mirror of
https://github.com/qemu/qemu.git
synced 2024-11-24 11:23:43 +08:00
e2eec2819a
With CAP_DAC_OVERRIDE (which e.g. root generally has), permission checks
will be bypassed when opening files.
308 in one instance tries to open a read-only file (FUSE export) with
qemu-io as read/write, and expects this to fail. However, when running
it as root, opening will succeed (thanks to CAP_DAC_OVERRIDE) and only
the actual write operation will fail.
Note this as "Case not run", but have the test pass in either case.
Reported-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Fixes: 2c7dd057aa
("export/fuse: Pass default_permissions for mount")
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
Message-Id: <20220103120014.13061-1-hreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
175 lines
5.6 KiB
Plaintext
175 lines
5.6 KiB
Plaintext
QA output created by 308
|
|
=== Set up ===
|
|
Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864
|
|
wrote 67108864/67108864 bytes at offset 0
|
|
64 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
|
{'execute': 'qmp_capabilities'}
|
|
{"return": {}}
|
|
{'execute': 'blockdev-add',
|
|
'arguments': {
|
|
'driver': 'file',
|
|
'node-name': 'node-protocol',
|
|
'filename': 'TEST_DIR/t.IMGFMT'
|
|
} }
|
|
{"return": {}}
|
|
{'execute': 'blockdev-add',
|
|
'arguments': {
|
|
'driver': 'IMGFMT',
|
|
'node-name': 'node-format',
|
|
'file': 'node-protocol'
|
|
} }
|
|
{"return": {}}
|
|
|
|
=== Mountpoint not present ===
|
|
{'execute': 'block-export-add',
|
|
'arguments': {
|
|
'type': 'fuse',
|
|
'id': 'export-err',
|
|
'node-name': 'node-format',
|
|
'mountpoint': 'TEST_DIR/t.IMGFMT.fuse'
|
|
} }
|
|
{"error": {"class": "GenericError", "desc": "Failed to stat 'TEST_DIR/t.IMGFMT.fuse': No such file or directory"}}
|
|
|
|
=== Mountpoint is a directory ===
|
|
{'execute': 'block-export-add',
|
|
'arguments': {
|
|
'type': 'fuse',
|
|
'id': 'export-err',
|
|
'node-name': 'node-format',
|
|
'mountpoint': 'TEST_DIR/t.IMGFMT.fuse'
|
|
} }
|
|
{"error": {"class": "GenericError", "desc": "'TEST_DIR/t.IMGFMT.fuse' is not a regular file"}}
|
|
|
|
=== Mountpoint is a regular file ===
|
|
{'execute': 'block-export-add',
|
|
'arguments': {
|
|
'type': 'fuse',
|
|
'id': 'export-mp',
|
|
'node-name': 'node-format',
|
|
'mountpoint': 'TEST_DIR/t.IMGFMT.fuse'
|
|
} }
|
|
{"return": {}}
|
|
Images are identical.
|
|
Permissions pre-chmod: 400
|
|
chmod: changing permissions of 'TEST_DIR/t.IMGFMT.fuse': Read-only file system
|
|
Permissions post-+w: 400
|
|
Permissions post-+x: 500
|
|
|
|
=== Mount over existing file ===
|
|
{'execute': 'block-export-add',
|
|
'arguments': {
|
|
'type': 'fuse',
|
|
'id': 'export-img',
|
|
'node-name': 'node-format',
|
|
'mountpoint': 'TEST_DIR/t.IMGFMT'
|
|
} }
|
|
{"return": {}}
|
|
Images are identical.
