From 1f4fb817c8ff8be7239a99baff01d8f20b2e9abd Mon Sep 17 00:00:00 2001 From: Nicolas Lacasse Date: Fri, 11 Sep 2020 16:08:11 -0700 Subject: Check that we have access to the trusted.* xattr namespace directly. These operations require CAP_SYS_ADMIN in the root user namespace. There's no easy way to check that other than trying the operation and seeing what happens. PiperOrigin-RevId: 331242256 --- test/syscalls/linux/xattr.cc | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'test/syscalls/linux') diff --git a/test/syscalls/linux/xattr.cc b/test/syscalls/linux/xattr.cc index 1a1010bb5..bd3f829c4 100644 --- a/test/syscalls/linux/xattr.cc +++ b/test/syscalls/linux/xattr.cc @@ -615,12 +615,18 @@ TEST_F(XattrTest, TrustedNamespaceWithCapSysAdmin) { SKIP_IF(IsRunningOnGvisor() && !ASSERT_NO_ERRNO_AND_VALUE(IsTmpfs(test_file_name_))); - // Setting/Getting in the trusted namespace requires CAP_SYS_ADMIN. - SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(HaveCapability(CAP_SYS_ADMIN))); - const char* path = test_file_name_.c_str(); const char name[] = "trusted.test"; + // Writing to the trusted.* xattr namespace requires CAP_SYS_ADMIN in the root + // user namespace. There's no easy way to check that, other than trying the + // operation and seeing what happens. We'll call removexattr because it's + // simplest. + if (removexattr(path, name) < 0) { + SKIP_IF(errno == EPERM); + FAIL() << "unexpected errno from removexattr: " << errno; + } + // Set. char val = 'a'; size_t size = sizeof(val); -- cgit v1.2.3