Open pevik opened 5 years ago
Working on it, ideally both C & Shell API
Some custom user adding: https://patchwork.ozlabs.org/project/ltp/patch/20240828134551.6344-1-wegao@suse.com/
Some custom user adding: https://patchwork.ozlabs.org/project/ltp/patch/20240828134551.6344-1-wegao@suse.com/
I send alternative approach for isofs.sh
fix for SLE-Micro in https://patchwork.ozlabs.org/project/ltp/patch/20240830113913.49675-1-pvorel@suse.cz/
It uses 'nobody' user, detect group name (Debian uses 'nogroup' instead of 'nobody'). That is a quick fix for 'isofs.sh'.
But from long term perspective I suppose LTP should finally replace IDcheck.sh
script with user/group support in the library (both C and shell API).
I propose to use the same as my fix for isofs.sh: use 'nobody' user, detect its group name. I would also create new user if 'nobody' does not exist. The downside is that it would be run more times than just after the installation.
For C API tests this check could be run on based some flag: CAPI struct tst_test
new tag (e.g. .needs_user = 1
), shell API: NEEDS_USER=1
and the check would be run only for these tests.
NOTE how many tests rely on nobody:nobody or nobody:nogroup user (mostly in syscalls, but not limited to it, even one openposix test needs it):
$ git grep -l -e 'getpwnam."nobody"' -e static.*char.*'"nobody"' -e nobody.*pw_uid -e 'SAFE_SETGID.*"nobody"' -e 'SAFE_GETPWNAM.."nobody"' -e 'char.*user.*"nobody"' testcases/ |wc -l
66
IMHO all tests which use other non-root user should migrate to nobody:nobody / nobody:nogroup.
Also we have SAFE_GETGRNAM_FALLBACK()
since https://github.com/linux-test-project/ltp/commit/dc1ee874e6eb7281c326556c415e0c4978ce1ba8, which is used in two tests:
https://github.com/linux-test-project/ltp/blob/6c3293c6fc20e7753433df9b7e0cd4107904bde3/testcases/kernel/syscalls/fchmod/fchmod02.c#L53-L54 https://github.com/linux-test-project/ltp/blob/6c3293c6fc20e7753433df9b7e0cd4107904bde3/testcases/kernel/syscalls/fchmod/fchmod02.c#L53-L54
Added in https://github.com/linux-test-project/ltp/commit/065698df608a96bb5edd9bb4ac8181f676eb7e06 https://github.com/linux-test-project/ltp/commit/fbdb9f8cacf0095deb9886debccfddf50c137356.
@patils @edliaw I wonder if one can create user on Android/AOSP or we really need to determine which users are available (in that case instead of creating missing user there could be reasonable default - user nobody
+ detect it's group name, but that could be redefined for AOSP + maybe allow to specify user environment variable).
@pevik Unfortunately we can't create users afaik; the users/groups are defined here: https://cs.android.com/android/_/android/platform/system/core/+/main:libcutils/include/private/android_filesystem_config.h. Most of the tests in AOSP run with the root or shell UID.
LTP requires special user and group to be presented (check IDcheck.sh script). Instead of hard-wired them in tests it'd be great to have
tst_user()
andtst_group()
which would allow via environment variables to use alternative ones.+ adding test flag
.needs_user = 1
(C API) andTST_NEEDS_USER
(shell API) which would: 1) check for$TST_USER
and use it if exist (this should have default"nobody"
) 2) create temporary user if$TST_USER
does not exist, which would be deleted after test (see code in testcases/kernel/syscalls/add_key/add_key05.c). Not sure if sharing user between tests is ok (probably is). Allowing default helps embedded distros, which might not haveuseradd
binary (adding C code for adding new user would be error prone and IMHO not work for embedded and android distros).C API may also add
SAFE_USERADD()
andSAFE_USERDEL()
for tests which needs more users (at least testcases/kernel/syscalls/add_key/add_key05.c), maybe shell API need that as well.There are many tests which would benefit from it, e.g. (incomplete list): testcases/kernel/syscalls/add_key/add_key05.c testcases/kernel/syscalls/chmod/chmod05.c testcases/kernel/syscalls/chdir/chdir03.c testcases/kernel/syscalls/ipc/shmget/shmget04.c testcases/kernel/fs/read_all/read_all.c testcases/kernel/security/dirtyc0w/dirtyc0w.c
UPDATE: most of tests now just use user 'nobody' and group 'nogroup', but AOSP requires to use GID 'daemon' instead of 'nogroup', see https://lore.kernel.org/ltp/YVtBt+WeskISn5+9@pevik/T/#t
This should be handled in the library + allowing to redefine required users would be enough.