aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xtests/test-runner/bin/zts-report.py2
-rwxr-xr-xtests/zfs-tests/tests/functional/acl/posix/posix_001_pos.ksh35
-rwxr-xr-xtests/zfs-tests/tests/functional/acl/posix/posix_002_pos.ksh18
3 files changed, 48 insertions, 7 deletions
diff --git a/tests/test-runner/bin/zts-report.py b/tests/test-runner/bin/zts-report.py
index 8b58950b8..bc57b5f07 100755
--- a/tests/test-runner/bin/zts-report.py
+++ b/tests/test-runner/bin/zts-report.py
@@ -151,8 +151,6 @@ summary = {
# reasons listed above can be used.
#
known = {
- 'acl/posix/posix_001_pos': ['FAIL', known_reason],
- 'acl/posix/posix_002_pos': ['FAIL', known_reason],
'casenorm/sensitive_none_lookup': ['FAIL', '7633'],
'casenorm/sensitive_none_delete': ['FAIL', '7633'],
'casenorm/sensitive_formd_lookup': ['FAIL', '7633'],
diff --git a/tests/zfs-tests/tests/functional/acl/posix/posix_001_pos.ksh b/tests/zfs-tests/tests/functional/acl/posix/posix_001_pos.ksh
index b34fd965b..66124fe9c 100755
--- a/tests/zfs-tests/tests/functional/acl/posix/posix_001_pos.ksh
+++ b/tests/zfs-tests/tests/functional/acl/posix/posix_001_pos.ksh
@@ -26,6 +26,7 @@
#
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/acl/acl_common.kshlib
#
# Copyright (c) 2012 by Delphix. All rights reserved.
@@ -43,19 +44,47 @@
#
verify_runnable "both"
+
+function cleanup
+{
+ rmdir $TESTDIR/dir.0
+}
+
log_assert "Verify acltype=posixacl works on file"
+log_onexit cleanup
# Test access to FILE
log_note "Testing access to FILE"
log_must touch $TESTDIR/file.0
log_must setfacl -m g:$ZFS_ACL_STAFF_GROUP:rw $TESTDIR/file.0
-getfacl $TESTDIR/file.0 2> /dev/null | egrep -q "^group:$ZFS_ACL_STAFF_GROUP:rw-$"
+getfacl $TESTDIR/file.0 2> /dev/null | egrep -q \
+ "^group:$ZFS_ACL_STAFF_GROUP:rw-$"
if [ "$?" -eq "0" ]; then
# Should be able to write to file
- log_must user_run $ZFS_ACL_STAFF1 "echo 'echo test > /dev/null' > $TESTDIR/file.0"
+ log_must user_run $ZFS_ACL_STAFF1 \
+ "echo 'echo test > /dev/null' > $TESTDIR/file.0"
+ # Since $TESTDIR is 777, create a new dir with controlled permissions
+ # for testing that creating a new file is not allowed.
+ log_must mkdir $TESTDIR/dir.0
+ log_must chmod 700 $TESTDIR/dir.0
+ log_must setfacl -m g:$ZFS_ACL_STAFF_GROUP:rw $TESTDIR/dir.0
+ # Confirm permissions
+ ls -l $TESTDIR |grep "dir.0" |grep -q "drwxrw----+"
+ if [ "$?" -ne "0" ]; then
+ msk=$(ls -l $TESTDIR |grep "dir.0" | awk '{print $1}')
+ log_note "expected mask drwxrw----+ but found $msk"
+ log_fail "Expected permissions were not set."
+ fi
+ getfacl $TESTDIR/dir.0 2> /dev/null | egrep -q \
+ "^group:$ZFS_ACL_STAFF_GROUP:rw-$"
+ if [ "$?" -ne "0" ]; then
+ acl=$(getfacl $TESTDIR/dir.0 2> /dev/null)
+ log_note $acl
+ log_fail "ACL group:$ZFS_ACL_STAFF_GROUP:rw- was not set."
+ fi
# Should NOT be able to create new file
- log_mustnot user_run $ZFS_ACL_STAFF1 "touch $TESTDIR/file.1"
+ log_mustnot user_run $ZFS_ACL_STAFF1 "touch $TESTDIR/dir.0/file.1"
# Root should be able to run file, but not user
chmod +x $TESTDIR/file.0
diff --git a/tests/zfs-tests/tests/functional/acl/posix/posix_002_pos.ksh b/tests/zfs-tests/tests/functional/acl/posix/posix_002_pos.ksh
index 218df9760..1aceffd15 100755
--- a/tests/zfs-tests/tests/functional/acl/posix/posix_002_pos.ksh
+++ b/tests/zfs-tests/tests/functional/acl/posix/posix_002_pos.ksh
@@ -26,6 +26,7 @@
#
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/acl/acl_common.kshlib
#
# Copyright (c) 2012 by Delphix. All rights reserved.
@@ -47,8 +48,19 @@ log_assert "Verify acltype=posixacl works on directory"
# Test access to DIRECTORY
log_note "Testing access to DIRECTORY"
log_must mkdir $TESTDIR/dir.0
+# Eliminate access by "other" including our test group,
+# we want access controlled only by the ACLs.
+log_must chmod 700 $TESTDIR/dir.0
log_must setfacl -m g:$ZFS_ACL_STAFF_GROUP:wx $TESTDIR/dir.0
-getfacl $TESTDIR/dir.0 2> /dev/null | egrep -q "^group:$ZFS_ACL_STAFF_GROUP:-wx$"
+# Confirm permissions
+ls -l $TESTDIR |grep "dir.0" |grep -q "drwx-wx---+"
+if [ "$?" -ne "0" ]; then
+ msk=$(ls -l $TESTDIR |grep "dir.0" | awk '{print $1}')
+ log_note "expected mask drwx-wx---+ but found $msk"
+ log_fail "Expected permissions were not set."
+fi
+getfacl $TESTDIR/dir.0 2> /dev/null | egrep -q \
+ "^group:$ZFS_ACL_STAFF_GROUP:-wx$"
if [ "$?" -eq "0" ]; then
# Should be able to create file in directory
log_must user_run $ZFS_ACL_STAFF1 "touch $TESTDIR/dir.0/file.0"
@@ -58,5 +70,7 @@ if [ "$?" -eq "0" ]; then
log_pass "POSIX ACL mode works on directories"
else
- log_fail "Group '$ZFS_ACL_STAFF_GROUP' does not have 'rwx' as specified"
+ acl=$(getfacl $TESTDIR/dir.0 2> /dev/null)
+ log_note $acl
+ log_fail "Group '$ZFS_ACL_STAFF_GROUP' does not have '-wx' as specified"
fi