[LTP] [PATCH 1/2] lib: Add checking of needs_root
zhaogongyi
zhaogongyi@huawei.com
Thu Oct 13 04:32:36 CEST 2022
Hi,
If we neeed to run the test as a non-root user, the non-root user would belong to the root group.
Shall we add a checking of needs_root and needs_rootgroup?
Regards,
Gongyi
>
>
> > > -----Original Message-----
> > > From: ltp <ltp-bounces+tim.bird=sony.com@lists.linux.it> On Behalf
> > > Of Petr Vorel
>
> > > Hi all,
>
> > > The subject "lib: Add checking of needs_root" is a bit misleading as
> > > it does not mention at all that it's for the loop device.
>
> > > > We need to check needs_root is set when tst_test->needs_device
> or
> > > > tst_test->mount_device is set since access the /dev/* need a
> > > > privilege.
>
> > > FYI we had some discussion about it, quoting Cyril [1]:
>
> > > Well technically you can be added into whatever group is set to
> > > /dev/loop-control e.g. disk group and then you can create devices
> > > without a need to be a root.
>
> > > So the most correct solution would be checking if we can access
> > > /dev/loop-control if tst_test.needs_device is set and if not we would
> > > imply needs_root. However this would need to be rethinked properly
> so
> > > that we do not end up creating something complex and not really
> > > required.
>
> > > There is also possibility to add custom device via $LTP_DEV. That
> > > might allow to add permissions which allow to test without root.
>
> > > I'll write to automated-testing ML (and maybe to LKML ML) to see if
> > > people prefers to test without non-root.
>
> > I took a quick look at this, and don't like the change.
>
> > I didn't investigate all the affected tests, and what device exactly is being
> protected.
> > But the overall sense of the change takes makes the authorization
> > checking for tests less granular.
>
> > Fuego often runs tests as 'root', but it is also fairly common in
> > Fuego to have a dedicated testing user account on a device under test,
> > that has permissions for things like mounting, access to device nodes,
> > etc. This change would cause tests to break for that account.
>
> Hi Tim,
>
> thanks a lot for confirming that people are using non-root users for testing.
> I'm not sure if we ever implement complex checks, but at least we should
> not merge this patchset.
>
> Kind regards,
> Petr
>
> > That's my 2 cents.
> > -- Tim
More information about the ltp
mailing list