[LTP] [PATCH 1/2] lib: Add checking of needs_root
Bird, Tim
Tim.Bird@sony.com
Wed Oct 12 20:47:26 CEST 2022
> -----Original Message-----
> From: ltp <ltp-bounces+tim.bird=sony.com@lists.linux.it> On Behalf Of Petr Vorel
>
> Hi all,
>
> The subject "lib: Add checking of needs_root" is a bit misleading
> as it does not mention at all that it's for the loop device.
>
> > We need to check needs_root is set when tst_test->needs_device or
> > tst_test->mount_device is set since access the /dev/* need a
> > privilege.
>
> FYI we had some discussion about it, quoting Cyril [1]:
>
> Well technically you can be added into whatever group is set to
> /dev/loop-control e.g. disk group and then you can create devices
> without a need to be a root.
>
> So the most correct solution would be checking if we can access
> /dev/loop-control if tst_test.needs_device is set and if not we would
> imply needs_root. However this would need to be rethinked properly so
> that we do not end up creating something complex and not really
> required.
>
> There is also possibility to add custom device via $LTP_DEV. That might allow to
> add permissions which allow to test without root.
>
> I'll write to automated-testing ML (and maybe to LKML ML) to see if people
> prefers to test without non-root.
I took a quick look at this, and don't like the change.
I didn't investigate all the affected tests, and what device exactly is being protected.
But the overall sense of the change takes makes the authorization checking for tests
less granular.
Fuego often runs tests as 'root', but it is also fairly common in Fuego to have a
dedicated testing user account on a device under test, that has permissions
for things like mounting, access to device nodes, etc. This change
would cause tests to break for that account.
That's my 2 cents.
-- Tim
More information about the ltp
mailing list