[LTP] [PATCH v4 1/8] fs/acl: Add ACL_USER_OBJ permissions test

[Sachin Sant]

On 04/06/26 4:01 pm, Cyril Hrubis wrote:
> Hi!
> I think that it would actually be way simpler and easier if we avoided
> the whole userspace username to UID lookups. The test does not need to
> create users, etc. if we simply focus on the kernel part of the ACL
> implementation. For that we would create extended attributes with UIDs
> (that is what is stored in kernel) and then we could simply run a child
> process that sets its UIDs so that they match the rules in extended
> attributes. That way there would be no dependency on libacl, no
> userspace lookups and we would validate only the kernel part, which is
> what LTP should do.

This is an excellent suggestion. This will avoid userspace 
username-to-UID lookups
and libacl dependency. It simplifies tests while maintaining full 
coverage of kernel
ACL functionality.

The existing create_file_as() helper already demonstrates the 
fork+setuid pattern
needed for testing with arbitrary UIDs.

The logic can be:
- Use setxattr(path, "system.posix_acl_access", buf, size, 0) to set 
ACLs directly
- Build xattr buffers with raw UID/GID values (no username lookups needed)
- Fork child processes that call setuid(uid) + setgid(gid) to match ACL 
entries
- Test file access in child to validate kernel ACL enforcement

Let me know if this approach is acceptable.

-- 
Thanks
- Sachin