aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristian Brauner <brauner@kernel.org>2023-01-03 13:32:29 +0100
committerChristian Brauner (Microsoft) <brauner@kernel.org>2023-01-05 15:43:24 +0100
commit23982d6303ee870e125b7ff14ddc5f99e05ee73b (patch)
treeb475ceab917e02f74eea17cf8e2bead648679187
parent9a1d42c09d23e30966564079a57c4d233d9caea9 (diff)
downloadxfstests-dev-fstests.setgid.v6.2.tar.gz
generic: update setgid testsfstests.setgid.v6.2
Over mutiple kernel releases we have reworked setgid inheritance significantly due to long-standing security issues, security issues that were reintroduced after they were fixed, and the subtle and difficult inheritance rules that plagued individual filesystems. We have lifted setgid inheritance into the VFS proper in earlier patches. Starting with kernel v6.2 we have made setgid inheritance consistent between the write and setattr (ch{mod,own}) paths. The gist of the requirement is that in order to inherit the setgid bit the user needs to be in the group of the file or have CAP_FSETID in their user namespace. Otherwise the setgid bit will be dropped irregardless of the file's executability. Remove the obsolete tests as they're not a security issue and will cause spurious warnings on older distro kernels. Note, that only with v6.2 setgid inheritance works correctly for overlayfs in the write path. Before this the setgid bit was always Link: https://lore.kernel.org/linux-ext4/CAOQ4uxhmCgyorYVtD6=n=khqwUc=MPbZs+y=sqt09XbGoNm_tA@mail.gmail.com Link: https://lore.kernel.org/linux-fsdevel/20221212112053.99208-1-brauner@kernel.org Link: https://lore.kernel.org/linux-fsdevel/20221122142010.zchf2jz2oymx55qi@wittgenstein Cc: Amir Goldstein <amir73il@gmail.com> Cc: Zorro Lang <zlang@redhat.com> Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Diffstat
-rwxr-xr-xtests/generic/67316
-rw-r--r--tests/generic/673.out16
-rwxr-xr-xtests/generic/68316
-rw-r--r--tests/generic/683.out12
-rwxr-xr-xtests/generic/68416
-rw-r--r--tests/generic/684.out12
-rwxr-xr-xtests/generic/68516
-rw-r--r--tests/generic/685.out12
-rwxr-xr-xtests/generic/68616
-rw-r--r--tests/generic/686.out12
-rwxr-xr-xtests/generic/68716
-rw-r--r--tests/generic/687.out12
12 files changed, 24 insertions, 148 deletions
diff --git a/tests/generic/673 b/tests/generic/673
index 6d1f49ea80..ac8b8c09fa 100755
--- a/tests/generic/673
+++ b/tests/generic/673
@@ -102,26 +102,14 @@ setup_testfile
chmod a+rwxs $SCRATCH_MNT/a
commit_and_check
-#Commit to a non-exec file by an unprivileged user leaves sgid.
-echo "Test 9 - qa_user, non-exec file, only sgid"
-setup_testfile
-chmod a+rw,g+rws $SCRATCH_MNT/a
-commit_and_check "$qa_user"
-
#Commit to a group-exec file by an unprivileged user clears sgid
-echo "Test 10 - qa_user, group-exec file, only sgid"
+echo "Test 9 - qa_user, group-exec file, only sgid"
setup_testfile
chmod a+rw,g+rwxs $SCRATCH_MNT/a
commit_and_check "$qa_user"
-#Commit to a user-exec file by an unprivileged user clears sgid
-echo "Test 11 - qa_user, user-exec file, only sgid"
-setup_testfile
-chmod a+rw,u+x,g+rws $SCRATCH_MNT/a
-commit_and_check "$qa_user"
-
#Commit to a all-exec file by an unprivileged user clears sgid.
