diff options
author | Nicolas Lacasse <nlacasse@google.com> | 2020-09-11 16:08:11 -0700 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2020-09-11 16:10:12 -0700 |
commit | 1f4fb817c8ff8be7239a99baff01d8f20b2e9abd (patch) | |
tree | 5e99bdd05777f3e24556ea8f84a010db581d282e /test/syscalls | |
parent | 325f7036b051a705d5ae595d2f3c351084262532 (diff) |
Check that we have access to the trusted.* xattr namespace directly.
These operations require CAP_SYS_ADMIN in the root user namespace. There's no
easy way to check that other than trying the operation and seeing what happens.
PiperOrigin-RevId: 331242256
Diffstat (limited to 'test/syscalls')
-rw-r--r-- | test/syscalls/linux/xattr.cc | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/test/syscalls/linux/xattr.cc b/test/syscalls/linux/xattr.cc index 1a1010bb5..bd3f829c4 100644 --- a/test/syscalls/linux/xattr.cc +++ b/test/syscalls/linux/xattr.cc @@ -615,12 +615,18 @@ TEST_F(XattrTest, TrustedNamespaceWithCapSysAdmin) { SKIP_IF(IsRunningOnGvisor() && !ASSERT_NO_ERRNO_AND_VALUE(IsTmpfs(test_file_name_))); - // Setting/Getting in the trusted namespace requires CAP_SYS_ADMIN. - SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(HaveCapability(CAP_SYS_ADMIN))); - const char* path = test_file_name_.c_str(); const char name[] = "trusted.test"; + // Writing to the trusted.* xattr namespace requires CAP_SYS_ADMIN in the root + // user namespace. There's no easy way to check that, other than trying the + // operation and seeing what happens. We'll call removexattr because it's + // simplest. + if (removexattr(path, name) < 0) { + SKIP_IF(errno == EPERM); + FAIL() << "unexpected errno from removexattr: " << errno; + } + // Set. char val = 'a'; size_t size = sizeof(val); |