ZTS: Fix posix ACL tests that should pass

Make sure tests have proper include files. Make sure underlying "chmod" style permissions don't interfere with ACLs. Reviewed-by: John Kennedy <john.kennedy@delphix.com> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Paul Zuchowski <pzuchowski@datto.com> Closes #8069
2018-10-31 19:58:43 -04:00 · 2018-10-31 19:58:43 -04:00 · 04a88fc00c
parent 58aeb87a8f
commit 04a88fc00c
3 changed files with 48 additions and 7 deletions
--- a/tests/test-runner/bin/zts-report.py
+++ b/tests/test-runner/bin/zts-report.py
@ -151,8 +151,6 @@ summary = {
 # reasons listed above can be used.
 #
 known = {
-    'acl/posix/posix_001_pos': ['FAIL', known_reason],
-    'acl/posix/posix_002_pos': ['FAIL', known_reason],
    'casenorm/sensitive_none_lookup': ['FAIL', '7633'],
    'casenorm/sensitive_none_delete': ['FAIL', '7633'],
    'casenorm/sensitive_formd_lookup': ['FAIL', '7633'],
--- a/tests/zfs-tests/tests/functional/acl/posix/posix_001_pos.ksh
+++ b/tests/zfs-tests/tests/functional/acl/posix/posix_001_pos.ksh
@ -26,6 +26,7 @@
 #

 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/acl/acl_common.kshlib

 #
 # Copyright (c) 2012 by Delphix. All rights reserved.
@ -43,19 +44,47 @@
 #

 verify_runnable "both"
+
+function cleanup
+{
+	rmdir $TESTDIR/dir.0
+}
+
 log_assert "Verify acltype=posixacl works on file"
+log_onexit cleanup

 # Test access to FILE
 log_note "Testing access to FILE"
 log_must touch $TESTDIR/file.0
 log_must setfacl -m g:$ZFS_ACL_STAFF_GROUP:rw $TESTDIR/file.0
-getfacl $TESTDIR/file.0 2> /dev/null | egrep -q "^group:$ZFS_ACL_STAFF_GROUP:rw-$"
+getfacl $TESTDIR/file.0 2> /dev/null | egrep -q \
+    "^group:$ZFS_ACL_STAFF_GROUP:rw-$"
 if [ "$?" -eq "0" ]; then
 	# Should be able to write to file
-	log_must user_run $ZFS_ACL_STAFF1 "echo 'echo test > /dev/null' > $TESTDIR/file.0"
+	log_must user_run $ZFS_ACL_STAFF1 \
+	    "echo 'echo test > /dev/null' > $TESTDIR/file.0"

+	# Since $TESTDIR is 777, create a new dir with controlled permissions
+	# for testing that creating a new file is not allowed.
+	log_must mkdir $TESTDIR/dir.0
+	log_must chmod 700 $TESTDIR/dir.0
+	log_must setfacl -m g:$ZFS_ACL_STAFF_GROUP:rw $TESTDIR/dir.0
+	# Confirm permissions
+	ls -l $TESTDIR |grep "dir.0" |grep -q "drwxrw----+"
+	if [ "$?" -ne "0" ]; then
+		msk=$(ls -l $TESTDIR |grep "dir.0" | awk '{print $1}')
+		log_note "expected mask drwxrw----+ but found $msk"
+		log_fail "Expected permissions were not set."
+	fi
+	getfacl $TESTDIR/dir.0 2> /dev/null | egrep -q \
+	    "^group:$ZFS_ACL_STAFF_GROUP:rw-$"
+	if [ "$?" -ne "0" ]; then
+		acl=$(getfacl $TESTDIR/dir.0 2> /dev/null)
+		log_note $acl
+		log_fail "ACL group:$ZFS_ACL_STAFF_GROUP:rw- was not set."
+	fi
 	# Should NOT be able to create new file
-	log_mustnot user_run $ZFS_ACL_STAFF1 "touch $TESTDIR/file.1"
+	log_mustnot user_run $ZFS_ACL_STAFF1 "touch $TESTDIR/dir.0/file.1"

 	# Root should be able to run file, but not user
 	chmod +x $TESTDIR/file.0
--- a/tests/zfs-tests/tests/functional/acl/posix/posix_002_pos.ksh
+++ b/tests/zfs-tests/tests/functional/acl/posix/posix_002_pos.ksh
@ -26,6 +26,7 @@
 #

 . $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/acl/acl_common.kshlib

 #
 # Copyright (c) 2012 by Delphix. All rights reserved.
@ -47,8 +48,19 @@ log_assert "Verify acltype=posixacl works on directory"
 # Test access to DIRECTORY
 log_note "Testing access to DIRECTORY"
 log_must mkdir $TESTDIR/dir.0
+# Eliminate access by "other" including our test group,
+# we want access controlled only by the ACLs.
+log_must chmod 700 $TESTDIR/dir.0
 log_must setfacl -m g:$ZFS_ACL_STAFF_GROUP:wx $TESTDIR/dir.0
-getfacl $TESTDIR/dir.0 2> /dev/null | egrep -q "^group:$ZFS_ACL_STAFF_GROUP:-wx$"
+# Confirm permissions
+ls -l $TESTDIR |grep "dir.0" |grep -q "drwx-wx---+"
+if [ "$?" -ne "0" ]; then
+	msk=$(ls -l $TESTDIR |grep "dir.0" | awk '{print $1}')
+	log_note "expected mask drwx-wx---+ but found $msk"
+	log_fail "Expected permissions were not set."
+fi
+getfacl $TESTDIR/dir.0 2> /dev/null | egrep -q \
+    "^group:$ZFS_ACL_STAFF_GROUP:-wx$"
 if [ "$?" -eq "0" ]; then
 	# Should be able to create file in directory
 	log_must user_run $ZFS_ACL_STAFF1 "touch $TESTDIR/dir.0/file.0"
@ -58,5 +70,7 @@ if [ "$?" -eq "0" ]; then

 	log_pass "POSIX ACL mode works on directories"
 else
-	log_fail "Group '$ZFS_ACL_STAFF_GROUP' does not have 'rwx' as specified"
+	acl=$(getfacl $TESTDIR/dir.0 2> /dev/null)
+	log_note $acl
+	log_fail "Group '$ZFS_ACL_STAFF_GROUP' does not have '-wx' as specified"
 fi