-echo "Test 12 - qa_user, all-exec file, only sgid"
+echo "Test 10 - qa_user, all-exec file, only sgid"
setup_testfile
chmod a+rwx,g+rwxs $SCRATCH_MNT/a
commit_and_check "$qa_user"
diff --git a/tests/generic/673.out b/tests/generic/673.out
index 0817857d68..4276fa016a 100644
--- a/tests/generic/673.out
+++ b/tests/generic/673.out
@@ -47,25 +47,13 @@ Test 8 - root, all-exec file
3784de23efab7a2074c9ec66901e39e5 SCRATCH_MNT/a
6777 -rwsrwsrwx SCRATCH_MNT/a
-Test 9 - qa_user, non-exec file, only sgid
-310f146ce52077fcd3308dcbe7632bb2 SCRATCH_MNT/a
-2666 -rw-rwSrw- SCRATCH_MNT/a
-3784de23efab7a2074c9ec66901e39e5 SCRATCH_MNT/a
-2666 -rw-rwSrw- SCRATCH_MNT/a
-
-Test 10 - qa_user, group-exec file, only sgid
+Test 9 - qa_user, group-exec file, only sgid
310f146ce52077fcd3308dcbe7632bb2 SCRATCH_MNT/a
2676 -rw-rwsrw- SCRATCH_MNT/a
3784de23efab7a2074c9ec66901e39e5 SCRATCH_MNT/a
676 -rw-rwxrw- SCRATCH_MNT/a
-Test 11 - qa_user, user-exec file, only sgid
-310f146ce52077fcd3308dcbe7632bb2 SCRATCH_MNT/a
-2766 -rwxrwSrw- SCRATCH_MNT/a
-3784de23efab7a2074c9ec66901e39e5 SCRATCH_MNT/a
-2766 -rwxrwSrw- SCRATCH_MNT/a
-
-Test 12 - qa_user, all-exec file, only sgid
+Test 10 - qa_user, all-exec file, only sgid
310f146ce52077fcd3308dcbe7632bb2 SCRATCH_MNT/a
2777 -rwxrwsrwx SCRATCH_MNT/a
3784de23efab7a2074c9ec66901e39e5 SCRATCH_MNT/a
diff --git a/tests/generic/683 b/tests/generic/683
index eea8d21bac..304b1a4863 100755
--- a/tests/generic/683
+++ b/tests/generic/683
@@ -110,26 +110,14 @@ setup_testfile
chmod a+rwxs $junk_file
commit_and_check "" "$verb" 64k 64k
-# Commit to a non-exec file by an unprivileged user leaves sgid.
-echo "Test 9 - qa_user, non-exec file $verb, only sgid"
-setup_testfile
-chmod a+rw,g+rws $junk_file
-commit_and_check "$qa_user" "$verb" 64k 64k
-
# Commit to a group-exec file by an unprivileged user clears sgid
-echo "Test 10 - qa_user, group-exec file $verb, only sgid"
+echo "Test 9 - qa_user, group-exec file $verb, only sgid"
setup_testfile
chmod a+rw,g+rwxs $junk_file
commit_and_check "$qa_user" "$verb" 64k 64k
-# Commit to a user-exec file by an unprivileged user clears sgid
-echo "Test 11 - qa_user, user-exec file $verb, only sgid"
