summaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorJakob Unterwurzacher2020-02-29 20:38:48 +0100
committerJakob Unterwurzacher2020-02-29 20:38:48 +0100
commitfdfaa849f8ea2fc6687aa13a7057b5088e3c65e5 (patch)
tree5b3c32ce4eaba20138aa88be03cb1bba52dafba5 /tests
parentca9e912a28b901387e1dbb85f6c531119f2d5ef2 (diff)
tests: test xattr acls
Fixes https://github.com/rfjakob/gocryptfs/issues/453
Diffstat (limited to 'tests')
-rw-r--r--tests/xattr/xattr_integration_test.go34
1 files changed, 28 insertions, 6 deletions
diff --git a/tests/xattr/xattr_integration_test.go b/tests/xattr/xattr_integration_test.go
index b091830..b7b6e69 100644
--- a/tests/xattr/xattr_integration_test.go
+++ b/tests/xattr/xattr_integration_test.go
@@ -44,6 +44,10 @@ func TestMain(m *testing.M) {
}
func setGetRmList(fn string) error {
+ return setGetRmList3(fn, "user.foo", []byte("123456789"))
+}
+
+func setGetRmList3(fn string, attr string, val []byte) error {
// List
list, err := xattr.LList(fn)
if err != nil {
@@ -52,10 +56,7 @@ func setGetRmList(fn string) error {
if len(list) > 0 {
return fmt.Errorf("Should have gotten empty result, got %v", list)
}
- attr := "user.foo"
- // Set
- val1 := []byte("123456789")
- err = xattr.LSet(fn, attr, val1)
+ err = xattr.LSet(fn, attr, val)
if err != nil {
return err
}
@@ -64,8 +65,8 @@ func setGetRmList(fn string) error {
if err != nil {
return err
}
- if !bytes.Equal(val1, val2) {
- return fmt.Errorf("wrong readback value: %v != %v", val1, val2)
+ if !bytes.Equal(val, val2) {
+ return fmt.Errorf("wrong readback value: %v != %v", val, val2)
}
// Remove
err = xattr.LRemove(fn, attr)
@@ -338,3 +339,24 @@ func TestSet0200Dir(t *testing.T) {
t.Error(err)
}
}
+
+func TestAcl(t *testing.T) {
+ fn := test_helpers.DefaultPlainDir + "/TestAcl"
+ err := ioutil.WriteFile(fn, nil, 0600)
+ if err != nil {
+ t.Fatalf("creating empty file failed: %v", err)
+ }
+ // ACLs are blobs generated in userspace, let's steal a valid ACL from
+ // setfacl using strace:
+ //
+ // $ strace -e setxattr setfacl -m u:root:r file
+ // setxattr("file", "system.posix_acl_access", "\2\0\0\0\1\0\6\0\377\377\377\377\2\0\4\0\0\0\0\0\4\0\4\0\377\377\377\377\20\0\4", 44, 0) = 0
+ //
+ // The ACL gives user root additional read rights, in other words, it should
+ // have no effect at all.
+ acl := "\002\000\000\000\001\000\006\000\377\377\377\377\002\000\004\000\000\000\000\000\004\000\004\000\377\377\377\377\020\000\004"
+ err = setGetRmList3(fn, "system.posix_acl_access", []byte(acl))
+ if err != nil {
+ t.Error(err)
+ }
+}