Am 25.06.2021 um 16:23 hat Max Reitz geschrieben:
> Signed-off-by: Max Reitz <mre...@redhat.com>
> ---
> tests/qemu-iotests/tests/fuse-allow-other | 175 ++++++++++++++++++
> tests/qemu-iotests/tests/fuse-allow-other.out | 88 +++++++++
> 2 files changed, 263 insertions(+)
> create mode 100755 tests/qemu-iotests/tests/fuse-allow-other
> create mode 100644 tests/qemu-iotests/tests/fuse-allow-other.out
>
> diff --git a/tests/qemu-iotests/tests/fuse-allow-other
> b/tests/qemu-iotests/tests/fuse-allow-other
> new file mode 100755
> index 0000000000..a513dbce66
> --- /dev/null
> +++ b/tests/qemu-iotests/tests/fuse-allow-other
> @@ -0,0 +1,175 @@
> +#!/usr/bin/env bash
> +# group: rw
> +#
> +# Test FUSE exports' allow-other option
> +#
> +# Copyright (C) 2021 Red Hat, Inc.
> +#
> +# This program is free software; you can redistribute it and/or modify
> +# it under the terms of the GNU General Public License as published by
> +# the Free Software Foundation; either version 2 of the License, or
> +# (at your option) any later version.
> +#
> +# This program is distributed in the hope that it will be useful,
> +# but WITHOUT ANY WARRANTY; without even the implied warranty of
> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> +# GNU General Public License for more details.
> +#
> +# You should have received a copy of the GNU General Public License
> +# along with this program. If not, see <http://www.gnu.org/licenses/>.
> +#
> +
> +seq=$(basename "$0")
> +echo "QA output created by $seq"
> +
> +status=1 # failure is the default!
> +
> +_cleanup()
> +{
> + _cleanup_qemu
> + _cleanup_test_img
> + rm -f "$EXT_MP"
> +}
> +trap "_cleanup; exit \$status" 0 1 2 3 15
> +
> +# get standard environment, filters and checks
> +. ../common.rc
> +. ../common.filter
> +. ../common.qemu
> +
> +_supported_fmt generic
> +
> +_supported_proto file # We create the FUSE export manually
> +
> +sudo -n -u nobody true || \
> + _notrun 'Password-less sudo as nobody required to test allow_other'
> +
> +# $1: Export ID
> +# $2: Options (beyond the node-name and ID)
> +# $3: Expected return value (defaults to 'return')
> +# $4: Node to export (defaults to 'node-format')
> +fuse_export_add()
> +{
> + allow_other_not_supported='option allow_other only allowed if'
> +
> + output=$(
> + success_or_failure=yes _send_qemu_cmd $QEMU_HANDLE \
> + "{'execute': 'block-export-add',
> + 'arguments': {
> + 'type': 'fuse',
> + 'id': '$1',
> + 'node-name': '${4:-node-format}',
> + $2
> + } }" \
> + "${3:-return}" \
> + "$allow_other_not_supported" \
> + | _filter_imgfmt
> + )
> +
> + if echo "$output" | grep -q "$allow_other_not_supported"; then
> + # Shut down qemu gracefully so it can unmount the export
> + _send_qemu_cmd $QEMU_HANDLE \
> + "{'execute': 'quit'}" \
> + 'return'
> +
> + wait=yes _cleanup_qemu
> +
> + _notrun "allow_other not supported"
> + fi
> +
> + echo "$output"
> +}
> +
> +EXT_MP="$TEST_DIR/fuse-export"
> +
> +_make_test_img 64k
> +touch "$EXT_MP"
> +
> +echo
> +echo '=== Test permissions ==='
> +
> +# Test that you can only change permissions on the export with
> allow-other=true.
> +# We cannot really test the primary reason behind allow-other (i.e. to allow
> +# users other than the current one access to the export), because for that we
> +# would need sudo, which realistically nobody will allow this test to use.
> +# What we can do is test that allow-other=true also enables
> default_permissions,
> +# i.e. whether we can still read from the file if we remove the read
> permission.
I don't think this comment is accurate any more now that you're actually
using sudo.
> +# $1: allow-other value ('true' or 'false')
on/off/auto, actually.
I can fix this up while applying, removing the comment block above, and
adjusting this line.
Kevin