-setup_testfile
-chmod a+rw,u+x,g+rws $junk_file
-commit_and_check "$qa_user" "$verb" 64k 64k
-
# Commit to a all-exec file by an unprivileged user clears sgid.
-echo "Test 12 - qa_user, all-exec file $verb, only sgid"
+echo "Test 10 - qa_user, all-exec file $verb, only sgid"
setup_testfile
chmod a+rwx,g+rwxs $junk_file
commit_and_check "$qa_user" "$verb" 64k 64k
diff --git a/tests/generic/683.out b/tests/generic/683.out
index ca29f6e676..de18ea5f64 100644
--- a/tests/generic/683.out
+++ b/tests/generic/683.out
@@ -31,19 +31,11 @@ Test 8 - root, all-exec file falloc
6777 -rwsrwsrwx TEST_DIR/683/a
6777 -rwsrwsrwx TEST_DIR/683/a
-Test 9 - qa_user, non-exec file falloc, only sgid
-2666 -rw-rwSrw- TEST_DIR/683/a
-2666 -rw-rwSrw- TEST_DIR/683/a
-
-Test 10 - qa_user, group-exec file falloc, only sgid
+Test 9 - qa_user, group-exec file falloc, only sgid
2676 -rw-rwsrw- TEST_DIR/683/a
676 -rw-rwxrw- TEST_DIR/683/a
-Test 11 - qa_user, user-exec file falloc, only sgid
-2766 -rwxrwSrw- TEST_DIR/683/a
-2766 -rwxrwSrw- TEST_DIR/683/a
-
-Test 12 - qa_user, all-exec file falloc, only sgid
+Test 10 - qa_user, all-exec file falloc, only sgid
2777 -rwxrwsrwx TEST_DIR/683/a
777 -rwxrwxrwx TEST_DIR/683/a
diff --git a/tests/generic/684 b/tests/generic/684
index 541dbeb431..1ebffb017a 100755
--- a/tests/generic/684
+++ b/tests/generic/684
@@ -110,26 +110,14 @@ setup_testfile
chmod a+rwxs $junk_file
commit_and_check "" "$verb" 64k 64k
-# Commit to a non-exec file by an unprivileged user leaves sgid.
-echo "Test 9 - qa_user, non-exec file $verb, only sgid"
-setup_testfile
-chmod a+rw,g+rws $junk_file
-commit_and_check "$qa_user" "$verb" 64k 64k
-
# Commit to a group-exec file by an unprivileged user clears sgid
-echo "Test 10 - qa_user, group-exec file $verb, only sgid"
+echo "Test 9 - qa_user, group-exec file $verb, only sgid"
setup_testfile
chmod a+rw,g+rwxs $junk_file
commit_and_check "$qa_user" "$verb" 64k 64k
-# Commit to a user-exec file by an unprivileged user clears sgid
-echo "Test 11 - qa_user, user-exec file $verb, only sgid"
-setup_testfile
-chmod a+rw,u+x,g+rws $junk_file
-commit_and_check "$qa_user" "$verb" 64k 64k
-
# Commit to a all-exec file by an unprivileged user clears sgid.
-echo "Test 12 - qa_user, all-exec file $verb, only sgid"
+echo "Test 10 - qa_user, all-exec file $verb, only sgid"
setup_testfile
chmod a+rwx,g+rwxs $junk_file
commit_and_check "$qa_user" "$verb" 64k 64k
diff --git a/tests/generic/684.out b/tests/generic/684.out
index 2e084ceda4..da5ada5e8a 100644
--- a/tests/generic/684.out
+++ b/tests/generic/684.out
@@ -31,19 +31,11 @@ Test 8 - root, all-exec file fpunch
6777 -rwsrwsrwx TEST_DIR/684/a
6777 -rwsrwsrwx TEST_DIR/684/a
-Test 9 - qa_user, non-exec file fpunch, only sgid
-2666 -rw-rwSrw- TEST_DIR/684/a
-2666 -rw-rwSrw- TEST_DIR/684/a
-
-Test 10 - qa_user, group-exec file fpunch, only sgid
+Test 9 - qa_user, group-exec file fpunch, only sgid
2676 -rw-rwsrw- TEST_DIR/684/a
676 -rw-rwxrw- TEST_DIR/684/a
-Test 11 - qa_user, user-exec file fpunch, only sgid
-2766 -rwxrwSrw- TEST_DIR/684/a
-2766 -rwxrwSrw- TEST_DIR/684/a
-
-Test 12 - qa_user, all-exec file fpunch, only sgid
+Test 10 - qa_user, all-exec file fpunch, only sgid
2777 -rwxrwsrwx TEST_DIR/684/a
777 -rwxrwxrwx TEST_DIR/684/a
diff --git a/tests/generic/685 b/tests/generic/685
index 29eca1a8cb..e4ada8e754 100755
--- a/tests/generic/685
+++ b/tests/generic/685
@@ -110,26 +110,14 @@ setup_testfile
chmod a+rwxs $junk_file
commit_and_check "" "$verb" 64k 64k
-# Commit to a non-exec file by an unprivileged user leaves sgid.
