| Message ID | 1648718902-2319-2-git-send-email-xuyang2018.jy@fujitsu.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [v1,1/2] idmapped-mounts: Add mknodat operation in setgid test | expand |
On Thu, Mar 31, 2022 at 05:28:22PM +0800, Yang Xu wrote: > Since stipping S_SIGID should check S_IXGRP, so umask it to check whether > works well. > > Signed-off-by: Yang Xu <xuyang2018.jy@fujitsu.com> > --- (Sidenote: I really need to rename the test binary to something other than idmapped-mounts.c as this tests a lot of generic vfs stuff that has nothing to do with them.) Tested-by: Christian Brauner (Microsoft) <brauner@kernel.org> Reviewed-by: Christian Brauner (Microsoft) <brauner@kernel.org> > If we enable acl on parent directory, then umask is useless, maybe we > also add setfacl on parent directory because we may change the order > about strip S_ISGID and posix_acl setup. Any idea? If acls figure into this then this should probably be a new test or subtest.
on 2022/3/31 20:02, Christian Brauner wrote: > On Thu, Mar 31, 2022 at 05:28:22PM +0800, Yang Xu wrote: >> Since stipping S_SIGID should check S_IXGRP, so umask it to check whether >> works well. >> >> Signed-off-by: Yang Xu<xuyang2018.jy@fujitsu.com> >> --- > > (Sidenote: I really need to rename the test binary to something other > than idmapped-mounts.c as this tests a lot of generic vfs stuff that has > nothing to do with them.) > > Tested-by: Christian Brauner (Microsoft)<brauner@kernel.org> > Reviewed-by: Christian Brauner (Microsoft)<brauner@kernel.org> > >> If we enable acl on parent directory, then umask is useless, maybe we >> also add setfacl on parent directory because we may change the order >> about strip S_ISGID and posix_acl setup. Any idea? > > If acls figure into this then this should probably be a new test or > subtest. Will add it on v2 Best Regards Yang Xu
on 2022/4/1 14:08, xuyang2018.jy@fujitsu.com wrote: > on 2022/3/31 20:02, Christian Brauner wrote: >> On Thu, Mar 31, 2022 at 05:28:22PM +0800, Yang Xu wrote: >>> Since stipping S_SIGID should check S_IXGRP, so umask it to check whether >>> works well. >>> >>> Signed-off-by: Yang Xu<xuyang2018.jy@fujitsu.com> >>> --- >> >> (Sidenote: I really need to rename the test binary to something other >> than idmapped-mounts.c as this tests a lot of generic vfs stuff that has >> nothing to do with them.) >> >> Tested-by: Christian Brauner (Microsoft)<brauner@kernel.org> >> Reviewed-by: Christian Brauner (Microsoft)<brauner@kernel.org> >> >>> If we enable acl on parent directory, then umask is useless, maybe we >>> also add setfacl on parent directory because we may change the order >>> about strip S_ISGID and posix_acl setup. Any idea? >> >> If acls figure into this then this should probably be a new test or >> subtest. > Will add it on v2 I have a holiday (4.2-4.5), so will do this v2 in next week when I come back. Best Regards Yang Xu > > Best Regards > Yang Xu
diff --git a/src/idmapped-mounts/idmapped-mounts.c b/src/idmapped-mounts/idmapped-mounts.c index 1e2f3904..30292426 100644 --- a/src/idmapped-mounts/idmapped-mounts.c +++ b/src/idmapped-mounts/idmapped-mounts.c @@ -7843,6 +7843,7 @@ static int setgid_create(void) int file1_fd = -EBADF; pid_t pid; + umask(S_IXGRP); if (!caps_supported()) return 0; @@ -8040,6 +8041,8 @@ static int setgid_create_idmapped(void) }; pid_t pid; + umask(S_IXGRP); + if (!caps_supported()) return 0; @@ -8166,6 +8169,7 @@ static int setgid_create_idmapped_in_userns(void) }; pid_t pid; + umask(S_IXGRP); if (!caps_supported()) return 0;
Since stipping S_SIGID should check S_IXGRP, so umask it to check whether works well. Signed-off-by: Yang Xu <xuyang2018.jy@fujitsu.com> --- If we enable acl on parent directory, then umask is useless, maybe we also add setfacl on parent directory because we may change the order about strip S_ISGID and posix_acl setup. Any idea? src/idmapped-mounts/idmapped-mounts.c | 4 ++++ 1 file changed, 4 insertions(+)