|
|
|
|
=== Double export ===
|
|
{'execute': 'block-export-add',
|
|
'arguments': {
|
|
'type': 'fuse',
|
|
'id': 'export-err',
|
|
'node-name': 'node-format',
|
|
'mountpoint': 'TEST_DIR/t.IMGFMT.fuse'
|
|
} }
|
|
{"error": {"class": "GenericError", "desc": "There already is a FUSE export on 'TEST_DIR/t.IMGFMT.fuse'"}}
|
|
|
|
=== Remove export ===
|
|
virtual size: 64 MiB (67108864 bytes)
|
|
{'execute': 'block-export-del',
|
|
'arguments': {
|
|
'id': 'export-mp'
|
|
} }
|
|
{"return": {}}
|
|
{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "BLOCK_EXPORT_DELETED", "data": {"id": "export-mp"}}
|
|
virtual size: 0 B (0 bytes)
|
|
|
|
=== Writable export ===
|
|
{'execute': 'block-export-add',
|
|
'arguments': {
|
|
'type': 'fuse',
|
|
'id': 'export-mp',
|
|
'node-name': 'node-format',
|
|
'mountpoint': 'TEST_DIR/t.IMGFMT.fuse', 'writable': true
|
|
} }
|
|
{"return": {}}
|
|
Writing to read-only export failed: OK
|
|
wrote 65536/65536 bytes at offset 1048576
|
|
64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
|
wrote 65536/65536 bytes at offset 1048576
|
|
64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
|
|
|
=== Resizing exports ===
|
|
{'execute': 'block-export-del',
|
|
'arguments': {
|
|
'id': 'export-mp'
|
|
} }
|
|
{"return": {}}
|
|
{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "BLOCK_EXPORT_DELETED", "data": {"id": "export-mp"}}
|
|
{'execute': 'block-export-del',
|
|
'arguments': {
|
|
'id': 'export-img'
|
|
} }
|
|
{"return": {}}
|
|
{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "BLOCK_EXPORT_DELETED", "data": {"id": "export-img"}}
|
|
{'execute': 'blockdev-del',
|
|
'arguments': {
|
|
'node-name': 'node-format'
|
|
} }
|
|
{"return": {}}
|
|
{'execute': 'block-export-add',
|
|
'arguments': {
|
|
'type': 'fuse',
|
|
'id': 'export-mp',
|
|
'node-name': 'node-protocol',
|
|
'mountpoint': 'TEST_DIR/t.IMGFMT.fuse', 'writable': true
|
|
} }
|
|
{"return": {}}
|
|
|
|
--- Try growing non-growable export ---
|
|
(OK: Lengths of export and original are the same)
|
|
dd: error writing 'TEST_DIR/t.IMGFMT.fuse': Input/output error
|
|
1+0 records in
|
|
0+0 records out
|
|
|
|
--- Resize export ---
|
|
(OK: Lengths of export and original are the same)
|
|
OK: Post-truncate image size is as expected
|
|
OK: Disk usage grew with fallocate
|
|
|
|
--- Try growing growable export ---
|
|
{'execute': 'block-export-del',
|
|
'arguments': {
|
|
'id': 'export-mp'
|
|
} }
|
|
{"return": {}}
|
|
{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "BLOCK_EXPORT_DELETED", "data": {"id": "export-mp"}}
|
|
{'execute': 'block-export-add',
|
|
'arguments': {
|
|
'type': 'fuse',
|
|
'id': 'export-mp',
|
|
'node-name': 'node-protocol',
|
|
'mountpoint': 'TEST_DIR/t.IMGFMT.fuse', 'writable': true, 'growable': true
|
|
} }
|
|
{"return": {}}
|
|
65536+0 records in
|
|
65536+0 records out
|
|
(OK: Lengths of export and original are the same)
|
|
OK: Post-grow image size is as expected
|
|
|
|
--- Shrink export ---
|
|
(OK: Lengths of export and original are the same)
|
|
OK: Post-truncate image size is as expected
|
|
|
|
=== Tear down ===
|
|
{'execute': 'quit'}
|
|
{"return": {}}
|
|
{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "SHUTDOWN", "data": {"guest": false, "reason": "host-qmp-quit"}}
|
|
{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "BLOCK_EXPORT_DELETED", "data": {"id": "export-mp"}}
|
|
|
|
=== Compare copy with original ===
|
|
Images are identical.
|
|
*** done
|