-echo "Test 9 - qa_user, non-exec file $verb, only sgid"
-setup_testfile
-chmod a+rw,g+rws $junk_file
-commit_and_check "$qa_user" "$verb" 64k 64k
-
# Commit to a group-exec file by an unprivileged user clears sgid
-echo "Test 10 - qa_user, group-exec file $verb, only sgid"
+echo "Test 9 - qa_user, group-exec file $verb, only sgid"
setup_testfile
chmod a+rw,g+rwxs $junk_file
commit_and_check "$qa_user" "$verb" 64k 64k
-# Commit to a user-exec file by an unprivileged user clears sgid
-echo "Test 11 - qa_user, user-exec file $verb, only sgid"
-setup_testfile
-chmod a+rw,u+x,g+rws $junk_file
-commit_and_check "$qa_user" "$verb" 64k 64k
-
# Commit to a all-exec file by an unprivileged user clears sgid.
-echo "Test 12 - qa_user, all-exec file $verb, only sgid"
+echo "Test 10 - qa_user, all-exec file $verb, only sgid"
setup_testfile
chmod a+rwx,g+rwxs $junk_file
commit_and_check "$qa_user" "$verb" 64k 64k
diff --git a/tests/generic/685.out b/tests/generic/685.out
index e611da3e9c..03eef362ee 100644
--- a/tests/generic/685.out
+++ b/tests/generic/685.out
@@ -31,19 +31,11 @@ Test 8 - root, all-exec file fzero
6777 -rwsrwsrwx TEST_DIR/685/a
6777 -rwsrwsrwx TEST_DIR/685/a
-Test 9 - qa_user, non-exec file fzero, only sgid
-2666 -rw-rwSrw- TEST_DIR/685/a
-2666 -rw-rwSrw- TEST_DIR/685/a
-
-Test 10 - qa_user, group-exec file fzero, only sgid
+Test 9 - qa_user, group-exec file fzero, only sgid
2676 -rw-rwsrw- TEST_DIR/685/a
676 -rw-rwxrw- TEST_DIR/685/a
-Test 11 - qa_user, user-exec file fzero, only sgid
-2766 -rwxrwSrw- TEST_DIR/685/a
-2766 -rwxrwSrw- TEST_DIR/685/a
-
-Test 12 - qa_user, all-exec file fzero, only sgid
+Test 10 - qa_user, all-exec file fzero, only sgid
2777 -rwxrwsrwx TEST_DIR/685/a
777 -rwxrwxrwx TEST_DIR/685/a
diff --git a/tests/generic/686 b/tests/generic/686
index a8ec23d528..d56aa7ccc1 100755
--- a/tests/generic/686
+++ b/tests/generic/686
@@ -110,26 +110,14 @@ setup_testfile
chmod a+rwxs $junk_file
commit_and_check "" "$verb" 64k 64k
-# Commit to a non-exec file by an unprivileged user leaves sgid.
-echo "Test 9 - qa_user, non-exec file $verb, only sgid"
-setup_testfile
-chmod a+rw,g+rws $junk_file
-commit_and_check "$qa_user" "$verb" 64k 64k
-
# Commit to a group-exec file by an unprivileged user clears sgid
-echo "Test 10 - qa_user, group-exec file $verb, only sgid"
+echo "Test 9 - qa_user, group-exec file $verb, only sgid"
setup_testfile
chmod a+rw,g+rwxs $junk_file
commit_and_check "$qa_user" "$verb" 64k 64k
-# Commit to a user-exec file by an unprivileged user clears sgid
-echo "Test 11 - qa_user, user-exec file $verb, only sgid"
