[LTP] [PATCH 1/2] lib: Add checking of needs_root

zhaogongyi zhaogongyi@huawei.com
Thu Oct 13 04:32:36 CEST 2022 

Hi,

If we neeed to run the test as a non-root user, the non-root user would belong to the root group.

Shall we add a checking of needs_root and needs_rootgroup?

Regards,
Gongyi

> 
> 
> > > -----Original Message-----
> > > From: ltp <ltp-bounces+tim.bird=sony.com@lists.linux.it> On Behalf
> > > Of Petr Vorel
> 
> > > Hi all,
> 
> > > The subject "lib: Add checking of needs_root" is a bit misleading as
> > > it does not mention at all that it's for the loop device.
> 
> > > > We need to check needs_root is set when tst_test->needs_device
> or
> > > > tst_test->mount_device is set since access the /dev/* need a
> > > > privilege.
> 
> > > FYI we had some discussion about it, quoting Cyril [1]:
> 
> > > 	Well technically you can be added into whatever group is set to
> > > 	/dev/loop-control e.g. disk group and then you can create devices
> > > 	without a need to be a root.
> 
> > > 	So the most correct solution would be checking if we can access
> > > 	/dev/loop-control if tst_test.needs_device is set and if not we would
> > > 	imply needs_root. However this would need to be rethinked properly
> so
> > > 	that we do not end up creating something complex and not really
> > > 	required.
> 
> > > There is also possibility to add custom device via $LTP_DEV. That
> > > might allow to add permissions which allow to test without root.
> 
> > > I'll write to automated-testing ML (and maybe to LKML ML) to see if
> > > people prefers to test without non-root.
> 
> > I took a quick look at this, and don't like the change.
> 
> > I didn't investigate all the affected tests, and what device exactly is being
> protected.
> > But the overall sense of the change takes makes the authorization
> > checking for tests less granular.
> 
> > Fuego often runs tests as 'root', but it is also fairly common in
> > Fuego to have a dedicated testing user account on a device under test,
> > that has permissions for things like mounting, access to device nodes,
> > etc.  This change would cause tests to break for that account.
> 
> Hi Tim,
> 
> thanks a lot for confirming that people are using non-root users for testing.
> I'm not sure if we ever implement complex checks, but at least we should
> not merge this patchset.
> 
> Kind regards,
> Petr
> 
> > That's my 2 cents.
> >  -- Tim

More information about the ltp mailing list