From patchwork Mon May 24 06:38:59 2010
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Shi Weihua <shiwh@cn.fujitsu.com>
X-Patchwork-Id: 101818
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by demeter.kernel.org (8.14.3/8.14.3) with ESMTP id o4O6cwNA018295
	for <patchwork-linux-btrfs@patchwork.kernel.org>;
	Mon, 24 May 2010 06:38:59 GMT
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1755313Ab0EXGi5 (ORCPT
	<rfc822;patchwork-linux-btrfs@patchwork.kernel.org>);
	Mon, 24 May 2010 02:38:57 -0400
Received: from cn.fujitsu.com ([222.73.24.84]:51369 "EHLO
	song.cn.fujitsu.com"
	rhost-flags-OK-FAIL-OK-OK) by vger.kernel.org with ESMTP
	id S1751784Ab0EXGi5 (ORCPT <rfc822;linux-btrfs@vger.kernel.org>);
	Mon, 24 May 2010 02:38:57 -0400
Received: from tang.cn.fujitsu.com (tang.cn.fujitsu.com [10.167.250.3])
	by song.cn.fujitsu.com (Postfix) with ESMTP id AEB3D170119;
	Mon, 24 May 2010 14:38:55 +0800 (CST)
Received: from fnst.cn.fujitsu.com (tang.cn.fujitsu.com [127.0.0.1])
	by tang.cn.fujitsu.com (8.14.3/8.13.1) with ESMTP id o4O6anqn018171;
	Mon, 24 May 2010 14:36:49 +0800
Received: from [10.167.141.106] (unknown [10.167.141.106])
	by fnst.cn.fujitsu.com (Postfix) with ESMTPA id 464C010C0A6;
	Mon, 24 May 2010 14:42:35 +0800 (CST)
Message-ID: <4BFA1F03.6030909@cn.fujitsu.com>
Date: Mon, 24 May 2010 14:38:59 +0800
From: Shi Weihua <shiwh@cn.fujitsu.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN;
	rv:1.9.1.10) Gecko/20100512 Thunderbird/3.0.5
MIME-Version: 1.0
To: Christoph Hellwig <hch@infradead.org>
CC: chris.mason@oracle.com, "Yan, Zheng" <zheng.yan@oracle.com>,
	linux-btrfs@vger.kernel.org, xfs@oss.sgi.com
Subject: Re: [PATCH] btrfs: should add a permission check for setfacl
References: <4BF1E458.7060500@cn.fujitsu.com>
	<20100520083340.GC11920@infradead.org>
In-Reply-To: <20100520083340.GC11920@infradead.org>
Sender: linux-btrfs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-btrfs.vger.kernel.org>
X-Mailing-List: linux-btrfs@vger.kernel.org
X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by
	milter-greylist-4.2.3 (demeter.kernel.org [140.211.167.41]);
	Mon, 24 May 2010 06:38:59 +0000 (UTC)


diff -urpN xfstests.orig.229/230 xfstests/230
--- xfstests.orig.229/230	1970-01-01 08:00:00.000000000 +0800
+++ xfstests/230	2010-05-28 14:27:02.000000000 +0800
@@ -0,0 +1,80 @@
+#! /bin/bash
+# FS QA Test No. 230
+#
+# Check user B can setfacl a file which belongs to user A
+# See also http://marc.info/?l=linux-btrfs&m=127434445620298&w=2
+#
+#-----------------------------------------------------------------------
+# Copyright (c) 2010 FUJITSU LIMITED. All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it would be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write the Free Software Foundation,
+# Inc.,  51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#
+#-----------------------------------------------------------------------
+#
+# creator
+owner=shiwh@cn.fujitsu.com
+
+seq=`basename $0`
+echo "QA output created by $seq"
+
+here=`pwd`
+tmp=/tmp/$$
+runas=$here/src/runas
+status=1        # FAILure is the default!
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+# get standard environment, filters and checks
+. ./common.rc
+. ./common.filter
+. ./common.attr
+
+_cleanup()
+{
+	cd /
+	rm -f $tmp.*
+	[ -n "$testdir" ] && rm -rf $testdir/$seq.dir1
+	_cleanup_testdir
+}
+
+# real QA test starts here
+_supported_fs generic
+# only Linux supports fallocate
+_supported_os Linux
+
+[ -x $runas ] || _notrun "$runas executable not found"
+
+rm -f $seq.full
+
+_setup_testdir
+
+_need_to_be_root
+_acl_setup_ids
+_require_acls
+
+# get dir
+cd $testdir
+rm -rf $seq.dir1
+mkdir $seq.dir1
+cd $seq.dir1
+
+touch file1
+chown $acl1.$acl1 file1
+
+echo "Expect to FAIL"
+$runas -u $acl2 -g $acl2 -- `which setfacl` -m u::rwx file1 2>&1
+
+echo "Test over."
+# success, all done
+status=0
+exit
diff -urpN xfstests.orig.229/230.out xfstests/230.out
--- xfstests.orig.229/230.out	1970-01-01 08:00:00.000000000 +0800
+++ xfstests/230.out	2010-05-28 14:27:05.000000000 +0800
@@ -0,0 +1,4 @@
+QA output created by 230
+Expect to FAIL
+setfacl: file1: Operation not permitted
+Test over.
diff -urpN xfstests.orig.229/group xfstests/group
--- xfstests.orig.229/group	2010-05-28 11:29:31.000000000 +0800
+++ xfstests/group	2010-05-28 14:26:48.000000000 +0800
@@ -343,3 +343,4 @@ deprecated
 227 auto fsr
 228 rw auto prealloc quick
 229 auto
+230 acl auto