: RESTORE_DIR/DUMP_SUBDIR/testfile
+user.name
+
+Checking for capability on restored file
+RESTORE_DIR/DUMP_SUBDIR/testfile = cap_setgid,cap_setuid+ep
+# file: RESTORE_DIR/DUMP_SUBDIR/testfile
+security.capability
diff --git a/group b/group
index a51e05a..0706c60 100644
--- a/group
+++ b/group
@@ -413,3 +413,4 @@ deprecated
 294 auto rw prealloc quick ioctl
 291 repair
 295 logprint auto quick
+296 dump auto quick

<Prev in Thread] Current Thread [Next in Thread>