[LTP] [PATCH 1/2] lib: Add checking of needs_root
Petr Vorel
pvorel@suse.cz
Thu Oct 13 09:38:40 CEST 2022
> Hi,
> If we neeed to run the test as a non-root user, the non-root user would belong to the root group.
> Shall we add a checking of needs_root and needs_rootgroup?
How many of these tests we have? I wonder if it's worth to add this.
Kind regards,
Petr
> Regards,
> Gongyi
> > > > -----Original Message-----
> > > > From: ltp <ltp-bounces+tim.bird=sony.com@lists.linux.it> On Behalf
> > > > Of Petr Vorel
> > > > Hi all,
> > > > The subject "lib: Add checking of needs_root" is a bit misleading as
> > > > it does not mention at all that it's for the loop device.
> > > > > We need to check needs_root is set when tst_test->needs_device
> > or
> > > > > tst_test->mount_device is set since access the /dev/* need a
> > > > > privilege.
> > > > FYI we had some discussion about it, quoting Cyril [1]:
> > > > Well technically you can be added into whatever group is set to
> > > > /dev/loop-control e.g. disk group and then you can create devices
> > > > without a need to be a root.
> > > > So the most correct solution would be checking if we can access
> > > > /dev/loop-control if tst_test.needs_device is set and if not we would
> > > > imply needs_root. However this would need to be rethinked properly
> > so
> > > > that we do not end up creating something complex and not really
> > > > required.
> > > > There is also possibility to add custom device via $LTP_DEV. That
> > > > might allow to add permissions which allow to test without root.
> > > > I'll write to automated-testing ML (and maybe to LKML ML) to see if
> > > > people prefers to test without non-root.
> > > I took a quick look at this, and don't like the change.
> > > I didn't investigate all the affected tests, and what device exactly is being
> > protected.
> > > But the overall sense of the change takes makes the authorization
> > > checking for tests less granular.
> > > Fuego often runs tests as 'root', but it is also fairly common in
> > > Fuego to have a dedicated testing user account on a device under test,
> > > that has permissions for things like mounting, access to device nodes,
> > > etc. This change would cause tests to break for that account.
> > Hi Tim,
> > thanks a lot for confirming that people are using non-root users for testing.
> > I'm not sure if we ever implement complex checks, but at least we should
> > not merge this patchset.
> > Kind regards,
> > Petr
> > > That's my 2 cents.
> > > -- Tim
More information about the ltp
mailing list