rhvgoyal
commented
6 years ago cc @rhatdan @pcmoore @stephensmalley
Closed rhvgoyal closed 6 years ago
rhvgoyal
commented
6 years ago cc @rhatdan @pcmoore @stephensmalley
rhatdan
commented
6 years ago LGTM
pcmoore
commented
6 years ago Merged via 43502dcba69c6d84163697df8bbc6aaeb78a2804, thanks!
test_70() tries unlink on readfile. It is label ro_t. It is only implied that client can't do unlink on this file. A better method might be to drop a file with name client_nounlinkfile (with label ro_t). Now file name makes it plenty clear that label this file in such a way so that client can not unlink it. As of now ro_t meets that requirement. Later one can come up with a new label if need be.
Similarly modify test_70_ctx() to unlink client_nounlinkfile. It makes it plenty clear that this file can't be unlinked by client. But if a context mount is done with label rwx_t, then that label overrides real label and now file can be unlinked.
Get rid of test_72() and test_72_ctx(). These tests don't make much sense in current form for multiple reasons.
noaccessfile does not have unlink permission for client. So it is basically testing what test_70() is testing.
test_72_ctx() is very similar to test_70_ctx(). Only difference is that mounter can not do getattr() on noaccessfile. So this test passes till 4.18 kernel but fails 4.19-rc1 onwards as ovl_lookup() checks for metacopy xattr and mounter needs getattr. IOW, it seems orthogonal to testing unlink capability of either mounter or client. And test_70_ctx() should be good enough if context mounts override the real file label or not.
Signed-off-by: Vivek Goyal vgoyal@redhat.com