[LTP] [PATCH 1/2] chdir01.c: Fix on enabled FIPS

Cyril Hrubis chrubis@suse.cz
Mon Jan 10 16:18:35 CET 2022 

Hi!
> which causes 0 permission for user and group.

This could be a bit more verbose.

> Signed-off-by: Petr Vorel <pvorel@suse.cz>
> ---
>  testcases/kernel/syscalls/chdir/chdir01.c | 16 ++++++++++++----
>  1 file changed, 12 insertions(+), 4 deletions(-)
> 
> diff --git a/testcases/kernel/syscalls/chdir/chdir01.c b/testcases/kernel/syscalls/chdir/chdir01.c
> index aa25adf6aa..5819998484 100644
> --- a/testcases/kernel/syscalls/chdir/chdir01.c
> +++ b/testcases/kernel/syscalls/chdir/chdir01.c
> @@ -27,7 +27,7 @@
>  #define LINK_NAME2 "symloop2"
>  
>  static char *workdir;
> -static int skip_symlinks, skip_blocked;
> +static int skip_symlinks, blocked_perm;
>  static struct passwd *ltpuser;
>  
>  static struct test_case {
> @@ -61,9 +61,9 @@ static void setup(void)
>  	SAFE_MKDIR(BLOCKED_NAME, 0644);
>  	umask(sys_umask);
>  
> -	/* FAT and NTFS override file and directory permissions */
>  	SAFE_STAT(BLOCKED_NAME, &statbuf);
> -	skip_blocked = statbuf.st_mode & 0111;
> +	blocked_perm = statbuf.st_mode;
> +
>  	skip_symlinks = 0;
>  	TEST(symlink(LINK_NAME1, LINK_NAME2));
>  
> @@ -117,7 +117,15 @@ static void run(unsigned int n)
>  	TEST(chdir(tc->name));
>  	check_result("root", tc->name, tc->root_ret, tc->root_err);
>  
> -	if (tc->nobody_err == EACCES && skip_blocked) {
> +	/* FIPS mode disables umask efect for group or other */
> +	if (!(blocked_perm & S_IRGRP) && strcmp(tc->name, "/") != 0) {

So on FIPS the directories we create have zeroed group and other flags
regardless of the umask? Or is this just a different default umask on
FIPS? If it's just different umask the easiest solution would be
changing the umask in the test setup.

And if it's regardless of umask settings shouldn't this rather be:

	if (tst_fips_enabled() && !strcmp(tc->name, "/"))


> +		tst_res(TCONF, "Skipping unprivileged permission test, "
> +			"no read permission for \"%s\"", tc->name);
> +		return;
> +	}
> +
> +	/* FAT and NTFS override file and directory permissions */
> +	if (blocked_perm & 0111 && tc->nobody_err == EACCES) {
>  		tst_res(TCONF, "Skipping unprivileged permission test, "
>  			"FS mangles dir mode");
>  		return;
> -- 
> 2.34.1
> 

-- 
Cyril Hrubis
chrubis@suse.cz

More information about the ltp mailing list