-setup_testfile
-chmod a+rw,u+x,g+rws $junk_file
-commit_and_check "$qa_user" "$verb" 64k 64k
-
# Commit to a all-exec file by an unprivileged user clears sgid.
-echo "Test 12 - qa_user, all-exec file $verb, only sgid"
+echo "Test 10 - qa_user, all-exec file $verb, only sgid"
setup_testfile
chmod a+rwx,g+rwxs $junk_file
commit_and_check "$qa_user" "$verb" 64k 64k
diff --git a/tests/generic/686.out b/tests/generic/686.out
index aa1e64715d..562e1ab984 100644
--- a/tests/generic/686.out
+++ b/tests/generic/686.out
@@ -31,19 +31,11 @@ Test 8 - root, all-exec file finsert
6777 -rwsrwsrwx TEST_DIR/686/a
6777 -rwsrwsrwx TEST_DIR/686/a
-Test 9 - qa_user, non-exec file finsert, only sgid
-2666 -rw-rwSrw- TEST_DIR/686/a
-2666 -rw-rwSrw- TEST_DIR/686/a
-
-Test 10 - qa_user, group-exec file finsert, only sgid
+Test 9 - qa_user, group-exec file finsert, only sgid
2676 -rw-rwsrw- TEST_DIR/686/a
676 -rw-rwxrw- TEST_DIR/686/a
-Test 11 - qa_user, user-exec file finsert, only sgid
-2766 -rwxrwSrw- TEST_DIR/686/a
-2766 -rwxrwSrw- TEST_DIR/686/a
-
-Test 12 - qa_user, all-exec file finsert, only sgid
+Test 10 - qa_user, all-exec file finsert, only sgid
2777 -rwxrwsrwx TEST_DIR/686/a
777 -rwxrwxrwx TEST_DIR/686/a
diff --git a/tests/generic/687 b/tests/generic/687
index ff3e2fe194..3a7f1fd5b4 100755
--- a/tests/generic/687
+++ b/tests/generic/687
@@ -110,26 +110,14 @@ setup_testfile
chmod a+rwxs $junk_file
commit_and_check "" "$verb" 64k 64k
-# Commit to a non-exec file by an unprivileged user leaves sgid.
-echo "Test 9 - qa_user, non-exec file $verb, only sgid"
-setup_testfile
-chmod a+rw,g+rws $junk_file
-commit_and_check "$qa_user" "$verb" 64k 64k
-
# Commit to a group-exec file by an unprivileged user clears sgid
-echo "Test 10 - qa_user, group-exec file $verb, only sgid"
+echo "Test 9 - qa_user, group-exec file $verb, only sgid"
setup_testfile
chmod a+rw,g+rwxs $junk_file
commit_and_check "$qa_user" "$verb" 64k 64k
-# Commit to a user-exec file by an unprivileged user clears sgid
-echo "Test 11 - qa_user, user-exec file $verb, only sgid"
-setup_testfile
-chmod a+rw,u+x,g+rws $junk_file
-commit_and_check "$qa_user" "$verb" 64k 64k
-
# Commit to a all-exec file by an unprivileged user clears sgid.
-echo "Test 12 - qa_user, all-exec file $verb, only sgid"
+echo "Test 10 - qa_user, all-exec file $verb, only sgid"
setup_testfile
chmod a+rwx,g+rwxs $junk_file
commit_and_check "$qa_user" "$verb" 64k 64k
diff --git a/tests/generic/687.out b/tests/generic/687.out
index c5116c2794..f72f6d30f3 100644
--- a/tests/generic/687.out
+++ b/tests/generic/687.out
@@ -31,19 +31,11 @@ Test 8 - root, all-exec file fcollapse
6777 -rwsrwsrwx TEST_DIR/687/a
6777 -rwsrwsrwx TEST_DIR/687/a
-Test 9 - qa_user, non-exec file fcollapse, only sgid
-2666 -rw-rwSrw- TEST_DIR/687/a
-2666 -rw-rwSrw- TEST_DIR/687/a
-
-Test 10 - qa_user, group-exec file fcollapse, only sgid
+Test 9 - qa_user, group-exec file fcollapse, only sgid
2676 -rw-rwsrw- TEST_DIR/687/a
676 -rw-rwxrw- TEST_DIR/687/a
-Test 11 - qa_user, user-exec file fcollapse, only sgid
-2766 -rwxrwSrw- TEST_DIR/687/a
-2766 -rwxrwSrw- TEST_DIR/687/a
-
-Test 12 - qa_user, all-exec file fcollapse, only sgid
+Test 10 - qa_user, all-exec file fcollapse, only sgid
2777 -rwxrwsrwx TEST_DIR/687/a
777 -rwxrwxrwx TEST_DIR/687/a
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-20 18:30:38 +0000